diff --git a/content/nginx-one-console/changelog.md b/content/nginx-one-console/changelog.md index b24700881..ac9323f91 100644 --- a/content/nginx-one-console/changelog.md +++ b/content/nginx-one-console/changelog.md @@ -9,6 +9,12 @@ f5-docs: DOCS-1394 Stay up-to-date with what's new and improved in the F5 NGINX One Console. +## June 15, 2026 + +### F5 WAF for NGINX: Updated policy version names + +Policy versions are now numbered sequentially (v1, v2, v3, etc.) instead of using the creation date as the version name. You can also add an optional comment to each version for reference. Existing policy versions now use the new naming scheme. + ## April 7, 2026 ### Observability: F5 WAF for NGINX security dashboard diff --git a/content/nginx-one-console/waf-integration/policy/configure-policy.md b/content/nginx-one-console/waf-integration/policy/configure-policy.md index 08e87d3fd..57185aca1 100644 --- a/content/nginx-one-console/waf-integration/policy/configure-policy.md +++ b/content/nginx-one-console/waf-integration/policy/configure-policy.md @@ -44,6 +44,10 @@ View the F5 WAF for NGINX ["General Configuration"]({{< ref "/waf/policies/confi NGINX One Console includes a Policy JSON section which displays your policy in JSON format. What you configure here is written to your instance of F5 WAF for NGINX. +From NGINX One Console, you can review the policies that you've saved, along with their versions. Select **WAF** > **Policies**. Select the policy that you want to review or modify. + With the **Edit** option, you can customize this policy. It opens the JSON file in a local editor. When you select **Save Policy**, it saves the latest version of what you've configured. You'll see your new policy under the name you used. -From NGINX One Console, you can review the policies that you've saved, along with their versions. Select **WAF** > **Policies**. Select the policy that you want to review or modify. +{{< call-out class="note" >}} +You can add an optional **version comment** (up to 150 characters) to describe what changed in that version. Each saved version is also assigned a sequential name: `v1`, `v2`, `v3`, and so on. +{{< /call-out >}} diff --git a/content/nginx-one-console/waf-integration/policy/review-policy.md b/content/nginx-one-console/waf-integration/policy/review-policy.md index 49f86d202..54a281676 100644 --- a/content/nginx-one-console/waf-integration/policy/review-policy.md +++ b/content/nginx-one-console/waf-integration/policy/review-policy.md @@ -22,7 +22,7 @@ From NGINX One Console, select **WAF** > **Policies**. Select the name of the po - Policy Details: Descriptions, status, enforcement type, latest version, and last deployed time. - Deployments: List of instances and Config Sync Groups where the F5 WAF for NGINX policy is deployed. - Policy JSON: The policy, in JSON format. With the **Edit** button, you can modify this policy. -- Versions: Policy versions that you've written. You can apply an older policy to your deployments. +- Versions: Policy versions that you've written, labeled sequentially (`v1`, `v2`, `v3`, and so on). Each version shows its name, creation date, enforcement mode, and optional version comment. Select a version to view its details or update its comment. You can also apply an older policy version to your deployments. ## Modify existing policies diff --git a/static/nginx-one-console/api/one.json b/static/nginx-one-console/api/one.json index f8b9cdcab..5fb30e163 100644 --- a/static/nginx-one-console/api/one.json +++ b/static/nginx-one-console/api/one.json @@ -25,12 +25,7 @@ "namespace": { "default": "default" } - }, - "x-nodoc": true - }, - { - "url": "/api", - "x-nodoc": true + } } ], "tags": [ @@ -44,12 +39,6 @@ "description": "The `Instance` object represents an active NGINX installation. \nYou can access detailed information about each NGINX instance, including its configuration analysis, security advisories, and operational status.\n", "x-displayName": "Instances" }, - { - "name": "Feature Flags", - "x-nodoc": true, - "description": "Get details about which feature flags are enabled in the NGINX One console. \nFeature flags are used to toggle the availability of application features or modules without changing code.\n", - "x-displayName": "Feature Flags" - }, { "name": "Config Sync Groups", "description": "The `ConfigSyncGroups` object represents a NGINX config sync group where `Instances` are grouped to have same configuration. \nYou can access detailed information about each NGINX config sync group, including its configuration analysis and operational status.\n", @@ -82,8 +71,6 @@ }, { "name": "Metrics", - "x-nodoc": true, - "description": "Get system metrics for your NGINX data plane instances. These metrics are collected by the NGINX Agent and reported to NGINX One.\n", "x-displayName": "Metrics" }, { @@ -91,24 +78,6 @@ "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n", "x-displayName": "Settings" }, - { - "name": "Usage", - "x-nodoc": true, - "description": "Usage information", - "x-displayName": "Usage" - }, - { - "name": "Chatbot", - "x-nodoc": true, - "description": "This API allows you to interact with the chatbot assistant", - "x-displayName": "Chatbot" - }, - { - "name": "Inventory", - "x-nodoc": true, - "description": "Get tenant usage information for NGINX Plus data plane instances. These metrics are collected by the NGINX data plane instances and reported to NGINX One Console.\n", - "x-displayName": "Inventory" - }, { "name": "NGINX App Protect", "description": "Manage and publish security policies on your NGINX data plane instances.\n", @@ -119,17 +88,6 @@ "description": "Manage WAF log profiles for security logging and monitoring.\n", "x-displayName": "WAF Log Profiles" }, - { - "name": "Deployments", - "description": "Manage NAAS deployments.", - "x-displayName": "Deployments" - }, - { - "name": "Load Test", - "x-nodoc": true, - "description": "Load Test actions", - "x-displayName": "Load Test" - }, { "name": "Templates", "description": "* Manage NGINX configuration templates — import, create, copy, list, retrieve, update, delete templates and their versions.\n* Generate a standalone NGINX configuration snippet for an individual augment template.\n* Compose a base template with augment templates to preview or render a full NGINX configuration, optionally saving it as a staged config.\n* Manage template submissions — create, list, retrieve, update (full or per-template), and delete submissions that record applied template inputs for NGINX configuration generation.\n", @@ -139,18 +97,6 @@ "name": "NGINX One App Protect", "description": "Security analytics endpoints for NGINX One App Protect.\n", "x-displayName": "NGINX One App Protect" - }, - { - "name": "NGINX One Billing Usage Events", - "x-nodoc": true, - "description": "Billing usage events endpoints for NGINX One.\n", - "x-displayName": "NGINX One Billing Usage Events" - }, - { - "name": "UsageIngest", - "x-nodoc": true, - "description": "Usage information", - "x-displayName": "UsageIngest" } ], "paths": { @@ -220,48 +166,38 @@ } } }, - "post": { + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "data plane key", "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "data plane key", - "summary": "Create a data plane key", - "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", - "operationId": "createDataPlaneKey", + "summary": "Bulk operation on multiple data plane keys", + "operationId": "BulkDataPlaneKeys", + "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" - }, - "examples": { - "DataPlaneKeyCreateRequest": { - "$ref": "#/components/examples/DataPlaneKeyRequest" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the data plane key.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyResponse" - }, - "examples": { - "DataPlaneKeyResponse": { - "$ref": "#/components/examples/DataPlaneKeyResponse" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -282,38 +218,48 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "data plane key", + "post": { "tags": [ "Data Plane Key" ], - "summary": "Bulk operation on multiple data plane keys", - "operationId": "BulkDataPlaneKeys", - "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "data plane key", + "summary": "Create a data plane key", + "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", + "operationId": "createDataPlaneKey", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" + "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" + }, + "examples": { + "DataPlaneKeyCreateRequest": { + "$ref": "#/components/examples/DataPlaneKeyRequest" + } } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully created the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" + "$ref": "#/components/schemas/DataPlaneKeyResponse" + }, + "examples": { + "DataPlaneKeyResponse": { + "$ref": "#/components/examples/DataPlaneKeyResponse" + } } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -336,36 +282,36 @@ } }, "/data-plane-keys/{data_plane_key_id}": { - "get": { + "delete": { "tags": [ "Data Plane Key" ], - "summary": "Retrieve a data plane key", - "description": "Retrieves the details for an existing data plane key.\n", - "operationId": "getDataPlaneKey", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "data plane key", + "summary": "Delete a data plane key", + "description": "Deletes a data plane key.\n", + "operationId": "deleteDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "200": { - "description": "Successfully retrieved the details of the data plane key.", + "204": { + "description": "Successfully deleted the data plane key." + }, + "404": { + "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKey" - }, - "examples": { - "DataPlaneKeys": { - "$ref": "#/components/examples/DataPlaneKey" - } + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "409": { + "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", "content": { "application/json": { "schema": { @@ -386,36 +332,36 @@ } } }, - "delete": { + "get": { "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "data plane key", - "summary": "Delete a data plane key", - "description": "Deletes a data plane key.\n", - "operationId": "deleteDataPlaneKey", + "summary": "Retrieve a data plane key", + "description": "Retrieves the details for an existing data plane key.\n", + "operationId": "getDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted the data plane key." - }, - "404": { - "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "200": { + "description": "Successfully retrieved the details of the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/DataPlaneKey" + }, + "examples": { + "DataPlaneKeys": { + "$ref": "#/components/examples/DataPlaneKey" + } } } } }, - "409": { - "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -568,56 +514,13 @@ } } }, - "/instances/summary": { - "get": { - "tags": [ - "Instances" - ], - "summary": "Retrieve a summary for all instances", - "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", - "operationId": "listSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of NGINX instances.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceSummary" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/instances": { + "/certificates": { "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "List all instances", - "operationId": "listInstances", - "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", + "summary": "List all SSL certificates", + "description": "Returns a paginated list showing metadata for every SSL certificate.\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -629,7 +532,7 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldInstances" + "$ref": "#/components/parameters/FilterFieldCertificates" }, { "$ref": "#/components/parameters/FilterOperands" @@ -641,19 +544,20 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameInstancesDep" + "$ref": "#/components/parameters/SortNameCertificatesDep" }, { - "$ref": "#/components/parameters/SortNameInstances" + "$ref": "#/components/parameters/SortNameCertificates" } ], + "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the list of instances.", + "description": "Successfully retrieved the list of SSL certificates.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceListResponse" + "$ref": "#/components/schemas/CertificateListResponse" } } } @@ -682,19 +586,19 @@ }, "patch": { "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX instance", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "summary": "Bulk operation on multiple instances", - "operationId": "BulkInstances", - "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", + "summary": "Bulk operation on multiple managed certificates", + "operationId": "bulkCertificates", + "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkRequest" + "$ref": "#/components/schemas/CertificateBulkRequest" } } } @@ -705,7 +609,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkResponse" + "$ref": "#/components/schemas/CertificateBulkResponse" } } } @@ -731,37 +635,39 @@ } } } - } - }, - "/instances/{instanceObjectID}/cves": { - "get": { + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an instance's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", - "operationId": "listInstanceSecurityAdvisories", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" + "summary": "Create an SSL certificate", + "operationId": "createCertificate", + "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", + "description": "Successfully created the SSL certificate.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } + "$ref": "#/components/schemas/CertificateResponse" } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -770,8 +676,8 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -793,26 +699,41 @@ } } }, - "/instances/{instanceObjectID}": { - "get": { + "/certificates/{certificateObjectID}": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an instance", - "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", - "operationId": "getInstance", + "summary": "Delete an SSL certificate", + "operationId": "deleteCertificate", + "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" } ], "responses": { - "200": { - "description": "Successfully retrieved the details of the NGINX instance.", + "202": { + "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceDetails" + "$ref": "#/components/schemas/PublicationBulkResponse" + } + } + } + }, + "204": { + "description": "Successfully deleted the SSL certificate." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -828,7 +749,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -849,23 +770,23 @@ } } }, - "delete": { + "get": { "tags": [ - "Instances" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX instance", - "summary": "Delete an instance", - "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", - "operationId": "deleteInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } + "Certificates" ], + "summary": "Retrieve an SSL certificate", + "operationId": "getCertificate", + "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { - "204": { - "description": "Successfully deleted the NGINX instance." + "200": { + "description": "Successfully retrieved the details of the SSL certificate.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateResponse" + } + } + } }, "401": { "description": "Access denied.", @@ -878,7 +799,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -898,35 +819,38 @@ } } } - } - }, - "/instances/parse-nginx-config": { - "put": { + }, + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + } + ], + "patch": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "parse", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate a crossplane representation of provided NGINX configuration.", - "description": "Returns a crossplane representation of provided NGINX config.", - "operationId": "parseNginxConfig", + "summary": "Update an SSL certificate", + "operationId": "updateCertificate", + "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully parsed the provided NGINX configuration.", + "description": "Successfully updated the specified SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ParsedNginxConfig" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -951,6 +875,16 @@ } } }, + "404": { + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -964,35 +898,69 @@ } } }, - "/instances/{instanceObjectID}/config-report": { - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], + "/certificates/{certificateObjectID}/deployments": { "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an analysis report for an instance's configuration", - "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getInstanceConfigReport", + "summary": "List SSL certificate deployments", + "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificateDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeploymentsDep" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeployments" + } + ], + "operationId": "listCertificateDeployments", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", + "description": "Successfully retrieved the list of SSL certificate deployments.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateDeploymentListResponse" } } } }, - "204": { - "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1012,33 +980,35 @@ } } } - }, - "put": { + } + }, + "/certificates/parse": { + "post": { + "x-nginx-one-action": "validate", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided configuration", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", - "operationId": "analyzeInstanceConfig", + "summary": "Parse and validate an SSL certificate", + "operationId": "parseCertificate", + "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully parsed and validated the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -1063,16 +1033,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1084,16 +1044,18 @@ } } } - }, - "patch": { + } + }, + "/config-report": { + "post": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX configuration", "tags": [ - "Instances" + "Staged Configs" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided modified configuration", - "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", - "operationId": "analyzeInstanceConfigWithModify", + "summary": "Generate an analysis report for the provided NGINX configuration", + "operationId": "analyzeNginxConfig", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", "requestBody": { "required": true, "content": { @@ -1135,16 +1097,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1158,42 +1110,56 @@ } } }, - "/instances/{instanceObjectID}/config": { - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], + "/config-sync-groups": { "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details of deployed SSL/TLS certificates, private keys, WAF policies, and log profiles.\n* Unique identifiers\n", - "operationId": "getInstanceConfig", - "responses": { - "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { + "summary": "List all config sync groups", + "operationId": "listConfigSyncGroups", + "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroupsDep" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroups" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of NGINX config sync groups.", + "content": { + "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupListResponse" } } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1214,42 +1180,32 @@ } } }, - "put": { + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "config sync group", "tags": [ - "Instances" + "Config Sync Groups" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Publish a configuration to an instance", - "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component. \nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", - "operationId": "publishInstanceConfig", + "summary": "Bulk operation on multiple config sync groups", + "operationId": "BulkConfigSyncGroups", + "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" } } } @@ -1264,16 +1220,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1286,38 +1232,58 @@ } } }, - "patch": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ - "Instances" + "Config Sync Groups" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Apply partial updates to an instance's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", - "operationId": "publishInstanceConfigWithModify", + "summary": "Create an NGINX config sync group", + "operationId": "createConfigSyncGroup", + "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "200": { + "description": "Successfully created NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "409": { + "description": "The NGINX config sync group can't be created because the name is already in use", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -1325,9 +1291,26 @@ } } } + } + } + } + }, + "/config-sync-groups/{configSyncGroupObjectID}": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config sync group", + "tags": [ + "Config Sync Groups" + ], + "summary": "Delete an NGINX config sync group", + "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", + "operationId": "deleteConfigSyncGroup", + "responses": { + "204": { + "description": "Successfully deleted the NGINX config sync group" }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1337,7 +1320,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1357,37 +1340,32 @@ } } } - } - }, - "/instances/{instanceObjectID}/configs": { - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], + }, "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieves the stored NGINX configurations for an instance", - "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", - "operationId": "listInstanceConfigurations", + "summary": "Retrieve an NGINX config sync group", + "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", + "operationId": "getConfigSyncGroup", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", + "description": "Successfully retrieved the details of the NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" + "$ref": "#/components/schemas/ConfigSyncGroupDetails" + }, + "examples": { + "ConfigSyncGroupDetails": { + "$ref": "#/components/examples/ConfigSyncGroupDetails" } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1397,7 +1375,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1417,27 +1395,24 @@ } } } - } - }, - "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { + }, "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, - { - "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ], + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/config": { "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getInstanceConfigWithObjectID", + "summary": "Retrieve a config sync group's configuration details", + "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfig", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", "content": { "application/json": { "schema": { @@ -1457,7 +1432,7 @@ } }, "404": { - "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1477,47 +1452,54 @@ } } } - } - }, - "/instances/{instanceObjectID}/publications": { - "get": { + }, + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], + "patch": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve the publications for an instance", - "description": "Returns a list of all publications for a NGINX instance.", - "operationId": "listInstancePublications", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Apply partial updates to config sync group's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", + "operationId": "patchConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", + "description": "Successfully stored the configuration of the NGINX config sync group", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PublicationInstance" - } + "$ref": "#/components/schemas/NginxConfig" } } } }, - "401": { - "description": "Access denied.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/PublicationInstance" } } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -1525,39 +1507,9 @@ } } } - } - } - } - }, - "/instances/{instanceObjectID}/publications/{publicationObjectID}": { - "get": { - "tags": [ - "Instances" - ], - "summary": "Retrieve a publication for an NGINX instance.", - "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", - "operationId": "getInstancePublication", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1567,7 +1519,7 @@ } }, "404": { - "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1587,43 +1539,49 @@ } } } - } - }, - "/features": { - "get": { - "x-nodoc": true, + }, + "put": { "tags": [ - "Feature Flags" + "Config Sync Groups" ], - "summary": "List all enabled feature flags", - "description": "Returns a list of all the enabled feature flags in the NGINX One console.", - "operationId": "getEnabledFeatureFlags", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Publish a configuration to NGINX config sync group", + "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", + "operationId": "publishConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the list of enabled feature flags.", + "description": "Successfully stored the configuration of the NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FeatureFlagKey" - } + "$ref": "#/components/schemas/NginxConfig" } } } }, - "401": { - "description": "Access denied.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupPublication" } } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -1631,40 +1589,6 @@ } } } - } - } - } - }, - "/config-sync-groups": { - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group", - "tags": [ - "Config Sync Groups" - ], - "summary": "Create an NGINX config sync group", - "operationId": "createConfigSyncGroup", - "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully created NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" - } - } - } }, "401": { "description": "Access denied", @@ -1676,8 +1600,8 @@ } } }, - "409": { - "description": "The NGINX config sync group can't be created because the name is already in use", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1697,56 +1621,32 @@ } } } - }, + } + }, + "/config-sync-groups/{configSyncGroupObjectID}/config-report": { "get": { "tags": [ "Config Sync Groups" ], - "summary": "List all config sync groups", - "operationId": "listConfigSyncGroups", - "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroupsDep" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroups" - } - ], + "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", + "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX config sync groups.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupListResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", + "204": { + "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1767,38 +1667,63 @@ } } }, + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "config sync group", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ "Config Sync Groups" ], - "summary": "Bulk operation on multiple config sync groups", - "operationId": "BulkConfigSyncGroups", - "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", + "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", + "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", + "operationId": "analyzeConfigSyncGroupConfigPatch", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully analyzed the provided NGINX configuration", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1818,33 +1743,43 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}": { - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], - "get": { + }, + "put": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ "Config Sync Groups" ], - "summary": "Retrieve an NGINX config sync group", - "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", - "operationId": "getConfigSyncGroup", + "summary": "Generate an analysis report for the configuration of the NGINX config sync group", + "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", + "operationId": "analyzeConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX config sync group.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupDetails" - }, - "examples": { - "ConfigSyncGroupDetails": { - "$ref": "#/components/examples/ConfigSyncGroupDetails" - } + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -1880,69 +1815,19 @@ } } } - }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config sync group", - "tags": [ - "Config Sync Groups" - ], - "summary": "Delete an NGINX config sync group", - "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", - "operationId": "deleteConfigSyncGroup", - "responses": { - "204": { - "description": "Successfully deleted the NGINX config sync group" - }, - "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config": { - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve a config sync group's configuration details", - "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfig", + "summary": "Retrieve details the NGINX config sync group", + "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", "content": { "application/json": { "schema": { @@ -1952,7 +1837,7 @@ } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1962,7 +1847,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1983,52 +1868,33 @@ } } }, - "put": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" + } + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/configs": { + "get": { "tags": [ "Config Sync Groups" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Publish a configuration to NGINX config sync group", - "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", - "operationId": "publishConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, + "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", + "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", + "operationId": "listConfigSyncGroupConfigurations", "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } } } } @@ -2065,52 +1931,30 @@ } } }, - "patch": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/publications": { + "get": { "tags": [ "Config Sync Groups" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Apply partial updates to config sync group's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", - "operationId": "patchConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, + "summary": "Retrieve the publications for the NGINX config sync group", + "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "operationId": "listConfigSyncGroupPublications", "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } } } } @@ -2146,31 +1990,28 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}/configs": { + }, "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ], + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", - "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", - "operationId": "listConfigSyncGroupConfigurations", + "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "description": "Returns a publication for a NGINX config sync group.", + "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", + "description": "Successfully retrieved the publication for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" - } + "$ref": "#/components/schemas/ConfigSyncGroupPublication" } } } @@ -2206,107 +2047,238 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { + }, "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" }, { - "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" + "$ref": "#/components/parameters/PublicationParamObjectID" } - ], + ] + }, + "/control-planes": { "get": { "tags": [ - "Config Sync Groups" + "Control Planes" + ], + "summary": "List control planes", + "operationId": "listControlPlanes", + "description": "Returns a paginated list of control planes.\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameControlPlanes" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldControlPlanes" + } ], - "summary": "Retrieve details the NGINX config sync group", - "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", + "description": "Successfully retrieved the list of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/ControlPlaneListResponse" } } } }, "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, - "404": { - "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "patch": { + "x-feature-flag": "control-plane-bulk-delete", + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "Control Plane", + "tags": [ + "Control Planes" + ], + "summary": "Bulk operation on multiple control planes", + "operationId": "BulkControlPlanes", + "description": "Performs bulk operation on one or more control planes, only delete is supported.\n\n**Important:** This operation processes each item independently within a single transaction.\nSuccessfully deleted items will persist even if subsequent items fail. The response \nincludes the outcome for each item, allowing you to identify which deletions succeeded \nand which failed.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ControlPlaneBulkRequest" } } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + } + }, + "responses": { + "200": { + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneBulkResponse" } } } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/config-sync-groups/{configSyncGroupObjectID}/publications": { + "/control-planes/{controlPlaneObjectID}": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "Control Plane", + "tags": [ + "Control Planes" + ], + "summary": "Delete a control plane", + "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", + "operationId": "deleteControlPlane", + "responses": { + "204": { + "description": "Successfully deleted the control plane" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a control plane", + "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", + "operationId": "getControlPlane", + "responses": { + "200": { + "description": "Successfully retrieved the details of the control plane.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ControlPlaneDetails" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, "parameters": [ { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + "$ref": "#/components/parameters/ControlPlaneParamObjectID" } - ], + ] + }, + "/control-planes/summary": { "get": { "tags": [ - "Config Sync Groups" + "Control Planes" ], - "summary": "Retrieve the publications for the NGINX config sync group", - "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "operationId": "listConfigSyncGroupPublications", + "summary": "Retrieve a summary for all Control Planes.", + "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", + "operationId": "getControlPlaneSummary", "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", + "description": "Successfully retrieved the summary of control planes.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } + "$ref": "#/components/schemas/ControlPlaneSummary" } } } }, "401": { - "description": "Access denied", + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/cves": { + "get": { + "tags": [ + "CVEs" + ], + "summary": "List of all CVEs affecting any instance or control plane", + "operationId": "listNginxCVEs", + "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEsDep" + }, + { + "$ref": "#/components/parameters/SortNameCVEs" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of CVEs.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/CVEListResponse" } } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2328,35 +2300,32 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" - } - ], + "/cves/{nginxCVEID}": { "get": { "tags": [ - "Config Sync Groups" + "CVEs" + ], + "summary": "Retrieve NGINX CVE details", + "operationId": "GetNginxCVEDetails", + "description": "Retrieve CVE details\n", + "parameters": [ + { + "$ref": "#/components/parameters/NginxCVEParamID" + } ], - "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "description": "Returns a publication for a NGINX config sync group.", - "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully retrieved the publication for the specified NGINX config sync group.", + "description": "Successfully retrieved NGINX CVE details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" + "$ref": "#/components/schemas/NginxCVEDetailsResponse" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2366,7 +2335,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2388,35 +2357,60 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config-report": { - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/cves/{nginxCVEID}/impacted_instances": { "get": { "tags": [ - "Config Sync Groups" + "CVEs" + ], + "summary": "Retrieve the instances impacted by a CVE", + "description": "Retrieves a list of the instances impacted by a security advisory.", + "operationId": "listCVEImpactedInstances", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstancesDep" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstances" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" + } ], - "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", - "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", + "description": "Successfully retrieved the list of instances affected by the CVE.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" } } } }, - "204": { - "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", "content": { "application/json": { "schema": { @@ -2436,59 +2430,49 @@ } } } - }, - "put": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + } + }, + "/events": { + "get": { "tags": [ - "Config Sync Groups" + "Events" ], - "summary": "Generate an analysis report for the configuration of the NGINX config sync group", - "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", - "operationId": "analyzeConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve system events.", + "description": "Retrieves a list of the system events.", + "operationId": "listEvents", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldEvents" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" } - }, + ], "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of events.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/EventsListResponse" } } } }, "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2508,49 +2492,34 @@ } } } - }, - "patch": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + } + }, + "/events/{eventObjectID}": { + "get": { "tags": [ - "Config Sync Groups" + "Events" ], - "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", - "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", - "operationId": "analyzeConfigSyncGroupConfigPatch", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "operationId": "getEvent", + "summary": "Retrieve specific event.", + "description": "Retrieve a specific event using the event object_id.", + "parameters": [ + { + "$ref": "#/components/parameters/EventParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the details of the event.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/Event" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2560,7 +2529,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2582,13 +2551,14 @@ } } }, - "/certificates": { + "/instances": { "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "List all SSL certificates", - "description": "Returns a paginated list showing metadata for every SSL certificate.\n", + "summary": "List all instances", + "operationId": "listInstances", + "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -2600,7 +2570,7 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldCertificates" + "$ref": "#/components/parameters/FilterFieldInstances" }, { "$ref": "#/components/parameters/FilterOperands" @@ -2612,20 +2582,19 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameCertificatesDep" + "$ref": "#/components/parameters/SortNameInstancesDep" }, { - "$ref": "#/components/parameters/SortNameCertificates" + "$ref": "#/components/parameters/SortNameInstances" } ], - "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificates.", + "description": "Successfully retrieved the list of instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateListResponse" + "$ref": "#/components/schemas/InstanceListResponse" } } } @@ -2652,42 +2621,32 @@ } } }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX certificate", + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX instance", "tags": [ - "Certificates" + "Instances" ], - "summary": "Create an SSL certificate", - "operationId": "createCertificate", - "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", + "summary": "Bulk operation on multiple instances", + "operationId": "BulkInstances", + "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/InstanceBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the SSL certificate.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/InstanceBulkResponse" } } } @@ -2713,39 +2672,39 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX certificate", + } + }, + "/instances/{instanceObjectID}": { + "delete": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Bulk operation on multiple managed certificates", - "operationId": "bulkCertificates", - "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateBulkRequest" - } - } + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX instance", + "summary": "Delete an instance", + "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", + "operationId": "deleteInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { - "200": { - "description": "Batch request completed.", + "204": { + "description": "Successfully deleted the NGINX instance." + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateBulkResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2765,41 +2724,32 @@ } } } - } - }, - "/certificates/parse": { - "post": { - "x-nginx-one-action": "validate", - "x-nginx-one-entity": "NGINX certificate", + }, + "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Parse and validate an SSL certificate", - "operationId": "parseCertificate", - "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateRequest" - } - } + "summary": "Retrieve an instance", + "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", + "operationId": "getInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully parsed and validated the SSL certificate.", + "description": "Successfully retrieved the details of the NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/InstanceDetails" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2808,8 +2758,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2831,26 +2781,21 @@ } } }, - "/certificates/{certificateObjectID}": { - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - } - ], + "/instances/{instanceObjectID}/config": { "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Retrieve an SSL certificate", - "operationId": "getCertificate", - "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details of deployed SSL/TLS certificates, private keys, WAF policies, and log profiles.\n* Unique identifiers\n", + "operationId": "getInstanceConfig", "responses": { "200": { - "description": "Successfully retrieved the details of the SSL certificate.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -2866,7 +2811,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2887,32 +2832,37 @@ } } }, + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "patch": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Certificates" + "Instances" ], - "summary": "Update an SSL certificate", - "operationId": "updateCertificate", - "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Apply partial updates to an instance's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", + "operationId": "publishInstanceConfigWithModify", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateUpdateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Successfully updated the specified SSL certificate.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } @@ -2938,7 +2888,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2959,34 +2909,36 @@ } } }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX certificate", + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Delete an SSL certificate", - "operationId": "deleteCertificate", - "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", - "parameters": [ - { - "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Publish a configuration to an instance", + "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component. \nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", + "operationId": "publishInstanceConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "202": { - "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationBulkResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } }, - "204": { - "description": "Successfully deleted the SSL certificate." - }, "400": { "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { @@ -3008,7 +2960,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3030,69 +2982,30 @@ } } }, - "/certificates/{certificateObjectID}/deployments": { + "/instances/{instanceObjectID}/config-report": { "get": { "tags": [ - "Certificates" - ], - "summary": "List SSL certificate deployments", - "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldCertificateDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeploymentsDep" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeployments" - } + "Instances" ], - "operationId": "listCertificateDeployments", + "summary": "Retrieve an analysis report for an instance's configuration", + "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getInstanceConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificate deployments.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateDeploymentListResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3112,43 +3025,48 @@ } } } - } - }, - "/cves": { - "get": { + }, + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], + "patch": { "tags": [ - "CVEs" + "Instances" ], - "summary": "List of all CVEs affecting any instance or control plane", - "operationId": "listNginxCVEs", - "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEsDep" - }, - { - "$ref": "#/components/parameters/SortNameCVEs" + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided modified configuration", + "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", + "operationId": "analyzeInstanceConfigWithModify", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of CVEs.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEListResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -3163,6 +3081,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3174,28 +3102,43 @@ } } } - } - }, - "/cves/{nginxCVEID}": { - "get": { + }, + "put": { "tags": [ - "CVEs" + "Instances" ], - "summary": "Retrieve NGINX CVE details", - "operationId": "GetNginxCVEDetails", - "description": "Retrieve CVE details\n", - "parameters": [ - { - "$ref": "#/components/parameters/NginxCVEParamID" + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided configuration", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", + "operationId": "analyzeInstanceConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved NGINX CVE details.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxCVEDetailsResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -3211,7 +3154,7 @@ } }, "404": { - "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3233,44 +3176,24 @@ } } }, - "/cves/{nginxCVEID}/impacted_instances": { + "/instances/{instanceObjectID}/configs": { "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve the instances impacted by a CVE", - "description": "Retrieves a list of the instances impacted by a security advisory.", - "operationId": "listCVEImpactedInstances", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstancesDep" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstances" - }, - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Instances" ], + "summary": "Retrieves the stored NGINX configurations for an instance", + "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", + "operationId": "listInstanceConfigurations", "responses": { "200": { - "description": "Successfully retrieved the list of instances affected by the CVE.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } } } } @@ -3286,7 +3209,7 @@ } }, "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3306,46 +3229,28 @@ } } } - } + }, + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ] }, - "/cves/{nginxCVEID}/control-planes": { + "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve the control planes impacted by a CVE", - "description": "Retrieves a list of the control planes impacted by a security advisory.", - "operationId": "listCVEImpactedControlPlanes", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanesDep" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanes" - }, - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Instances" ], + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the list of control planes affected by the CVE.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedControlPlanesListResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -3361,7 +3266,7 @@ } }, "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3381,43 +3286,39 @@ } } } - } + }, + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" + } + ] }, - "/events": { + "/instances/{instanceObjectID}/cves": { "get": { "tags": [ - "Events" + "Instances" ], - "summary": "Retrieve system events.", - "description": "Retrieves a list of the system events.", - "operationId": "listEvents", + "summary": "Retrieve an instance's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", + "operationId": "listInstanceSecurityAdvisories", "parameters": [ { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldEvents" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of events.", + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/EventsListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } @@ -3432,6 +3333,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3445,26 +3356,29 @@ } } }, - "/events/{eventObjectID}": { + "/instances/{instanceObjectID}/publications": { "get": { "tags": [ - "Events" + "Instances" ], - "operationId": "getEvent", - "summary": "Retrieve specific event.", - "description": "Retrieve a specific event using the event object_id.", + "summary": "Retrieve the publications for an instance", + "description": "Returns a list of all publications for a NGINX instance.", + "operationId": "listInstancePublications", "parameters": [ { - "$ref": "#/components/parameters/EventParamObjectID" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved the details of the event.", + "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Event" + "type": "array", + "items": { + "$ref": "#/components/schemas/PublicationInstance" + } } } } @@ -3479,16 +3393,6 @@ } } }, - "404": { - "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3502,39 +3406,35 @@ } } }, - "/staged-configs": { - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX staged configs", + "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "get": { "tags": [ - "Staged Configs" + "Instances" ], - "summary": "Create an NGINX staged config", - "operationId": "createStagedConfig", - "description": "Create NGINX staged config with a unique ID to identify it within the tenant namespace. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigCreateRequest" - } - } + "summary": "Retrieve a publication for an NGINX instance.", + "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", + "operationId": "getInstancePublication", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully created NGINX staged configs", + "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigCreateResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3543,8 +3443,8 @@ } } }, - "401": { - "description": "Access denied", + "404": { + "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3564,33 +3464,23 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX staged configs", + } + }, + "/instances/summary": { + "get": { "tags": [ - "Staged Configs" + "Instances" ], - "summary": "Bulk operation on multiple staged configs", - "operationId": "bulkStagedConfigs", - "description": "Performs bulk operation on one or more staged configs, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigBulkRequest" - } - } - } - }, + "summary": "Retrieve a summary for all instances", + "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", + "operationId": "listSummary", "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully retrieved the summary of NGINX instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigBulkResponse" + "$ref": "#/components/schemas/InstanceSummary" } } } @@ -3616,7 +3506,9 @@ } } } - }, + } + }, + "/staged-configs": { "get": { "tags": [ "Staged Configs" @@ -3685,34 +3577,39 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}": { - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], - "get": { + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX staged configs", "tags": [ "Staged Configs" ], - "summary": "Retrieve an NGINX staged config meta", - "description": "Retrieve the meta details for an NGINX staged config.\n", - "operationId": "getStagedConfigMeta", - "responses": { - "200": { - "description": "Successfully retrieved the details of the NGINX staged config meta.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } - } - }, + "summary": "Bulk operation on multiple staged configs", + "operationId": "bulkStagedConfigs", + "description": "Performs bulk operation on one or more staged configs, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkResponse" + } + } + } + }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3721,8 +3618,60 @@ } } }, - "404": { - "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX staged configs", + "tags": [ + "Staged Configs" + ], + "summary": "Create an NGINX staged config", + "operationId": "createStagedConfig", + "description": "Create NGINX staged config with a unique ID to identify it within the tenant namespace. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigCreateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully created NGINX staged configs", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigCreateResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied", "content": { "application/json": { "schema": { @@ -3742,7 +3691,9 @@ } } } - }, + } + }, + "/staged-configs/{stagedConfigObjectID}": { "delete": { "x-nginx-one-action": "delete", "x-nginx-one-entity": "NGINX staged config", @@ -3787,14 +3738,64 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}/config": { + }, + "get": { + "tags": [ + "Staged Configs" + ], + "summary": "Retrieve an NGINX staged config meta", + "description": "Retrieve the meta details for an NGINX staged config.\n", + "operationId": "getStagedConfigMeta", + "responses": { + "200": { + "description": "Successfully retrieved the details of the NGINX staged config meta.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigMeta" + } + } + } + }, + "401": { + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, "parameters": [ { "$ref": "#/components/parameters/StagedConfigParamObjectID" } - ], + ] + }, + "/staged-configs/{stagedConfigObjectID}/config": { "get": { "tags": [ "Staged Configs" @@ -3845,28 +3846,33 @@ } } }, - "put": { + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], + "patch": { "tags": [ "Staged Configs" ], - "x-nginx-one-action": "create", + "x-nginx-one-action": "update", "x-nginx-one-entity": "NGINX staged config", - "summary": "Replace existing state", - "description": "Completely replaces existing staged config with payload of new request. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", - "operationId": "replaceStagedConfig", + "summary": "Apply partial updates to staged config", + "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", + "operationId": "patchStagedConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigUpdateRequest" + "$ref": "#/components/schemas/StagedConfigChangeRequest" } } } }, "responses": { "200": { - "description": "Successfully updated the NGINX configuration.", + "description": "Successfully stored the NGINX staged configuration.", "content": { "application/json": { "schema": { @@ -3905,6 +3911,16 @@ } } }, + "409": { + "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3917,28 +3933,28 @@ } } }, - "patch": { + "put": { "tags": [ "Staged Configs" ], - "x-nginx-one-action": "update", + "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX staged config", - "summary": "Apply partial updates to staged config", - "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", - "operationId": "patchStagedConfig", + "summary": "Replace existing state", + "description": "Completely replaces existing staged config with payload of new request. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", + "operationId": "replaceStagedConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigChangeRequest" + "$ref": "#/components/schemas/StagedConfigUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully stored the NGINX staged configuration.", + "description": "Successfully updated the NGINX configuration.", "content": { "application/json": { "schema": { @@ -3977,16 +3993,6 @@ } } }, - "409": { - "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -4001,11 +4007,6 @@ } }, "/staged-configs/{stagedConfigObjectID}/config-report": { - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], "get": { "tags": [ "Staged Configs" @@ -4049,6 +4050,11 @@ } } }, + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], "patch": { "x-nginx-one-action": "analyze", "x-nginx-one-entity": "NGINX staged configuration", @@ -4267,33 +4273,43 @@ } } }, - "/config-report": { + "/monitor/metrics_query_topx": { "post": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX configuration", "tags": [ - "Staged Configs" + "Metrics" ], - "summary": "Generate an analysis report for the provided NGINX configuration", - "operationId": "analyzeNginxConfig", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", "requestBody": { - "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/MetricTopXQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "1m", + "metrics": [ + { + "aggregate": "sum", + "name": "nginx.http.request.count" + } + ], + "series_limit": 1, + "group_series_by": "instance_object_id" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully retrieved system metrics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } @@ -4308,8 +4324,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4331,210 +4347,113 @@ } } }, - "/control-planes": { + "/settings/instance-cleanup": { "get": { "tags": [ - "Control Planes" - ], - "summary": "List control planes", - "operationId": "listControlPlanes", - "description": "Returns a paginated list of control planes.\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameControlPlanes" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldControlPlanes" - } + "Settings" ], + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", "responses": { "200": { - "description": "Successfully retrieved the list of control planes.", + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneListResponse" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" + "400": { + "$ref": "#/components/responses/InvalidRequest" }, "500": { "$ref": "#/components/responses/InternalServerErr" } } }, - "patch": { - "x-feature-flag": "control-plane-bulk-delete", - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "Control Plane", + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", "tags": [ - "Control Planes" + "Settings" ], - "summary": "Bulk operation on multiple control planes", - "operationId": "BulkControlPlanes", - "description": "Performs bulk operation on one or more control planes, only delete is supported.\n\n**Important:** This operation processes each item independently within a single transaction.\nSuccessfully deleted items will persist even if subsequent items fail. The response \nincludes the outcome for each item, allowing you to identify which deletions succeeded \nand which failed.\n", + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneBulkRequest" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully updated settings for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneBulkResponse" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, "500": { "$ref": "#/components/responses/InternalServerErr" } } } }, - "/control-planes/summary": { + "/app-protect/log-profiles": { "get": { "tags": [ - "Control Planes" + "WAF Log Profiles" ], - "summary": "Retrieve a summary for all Control Planes.", - "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", - "operationId": "getControlPlaneSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of control planes.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ControlPlaneSummary" - } - } - } + "summary": "List WAF log profiles", + "description": "Returns a list of WAF log profiles.", + "operationId": "listWafLogProfiles", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "401": { - "$ref": "#/components/responses/Unauthorized" + { + "$ref": "#/components/parameters/Limit" }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/{controlPlaneObjectID}": { - "parameters": [ - { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" - } - ], - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a control plane", - "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", - "operationId": "getControlPlane", - "responses": { - "200": { - "description": "Successfully retrieved the details of the control plane.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ControlPlaneDetails" - } - } - } + { + "$ref": "#/components/parameters/Offset" }, - "401": { - "$ref": "#/components/responses/Unauthorized" + { + "$ref": "#/components/parameters/SortDirection" }, - "404": { - "$ref": "#/components/responses/NotFound" + { + "$ref": "#/components/parameters/SortNameNapLogProfilesDep" }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "Control Plane", - "tags": [ - "Control Planes" - ], - "summary": "Delete a control plane", - "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", - "operationId": "deleteControlPlane", - "responses": { - "204": { - "description": "Successfully deleted the control plane" + { + "$ref": "#/components/parameters/SortNameNapLogProfiles" }, - "401": { - "$ref": "#/components/responses/Unauthorized" + { + "$ref": "#/components/parameters/FilterOperands" }, - "404": { - "$ref": "#/components/responses/NotFound" + { + "$ref": "#/components/parameters/FilterValues" }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/{controlPlaneObjectID}/cves": { - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a control plane's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX control plane.", - "operationId": "listControlPlaneSecurityAdvisories", - "parameters": [ { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" + "$ref": "#/components/parameters/FilterFieldNapLogProfile" } ], "responses": { "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", + "description": "Successfully returned WAF log profiles.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } + "$ref": "#/components/schemas/NapLogProfileListResponse" } } } @@ -4549,16 +4468,6 @@ } } }, - "404": { - "description": "The NGINX control plane with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -4570,49 +4479,31 @@ } } } - } - }, - "/monitor/metrics_query": { + }, "post": { "tags": [ - "Metrics" + "WAF Log Profiles" ], - "summary": "Retrieve system metrics for instances", - "operationId": "queryMetricsInput", - "description": "Returns (up to 10,000) system metrics for NGINX instances based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "summary": "Create WAF log profile", + "description": "Creates a WAF log profile.", + "operationId": "createWafLogProfile", "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "5m", - "metrics": [ - { - "name": "nginx.http.request.count", - "aggregate": "sum" - } - ], - "order_by": [ - { - "direction": "asc", - "dimension": "instance_object_id" - } - ] + "$ref": "#/components/schemas/NapLogProfileCreateRequest" } } } }, "responses": { - "200": { - "description": "Successfully retrieved system metrics.", + "201": { + "description": "Successfully created WAF log profile.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "$ref": "#/components/schemas/NapLogProfileMetadata" } } } @@ -4627,8 +4518,8 @@ } } }, - "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4650,46 +4541,22 @@ } } }, - "/monitor/metrics_query_topx": { - "post": { + "/app-protect/log-profiles/{nap_log_profile_object_id}": { + "delete": { "tags": [ - "Metrics" + "WAF Log Profiles" ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.request.count" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" - } - } + "summary": "Delete WAF log profile", + "description": "Deletes a WAF log profile.", + "operationId": "deleteWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" } - }, + ], "responses": { - "200": { - "description": "Successfully retrieved system metrics.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" - } - } - } + "204": { + "description": "Successfully deleted WAF log profile." }, "400": { "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", @@ -4701,8 +4568,18 @@ } } }, - "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4722,53 +4599,26 @@ } } } - } - }, - "/monitor/dimensions_query": { - "x-feature-flag": "observability-zones-support", - "post": { + }, + "get": { "tags": [ - "Metrics" + "WAF Log Profiles" ], - "summary": "Retrieve dimensions values.", - "operationId": "queryDimensionsInput", - "description": "Returns dimensions values for NGINX entities based on query parameters.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DimensionsQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "dimensions": [ - "server_zone" - ], - "filter": [ - { - "filterSet": [ - { - "dimension": "instance_object_id", - "operator": "=", - "values": [ - "instance-obj-1" - ] - } - ] - } - ] - } - } + "summary": "Get WAF log profile details", + "description": "Returns WAF log profile details.", + "operationId": "getWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully retrieved dimension values.", + "description": "Successfully returned WAF log profile details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DimensionsQueryResultEx" + "$ref": "#/components/schemas/NapLogProfileObjectDetails" } } } @@ -4783,8 +4633,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4792,175 +4642,74 @@ } } } - } - } - } - }, - "/settings/instance-cleanup": { - "get": { - "tags": [ - "Settings" - ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", - "responses": { - "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", - "tags": [ - "Settings" - ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/Error" } } } }, "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/settings/acme": { - "get": { - "x-feature-flag": "acme-cert", - "x-nodoc": true, - "tags": [ - "Settings" - ], - "summary": "Retrieve settings", - "description": "Retrieves settings for ACME Integration to provision SSL certificates\n", - "operationId": "getSettingACME", - "responses": { - "200": { - "description": "Successfully retrieved the setting for ACME integration.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" + "$ref": "#/components/schemas/Error" } } } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" } } }, "put": { - "x-nodoc": true, - "x-feature-flag": "acme-cert", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX ACME Integrations Setting", "tags": [ - "Settings" + "WAF Log Profiles" + ], + "summary": "Update WAF log profile details", + "description": "Updates WAF log profile details.", + "operationId": "updateWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } ], - "summary": "Update settings", - "description": "Update settings for ACME Integration to provision SSL certificates\n", - "operationId": "updateSettingACME", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" + "$ref": "#/components/schemas/NapLogProfileUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully updated settings for ACME integration.", + "description": "Successfully updated WAF log profile details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" + "$ref": "#/components/schemas/NapLogProfileMetadata" } } } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/nginx-usage": { - "post": { - "tags": [ - "Usage" - ], - "x-feature-flag": "entitlement", - "summary": "Use http POST on this API to register NGINX instances", - "description": "Creates a usage entry from NGINX instance", - "operationId": "postUsageTracking", - "security": [ - { - "BearerAuth": [] - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxUsageTrackingRequest" - }, - "examples": { - "nginxUsageTrackingRequest": { - "$ref": "#/components/examples/NginxUsageTrackingRequest" + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } - } - }, - "responses": { - "204": { - "description": "Successfully created the usage entry." }, - "400": { - "description": "Missing or bad data in request.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4969,8 +4718,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4992,66 +4741,69 @@ } } }, - "/nginx-usage/batch": { - "post": { + "/app-protect/log-profiles/{nap_log_profile_object_id}/compile": { + "get": { "tags": [ - "Usage" + "WAF Log Profiles" ], - "x-feature-flag": "entitlement-batch", - "summary": "Use http POST on this API to send usage information in batch", - "description": "Creates a usage entry from NGINX instance", - "operationId": "postUsageTrackingBatch", - "security": [ + "summary": "Compile WAF log profile", + "description": "Compiles a WAF log profile and returns the request status or compiled bundle.", + "operationId": "compileWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapCompileNapRelease" + }, { - "BearerAuth": [] + "$ref": "#/components/parameters/NapCompileDownload" + }, + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxUsageTrackingBatchRequest" + "responses": { + "200": { + "description": "WAF log profile compiled successfully, when `download` is `true`.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } }, - "examples": { - "nginxUsageTrackingBatchRequest": { - "$ref": "#/components/examples/NginxUsageTrackingBatchRequest" + "application/gzip": { + "schema": { + "type": "string", + "format": "binary", + "example": "log_all.tar.gz" } } - }, - "application/gzip": { - "schema": { - "type": "string", - "format": "binary", - "description": "Compressed JSON array of usage tracking requests" - } } - } - }, - "responses": { - "204": { - "description": "Successfully process batch of usage entries." }, - "400": { - "description": "Missing or bad data in request.", + "202": { + "description": "Accepted the WAF log profile compile request.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapCompileStatus" } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "WAF log profile compilation failed, when `download` is `true`.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapCompileStatus" } } } }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -5065,51 +4817,56 @@ } } }, - "/chatbot/message": { - "post": { - "x-nginx-one-action": "query", - "x-nginx-one-entity": "NGINX One AI Assistant", - "x-nodoc": true, + "/app-protect/log-profiles/{nap_log_profile_object_id}/deployments": { + "get": { "tags": [ - "Chatbot" + "WAF Log Profiles" + ], + "summary": "List WAF log profile deployments", + "description": "Returns a list of WAF log profile deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Deployment status\n", + "operationId": "listWafLogProfileDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfileDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapLogProfileDeployment" + } ], - "summary": "Send a prompt to the AI Gateway", - "description": "This endpoint sends a prompt as a specified persona to the AI Gateway.", - "operationId": "sendChatbotMessage", - "requestBody": { - "description": "The request body contains the message you want to send to the chatbot", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ChatbotRequest" - }, - "examples": { - "ChatbotRequest": { - "$ref": "#/components/examples/ChatbotRequest" - } - } - } - } - }, "responses": { "200": { - "description": "The message was sent successfully.", + "description": "Successfully returned WAF log profile deployments.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ChatbotResponse" - }, - "examples": { - "ChatbotResponse": { - "$ref": "#/components/examples/ChatbotResponse" - } + "$ref": "#/components/schemas/NapLogProfileDeploymentsListResponse" } } } }, "400": { - "description": "The request is missing data or contains bad data.", + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -5119,7 +4876,7 @@ } }, "401": { - "description": "Access is denied.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5128,8 +4885,8 @@ } } }, - "422": { - "description": "Prompt cannot be answered due to a policy violation.", + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5139,7 +4896,7 @@ } }, "500": { - "description": "A server error occurred. Please try again later.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -5151,40 +4908,56 @@ } } }, - "/chatbot/feedback": { - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX One AI Assistant", - "x-nodoc": true, + "/app-protect/policies": { + "get": { "tags": [ - "Chatbot" + "NGINX App Protect" ], - "summary": "Record feedback for a specific response from the AI Assistant", - "description": "This endpoint records feedback for a specific response from the AI Assistant which is then stored in an s3 bucket", - "operationId": "saveChatbotFeedback", - "requestBody": { - "description": "The request body contains the feedback for a specific response from the AI Assistant", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ChatbotFeedback" - }, - "examples": { - "ChatbotRequest": { - "$ref": "#/components/examples/ChatbotFeedback" - } - } - } + "summary": "List NGINX App Protect policies", + "description": "Returns a list of NGINX App Protect policies along with deployment details.", + "operationId": "listNapPolicies", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPoliciesDep" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicies" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicy" } - }, + ], "responses": { "200": { - "description": "The feedback was sent successfully.", - "content": {} + "description": "Successfully returned NGINX App Protect policies.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyListResponse" + } + } + } }, "400": { - "description": "The request is missing data or contains bad data.", + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -5194,7 +4967,7 @@ } }, "401": { - "description": "Access is denied.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5204,7 +4977,7 @@ } }, "500": { - "description": "A server error occurred. Please try again later.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -5214,65 +4987,39 @@ } } } - } - }, - "/inventory": { - "post": { - "x-feature-flag": "inventory", + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ - "Inventory" + "NGINX App Protect" ], - "summary": "NGINX Plus: Retrieve tenant usage information", - "operationId": "getInventory", - "description": "Based on query parameters.\n\nYou can filter and aggregate metrics by name and `start_time` through `end_time`.\n", + "summary": "Bulk operation on multiple Nap policy", + "operationId": "bulkNAPPolicy", + "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InventoryMetricQueryRequest" - }, - "example": { - "start_time": "now-1d", - "end_time": "now", - "metrics": [ - { - "name": "nginx.plus.instances", - "aggregate": [ - "count", - "sum", - "avg", - "min", - "max" - ] - }, - { - "name": "k8s.cluster.nodes", - "aggregate": [ - "count", - "sum", - "avg", - "min", - "max" - ] - } - ] + "$ref": "#/components/schemas/NapPolicyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully retrieved tenant usage information.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InventoryResponse" + "$ref": "#/components/schemas/NapBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5292,239 +5039,176 @@ } } } - } - }, - "/app-protect/signatures": { - "get": { + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ "NGINX App Protect" ], - "summary": "List Signatures", - "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", - "operationId": "listSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatures" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatures" + "summary": "Create NGINX App Protect policy", + "description": "Creates NGINX App Protect policy.", + "operationId": "createNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } } - ], + }, "responses": { - "200": { - "description": "Successfully returned list of signatures.", + "201": { + "description": "Successfully created NGINX App Protect policy.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureListResponse" + "$ref": "#/components/schemas/NapPolicyMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } } }, - "/app-protect/signatures/{signatureID}": { - "get": { + "/app-protect/policies/{nap_policy_object_id}": { + "delete": { "tags": [ "NGINX App Protect" ], - "summary": "Retrieve a NGINX App Protect signature.", - "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Delete NGINX App Protect policy", + "description": "Deletes NGINX App Protect policy.", + "operationId": "deleteNapPolicy", "parameters": [ { - "$ref": "#/components/parameters/NapSignatureID" + "$ref": "#/components/parameters/NapPolicyParamObjectID" } ], - "operationId": "getSignature", "responses": { - "200": { - "description": "Successfully returned the specified signature.", + "204": { + "description": "Successfully deleted NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect signature sets", - "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", - "operationId": "listSignatureSets", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatureSets" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatureSets" - } - ], - "responses": { - "200": { - "description": "Successfully returned signature sets.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureSetListResponse" + "$ref": "#/components/schemas/Error" } } } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" } } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}": { + }, "get": { "tags": [ "NGINX App Protect" ], - "summary": "Retrieve a NGINX App Protect signature set", - "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", - "operationId": "getSignatureSet", + "summary": "Get NGINX App Protect policy details", + "description": "Returns NGINX App Protect policy summary.", + "operationId": "getNapPolicy", "parameters": [ { - "$ref": "#/components/parameters/NapSignatureSetObjectID" + "$ref": "#/components/parameters/NapPolicyParamObjectID" } ], "responses": { "200": { - "description": "Successfully returned Signature Sets.", + "description": "Successfully returned NGINX App Protect policy details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureSet" + "$ref": "#/components/schemas/NapPolicyObject" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect signatures in the specified signature set.", - "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", - "operationId": "listSignatureSetSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureSetObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned signatures for signature set.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureMeta" - } + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/threat-campaign/versions": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List Threat Campaign versions", - "description": "Returns Threat Campaign versions.", - "operationId": "listThreatCampaignVersions", - "responses": { - "200": { - "description": "Successfully returned Threat Campaign versions.", + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ThreatCampaignVersionsListResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5544,71 +5228,44 @@ } } } - } - }, - "/app-protect/attack-signature/versions": { - "get": { + }, + "put": { "tags": [ "NGINX App Protect" ], - "summary": "List Attack Signature versions", - "description": "Returns Attack Signature versions.", - "operationId": "listAttackSignatureVersions", - "responses": { - "200": { - "description": "Successfully returned Attack Signature versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttackSignatureVersionsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Update NGINX App Protect policy details", + "description": "Update NGINX App Protect policy details.", + "operationId": "updateNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" } } } - } - } - }, - "/app-protect/bot-signature/versions": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List Bot Signature versions", - "description": "Returns Bot Signature versions.", - "operationId": "listBotSignatureVersions", + }, "responses": { - "200": { - "description": "Successfully returned Bot Signature versions.", + "201": { + "description": "Successfully created an NGINX App Protect policy version.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/BotSignatureVersionsListResponse" + "$ref": "#/components/schemas/NapPolicyMetadata" } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -5617,8 +5274,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5626,31 +5283,9 @@ } } } - } - } - } - }, - "/app-protect/versions": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List supported NGINX App Protect versions", - "description": "Returns supported NGINX App Protect versions details for releases.", - "operationId": "listNapVersions", - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapVersionsListResponse" - } - } - } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5672,15 +5307,18 @@ } } }, - "/app-protect/policies": { + "/app-protect/policies/{nap_policy_object_id}/deployments": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "List NGINX App Protect policies", - "description": "Returns a list of NGINX App Protect policies along with deployment details.", - "operationId": "listNapPolicies", + "summary": "List NGINX App Protect deployments", + "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", + "operationId": "listNapPolicyDeployments", "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, { "$ref": "#/components/parameters/Paginated" }, @@ -5694,10 +5332,10 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapPoliciesDep" + "$ref": "#/components/parameters/SortNameNapPolicyDeploymentsDep" }, { - "$ref": "#/components/parameters/SortNameNapPolicies" + "$ref": "#/components/parameters/SortNameNapPolicyDeployments" }, { "$ref": "#/components/parameters/FilterOperands" @@ -5706,16 +5344,16 @@ "$ref": "#/components/parameters/FilterValues" }, { - "$ref": "#/components/parameters/FilterFieldNapPolicy" + "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect policies.", + "description": "Successfully returned NGINX App Protect deployments.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyListResponse" + "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" } } } @@ -5740,6 +5378,16 @@ } } }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -5751,43 +5399,28 @@ } } } - }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX App Protect Policies", + } + }, + "/app-protect/policies/{nap_policy_object_id}/version": { + "get": { "tags": [ "NGINX App Protect" ], - "summary": "Create NGINX App Protect policy", - "description": "Creates NGINX App Protect policy.", - "operationId": "createNapPolicy", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicy" - } - } - } - }, + "summary": "Get the latest NGINX App Protect policy version details", + "description": "Returns the latest NGINX App Protect policy version details.", + "operationId": "getLatestNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], "responses": { - "201": { - "description": "Successfully created NGINX App Protect policy.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapPolicyVersionDetails" } } } @@ -5802,50 +5435,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX App Protect Policies", - "tags": [ - "NGINX App Protect" - ], - "summary": "Bulk operation on multiple Nap policy", - "operationId": "bulkNAPPolicy", - "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyBulkRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5867,26 +5458,53 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}": { + "/app-protect/policies/{nap_policy_object_id}/versions": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "Get NGINX App Protect policy details", - "description": "Returns NGINX App Protect policy summary.", - "operationId": "getNapPolicy", + "summary": "List NGINX App Protect policy versions", + "description": "Returns NGINX App Protect policy versions.", + "operationId": "listNapPolicyVersions", "parameters": [ { "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersionsDep" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy details.", + "description": "Successfully returned the NGINX App Protect policy versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyObject" + "$ref": "#/components/schemas/NapPolicyVersionsListResponse" } } } @@ -5932,51 +5550,29 @@ } } } - }, - "put": { + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policy Version", "tags": [ "NGINX App Protect" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Update NGINX App Protect policy details", - "description": "Update NGINX App Protect policy details.", - "operationId": "updateNapPolicy", + "summary": "Delete NGINX App Protect policy version", + "description": "Deletes the NGINX App Protect policy version.", + "operationId": "deleteNapPolicyVersion", "parameters": [ { "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicy" - } - } - } - }, "responses": { - "201": { - "description": "Successfully created an NGINX App Protect policy version.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "Successfully deleted the NGINX App Protect policy version." }, "401": { "description": "Access denied.", @@ -5989,7 +5585,7 @@ } }, "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", "content": { "application/json": { "schema": { @@ -6010,30 +5606,28 @@ } } }, - "delete": { + "get": { "tags": [ "NGINX App Protect" ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Delete NGINX App Protect policy", - "description": "Deletes NGINX App Protect policy.", - "operationId": "deleteNapPolicy", + "summary": "Get the specified NGINX App Protect policy version details", + "description": "Returns the specified NGINX App Protect policy version details.", + "operationId": "getNapPolicyVersion", "parameters": [ { "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect policy." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapPolicyVersionDetails" } } } @@ -6049,7 +5643,7 @@ } }, "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", "content": { "application/json": { "schema": { @@ -6069,61 +5663,48 @@ } } } - } - }, - "/app-protect/policies/{nap_policy_object_id}/versions": { - "get": { + }, + "patch": { "tags": [ "NGINX App Protect" ], - "summary": "List NGINX App Protect policy versions", - "description": "Returns NGINX App Protect policy versions.", - "operationId": "listNapPolicyVersions", + "x-feature-flag": "waf-policy-version-rename", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX App Protect Policy Version", + "summary": "Update WAF policy version comment", + "description": "Updates the version comment of an existing WAF policy version.\nAll other policy version fields are immutable.\n", + "operationId": "updateWafPolicyVersionComment", "parameters": [ { "$ref": "#/components/parameters/NapPolicyParamObjectID" }, { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyVersionsDep" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyVersions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionUpdate" + } + } + } + }, "responses": { "200": { - "description": "Successfully returned the NGINX App Protect policy versions.", + "description": "Successfully updated the WAF policy version comment.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + "$ref": "#/components/schemas/NapPolicyVersionDetails" } } } }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "The request body is invalid. Verify the JSON payload for correctness.", "content": { "application/json": { "schema": { @@ -6143,7 +5724,7 @@ } }, "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_object_id was not found. Check that the object IDs provided are correct and correspond to existing resources.", "content": { "application/json": { "schema": { @@ -6165,233 +5746,203 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}/version": { + "/app-protect/signature-sets": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "Get the latest NGINX App Protect policy version details", - "description": "Returns the latest NGINX App Protect policy version details.", - "operationId": "getLatestNapPolicyVersion", + "summary": "List NGINX App Protect signature sets", + "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", + "operationId": "listSignatureSets", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policy version details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" - } - } - } + "$ref": "#/components/parameters/Paginated" }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + { + "$ref": "#/components/parameters/Limit" }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatureSets" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatureSets" + } + ], + "responses": { + "200": { + "description": "Successfully returned signature sets.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapSignatureSetListResponse" } } } }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "/app-protect/signature-sets/{signatureSetObjectID}": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "Get the specified NGINX App Protect policy version details", - "description": "Returns the specified NGINX App Protect policy version details.", - "operationId": "getNapPolicyVersion", + "summary": "Retrieve a NGINX App Protect signature set", + "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", + "operationId": "getSignatureSet", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + "$ref": "#/components/parameters/NapSignatureSetObjectID" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy version details.", + "description": "Successfully returned Signature Sets.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" + "$ref": "#/components/schemas/NapSignatureSet" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } - }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policy Version", + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { + "get": { "tags": [ "NGINX App Protect" ], - "summary": "Delete NGINX App Protect policy version", - "description": "Deletes the NGINX App Protect policy version.", - "operationId": "deleteNapPolicyVersion", + "summary": "List NGINX App Protect signatures in the specified signature set.", + "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", + "operationId": "listSignatureSetSignatures", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + "$ref": "#/components/parameters/NapSignatureSetObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted the NGINX App Protect policy version." - }, - "401": { - "description": "Access denied.", + "200": { + "description": "Successfully returned signatures for signature set.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureMeta" + } } } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "401": { + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}/compile": { + "/app-protect/signatures": { "get": { - "x-feature-flag": "nap-policy-version-download", "tags": [ "NGINX App Protect" ], - "summary": "Compile WAF Policy Version", - "description": "Compiles a WAF policy version and returns the request status or compiled bundle.", - "operationId": "compileWafPolicyVersion", + "summary": "List Signatures", + "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", + "operationId": "listSignatures", "parameters": [ { - "$ref": "#/components/parameters/NapCompileNapRelease" + "$ref": "#/components/parameters/Paginated" }, { - "$ref": "#/components/parameters/NapCompileDownload" + "$ref": "#/components/parameters/Limit" }, { - "$ref": "#/components/parameters/NapPolicyParamObjectID" + "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatures" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatures" } ], "responses": { "200": { - "description": "WAF policy version compiled successfully, when `download` is `true`.", + "description": "Successfully returned list of signatures.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" - } - }, - "application/gzip": { - "schema": { - "type": "string", - "format": "binary", - "example": "policy.tar.gz" + "$ref": "#/components/schemas/NapSignatureListResponse" } } } }, - "202": { - "description": "Accepted the WAF policy version compile request.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapCompileStatus" - } - } - } + "401": { + "$ref": "#/components/responses/Unauthorized" }, - "400": { - "description": "WAF policy version compilation failed, when `download` is `true`.", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signatures/{signatureID}": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature.", + "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureID" + } + ], + "operationId": "getSignature", + "responses": { + "200": { + "description": "Successfully returned the specified signature.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" + "$ref": "#/components/schemas/NapSignature" } } } @@ -6399,34 +5950,21 @@ "401": { "$ref": "#/components/responses/Unauthorized" }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/deployments": { + "/templates": { "get": { "tags": [ - "NGINX App Protect" + "Templates" ], - "summary": "List NGINX App Protect deployments", - "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", - "operationId": "listNapPolicyDeployments", + "summary": "List Templates", + "description": "Retrieves a list of templates.\n", + "operationId": "listTemplates", "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, { "$ref": "#/components/parameters/Paginated" }, @@ -6440,125 +5978,110 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapPolicyDeploymentsDep" + "$ref": "#/components/parameters/SortNameTemplates" }, { - "$ref": "#/components/parameters/SortNameNapPolicyDeployments" + "$ref": "#/components/parameters/FilterFieldTemplates" }, { "$ref": "#/components/parameters/FilterOperands" }, { "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect deployments.", + "description": "Successfully returned list of templates.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplatesListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Create a new Template\n", + "description": "Creates a new Template.\n\nUpon successful validation, the template will be created and made available for use.\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", + "operationId": "createTemplate", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateCreationRequest" } } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + } + }, + "responses": { + "201": { + "description": "Successfully created the template.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/log-profiles": { - "get": { + "/templates/{templateObjectID}": { + "delete": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "List WAF log profiles", - "description": "Returns a list of WAF log profiles.", - "operationId": "listWafLogProfiles", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Delete a Template", + "description": "Deletes an NGINX configuration template by its unique identifier.\n", + "operationId": "deleteTemplate", "parameters": [ { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapLogProfilesDep" - }, - { - "$ref": "#/components/parameters/SortNameNapLogProfiles" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapLogProfile" + "$ref": "#/components/parameters/TemplateParamObjectID" } ], "responses": { - "200": { - "description": "Successfully returned WAF log profiles.", + "204": { + "description": "Successfully deleted the template." + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileListResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -6579,143 +6102,101 @@ } } }, - "post": { + "get": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "Create WAF log profile", - "description": "Creates a WAF log profile.", - "operationId": "createWafLogProfile", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileCreateRequest" - } - } + "summary": "Retrieve a Template", + "description": "Retrieves detailed information about a latest template version by its unique identifier.\n", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" } - }, + ], + "operationId": "getTemplate", "responses": { - "201": { - "description": "Successfully created WAF log profile.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully returned details of the specified template.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } - } - }, - "/app-protect/log-profiles/{nap_log_profile_object_id}": { - "get": { + }, + "patch": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "Get WAF log profile details", - "description": "Returns WAF log profile details.", - "operationId": "getWafLogProfile", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Updates metadata for an existing template.", + "description": "Partially updates the specified metadata of an existing template. Only fields provided in the request body will be updated; omitted fields will retain their existing values.\n", + "operationId": "patchTemplateMetadata", "parameters": [ { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateMetadataPatchRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully returned WAF log profile details.", + "description": "Successfully patched the template metadata.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileObjectDetails" + "$ref": "#/components/schemas/TemplateSummary" } } } }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InvalidRequest" }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } }, "put": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "Update WAF log profile details", - "description": "Updates WAF log profile details.", - "operationId": "updateWafLogProfile", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update all metadata of an existing template.", + "description": "Updates all the metadata of an existing template.\n", + "operationId": "updateTemplateMetadata", "parameters": [ { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" } ], "requestBody": { @@ -6723,135 +6204,99 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileUpdateRequest" + "$ref": "#/components/schemas/TemplateMetadataUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully updated WAF log profile details.", + "description": "Successfully updated the template metadata.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "$ref": "#/components/schemas/TemplateSummary" } } } }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InvalidRequest" }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } - }, - "delete": { + } + }, + "/templates/{templateObjectID}/copy": { + "post": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "Delete WAF log profile", - "description": "Deletes a WAF log profile.", - "operationId": "deleteWafLogProfile", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Copy a Template", + "description": "Creates a new template by copying the latest version of an existing template.\nThe new template starts at version 1 in draft state.\nFiles, type, and context configuration are copied from the source template.\n", + "operationId": "copyTemplate", "parameters": [ { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateCopyRequest" + } + } + } + }, "responses": { - "204": { - "description": "Successfully deleted WAF log profile." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "201": { + "description": "Successfully copied the template.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/log-profiles/{nap_log_profile_object_id}/deployments": { + "/templates/{templateObjectID}/submissions": { "get": { - "x-feature-flag": "log-profile-deployment", "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "List WAF log profile deployments", - "description": "Returns a list of WAF log profile deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Deployment status\n", - "operationId": "listWafLogProfileDeployments", + "summary": "List Template Submissions for Template", + "description": "Retrieves a list of template submissions scoped to a specific template (any version).\n", + "operationId": "listTemplateSubmissionsForTemplate", "parameters": [ { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" }, { "$ref": "#/components/parameters/Paginated" @@ -6866,51 +6311,34 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapLogProfileDeployments" + "$ref": "#/components/parameters/SortNameSubmissions" }, { - "$ref": "#/components/parameters/FilterOperands" + "$ref": "#/components/parameters/FilterFieldSubmissions" }, { - "$ref": "#/components/parameters/FilterValues" + "$ref": "#/components/parameters/FilterOperands" }, { - "$ref": "#/components/parameters/FilterFieldNapLogProfileDeployment" + "$ref": "#/components/parameters/FilterValues" } ], "responses": { "200": { - "description": "Successfully returned WAF log profile deployments.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileDeploymentsListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully returned list of template submissions for the specified template.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateSubmissionListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "description": "Template with the specified object_id was not found.", "content": { "application/json": { "schema": { @@ -6920,75 +6348,65 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/log-profiles/{nap_log_profile_object_id}/compile": { - "get": { - "x-feature-flag": "log-profile-deployment", + "/templates/{templateObjectID}/submissions/{submissionObjectID}": { + "put": { "tags": [ - "WAF Log Profiles" + "Templates" ], - "summary": "Compile WAF log profile", - "description": "Compiles a WAF log profile and returns the request status or compiled bundle.", - "operationId": "compileWafLogProfile", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update a single template's values in a submission", + "description": "Partially updates an existing template submission by replacing the input values\nfor a single template identified by `templateObjectID`. All other templates in\nthe submission retain their existing values, and the full NGINX configuration is\nre-rendered using the merged values.\n\nPayloads and target objects are preserved from the existing submission and cannot\nbe changed through this endpoint.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", + "operationId": "updateSingleTemplateSubmission", "parameters": [ { - "$ref": "#/components/parameters/NapCompileNapRelease" + "$ref": "#/components/parameters/TemplateParamObjectID" }, { - "$ref": "#/components/parameters/NapCompileDownload" + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" }, { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateSingleTemplateSubmissionRequest" + } + } + } + }, "responses": { "200": { - "description": "WAF log profile compiled successfully, when `download` is `true`.", + "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" - } - }, - "application/gzip": { - "schema": { - "type": "string", - "format": "binary", - "example": "log_all.tar.gz" + "$ref": "#/components/schemas/PreviewNginxConfig" } } } }, "202": { - "description": "Accepted the WAF log profile compile request.", + "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" + "$ref": "#/components/schemas/TemplateSubmissionResponse" } } } }, "400": { - "description": "WAF log profile compilation failed, when `download` is `true`.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapCompileStatus" - } - } - } + "$ref": "#/components/responses/InvalidRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" @@ -6996,8 +6414,8 @@ "404": { "$ref": "#/components/responses/NotFound" }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "409": { + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", "content": { "application/json": { "schema": { @@ -7005,19 +6423,25 @@ } } } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/global-settings": { + "/templates/{templateObjectID}/versions": { "get": { "tags": [ - "NGINX App Protect" + "Templates" ], - "summary": "List NGINX App Protect global setting objects", - "description": "Returns NGINX App Protect global setting objects.", - "operationId": "listNapGlobalSettings", + "summary": "List template versions", + "description": "Lists all versions for a specific template.\n", + "operationId": "listTemplateVersions", "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, { "$ref": "#/components/parameters/Paginated" }, @@ -7031,141 +6455,124 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapGlobalSettingsDep" + "$ref": "#/components/parameters/SortNameVersions" }, { - "$ref": "#/components/parameters/SortNameNapGlobalSettings" + "$ref": "#/components/parameters/FilterFieldTemplateVersions" }, { "$ref": "#/components/parameters/FilterOperands" }, { "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapGlobalSetting" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect global settings.", + "description": "Successfully returned list of template versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapGlobalSettingsListResponse" + "$ref": "#/components/schemas/TemplateVersionsListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } }, "post": { "tags": [ - "NGINX App Protect" + "Templates" + ], + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Create a new template version", + "description": "Creates a new version for a template or updates an existing draft version, based on the provided content and the state of the latest version:\n\n- If the latest version is a **draft** and the content has changed, the draft is updated in place.\n- If the latest version is **final** and the content has changed, a new draft version is created.\n- If the content is unchanged (matches the latest version), no changes are made and the latest version is returned.\n\nThe response indicates whether a new version was created/updated (`201 Created`) or if the content was unchanged (`200 OK`).\n", + "operationId": "createTemplateVersion", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } ], - "summary": "Create NGINX App Protect global setting object", - "description": "Creates NGINX App Protect global setting object.", - "operationId": "createNapGlobalSetting", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapGlobalSettingCreateRequest" + "$ref": "#/components/schemas/TemplateCreationRequest" } } } }, "responses": { - "201": { - "description": "Successfully created NGINX App Protect global setting object.", + "200": { + "description": "Content hash matches existing version. Returns the existing version.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "201": { + "description": "Successfully created or updated the template version.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/global-settings/{nap_global_setting_object_id}": { - "get": { + "/templates/{templateObjectID}/versions/{templateVersionObjectID}": { + "delete": { "tags": [ - "NGINX App Protect" + "Templates" ], - "summary": "Get NGINX App Protect global setting details", - "description": "Returns the NGINX App Protect global setting details.", - "operationId": "getNapGlobalSetting", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Delete a template version", + "description": "Deletes a specific version of a template by its version ID, the following constraints apply:\n\n- The latest version cannot be deleted. If you wish to delete the latest version you can delete the entire template via a separate API which will remove all versions.\n", + "operationId": "deleteTemplateVersion", "parameters": [ { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateVersionParamObjectID" } ], "responses": { - "200": { - "description": "Successfully returned NGINX App Protect global setting details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingGetResponse" - } - } - } + "204": { + "description": "Successfully deleted the template version." }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Cannot delete the latest version.", "content": { "application/json": { "schema": { @@ -7175,17 +6582,13 @@ } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "$ref": "#/components/responses/NotFound" + }, + "409": { + "description": "Cannot delete a template version that is associated with template submissions.", "content": { "application/json": { "schema": { @@ -7195,130 +6598,102 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } }, - "put": { + "get": { "tags": [ - "NGINX App Protect" + "Templates" ], - "summary": "Update NGINX App Protect global setting details", - "description": "Update NGINX App Protect global setting details.", - "operationId": "updateNapGlobalSetting", + "summary": "Get a specific template version", + "description": "Retrieves a specific version of a template by its version ID.\n", + "operationId": "getTemplateVersion", "parameters": [ { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateVersionParamObjectID" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingUpdateRequest" - } - } - } - }, "responses": { "200": { - "description": "Successfully updated NGINX App Protect global setting details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully returned template version.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateDetailsResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/NotFound" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } - }, - "delete": { + } + }, + "/templates/{templateVersionObjectID}/config": { + "post": { "tags": [ - "NGINX App Protect" + "Templates" ], - "summary": "Delete NGINX App Protect global setting object", - "description": "Deletes NGINX App Protect global setting object.", - "operationId": "deleteNapGlobalSetting", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Generates an NGINX configuration for an augment template.", "parameters": [ { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + "$ref": "#/components/parameters/TemplateVersionParamObjectID" } ], + "description": "Generates an NGINX configuration snippet for a single augment template using inputs validated against its template schema. \nThe snippet should be placed into an appropriate block in an existing NGINX configuration.\n\nAny `augment_includes` will be preserved as directives in the config output, for example: `augment_includes \"http\";`. \nThese directives can be used to determine available augment attachment points (and their labels) for powering dynamic, \ninteractive config construction experiences.\n", + "operationId": "getPartialConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSnippetRenderRequest" + } + } + } + }, "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect global setting object." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Responds with the rendered snippet of NGINX configuration.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/TemplateSnippetRenderResponse" + }, + "example": { + "files": [ + { + "contents": "CnNlcnZlciAzNS45NS40MS40Mjo4MDgxIGRvd247CnNlcnZlciAzNC4yMTAuMTYuMDo4MDgxOw==", + "mtime": "0001-01-01T00:00:00Z", + "name": "upstream.conf", + "size": 55 + } + ], + "errors": [] } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -7328,38 +6703,51 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/deployments": { - "get": { + "/templates/import": { + "post": { "tags": [ - "Deployments" + "Templates" ], - "summary": "List NAAS deployments", - "description": "Returns a list of NAAS deployments.", - "operationId": "listDeployments", + "x-nginx-one-action": "import", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Import a Template\n", + "description": "Imports a new template from a `.tar.gz` archive.\n\nUpon successful validation, the template will be created and made available for use.\n\n**Size limits:**\n- Maximum compressed archive size: 1 MB\n- Maximum uncompressed file size (per file): 5 MB\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", + "operationId": "importTemplate", + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "$ref": "#/components/schemas/TemplateImportRequest" + }, + "encoding": { + "file": { + "contentType": "application/gzip, application/x-gzip" + } + }, + "examples": { + "TemplateBaseExample": { + "$ref": "#/components/examples/TemplateBaseSummary" + }, + "TemplateAugmentExample": { + "$ref": "#/components/examples/TemplateAugmentSummary" + } + } + } + } + }, "responses": { - "200": { - "description": "Successfully returned the list of NAAS deployments.", + "201": { + "description": "Successfully imported and created the template.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DeploymentListResponse" - }, - "examples": { - "DeploymentListResponse": { - "$ref": "#/components/examples/DeploymentListResponse" - } + "$ref": "#/components/schemas/TemplateSummary" } } } @@ -7374,144 +6762,126 @@ "$ref": "#/components/responses/InternalServerErr" } } - }, - "post": { + } + }, + "/templates/submissions": { + "get": { "tags": [ - "Deployments" + "Templates" ], - "summary": "Create deployment", - "description": "Creates a new NAAS deployment.", - "operationId": "createDeployment", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeploymentCreateRequest" - }, - "examples": { - "DeploymentCreateRequest": { - "$ref": "#/components/examples/DeploymentCreateRequest" - } - } - } - } - }, - "responses": { - "202": { - "description": "Successfully created the NAAS deployment.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentCreateResponse": { - "$ref": "#/components/examples/DeploymentCreateResponse" - } - } - } - } + "summary": "List Template Submissions", + "description": "Retrieves a list of template submissions.\n", + "operationId": "listTemplateSubmissions", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "400": { - "$ref": "#/components/responses/InvalidRequest" + { + "$ref": "#/components/parameters/Limit" }, - "401": { - "$ref": "#/components/responses/Unauthorized" + { + "$ref": "#/components/parameters/Offset" }, - "403": { - "$ref": "#/components/responses/Forbidden" + { + "$ref": "#/components/parameters/SortDirection" }, - "409": { - "$ref": "#/components/responses/Conflict" + { + "$ref": "#/components/parameters/SortNameSubmissions" + }, + { + "$ref": "#/components/parameters/FilterFieldSubmissions" + }, + { + "$ref": "#/components/parameters/FilterOperands" }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/deployments/{deployment_id}": { - "get": { - "tags": [ - "Deployments" - ], - "summary": "Get NAAS deployment", - "description": "Returns NAAS deployment details.", - "operationId": "getDeployment", - "parameters": [ { - "$ref": "#/components/parameters/DeploymentObjectID" + "$ref": "#/components/parameters/FilterValues" } ], "responses": { "200": { - "description": "Successfully returned the deployment details.", + "description": "Successfully returned list of template submissions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentGetResponse": { - "$ref": "#/components/examples/DeploymentCreateResponse" - } + "$ref": "#/components/schemas/TemplateSubmissionListResponse" } } } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, "401": { "$ref": "#/components/responses/Unauthorized" }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "500": { "$ref": "#/components/responses/InternalServerErr" } } }, - "patch": { + "post": { "tags": [ - "Deployments" + "Templates" ], - "summary": "Update NAAS deployment", - "description": "Updates the specified NAAS deployment.", - "operationId": "updateDeployment", + "summary": "Submit templates for previewing NGINX configuration.", + "description": "Submits a set of templates for rendering NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `true`, the API validates template parameters and renders the full NGINX configuration for preview **without creating a template submission object**. (**Currently, only this mode is supported.**)\n - When `preview_only` is `false` or omitted, the API is intended to render and create a submission. \n - If no target object ID is provided, a new staged config will be created.\n", "parameters": [ { - "$ref": "#/components/parameters/DeploymentObjectID" + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" } ], + "operationId": "submitTemplates", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DeploymentUpdateRequest" + "$ref": "#/components/schemas/TemplateSubmissionRequest" }, "examples": { - "DeploymentUpdateRequest": { - "$ref": "#/components/examples/DeploymentUpdateRequest" + "SubmissionWithPreviewOnly": { + "$ref": "#/components/examples/SubmissionWithPreviewOnly" + }, + "SubmissionForCreateNewStagedConfig": { + "$ref": "#/components/examples/SubmissionForCreateNewStagedConfig" + }, + "SubmissionForUpdateExistingStagedConfigTarget": { + "$ref": "#/components/examples/SubmissionForUpdateExistingStagedConfigTarget" } } } } }, "responses": { + "200": { + "description": "Returned only when the `preview_only` flag is set to `true`.\nResponds with the rendered NGINX configuration that can be used for preview or to create/replace a staged configuration manually.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PreviewNginxConfig" + } + } + } + }, "202": { - "description": "Successfully updated the deployment.", + "description": "The template submission has been accepted and is being processed.\nPublication status(es) can be retrieved by querying the appropriate publications endpoint for the target object.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Deployment" + "$ref": "#/components/schemas/TemplateSubmissionResponse" }, "examples": { - "DeploymentUpdateResponse": { - "$ref": "#/components/examples/DeploymentUpdateResponse" + "staged_config_outcome": { + "summary": "Example successful response for a target submission that creates a staged config", + "value": { + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "target_results": [ + { + "staged_config_status": { + "status": "succeeded" + }, + "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" + } + ] + } } } } @@ -7523,47 +6893,40 @@ "401": { "$ref": "#/components/responses/Unauthorized" }, - "403": { - "$ref": "#/components/responses/Forbidden" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "409": { - "$ref": "#/components/responses/Conflict" + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { "$ref": "#/components/responses/InternalServerErr" } } - }, + } + }, + "/templates/submissions/{submissionObjectID}": { "delete": { "tags": [ - "Deployments" + "Templates" ], - "summary": "Delete NAAS deployment", - "description": "Deletes the specified NAAS deployment.", - "operationId": "deleteDeployment", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "template submissions", + "summary": "Delete a Template Submission", + "description": "Deletes a template submission by its unique identifier.\nThis action is irreversible and will remove all inputs and payloads for the submission.\n", + "operationId": "deleteTemplateSubmission", "parameters": [ { - "$ref": "#/components/parameters/DeploymentObjectID" + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" } ], "responses": { - "202": { - "description": "Successfully deleted the deployment.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentDeleteResponse": { - "$ref": "#/components/examples/DeploymentDeleteResponse" - } - } - } - } + "204": { + "description": "Successfully deleted the template submission." }, "401": { "$ref": "#/components/responses/Unauthorized" @@ -7575,145 +6938,100 @@ "$ref": "#/components/responses/InternalServerErr" } } - } - }, - "/load-test/load-model": { - "post": { - "tags": [ - "Load Test" - ], - "summary": "Create a new load model", - "description": "Creates a new load model with specified parameters and begins pre-loading.", - "requestBody": { - "required": true, - "content": { - "text/plain": { - "schema": { - "type": "string", - "example": "numberOfInstances: 10\ntype: monitor\ncustomer: customer_1\n" - } - } - } - }, - "responses": { - "202": { - "description": "Load model created successfully and pre-loading started", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "loadModelUID": { - "type": "string", - "example": "644f78cf1e7342af967707d5" - } - } - } - } - } - }, - "400": { - "description": "Invalid input", - "$ref": "#/components/responses/InvalidRequest" - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/configuration": { + }, "get": { "tags": [ - "Load Test" + "Templates" ], - "summary": "Get load runner configuration and model details", - "description": "Returns details of the load model and configuration after creation.", + "summary": "Get a Template Submission", + "description": "Retrieves detailed information about a template submission by its unique identifier.\n", + "operationId": "getTemplateSubmission", "parameters": [ { - "$ref": "#/components/parameters/loadModelUID" + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" } ], "responses": { "200": { - "description": "Configuration details", + "description": "Successfully returned the template submission details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ModelConfigurationResponse" - }, - "examples": { - "ModelConfiguration": { - "$ref": "#/components/examples/ModelConfiguration" - } + "$ref": "#/components/schemas/TemplateSubmissionDetailResponse" } } } }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "404": { - "description": "Configuration not found", "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - } - }, - "/load-test/load-runner/{loadModelUID}/status": { - "get": { + }, + "put": { "tags": [ - "Load Test" + "Templates" ], - "summary": "Get current status of a load test", - "description": "Returns the current status of a load test run (e.g., in-progress, not started, provisioning).", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update a Template Submission", + "description": "Performs a full update (replacement) of an existing template submission by\nreplacing all input values and payloads, then re-rendering the NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", + "operationId": "updateTemplateSubmission", "parameters": [ { - "$ref": "#/components/parameters/loadModelUID" + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateTemplateSubmissionRequest" + } + } + } + }, "responses": { "200": { - "description": "Status details for a load test that's ready to run, is running, or has completed.", + "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", "content": { "application/json": { "schema": { - "type": "string", - "example": "not started" + "$ref": "#/components/schemas/PreviewNginxConfig" } } } }, "202": { - "description": "Status details for a load test that is currently being provisioned or failed to be provisioned.", + "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", "content": { "application/json": { "schema": { - "type": "string", - "example": "provisioning" + "$ref": "#/components/schemas/TemplateSubmissionResponse" } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "404": { - "description": "Status not found", "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/start": { - "get": { - "tags": [ - "Load Test" - ], - "summary": "Begins the run for a load model", - "description": "Starts a load test after data preloading is complete.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Operation successful" }, - "404": { - "description": "Failed to start run", + "409": { + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", "content": { "application/json": { "schema": { @@ -7721,8277 +7039,5391 @@ } } } - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/shutdown": { - "put": { - "tags": [ - "Load Test" - ], - "summary": "Initiate stop, shutdown, and cleanup", - "description": "Stops an ongoing load test and performs necessary cleanup operations.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "Optional comment to associate with the shutdown." - } - }, - "required": [ - "comment" - ] - } - } - } - }, - "responses": { - "200": { - "description": "Operation successful" - }, - "400": { - "description": "Invalid action or LoadModelUID", - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/{loadModelUID}/summary": { - "get": { - "tags": [ - "Load Test" - ], - "summary": "Get summary by LoadModelUID of a load test run", - "description": "Returns the summary of a load test run including metrics and results.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Load test summary", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "loadModelUID": { - "type": "string" - }, - "summaryDetails": { - "type": "object", - "example": { - "instancesChecked": 10, - "totalRequests": 10000, - "averageResponseTime": "200ms", - "successRate": "99.9%" - } - } - }, - "required": [ - "loadModelUID", - "summaryDetails" - ] - } - } - } }, - "404": { - "description": "Load test not found", - "$ref": "#/components/responses/NotFound" + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/load-test/observability-metrics": { + "/app-protect/analytics/attacks": { "post": { "tags": [ - "Load Test" + "NGINX One App Protect" ], - "summary": "Store observability metrics for the current load test run", - "description": "Stores observability metrics generated during the test run (e.g., CPU, memory, network usage).", + "summary": "Query attack analytics", + "operationId": "queryAttackAnalytics", + "description": "Returns attack analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` count for the time range\n- With `group_by`: Returns breakdown for that dimension, `total` is omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`request_status`, `request_method`): Returns object with known keys and counts\n- **Dynamic dimensions** (`ip`, `country`, `policy`, `url`, etc.): Returns array of items with cross-dimension context in `distinct` object\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ObservabilityMetricsRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Metrics stored successfully" - }, - "400": { - "description": "Invalid input data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/templates/import": { - "post": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "import", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Import a Template\n", - "description": "Imports a new template from a `.tar.gz` archive.\n\nUpon successful validation, the template will be created and made available for use.\n\n**Size limits:**\n- Maximum compressed archive size: 1 MB\n- Maximum uncompressed file size (per file): 5 MB\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", - "operationId": "importTemplate", - "requestBody": { - "required": true, - "content": { - "multipart/form-data": { - "schema": { - "$ref": "#/components/schemas/TemplateImportRequest" - }, - "encoding": { - "file": { - "contentType": "application/gzip, application/x-gzip" - } + "$ref": "#/components/schemas/AttacksQueryRequest" }, "examples": { - "TemplateBaseExample": { - "$ref": "#/components/examples/TemplateBaseSummary" + "total_only": { + "summary": "Get total attack count (no group_by)", + "value": { + "start_time": "now-24h" + } }, - "TemplateAugmentExample": { - "$ref": "#/components/examples/TemplateAugmentSummary" + "by_request_status": { + "summary": "Get breakdown by request status", + "value": { + "start_time": "now-24h", + "group_by": "request_status" + } + }, + "by_request_outcome_reason": { + "summary": "Get breakdown by request outcome reason", + "value": { + "start_time": "now-24h", + "group_by": "request_outcome_reason" + } + }, + "top_ips": { + "summary": "Top 10 attacking IPs", + "value": { + "start_time": "now-24h", + "group_by": "ip", + "limit": 10 + } + }, + "filtered_top_ips": { + "summary": "Top 10 attacking IPs for blocked requests", + "value": { + "start_time": "now-24h", + "group_by": "ip", + "filter": [ + { + "field": "request_status", + "operator": "=", + "values": [ + "blocked" + ] + } + ], + "order_by": { + "field": "count", + "direction": "desc" + }, + "limit": 10 + } } } } } }, - "responses": { - "201": { - "description": "Successfully imported and created the template.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSummary" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates": { - "get": { - "tags": [ - "Templates" - ], - "summary": "List Templates", - "description": "Retrieves a list of templates.\n", - "operationId": "listTemplates", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameTemplates" - }, - { - "$ref": "#/components/parameters/FilterFieldTemplates" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } - ], "responses": { "200": { - "description": "Successfully returned list of templates.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplatesListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "post": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Create a new Template\n", - "description": "Creates a new Template.\n\nUpon successful validation, the template will be created and made available for use.\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", - "operationId": "createTemplate", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateCreationRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully created the template.\n", + "description": "Successfully returned attack analytics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}": { - "get": { - "tags": [ - "Templates" - ], - "summary": "Retrieve a Template", - "description": "Retrieves detailed information about a latest template version by its unique identifier.\n", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "operationId": "getTemplate", - "responses": { - "200": { - "description": "Successfully returned details of the specified template.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Update all metadata of an existing template.", - "description": "Updates all the metadata of an existing template.\n", - "operationId": "updateTemplateMetadata", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateMetadataUpdateRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated the template metadata.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSummary" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "patch": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Updates metadata for an existing template.", - "description": "Partially updates the specified metadata of an existing template. Only fields provided in the request body will be updated; omitted fields will retain their existing values.\n", - "operationId": "patchTemplateMetadata", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateMetadataPatchRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully patched the template metadata.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSummary" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Delete a Template", - "description": "Deletes an NGINX configuration template by its unique identifier.\n", - "operationId": "deleteTemplate", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the template." - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/templates/{templateObjectID}/copy": { - "post": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Copy a Template", - "description": "Creates a new template by copying the latest version of an existing template.\nThe new template starts at version 1 in draft state.\nFiles, type, and context configuration are copied from the source template.\n", - "operationId": "copyTemplate", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateCopyRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully copied the template.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateVersionObjectID}/config": { - "post": { - "tags": [ - "Templates" - ], - "x-nginx-one-entity": "NGINX config templates", - "summary": "Generates an NGINX configuration for an augment template.", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateVersionParamObjectID" - } - ], - "description": "Generates an NGINX configuration snippet for a single augment template using inputs validated against its template schema. \nThe snippet should be placed into an appropriate block in an existing NGINX configuration.\n\nAny `augment_includes` will be preserved as directives in the config output, for example: `augment_includes \"http\";`. \nThese directives can be used to determine available augment attachment points (and their labels) for powering dynamic, \ninteractive config construction experiences.\n", - "operationId": "getPartialConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSnippetRenderRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Responds with the rendered snippet of NGINX configuration.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSnippetRenderResponse" - }, - "example": { - "files": [ - { - "contents": "CnNlcnZlciAzNS45NS40MS40Mjo4MDgxIGRvd247CnNlcnZlciAzNC4yMTAuMTYuMDo4MDgxOw==", - "mtime": "0001-01-01T00:00:00Z", - "name": "upstream.conf", - "size": 55 - } - ], - "errors": [] - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}/submissions": { - "get": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "summary": "List Template Submissions for Template", - "description": "Retrieves a list of template submissions scoped to a specific template (any version).\n", - "operationId": "listTemplateSubmissionsForTemplate", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameSubmissions" - }, - { - "$ref": "#/components/parameters/FilterFieldSubmissions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } - ], - "responses": { - "200": { - "description": "Successfully returned list of template submissions for the specified template.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "description": "Template with the specified object_id was not found.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}/versions": { - "get": { - "tags": [ - "Templates" - ], - "summary": "List template versions", - "description": "Lists all versions for a specific template.\n", - "operationId": "listTemplateVersions", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameVersions" - }, - { - "$ref": "#/components/parameters/FilterFieldTemplateVersions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } - ], - "responses": { - "200": { - "description": "Successfully returned list of template versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateVersionsListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "post": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Create a new template version", - "description": "Creates a new version for a template or updates an existing draft version, based on the provided content and the state of the latest version:\n\n- If the latest version is a **draft** and the content has changed, the draft is updated in place.\n- If the latest version is **final** and the content has changed, a new draft version is created.\n- If the content is unchanged (matches the latest version), no changes are made and the latest version is returned.\n\nThe response indicates whether a new version was created/updated (`201 Created`) or if the content was unchanged (`200 OK`).\n", - "operationId": "createTemplateVersion", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateCreationRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Content hash matches existing version. Returns the existing version.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "201": { - "description": "Successfully created or updated the template version.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}/versions/{templateVersionObjectID}": { - "get": { - "tags": [ - "Templates" - ], - "summary": "Get a specific template version", - "description": "Retrieves a specific version of a template by its version ID.\n", - "operationId": "getTemplateVersion", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - }, - { - "$ref": "#/components/parameters/TemplateVersionParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned template version.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Delete a template version", - "description": "Deletes a specific version of a template by its version ID, the following constraints apply:\n\n- The latest version cannot be deleted. If you wish to delete the latest version you can delete the entire template via a separate API which will remove all versions.\n", - "operationId": "deleteTemplateVersion", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - }, - { - "$ref": "#/components/parameters/TemplateVersionParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the template version." - }, - "400": { - "description": "Cannot delete the latest version.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "409": { - "description": "Cannot delete a template version that is associated with template submissions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/submissions": { - "get": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "summary": "List Template Submissions", - "description": "Retrieves a list of template submissions.\n", - "operationId": "listTemplateSubmissions", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameSubmissions" - }, - { - "$ref": "#/components/parameters/FilterFieldSubmissions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } - ], - "responses": { - "200": { - "description": "Successfully returned list of template submissions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "post": { - "tags": [ - "Templates" - ], - "summary": "Submit templates for previewing NGINX configuration.", - "description": "Submits a set of templates for rendering NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `true`, the API validates template parameters and renders the full NGINX configuration for preview **without creating a template submission object**. (**Currently, only this mode is supported.**)\n - When `preview_only` is `false` or omitted, the API is intended to render and create a submission. \n - If no target object ID is provided, a new staged config will be created.\n", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" - } - ], - "operationId": "submitTemplates", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionRequest" - }, - "examples": { - "SubmissionWithPreviewOnly": { - "$ref": "#/components/examples/SubmissionWithPreviewOnly" - }, - "SubmissionForCreateNewStagedConfig": { - "$ref": "#/components/examples/SubmissionForCreateNewStagedConfig" - }, - "SubmissionForUpdateExistingStagedConfigTarget": { - "$ref": "#/components/examples/SubmissionForUpdateExistingStagedConfigTarget" - } - } - } - } - }, - "responses": { - "200": { - "description": "Returned only when the `preview_only` flag is set to `true`.\nResponds with the rendered NGINX configuration that can be used for preview or to create/replace a staged configuration manually.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PreviewNginxConfig" - } - } - } - }, - "202": { - "description": "The template submission has been accepted and is being processed.\nPublication status(es) can be retrieved by querying the appropriate publications endpoint for the target object.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionResponse" - }, - "examples": { - "staged_config_outcome": { - "summary": "Example successful response for a target submission that creates a staged config", - "value": { - "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", - "target_results": [ - { - "staged_config_status": { - "status": "succeeded" - }, - "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" - } - ] - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "409": { - "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/submissions/{submissionObjectID}": { - "get": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "summary": "Get a Template Submission", - "description": "Retrieves detailed information about a template submission by its unique identifier.\n", - "operationId": "getTemplateSubmission", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned the template submission details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionDetailResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Update a Template Submission", - "description": "Performs a full update (replacement) of an existing template submission by\nreplacing all input values and payloads, then re-rendering the NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", - "operationId": "updateTemplateSubmission", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" - }, - { - "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateTemplateSubmissionRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PreviewNginxConfig" - } - } - } - }, - "202": { - "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionResponse" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "409": { - "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "template submissions", - "summary": "Delete a Template Submission", - "description": "Deletes a template submission by its unique identifier.\nThis action is irreversible and will remove all inputs and payloads for the submission.\n", - "operationId": "deleteTemplateSubmission", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the template submission." - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}/submissions/{submissionObjectID}": { - "put": { - "tags": [ - "Templates" - ], - "x-feature-flag": "templates-m3-api", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Update a single template's values in a submission", - "description": "Partially updates an existing template submission by replacing the input values\nfor a single template identified by `templateObjectID`. All other templates in\nthe submission retain their existing values, and the full NGINX configuration is\nre-rendered using the merged values.\n\nPayloads and target objects are preserved from the existing submission and cannot\nbe changed through this endpoint.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", - "operationId": "updateSingleTemplateSubmission", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - }, - { - "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" - }, - { - "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateSingleTemplateSubmissionRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PreviewNginxConfig" - } - } - } - }, - "202": { - "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TemplateSubmissionResponse" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "409": { - "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/analytics/attacks": { - "post": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Query attack analytics", - "operationId": "queryAttackAnalytics", - "description": "Returns attack analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` count for the time range\n- With `group_by`: Returns breakdown for that dimension, `total` is omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`request_status`, `request_method`): Returns object with known keys and counts\n- **Dynamic dimensions** (`ip`, `country`, `policy`, `url`, etc.): Returns array of items with cross-dimension context in `distinct` object\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttacksQueryRequest" - }, - "examples": { - "total_only": { - "summary": "Get total attack count (no group_by)", - "value": { - "start_time": "now-24h" - } - }, - "by_request_status": { - "summary": "Get breakdown by request status", - "value": { - "start_time": "now-24h", - "group_by": "request_status" - } - }, - "by_request_outcome_reason": { - "summary": "Get breakdown by request outcome reason", - "value": { - "start_time": "now-24h", - "group_by": "request_outcome_reason" - } - }, - "top_ips": { - "summary": "Top 10 attacking IPs", - "value": { - "start_time": "now-24h", - "group_by": "ip", - "limit": 10 - } - }, - "filtered_top_ips": { - "summary": "Top 10 attacking IPs for blocked requests", - "value": { - "start_time": "now-24h", - "group_by": "ip", - "filter": [ - { - "field": "request_status", - "operator": "=", - "values": [ - "blocked" - ] - } - ], - "order_by": { - "field": "count", - "direction": "desc" - }, - "limit": 10 - } - } - } - } - } - }, - "responses": { - "200": { - "description": "Successfully returned attack analytics.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttacksQueryResponse" - }, - "examples": { - "without_group_by": { - "summary": "Without group_by - returns total and threat_campaigns", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "total": 1500, - "threat_campaigns": 3 - } - }, - "by_request_status": { - "summary": "With group_by=request_status (fixed enum)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "request_status": { - "blocked": 1200, - "alerted": 200, - "passed": 100 - } - } - }, - "by_request_outcome_reason": { - "summary": "With group_by=request_outcome_reason (fixed enum)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "request_outcome_reason": { - "SECURITY_NGINX_VIOLATION": 121, - "SECURITY_WAF_BYPASS": 100, - "SECURITY_WAF_FLAGGED": 200, - "SECURITY_WAF_OK": 0, - "SECURITY_WAF_VIOLATION": 88, - "SECURITY_WAF_VIOLATION_TRANSPARENT": 0 - } - } - }, - "by_ip": { - "summary": "With group_by=ip (dynamic dimension with distinct counts)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "ip": [ - { - "value": "203.0.113.42", - "count": 450, - "distinct": { - "ips": 1, - "urls": 3, - "violations": 5, - "policies": 1 - }, - "country": "CN" - }, - { - "value": "198.51.100.7", - "count": 320, - "distinct": { - "ips": 1, - "urls": 2, - "violations": 3, - "policies": 1 - }, - "country": "RU" - } - ] - } - }, - "by_country": { - "summary": "With group_by=country (dynamic dimension)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "country": [ - { - "value": "CN", - "count": 500, - "distinct": { - "ips": 15, - "urls": 8, - "violations": 12, - "policies": 3 - } - }, - { - "value": "RU", - "count": 300, - "distinct": { - "ips": 8, - "urls": 5, - "violations": 7, - "policies": 2 - } - } - ] - } - }, - "by_policy": { - "summary": "With group_by=policy (Top WAF Policies)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "policy": [ - { - "value": "strict-policy", - "count": 850, - "distinct": { - "ips": 42, - "urls": 15, - "violations": 18, - "policies": 1 - } - }, - { - "value": "default-policy", - "count": 450, - "distinct": { - "ips": 28, - "urls": 10, - "violations": 12, - "policies": 1 - } - } - ] - } - }, - "by_request_method": { - "summary": "With group_by=request_method (Request Methods)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "request_method": { - "get": 800, - "post": 500, - "put": 50, - "delete": 20 - } - } - }, - "by_response_code": { - "summary": "With group_by=response_code (simple array)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "response_code": [ - { - "code": "403", - "count": 450 - }, - { - "code": "200", - "count": 320 - }, - { - "code": "500", - "count": 80 - } - ] - } - }, - "by_url": { - "summary": "With group_by=url (Top Attack URIs)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "url": [ - { - "value": "/api/login", - "count": 320, - "distinct": { - "ips": 15, - "urls": 1, - "violations": 8, - "policies": 2 - } - }, - { - "value": "/admin", - "count": 180, - "distinct": { - "ips": 8, - "urls": 1, - "violations": 5, - "policies": 1 - } - } - ] - } - }, - "by_hostname": { - "summary": "With group_by=hostname", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "hostname": [ - { - "value": "nginx-host-01.example.com", - "count": 854, - "distinct": { - "ips": 543, - "urls": 768, - "violations": 312, - "policies": 816 - } - }, - { - "value": "nginx-host-02.example.com", - "count": 96, - "distinct": { - "ips": 753, - "urls": 351, - "violations": 232, - "policies": 96 - } - } - ] - } - }, - "by_threat_campaign": { - "summary": "With group_by=threat_campaign", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "threat_campaign": [ - { - "value": "CVE-2021-44228", - "count": 1240, - "distinct": { - "ips": 34, - "urls": 12, - "violations": 8, - "policies": 3 - } - }, - { - "value": "Log4Shell", - "count": 870, - "distinct": { - "ips": 21, - "urls": 7, - "violations": 5, - "policies": 2 - } - } - ] - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/analytics/attacks/time-series": { - "post": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Query attack analytics time series", - "operationId": "queryAttackAnalyticsTimeSeries", - "description": "Returns attack analytics as time-series data for charting.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` series (aggregate counts over time)\n- With `group_by`: Returns dimensional breakdown series, `total` is omitted\n\nData is returned with each dimension value as a separate series array,\nmaking it easy to plot directly. The bucket size is determined by the\n`resolution` field or auto-selected based on the time range.\n\n**Supported dimensions for time-series:**\n- `request_status` - Returns `blocked`, `alerted`, `passed` series\n\n**Time alignment:** All series arrays contain the same timestamps, aligned to the\nresolution boundary. Buckets with no events are zero-filled.\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttacksTimeSeriesQueryRequest" - }, - "examples": { - "total_over_time": { - "summary": "Total attacks over time (no group_by)", - "value": { - "start_time": "now-6h", - "resolution": "15m" - } - }, - "by_request_status": { - "summary": "Breakdown by request status", - "value": { - "start_time": "now-6h", - "resolution": "15m", - "group_by": "request_status" - } - }, - "by_request_outcome_reason": { - "summary": "Breakdown by request outcome reason", - "value": { - "start_time": "now-6h", - "resolution": "15m", - "group_by": "request_outcome_reason" - } - }, - "filtered_blocked": { - "summary": "Blocked attacks only (filtered, no breakdown)", - "value": { - "start_time": "now-6h", - "resolution": "15m", - "filter": [ - { - "field": "request_status", - "operator": "=", - "values": [ - "blocked" - ] - } - ] - } - }, - "filtered_reason_transparent": { - "summary": "Attacks with transparent reason only", - "value": { - "start_time": "now-6h", - "resolution": "15m", - "filter": [ - { - "field": "request_outcome_reason", - "operator": "=", - "values": [ - "SECURITY_WAF_VIOLATION_TRANSPARENT" - ] - } - ] - } - } - } - } - } - }, - "responses": { - "200": { - "description": "Successfully returned attack analytics time series.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttacksTimeSeriesQueryResponse" - }, - "examples": { - "without_group_by": { - "summary": "Without group_by - returns total series only", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z", - "resolution": "1h" - }, - "total": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 150 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 180 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 95 - }, - { - "timestamp": "2024-01-15T03:00:00Z", - "count": 210 - }, - { - "timestamp": "2024-01-15T04:00:00Z", - "count": 175 - }, - { - "timestamp": "2024-01-15T05:00:00Z", - "count": 130 - } - ] - } - }, - "with_group_by": { - "summary": "With group_by=request_status - returns dimensional breakdown", - "description": "All series have aligned timestamps. Note the zero-filled bucket at 02:00\nfor `passed` where no events occurred.\n", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "request_status": { - "blocked": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 120 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 150 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 80 - } - ], - "passed": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 10 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 15 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ], - "alerted": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 20 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 15 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 10 - } - ] - } - } - }, - "no_data": { - "summary": "No data in time range - returns zero-filled buckets", - "description": "When no attacks occurred in the queried time range, time buckets are still\ngenerated based on the resolution with count as 0.\n", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "total": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ] - } - }, - "no_data_with_group_by": { - "summary": "No data with group_by - returns zero-filled series for each dimension", - "description": "All dimension values have aligned timestamps with count: 0.\nThis ensures charts can render empty series correctly.\n", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "request_status": { - "blocked": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ], - "alerted": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ], - "passed": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 0 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ] - } - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/analytics/signatures": { - "post": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Query signature analytics", - "operationId": "querySignatureAnalytics", - "description": "Returns signature analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` (signature hits) and `unique` (distinct signatures) for the time range\n- With `group_by`: Returns breakdown for that dimension, `total` and `unique` are omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`request_status`, `accuracy`, `risk`): Returns object with known keys and counts\n- **Dynamic dimensions** (`signature`, `cve`): Returns array of items sorted by count descending\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SignaturesQueryRequest" - }, - "examples": { - "total_only": { - "summary": "Get total signature hits and unique count (no group_by)", - "value": { - "start_time": "now-24h" - } - }, - "by_request_status": { - "summary": "Signature hits by request status", - "value": { - "start_time": "now-24h", - "group_by": "request_status" - } - }, - "by_accuracy": { - "summary": "Signature hits by accuracy level", - "value": { - "start_time": "now-24h", - "group_by": "accuracy" - } - }, - "by_risk": { - "summary": "Signature hits by risk level", - "value": { - "start_time": "now-24h", - "group_by": "risk" - } - }, - "top_signatures": { - "summary": "Top 5 signatures by hit count", - "value": { - "start_time": "now-24h", - "group_by": "signature", - "limit": 5 - } - }, - "top_cves": { - "summary": "Top 5 CVEs by hit count", - "value": { - "start_time": "now-24h", - "group_by": "cve", - "limit": 5 - } - }, - "filtered_blocked_signatures": { - "summary": "Top signatures for blocked requests only", - "value": { - "start_time": "now-24h", - "group_by": "signature", - "filter": [ - { - "field": "request_status", - "operator": "=", - "values": [ - "blocked" - ] - } - ], - "limit": 10 - } - } - } - } - } - }, - "responses": { - "200": { - "description": "Successfully returned signature analytics.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SignaturesQueryResponse" - }, - "examples": { - "without_group_by": { - "summary": "Without group_by - returns total and unique only", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "total": 1270, - "unique": 19 - } - }, - "by_request_status": { - "summary": "With group_by=request_status", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "request_status": { - "blocked": 1080, - "alerted": 122, - "passed": 68 - } - } - }, - "by_accuracy": { - "summary": "With group_by=accuracy", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "accuracy": { - "low": 150, - "medium": 420, - "high": 700 - } - } - }, - "by_risk": { - "summary": "With group_by=risk", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "risk": { - "low": 200, - "medium": 350, - "high": 520, - "critical": 200 - } - } - }, - "by_signature": { - "summary": "With group_by=signature", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "signature": [ - { - "signature_id": "200001834", - "name": "Unix hidden (dot-file)", - "count": 141, - "accuracy": "high", - "risk": "medium" - }, - { - "signature_id": "200001475", - "name": "PHP injection attempt", - "count": 99, - "accuracy": "high", - "risk": "high" - }, - { - "signature_id": "200000098", - "name": "XSS script tag end (Parameter)", - "count": 85, - "accuracy": "medium", - "risk": "high" - }, - { - "signature_id": "200001088", - "name": "Directory Traversal attempt", - "count": 72, - "accuracy": "high", - "risk": "critical" - }, - { - "signature_id": "200002550", - "name": "SQL injection attempt", - "count": 65, - "accuracy": "high", - "risk": "critical" - } - ] - } - }, - "by_cve": { - "summary": "With group_by=cve (Top Signature CVEs table)", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z" - }, - "cve": [ - { - "value": "CVE-2021-44228", - "count": 450 - }, - { - "value": "CVE-2021-1234", - "count": 320 - }, - { - "value": "CVE-2021-5678", - "count": 180 - }, - { - "value": "CVE-2020-9484", - "count": 95 - }, - { - "value": "CVE-2019-11043", - "count": 72 - } - ] - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/analytics/signatures/time-series": { - "post": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Query signature analytics time series", - "operationId": "querySignatureAnalyticsTimeSeries", - "description": "Returns signature analytics as time-series data for charting.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` series (aggregate signature hits over time)\n- With `group_by`: Returns dimensional breakdown series, `total` is omitted\n\nData is returned with each dimension value as a separate series array,\nmaking it easy to plot directly. The bucket size is determined by the\n`resolution` field or auto-selected based on the time range.\n\n**Supported dimensions for time-series:**\n- `request_status` - Returns `blocked`, `alerted`, `passed` series\n- `accuracy` - Returns `low`, `medium`, `high` series\n- `risk` - Returns `low`, `medium`, `high`, `critical` series\n\n**Time alignment:** All series arrays contain the same timestamps, aligned to the\nresolution boundary. Buckets with no events are zero-filled.\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SignaturesTimeSeriesQueryRequest" - }, - "examples": { - "total_over_time": { - "summary": "Total signature hits over time (no group_by)", - "value": { - "start_time": "now-6h", - "resolution": "15m" - } - }, - "by_request_status": { - "summary": "Signature hits by request status over time", - "value": { - "start_time": "now-6h", - "resolution": "1h", - "group_by": "request_status" - } - }, - "by_accuracy": { - "summary": "Signature hits by accuracy over time", - "value": { - "start_time": "now-6h", - "resolution": "1h", - "group_by": "accuracy" - } - }, - "by_risk": { - "summary": "Signature hits by risk over time", - "value": { - "start_time": "now-6h", - "resolution": "1h", - "group_by": "risk" - } - } - } - } - } - }, - "responses": { - "200": { - "description": "Successfully returned signature analytics time series.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SignaturesTimeSeriesQueryResponse" - }, - "examples": { - "without_group_by": { - "summary": "Without group_by - returns total series only", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T06:00:00Z", - "resolution": "1h" - }, - "total": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 150 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 180 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 95 - }, - { - "timestamp": "2024-01-15T03:00:00Z", - "count": 210 - }, - { - "timestamp": "2024-01-15T04:00:00Z", - "count": 175 - }, - { - "timestamp": "2024-01-15T05:00:00Z", - "count": 130 - } - ] - } - }, - "by_request_status": { - "summary": "With group_by=request_status", - "description": "All series have aligned timestamps. Note the zero-filled bucket at 02:00\nfor `passed` where no events occurred.\n", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "request_status": { - "blocked": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 120 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 150 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 80 - } - ], - "passed": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 10 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 15 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 0 - } - ], - "alerted": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 20 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 15 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 10 - } - ] - } - } - }, - "by_accuracy": { - "summary": "With group_by=accuracy", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "accuracy": { - "low": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 15 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 20 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 12 - } - ], - "medium": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 45 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 55 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 38 - } - ], - "high": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 90 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 105 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 40 - } - ] - } - } - }, - "by_risk": { - "summary": "With group_by=risk", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T03:00:00Z", - "resolution": "1h" - }, - "risk": { - "low": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 20 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 25 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 15 - } - ], - "medium": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 40 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 50 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 30 - } - ], - "high": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 60 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 75 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 35 - } - ], - "critical": [ - { - "timestamp": "2024-01-15T00:00:00Z", - "count": 30 - }, - { - "timestamp": "2024-01-15T01:00:00Z", - "count": 30 - }, - { - "timestamp": "2024-01-15T02:00:00Z", - "count": 10 - } - ] - } - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/events": { - "get": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "List security events", - "operationId": "listSecurityEvents", - "description": "Returns a paginated list of security events.\n\n**Filtering:**\n- Use the `filter_fields`, `filter_values`, and `filter_ops` parameters to filter events by various dimensions\n- All filter parameters must have matching array lengths\n- `support_id` is unique per event, so filtering by it returns a single-item list\n- Time range filtering via `start_time` and `end_time` is recommended to limit results\n- Multiple filter values can be chained using the `|` character (e.g., `blocked|alerted`)\n\n**Pagination:**\n- Results are paginated using standard Nginx One Console pagination\n- Results are sorted by timestamp descending (most recent first) by default\n\n**Response:**\n- Returns summary fields suitable for list display\n- Use `GET /app-protect/events/{id}` for full event details including raw request\n", - "parameters": [ - { - "name": "start_time", - "in": "query", - "description": "Beginning of the time range (inclusive).\nAccepts ISO 8601 format or relative offset (e.g., `now-24h`).\n", - "schema": { - "type": "string" - }, - "example": "now-24h" - }, - { - "name": "end_time", - "in": "query", - "description": "End of the time range (exclusive).\nDefaults to current time if not specified.\n", - "schema": { - "type": "string" - }, - "example": "now" - }, - { - "$ref": "#/components/parameters/FilterFieldSecurityEvents" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/Limit" - } - ], - "responses": { - "200": { - "description": "Successfully returned list of security events.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SecurityEventListResponse" - }, - "example": { - "total": 1080, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "timestamp": "2024-01-22T12:13:25Z", - "support_id": "1844305495056427365", - "request_status": "blocked", - "policy_name": "app_protect_default_policy", - "client_ip": "192.168.1.100", - "url": "/api/users", - "method": "POST", - "response_code": 403, - "country_code": "US", - "violation_rating": 5, - "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw" - } - ] - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/events/{id}": { - "get": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Get security event by supportID", - "operationId": "getSecurityEvent", - "description": "Returns a specific security event by its support ID.\n\n**Response:**\n- Returns full event details including:\n - Request metadata (headers, method, URL, response code)\n - WAF enforcement details (policy, outcome, violation_rating)\n - All triggered violations with context\n - All matched signatures with details\n - Raw HTTP request (if available and not truncated)\n - Threat campaign associations\n", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "description": "The support ID of the security event.", - "schema": { - "type": "string", - "minLength": 1 - }, - "example": "1844305495056427365" - } - ], - "responses": { - "200": { - "description": "Successfully returned the security event.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SecurityEvent" - }, - "example": { - "id": "d1cd4806-3519-4c72-a0e4-63fd611ee6fb", - "timestamp": "2024-01-22T12:13:25Z", - "support_id": "1844305495056427365", - "version": "v1.0", - "system_id": "31ed9d05-9cb0-48c3-9f97-d63b1b6dd342", - "parent_hostname": "nginx-host-01", - "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "http": { - "hostname": "example.com", - "remote_addr": "192.168.1.100", - "remote_port": 54321, - "server_addr": "10.0.0.1", - "server_port": 443, - "uri": "/", - "request_method": "GET", - "response_code": 403 - }, - "x_forwarded_for_header_value": "203.0.113.42", - "country_code": "US", - "policy_name": "app_protect_default_policy", - "request_status": "blocked", - "request_outcome": "rejected", - "request_outcome_reason": "SECURITY_WAF_VIOLATION", - "violation_rating": 5, - "blocking_exception_reason": "", - "is_truncated": false, - "signatures": [ - { - "id": 200001834, - "name": "XSS script tag end (Parameter)", - "accuracy": "high", - "risk": "high", - "cve": "", - "blocking_mask": "0x0", - "buffer": "param", - "offset": 0, - "length": 42 - } - ], - "violations": [ - { - "name": "Illegal meta character in value", - "sub_name": "", - "context": "parameter", - "detail_name": "VIOL_PARAMETER_VALUE_METACHAR", - "detail_context": "parameter", - "field_name": "param", - "field_value": "" - }, - { - "name": "Attack signature detected", - "sub_name": "", - "context": "parameter", - "detail_name": "VIOL_ATTACK_SIGNATURE", - "detail_context": "parameter", - "field_name": "param", - "field_value": "" - }, - { - "name": "Violation Rating Threat detected", - "sub_name": "", - "context": "other", - "detail_name": "", - "detail_context": "", - "field_name": "", - "field_value": "" - }, - { - "name": "Bot Client Detected", - "sub_name": "", - "context": "other", - "detail_name": "", - "detail_context": "", - "field_name": "", - "field_value": "" - } - ], - "threat_campaign_names": [], - "request": "GET /?param=%3Cscript%3Ealert%27xss%27%3C%2Fscript%3E HTTP/1.1\r\nHost: example.com\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\n\r\n" - } - } - } - }, - "404": { - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/app-protect/analytics/violations": { - "post": { - "tags": [ - "NGINX One App Protect" - ], - "summary": "Query violation analytics", - "operationId": "queryViolationAnalytics", - "description": "Returns violation analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` (violation occurrences) and `unique` (distinct violation types)\n- With `group_by`: Returns breakdown for that dimension, `total` and `unique` are omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`context`): Returns object with known keys (header, cookie, parameter, uri, request, other)\n- **Dynamic dimensions** (`violation`, `sub_violation`): Returns array of items with cross-dimension context\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ViolationsQueryRequest" - }, - "examples": { - "total_only": { - "summary": "Get total violation occurrences and unique count (no group_by)", - "value": { - "start_time": "now-24h" - } - }, - "by_violation": { - "summary": "Top violations by occurrence count", - "value": { - "start_time": "now-24h", - "group_by": "violation", - "limit": 10 - } - }, - "by_sub_violation": { - "summary": "Top sub-violations by occurrence count", - "value": { - "start_time": "now-24h", - "group_by": "sub_violation", - "limit": 10 - } - }, - "by_context": { - "summary": "Violation context breakdown", - "value": { - "start_time": "now-24h", - "group_by": "context" - } - }, - "filtered_by_policy": { - "summary": "Top violations for a specific policy", - "value": { - "start_time": "now-24h", - "group_by": "violation", - "filter": [ - { - "field": "policy", - "operator": "=", - "values": [ - "app_protect_default_policy" - ] - } - ], - "limit": 10 - } - } - } - } - } - }, - "responses": { - "200": { - "description": "Successfully returned violation analytics.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ViolationsQueryResponse" - }, - "examples": { - "without_group_by": { - "summary": "Without group_by - returns total and unique only", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "total": 4320, - "unique": 5 - } - }, - "by_violation": { - "summary": "With group_by=violation", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "violation": [ - { - "value": "Bot Client Detected", - "count": 1080, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - }, - { - "value": "Violation Rating Threat detected", - "count": 960, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - }, - { - "value": "Attack signature detected", - "count": 840, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - }, - { - "value": "Illegal meta character in value", - "count": 480, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - }, - { - "value": "Illegal HTTP status in response", - "count": 120, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - } - ] - } - }, - "by_sub_violation": { - "summary": "With group_by=sub_violation", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "sub_violation": [ - { - "value": "N/A", - "count": 1080, - "distinct": { - "ips": 1, - "urls": 1, - "policies": 1 - } - } - ] - } - }, - "by_context": { - "summary": "With group_by=context", - "value": { - "query_metadata": { - "start_time": "2024-01-15T00:00:00Z", - "end_time": "2024-01-15T23:59:59Z" - }, - "context": { - "cookie": 0, - "header": 130, - "parameter": 1426, - "request": 302, - "uri": 0, - "other": 2462 - } - } - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/billing-usage/events": { - "get": { - "tags": [ - "NGINX One Billing Usage Events" - ], - "x-nodoc": true, - "summary": "List billing usage events by JWT token ID", - "operationId": "listBillingUsageEventsByTokenId", - "description": "Returns a list of billing usage events by its JWT token ID.\n\n**Response:**\n- Returns full event details including:\n - NGINX information (uid, version, nap status)\n - Usage metrics (client/upstream bytes sent/received, connections, requests)\n - NGINX metrics (user_agent, workers, uptime, reloads)\n - NGINX deployment details (cluster ID, node count, installation ID, product type)\n - JWT token information\n - Event metadata (timestamps, source type, dedup_version, event_id)\n", - "parameters": [ - { - "name": "token_id", - "in": "query", - "required": true, - "description": "The JWT token ID (jti) of the billing usage event.", - "schema": { - "type": "string", - "format": "uuid" - }, - "example": "18a10260-0ec4-11f1-bbca-5d8e192a1888" - }, - { - "name": "start_time", - "in": "query", - "description": "Beginning of the time range (inclusive).\nAccepts ISO 8601 format or relative offset (e.g., `now-24h`).\n", - "schema": { - "type": "string" - }, - "example": "now-24h" - }, - { - "name": "end_time", - "in": "query", - "description": "End of the time range (exclusive).\nDefaults to current time if not specified.\n", - "schema": { - "type": "string" - }, - "example": "now" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/Limit" - } - ], - "responses": { - "200": { - "description": "Successfully returned the billing usage events.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/BillingUsageEventsResponse" - }, - "examples": { - "BillingUsageEventsByTokenIdResponse": { - "$ref": "#/components/examples/BillingUsageEventsByTokenIdResponse" - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "403": { - "$ref": "#/components/responses/Forbidden" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/usage-ingest/nginx-usage": { - "post": { - "tags": [ - "UsageIngest" - ], - "x-feature-flag": "usage-ingest-enabled", - "summary": "Use http POST on this API to register NGINX instances", - "description": "Creates a usage entry from NGINX instance", - "operationId": "trackUsage", - "security": [ - { - "BearerAuth": [] - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxUsageTrackingRequest" - }, - "examples": { - "nginxUsageTrackingRequest": { - "$ref": "#/components/examples/NginxUsageTrackingRequest" - } - } - } - } - }, - "responses": { - "204": { - "description": "Successfully created the usage entry." - }, - "400": { - "description": "Missing or bad data in request.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/usage-ingest/nginx-usage/batch": { - "post": { - "tags": [ - "UsageIngest" - ], - "x-feature-flag": "usage-ingest-enabled", - "summary": "Use http POST on this API to send usage information in batch", - "description": "Creates usage entries from NGINX instances in batch", - "operationId": "trackUsageBatch", - "security": [ - { - "BearerAuth": [] - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxUsageTrackingBatchRequest" - }, - "examples": { - "nginxUsageTrackingBatchRequest": { - "$ref": "#/components/examples/NginxUsageTrackingBatchRequest" - } - } - }, - "application/gzip": { - "schema": { - "type": "string", - "format": "binary", - "description": "Compressed JSON array of usage tracking requests" - } - } - } - }, - "responses": { - "204": { - "description": "Successfully processed batch of usage entries." - }, - "400": { - "description": "Missing or bad data in request.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - } - }, - "components": { - "parameters": { - "Paginated": { - "name": "paginated", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", - "required": false - }, - "Limit": { - "name": "limit", - "in": "query", - "schema": { - "type": "integer", - "minimum": 0 - }, - "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", - "required": false - }, - "Offset": { - "name": "offset", - "in": "query", - "schema": { - "type": "integer", - "minimum": 1 - }, - "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" - }, - "FilterFieldDataPlaneKeys": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameDataPlaneKeys" - } - } - }, - "FilterOperands": { - "name": "filter_ops", - "in": "query", - "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", - "schema": { - "$ref": "#/components/schemas/FilterOperands" - } - }, - "FilterValues": { - "name": "filter_values", - "in": "query", - "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "example": "value1|value2|value3", - "minLength": 1, - "maxLength": 1024 - } - } - }, - "DataPlaneKeyParamObjectID": { - "name": "data_plane_key_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "description": "A globally unique identifier for the data plane key.\n", - "required": true - }, - "FilterFieldInstances": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameInstances" - } - } - }, - "SortDirection": { - "name": "sort_dir", - "in": "query", - "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", - "schema": { - "type": "string", - "enum": [ - "Ascending", - "Descending" - ], - "x-enum-varnames": [ - "ascending", - "descending" - ] - } - }, - "SortNameInstancesDep": { - "name": "sort_instances", - "in": "query", - "deprecated": true, - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status", - "last_reported" - ], - "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" - ] - } - } - }, - "SortNameInstances": { - "name": "sort_fields", - "in": "query", - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status", - "last_reported" - ], - "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" - ] - } - } - }, - "InstanceParamObjectID": { - "name": "instanceObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "description": "A globally unique identifier for the NGINX instance.\n", - "required": true - }, - "InstanceConfigurationParamObjectID": { - "name": "instanceConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX instance configuration.\n", - "required": true - }, - "PublicationParamObjectID": { - "name": "publicationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "description": "A globally unique identifier for a Publication.\n", - "required": true - }, - "FilterFieldConfigSyncGroups": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameConfigSyncGroups" - } - } - }, - "SortNameConfigSyncGroupsDep": { - "name": "sort_config_sync_groups", - "in": "query", - "deprecated": true, - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] - } - } - }, - "SortNameConfigSyncGroups": { - "name": "sort_fields", - "in": "query", - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] - } - } - }, - "ConfigSyncGroupParamObjectID": { - "name": "configSyncGroupObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group.\n", - "required": true - }, - "ConfigSyncGroupConfigurationParamObjectID": { - "name": "configSyncGroupConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group configuration.\n", - "required": true - }, - "FilterFieldCertificates": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificates" - } - } - }, - "SortNameCertificatesDep": { - "name": "sort_certificates", - "in": "query", - "deprecated": true, - "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "subject_name", - "not_before", - "not_after" - ], - "x-enum-varnames": [ - "sort_name_certificates_name", - "sort_name_certificates_subject_name", - "sort_name_certificates_not_before", - "sort_name_certificates_not_after" - ] - } - } - }, - "SortNameCertificates": { - "name": "sort_fields", - "in": "query", - "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "subject_name", - "not_before", - "not_after" - ], - "x-enum-varnames": [ - "sort_name_certificates_name", - "sort_name_certificates_subject_name", - "sort_name_certificates_not_before", - "sort_name_certificates_not_after" - ] - } - } - }, - "CertificateParamObjectID": { - "name": "certificateObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "description": "A globally unique identifier for the certificate.\n", - "required": true - }, - "DeleteFromDataPlanesParamFlag": { - "name": "deleteFromDataPlanes", - "in": "query", - "schema": { - "type": "boolean" - }, - "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" - }, - "FilterFieldCertificateDeployments": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificateDeployments" - } - } - }, - "SortNameCertificateDeploymentsDep": { - "name": "sort_certificate_deployments", - "in": "query", - "deprecated": true, - "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_certificate_deployments_name" - ] - } - } - }, - "SortNameCertificateDeployments": { - "name": "sort_fields", - "in": "query", - "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_certificate_deployments_name" - ] - } - } - }, - "SortNameCVEsDep": { - "name": "sort_cves", - "in": "query", - "deprecated": true, - "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "instance_count", - "control_plane_count", - "severity", - "cve_id", - "published_at" - ], - "x-enum-varnames": [ - "sort_instance_count", - "sort_control_plane_count", - "sort_cve_severity", - "sort_cve_id", - "sort_published_at" - ] - } - } - }, - "SortNameCVEs": { - "name": "sort_fields", - "in": "query", - "description": "Sort CVEs by the number of instances or control planes affected by that CVE.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "instance_count", - "control_plane_count", - "severity", - "cve_id", - "published_at" - ], - "x-enum-varnames": [ - "sort_instance_count", - "sort_control_plane_count", - "sort_cve_severity", - "sort_cve_id", - "sort_published_at" - ] - } - } - }, - "NginxCVEParamID": { - "name": "nginxCVEID", - "in": "path", - "schema": { - "type": "string", - "pattern": "^\\d{4}-\\d{4,19}$" - }, - "description": "A globally unique identifier for NGINX CVE.\n", - "required": true - }, - "SortNameCVEImpactedInstancesDep": { - "name": "sort_cve_impacted_instances", - "in": "query", - "deprecated": true, - "description": "Sort the Instances that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_instances_hostname", - "sort_name_cve_impacted_instances_status" - ] - } - } - }, - "SortNameCVEImpactedInstances": { - "name": "sort_fields", - "in": "query", - "description": "Sort the Instances that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_instances_hostname", - "sort_name_cve_impacted_instances_status" - ] - } - } - }, - "SortNameCVEImpactedControlPlanesDep": { - "name": "sort_cve_impacted_control_planes", - "in": "query", - "deprecated": true, - "description": "Sort the control planes that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "product_version" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_control_planes_name", - "sort_name_cve_impacted_control_planes_product_version" - ] - } - } - }, - "SortNameCVEImpactedControlPlanes": { - "name": "sort_fields", - "in": "query", - "description": "Sort the control planes that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "product_version" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_control_planes_name", - "sort_name_cve_impacted_control_planes_product_version" - ] - } - } - }, - "FilterFieldEvents": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameEvents" - } - } - }, - "EventParamObjectID": { - "name": "eventObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/EventObjectID" - }, - "description": "A globally unique identifier for an event.\n", - "required": true - }, - "FilterFieldStagedConfigs": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterStagedConfigs" - } - } - }, - "SortNameStagedConfigsDep": { - "name": "sort_staged_configs", - "in": "query", - "deprecated": true, - "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_staged_config_name" - ] - } - } - }, - "SortNameStagedConfigs": { - "name": "sort_fields", - "in": "query", - "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_staged_config_name" - ] - } - } - }, - "StagedConfigParamObjectID": { - "name": "stagedConfigObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/StagedConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX staged config.\n", - "required": true - }, - "StagedConfigImportParseOnly": { - "name": "parseOnly", - "in": "query", - "schema": { - "type": "boolean", - "default": false - }, - "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", - "required": false - }, - "SortNameControlPlanes": { - "name": "sort_fields", - "in": "query", - "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_control_plane_name" - ] - } - } - }, - "FilterFieldControlPlanes": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameControlPlanes" - } - } - }, - "ControlPlaneParamObjectID": { - "name": "controlPlaneObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "description": "A globally unique identifier for the control plane.\n", - "required": true - }, - "NapCompileNapRelease": { - "name": "nap_release", - "in": "query", - "schema": { - "type": "string" - }, - "description": "NGINX App Protect release version to request the compilation for. The value must match a supported NGINX App Protect release (e.g. \"5.10.0\").\n", - "required": true, - "example": "5.10.0" - }, - "NapCompileDownload": { - "name": "download", - "in": "query", - "schema": { - "type": "boolean", - "default": false - }, - "description": "Whether to download the compiled bundle. When `true`, the request blocks until the bundle is ready and returns the bundle content. The request may take longer depending on the bundle's compilation status.\n", - "required": false, - "example": true - }, - "NapSignatureID": { - "name": "signatureID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapSignatureID" - }, - "description": "An unique identifier for the NGINX App Protect signature.\n", - "required": true - }, - "NapSignatureSetObjectID": { - "name": "signatureSetObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapSignatureSetObjectID" - }, - "description": "A globally unique identifier for the NGINX App Protect signature set.\n", - "required": true - }, - "SortNameNapSignatures": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect signatures by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "signature_id" - ], - "x-enum-varnames": [ - "sort_name_nap_signatures_name", - "sort_name_nap_signatures_signature_id" - ] - } - } - }, - "SortNameNapSignatureSets": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect signature sets by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "signature_count" - ], - "x-enum-varnames": [ - "sort_name_nap_signature_sets_name", - "sort_name_nap_signature_sets_signature_count" - ] - } - } - }, - "FilterFieldNapSignatures": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `accuracy`, `risk`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapSignatures" - } - } - }, - "FilterFieldNapSignatureSets": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `type`, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapSignatureSets" - } - } - }, - "SortNameNapPoliciesDep": { - "name": "sort_nap_policies", - "in": "query", - "deprecated": true, - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "deployment_count", - "enforcement_mode", - "last_deployed" - ], - "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" - ] - } - } - }, - "SortNameNapPolicies": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "deployment_count", - "enforcement_mode", - "last_deployed" - ], - "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" - ] + "$ref": "#/components/schemas/AttacksQueryResponse" + }, + "examples": { + "without_group_by": { + "summary": "Without group_by - returns total and threat_campaigns", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "total": 1500, + "threat_campaigns": 3 + } + }, + "by_request_status": { + "summary": "With group_by=request_status (fixed enum)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "request_status": { + "blocked": 1200, + "alerted": 200, + "passed": 100 + } + } + }, + "by_request_outcome_reason": { + "summary": "With group_by=request_outcome_reason (fixed enum)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "request_outcome_reason": { + "SECURITY_NGINX_VIOLATION": 121, + "SECURITY_WAF_BYPASS": 100, + "SECURITY_WAF_FLAGGED": 200, + "SECURITY_WAF_OK": 0, + "SECURITY_WAF_VIOLATION": 88, + "SECURITY_WAF_VIOLATION_TRANSPARENT": 0 + } + } + }, + "by_ip": { + "summary": "With group_by=ip (dynamic dimension with distinct counts)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "ip": [ + { + "value": "203.0.113.42", + "count": 450, + "distinct": { + "ips": 1, + "urls": 3, + "violations": 5, + "policies": 1 + }, + "country": "CN" + }, + { + "value": "198.51.100.7", + "count": 320, + "distinct": { + "ips": 1, + "urls": 2, + "violations": 3, + "policies": 1 + }, + "country": "RU" + } + ] + } + }, + "by_country": { + "summary": "With group_by=country (dynamic dimension)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "country": [ + { + "value": "CN", + "count": 500, + "distinct": { + "ips": 15, + "urls": 8, + "violations": 12, + "policies": 3 + } + }, + { + "value": "RU", + "count": 300, + "distinct": { + "ips": 8, + "urls": 5, + "violations": 7, + "policies": 2 + } + } + ] + } + }, + "by_policy": { + "summary": "With group_by=policy (Top WAF Policies)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "policy": [ + { + "value": "strict-policy", + "count": 850, + "distinct": { + "ips": 42, + "urls": 15, + "violations": 18, + "policies": 1 + } + }, + { + "value": "default-policy", + "count": 450, + "distinct": { + "ips": 28, + "urls": 10, + "violations": 12, + "policies": 1 + } + } + ] + } + }, + "by_request_method": { + "summary": "With group_by=request_method (Request Methods)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "request_method": { + "get": 800, + "post": 500, + "put": 50, + "delete": 20 + } + } + }, + "by_response_code": { + "summary": "With group_by=response_code (simple array)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "response_code": [ + { + "code": "403", + "count": 450 + }, + { + "code": "200", + "count": 320 + }, + { + "code": "500", + "count": 80 + } + ] + } + }, + "by_url": { + "summary": "With group_by=url (Top Attack URIs)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "url": [ + { + "value": "/api/login", + "count": 320, + "distinct": { + "ips": 15, + "urls": 1, + "violations": 8, + "policies": 2 + } + }, + { + "value": "/admin", + "count": 180, + "distinct": { + "ips": 8, + "urls": 1, + "violations": 5, + "policies": 1 + } + } + ] + } + }, + "by_hostname": { + "summary": "With group_by=hostname", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "hostname": [ + { + "value": "nginx-host-01.example.com", + "count": 854, + "distinct": { + "ips": 543, + "urls": 768, + "violations": 312, + "policies": 816 + } + }, + { + "value": "nginx-host-02.example.com", + "count": 96, + "distinct": { + "ips": 753, + "urls": 351, + "violations": 232, + "policies": 96 + } + } + ] + } + }, + "by_threat_campaign": { + "summary": "With group_by=threat_campaign", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "threat_campaign": [ + { + "value": "CVE-2021-44228", + "count": 1240, + "distinct": { + "ips": 34, + "urls": 12, + "violations": 8, + "policies": 3 + } + }, + { + "value": "Log4Shell", + "count": 870, + "distinct": { + "ips": 21, + "urls": 7, + "violations": 5, + "policies": 2 + } + } + ] + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "FilterFieldNapPolicy": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicy" + } + }, + "/app-protect/analytics/attacks/time-series": { + "post": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Query attack analytics time series", + "operationId": "queryAttackAnalyticsTimeSeries", + "description": "Returns attack analytics as time-series data for charting.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` series (aggregate counts over time)\n- With `group_by`: Returns dimensional breakdown series, `total` is omitted\n\nData is returned with each dimension value as a separate series array,\nmaking it easy to plot directly. The bucket size is determined by the\n`resolution` field or auto-selected based on the time range.\n\n**Supported dimensions for time-series:**\n- `request_status` - Returns `blocked`, `alerted`, `passed` series\n\n**Time alignment:** All series arrays contain the same timestamps, aligned to the\nresolution boundary. Buckets with no events are zero-filled.\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AttacksTimeSeriesQueryRequest" + }, + "examples": { + "total_over_time": { + "summary": "Total attacks over time (no group_by)", + "value": { + "start_time": "now-6h", + "resolution": "15m" + } + }, + "by_request_status": { + "summary": "Breakdown by request status", + "value": { + "start_time": "now-6h", + "resolution": "15m", + "group_by": "request_status" + } + }, + "by_request_outcome_reason": { + "summary": "Breakdown by request outcome reason", + "value": { + "start_time": "now-6h", + "resolution": "15m", + "group_by": "request_outcome_reason" + } + }, + "filtered_blocked": { + "summary": "Blocked attacks only (filtered, no breakdown)", + "value": { + "start_time": "now-6h", + "resolution": "15m", + "filter": [ + { + "field": "request_status", + "operator": "=", + "values": [ + "blocked" + ] + } + ] + } + }, + "filtered_reason_transparent": { + "summary": "Attacks with transparent reason only", + "value": { + "start_time": "now-6h", + "resolution": "15m", + "filter": [ + { + "field": "request_outcome_reason", + "operator": "=", + "values": [ + "SECURITY_WAF_VIOLATION_TRANSPARENT" + ] + } + ] + } + } + } + } } - } - }, - "NapPolicyParamObjectID": { - "name": "nap_policy_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyObjectID" }, - "description": "A globally unique identifier for the App Protect policy.\n", - "required": true - }, - "SortNameNapPolicyVersionsDep": { - "name": "sort_nap_policy_versions", - "in": "query", - "deprecated": true, - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" - ] - } - } - }, - "SortNameNapPolicyVersions": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" - ] + "responses": { + "200": { + "description": "Successfully returned attack analytics time series.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AttacksTimeSeriesQueryResponse" + }, + "examples": { + "without_group_by": { + "summary": "Without group_by - returns total series only", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z", + "resolution": "1h" + }, + "total": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 150 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 180 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 95 + }, + { + "timestamp": "2024-01-15T03:00:00Z", + "count": 210 + }, + { + "timestamp": "2024-01-15T04:00:00Z", + "count": 175 + }, + { + "timestamp": "2024-01-15T05:00:00Z", + "count": 130 + } + ] + } + }, + "with_group_by": { + "summary": "With group_by=request_status - returns dimensional breakdown", + "description": "All series have aligned timestamps. Note the zero-filled bucket at 02:00\nfor `passed` where no events occurred.\n", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "request_status": { + "blocked": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 120 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 150 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 80 + } + ], + "passed": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 10 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 15 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ], + "alerted": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 20 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 15 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 10 + } + ] + } + } + }, + "no_data": { + "summary": "No data in time range - returns zero-filled buckets", + "description": "When no attacks occurred in the queried time range, time buckets are still\ngenerated based on the resolution with count as 0.\n", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "total": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ] + } + }, + "no_data_with_group_by": { + "summary": "No data with group_by - returns zero-filled series for each dimension", + "description": "All dimension values have aligned timestamps with count: 0.\nThis ensures charts can render empty series correctly.\n", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "request_status": { + "blocked": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ], + "alerted": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ], + "passed": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 0 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ] + } + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "FilterFieldNapPolicyVersion": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + } + }, + "/app-protect/analytics/signatures": { + "post": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Query signature analytics", + "operationId": "querySignatureAnalytics", + "description": "Returns signature analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` (signature hits) and `unique` (distinct signatures) for the time range\n- With `group_by`: Returns breakdown for that dimension, `total` and `unique` are omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`request_status`, `accuracy`, `risk`): Returns object with known keys and counts\n- **Dynamic dimensions** (`signature`, `cve`): Returns array of items sorted by count descending\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SignaturesQueryRequest" + }, + "examples": { + "total_only": { + "summary": "Get total signature hits and unique count (no group_by)", + "value": { + "start_time": "now-24h" + } + }, + "by_request_status": { + "summary": "Signature hits by request status", + "value": { + "start_time": "now-24h", + "group_by": "request_status" + } + }, + "by_accuracy": { + "summary": "Signature hits by accuracy level", + "value": { + "start_time": "now-24h", + "group_by": "accuracy" + } + }, + "by_risk": { + "summary": "Signature hits by risk level", + "value": { + "start_time": "now-24h", + "group_by": "risk" + } + }, + "top_signatures": { + "summary": "Top 5 signatures by hit count", + "value": { + "start_time": "now-24h", + "group_by": "signature", + "limit": 5 + } + }, + "top_cves": { + "summary": "Top 5 CVEs by hit count", + "value": { + "start_time": "now-24h", + "group_by": "cve", + "limit": 5 + } + }, + "filtered_blocked_signatures": { + "summary": "Top signatures for blocked requests only", + "value": { + "start_time": "now-24h", + "group_by": "signature", + "filter": [ + { + "field": "request_status", + "operator": "=", + "values": [ + "blocked" + ] + } + ], + "limit": 10 + } + } + } + } } - } - }, - "NapPolicyVersionParamObjectID": { - "name": "nap_policy_version_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "description": "A globally unique identifier for the App Protect policy version.\n", - "required": true - }, - "SortNameNapPolicyDeploymentsDep": { - "name": "sort_nap_deployments", - "in": "query", - "deprecated": true, - "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "policy_version", - "status", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_deployments_name", - "sort_name_nap_policy_deployments_type", - "sort_name_nap_policy_deployments_policy_version", - "sort_name_nap_policy_deployments_status", - "sort_name_nap_policy_deployments_deployed_on", - "sort_name_nap_policy_deployments_threat_campaign_version", - "sort_name_nap_policy_deployments_attack_signature_version", - "sort_name_nap_policy_deployments_bot_signature_version" - ] - } - } - }, - "SortNameNapPolicyDeployments": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "policy_version", - "status", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_deployments_name", - "sort_name_nap_policy_deployments_type", - "sort_name_nap_policy_deployments_policy_version", - "sort_name_nap_policy_deployments_status", - "sort_name_nap_policy_deployments_deployed_on", - "sort_name_nap_policy_deployments_threat_campaign_version", - "sort_name_nap_policy_deployments_attack_signature_version", - "sort_name_nap_policy_deployments_bot_sigature_version" - ] - } - } - }, - "FilterFieldNapPolicyDeployment": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" - } - } - }, - "SortNameNapLogProfilesDep": { - "name": "sort_nap_log_profiles", - "in": "query", - "deprecated": true, - "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_log_profiles_name" - ] - } - } - }, - "SortNameNapLogProfiles": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_log_profiles_name" - ] + "responses": { + "200": { + "description": "Successfully returned signature analytics.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SignaturesQueryResponse" + }, + "examples": { + "without_group_by": { + "summary": "Without group_by - returns total and unique only", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "total": 1270, + "unique": 19 + } + }, + "by_request_status": { + "summary": "With group_by=request_status", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "request_status": { + "blocked": 1080, + "alerted": 122, + "passed": 68 + } + } + }, + "by_accuracy": { + "summary": "With group_by=accuracy", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "accuracy": { + "low": 150, + "medium": 420, + "high": 700 + } + } + }, + "by_risk": { + "summary": "With group_by=risk", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "risk": { + "low": 200, + "medium": 350, + "high": 520, + "critical": 200 + } + } + }, + "by_signature": { + "summary": "With group_by=signature", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "signature": [ + { + "signature_id": "200001834", + "name": "Unix hidden (dot-file)", + "count": 141, + "accuracy": "high", + "risk": "medium" + }, + { + "signature_id": "200001475", + "name": "PHP injection attempt", + "count": 99, + "accuracy": "high", + "risk": "high" + }, + { + "signature_id": "200000098", + "name": "XSS script tag end (Parameter)", + "count": 85, + "accuracy": "medium", + "risk": "high" + }, + { + "signature_id": "200001088", + "name": "Directory Traversal attempt", + "count": 72, + "accuracy": "high", + "risk": "critical" + }, + { + "signature_id": "200002550", + "name": "SQL injection attempt", + "count": 65, + "accuracy": "high", + "risk": "critical" + } + ] + } + }, + "by_cve": { + "summary": "With group_by=cve (Top Signature CVEs table)", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z" + }, + "cve": [ + { + "value": "CVE-2021-44228", + "count": 450 + }, + { + "value": "CVE-2021-1234", + "count": 320 + }, + { + "value": "CVE-2021-5678", + "count": 180 + }, + { + "value": "CVE-2020-9484", + "count": 95 + }, + { + "value": "CVE-2019-11043", + "count": 72 + } + ] + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "FilterFieldNapLogProfile": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapLogProfile" + } + }, + "/app-protect/analytics/signatures/time-series": { + "post": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Query signature analytics time series", + "operationId": "querySignatureAnalyticsTimeSeries", + "description": "Returns signature analytics as time-series data for charting.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` series (aggregate signature hits over time)\n- With `group_by`: Returns dimensional breakdown series, `total` is omitted\n\nData is returned with each dimension value as a separate series array,\nmaking it easy to plot directly. The bucket size is determined by the\n`resolution` field or auto-selected based on the time range.\n\n**Supported dimensions for time-series:**\n- `request_status` - Returns `blocked`, `alerted`, `passed` series\n- `accuracy` - Returns `low`, `medium`, `high` series\n- `risk` - Returns `low`, `medium`, `high`, `critical` series\n\n**Time alignment:** All series arrays contain the same timestamps, aligned to the\nresolution boundary. Buckets with no events are zero-filled.\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SignaturesTimeSeriesQueryRequest" + }, + "examples": { + "total_over_time": { + "summary": "Total signature hits over time (no group_by)", + "value": { + "start_time": "now-6h", + "resolution": "15m" + } + }, + "by_request_status": { + "summary": "Signature hits by request status over time", + "value": { + "start_time": "now-6h", + "resolution": "1h", + "group_by": "request_status" + } + }, + "by_accuracy": { + "summary": "Signature hits by accuracy over time", + "value": { + "start_time": "now-6h", + "resolution": "1h", + "group_by": "accuracy" + } + }, + "by_risk": { + "summary": "Signature hits by risk over time", + "value": { + "start_time": "now-6h", + "resolution": "1h", + "group_by": "risk" + } + } + } + } } - } - }, - "NapLogProfileParamObjectID": { - "name": "nap_log_profile_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "description": "A globally unique identifier for the App Protect log profile.\n", - "required": true - }, - "SortNameNapLogProfileDeployments": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect log profile deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "status", - "deployed_on" - ], - "x-enum-varnames": [ - "sort_name_nap_log_profile_deployments_name", - "sort_name_nap_log_profile_deployments_type", - "sort_name_nap_log_profile_deployments_status", - "sort_name_nap_log_profile_deployments_deployed_on" - ] - } - } - }, - "FilterFieldNapLogProfileDeployment": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapLogProfileDeployment" - } - } - }, - "SortNameNapGlobalSettingsDep": { - "name": "sort_nap_global_settings", - "in": "query", - "deprecated": true, - "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_global_settings_name" - ] + "responses": { + "200": { + "description": "Successfully returned signature analytics time series.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SignaturesTimeSeriesQueryResponse" + }, + "examples": { + "without_group_by": { + "summary": "Without group_by - returns total series only", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T06:00:00Z", + "resolution": "1h" + }, + "total": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 150 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 180 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 95 + }, + { + "timestamp": "2024-01-15T03:00:00Z", + "count": 210 + }, + { + "timestamp": "2024-01-15T04:00:00Z", + "count": 175 + }, + { + "timestamp": "2024-01-15T05:00:00Z", + "count": 130 + } + ] + } + }, + "by_request_status": { + "summary": "With group_by=request_status", + "description": "All series have aligned timestamps. Note the zero-filled bucket at 02:00\nfor `passed` where no events occurred.\n", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "request_status": { + "blocked": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 120 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 150 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 80 + } + ], + "passed": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 10 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 15 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 0 + } + ], + "alerted": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 20 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 15 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 10 + } + ] + } + } + }, + "by_accuracy": { + "summary": "With group_by=accuracy", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "accuracy": { + "low": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 15 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 20 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 12 + } + ], + "medium": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 45 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 55 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 38 + } + ], + "high": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 90 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 105 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 40 + } + ] + } + } + }, + "by_risk": { + "summary": "With group_by=risk", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T03:00:00Z", + "resolution": "1h" + }, + "risk": { + "low": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 20 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 25 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 15 + } + ], + "medium": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 40 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 50 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 30 + } + ], + "high": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 60 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 75 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 35 + } + ], + "critical": [ + { + "timestamp": "2024-01-15T00:00:00Z", + "count": 30 + }, + { + "timestamp": "2024-01-15T01:00:00Z", + "count": 30 + }, + { + "timestamp": "2024-01-15T02:00:00Z", + "count": 10 + } + ] + } + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "SortNameNapGlobalSettings": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_global_settings_name" - ] + } + }, + "/app-protect/analytics/violations": { + "post": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Query violation analytics", + "operationId": "queryViolationAnalytics", + "description": "Returns violation analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` (violation occurrences) and `unique` (distinct violation types)\n- With `group_by`: Returns breakdown for that dimension, `total` and `unique` are omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`context`): Returns object with known keys (header, cookie, parameter, uri, request, other)\n- **Dynamic dimensions** (`violation`, `sub_violation`): Returns array of items with cross-dimension context\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ViolationsQueryRequest" + }, + "examples": { + "total_only": { + "summary": "Get total violation occurrences and unique count (no group_by)", + "value": { + "start_time": "now-24h" + } + }, + "by_violation": { + "summary": "Top violations by occurrence count", + "value": { + "start_time": "now-24h", + "group_by": "violation", + "limit": 10 + } + }, + "by_sub_violation": { + "summary": "Top sub-violations by occurrence count", + "value": { + "start_time": "now-24h", + "group_by": "sub_violation", + "limit": 10 + } + }, + "by_context": { + "summary": "Violation context breakdown", + "value": { + "start_time": "now-24h", + "group_by": "context" + } + }, + "filtered_by_policy": { + "summary": "Top violations for a specific policy", + "value": { + "start_time": "now-24h", + "group_by": "violation", + "filter": [ + { + "field": "policy", + "operator": "=", + "values": [ + "app_protect_default_policy" + ] + } + ], + "limit": 10 + } + } + } + } } - } - }, - "FilterFieldNapGlobalSetting": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapGlobalSettings" + }, + "responses": { + "200": { + "description": "Successfully returned violation analytics.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ViolationsQueryResponse" + }, + "examples": { + "without_group_by": { + "summary": "Without group_by - returns total and unique only", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "total": 4320, + "unique": 5 + } + }, + "by_violation": { + "summary": "With group_by=violation", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "violation": [ + { + "value": "Bot Client Detected", + "count": 1080, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + }, + { + "value": "Violation Rating Threat detected", + "count": 960, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + }, + { + "value": "Attack signature detected", + "count": 840, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + }, + { + "value": "Illegal meta character in value", + "count": 480, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + }, + { + "value": "Illegal HTTP status in response", + "count": 120, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + } + ] + } + }, + "by_sub_violation": { + "summary": "With group_by=sub_violation", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "sub_violation": [ + { + "value": "N/A", + "count": 1080, + "distinct": { + "ips": 1, + "urls": 1, + "policies": 1 + } + } + ] + } + }, + "by_context": { + "summary": "With group_by=context", + "value": { + "query_metadata": { + "start_time": "2024-01-15T00:00:00Z", + "end_time": "2024-01-15T23:59:59Z" + }, + "context": { + "cookie": 0, + "header": 130, + "parameter": 1426, + "request": 302, + "uri": 0, + "other": 2462 + } + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "NapGlobalSettingParamObjectID": { - "name": "nap_global_setting_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" - }, - "description": "A globally unique identifier for the App Protect global settings object.\n", - "required": true - }, - "DeploymentObjectID": { - "name": "deployment_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/DeploymentObjectID" - }, - "description": "A globally unique identifier for the NAAS deployment.", - "required": true - }, - "loadModelUID": { - "name": "loadModelUID", - "in": "path", - "required": true, - "schema": { - "type": "string", - "format": "uuid" - }, - "description": "A globally unique identifier for a Load Model.", - "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" - }, - "TemplateParamObjectID": { - "name": "templateObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/TemplateObjectID" - }, - "description": "A globally unique identifier for the template.\n", - "required": true - }, - "TemplateVersionParamObjectID": { - "name": "templateVersionObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/TemplateVersionObjectID" - }, - "description": "A globally unique identifier for the template version.\n", - "required": true - }, - "SortNameTemplates": { - "name": "sort_fields", - "in": "query", - "description": "Sort the list of templates by the specified fields.\nThe default sort order is ascending. To sort in descending order, use the `sort_dir` parameter.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type" - ], - "x-enum-varnames": [ - "sort_name_templates_name", - "sort_name_templates_type" - ] + } + }, + "/app-protect/events": { + "get": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "List security events", + "operationId": "listSecurityEvents", + "description": "Returns a paginated list of security events.\n\n**Filtering:**\n- Use the `filter_fields`, `filter_values`, and `filter_ops` parameters to filter events by various dimensions\n- All filter parameters must have matching array lengths\n- `support_id` is unique per event, so filtering by it returns a single-item list\n- Time range filtering via `start_time` and `end_time` is recommended to limit results\n- Multiple filter values can be chained using the `|` character (e.g., `blocked|alerted`)\n\n**Pagination:**\n- Results are paginated using standard Nginx One Console pagination\n- Results are sorted by timestamp descending (most recent first) by default\n\n**Response:**\n- Returns summary fields suitable for list display\n- Use `GET /app-protect/events/{id}` for full event details including raw request\n", + "parameters": [ + { + "name": "start_time", + "in": "query", + "description": "Beginning of the time range (inclusive).\nAccepts ISO 8601 format or relative offset (e.g., `now-24h`).\n", + "schema": { + "type": "string" + }, + "example": "now-24h" + }, + { + "name": "end_time", + "in": "query", + "description": "End of the time range (exclusive).\nDefaults to current time if not specified.\n", + "schema": { + "type": "string" + }, + "example": "now" + }, + { + "$ref": "#/components/parameters/FilterFieldSecurityEvents" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/Limit" } - } - }, - "SortNameSubmissions": { - "name": "sort_fields", - "in": "query", - "description": "Sort the list of template submissions by the specified fields.\nThe default sort order is descending (most recent first).\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "created_at", - "modified_at" - ], - "x-enum-varnames": [ - "sort_name_submissions_created_at", - "sort_name_submissions_modified_at" - ] + ], + "responses": { + "200": { + "description": "Successfully returned list of security events.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SecurityEventListResponse" + }, + "example": { + "total": 1080, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "timestamp": "2024-01-22T12:13:25Z", + "support_id": "1844305495056427365", + "request_status": "blocked", + "policy_name": "app_protect_default_policy", + "client_ip": "192.168.1.100", + "url": "/api/users", + "method": "POST", + "response_code": 403, + "country_code": "US", + "violation_rating": 5, + "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } - }, - "SortNameVersions": { - "name": "sort_fields", - "in": "query", - "description": "Sort the list of template versions by the specified fields.\nThe default sort order is descending (highest version first).\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "version" - ], - "x-enum-varnames": [ - "sort_name_versions_version" - ] + } + }, + "/app-protect/events/{id}": { + "get": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Get security event by supportID", + "operationId": "getSecurityEvent", + "description": "Returns a specific security event by its support ID.\n\n**Response:**\n- Returns full event details including:\n - Request metadata (headers, method, URL, response code)\n - WAF enforcement details (policy, outcome, violation_rating)\n - All triggered violations with context\n - All matched signatures with details\n - Raw HTTP request (if available and not truncated)\n - Threat campaign associations\n", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "description": "The support ID of the security event.", + "schema": { + "type": "string", + "minLength": 1 + }, + "example": "1844305495056427365" + } + ], + "responses": { + "200": { + "description": "Successfully returned the security event.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SecurityEvent" + }, + "example": { + "id": "d1cd4806-3519-4c72-a0e4-63fd611ee6fb", + "timestamp": "2024-01-22T12:13:25Z", + "support_id": "1844305495056427365", + "version": "v1.0", + "system_id": "31ed9d05-9cb0-48c3-9f97-d63b1b6dd342", + "parent_hostname": "nginx-host-01", + "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "http": { + "hostname": "example.com", + "remote_addr": "192.168.1.100", + "remote_port": 54321, + "server_addr": "10.0.0.1", + "server_port": 443, + "uri": "/", + "request_method": "GET", + "response_code": 403 + }, + "x_forwarded_for_header_value": "203.0.113.42", + "country_code": "US", + "policy_name": "app_protect_default_policy", + "request_status": "blocked", + "request_outcome": "rejected", + "request_outcome_reason": "SECURITY_WAF_VIOLATION", + "violation_rating": 5, + "blocking_exception_reason": "", + "is_truncated": false, + "signatures": [ + { + "id": 200001834, + "name": "XSS script tag end (Parameter)", + "accuracy": "high", + "risk": "high", + "cve": "", + "blocking_mask": "0x0", + "buffer": "param", + "offset": 0, + "length": 42 + } + ], + "violations": [ + { + "name": "Illegal meta character in value", + "sub_name": "", + "context": "parameter", + "detail_name": "VIOL_PARAMETER_VALUE_METACHAR", + "detail_context": "parameter", + "field_name": "param", + "field_value": "" + }, + { + "name": "Attack signature detected", + "sub_name": "", + "context": "parameter", + "detail_name": "VIOL_ATTACK_SIGNATURE", + "detail_context": "parameter", + "field_name": "param", + "field_value": "" + }, + { + "name": "Violation Rating Threat detected", + "sub_name": "", + "context": "other", + "detail_name": "", + "detail_context": "", + "field_name": "", + "field_value": "" + }, + { + "name": "Bot Client Detected", + "sub_name": "", + "context": "other", + "detail_name": "", + "detail_context": "", + "field_name": "", + "field_value": "" + } + ], + "threat_campaign_names": [], + "request": "GET /?param=%3Cscript%3Ealert%27xss%27%3C%2Fscript%3E HTTP/1.1\r\nHost: example.com\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\n\r\n" + } + } + } + }, + "404": { + "$ref": "#/components/responses/NotFound" } } - }, - "TemplateSubmissionPreviewOnly": { - "name": "preview_only", + } + }, + "/billing-usage/events": {} + }, + "components": { + "parameters": { + "Paginated": { + "name": "paginated", "in": "query", "schema": { "type": "boolean", - "default": false + "default": true }, - "description": "Optional flag to control how a template submission request is processed.\n - When `true`, the request renders the full NGINX configuration for preview **without creating a template submission object** (this is currently the only supported mode).\n - When `false` or omitted (the default), the request is intended to render the configuration **and create a submission object**, but this feature is **not supported yet** and will return an error.\nNote: Currently, only preview (stateless render) mode is supported. Submission creation is not yet implemented.\n", + "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", "required": false }, - "TemplateSubmissionParamObjectID": { - "name": "submissionObjectID", - "in": "path", + "Limit": { + "name": "limit", + "in": "query", "schema": { - "$ref": "#/components/schemas/TemplateSubmissionObjectID" + "type": "integer", + "minimum": 0 }, - "description": "A globally unique identifier for the template submission.\n", - "required": true + "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", + "required": false }, - "FilterFieldTemplates": { - "name": "filter_fields", + "Offset": { + "name": "offset", "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `type`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameTemplates" - } - } + "type": "integer", + "minimum": 1 + }, + "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" }, - "FilterFieldSubmissions": { + "FilterFieldDataPlaneKeys": { "name": "filter_fields", "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameSubmissions" + "$ref": "#/components/schemas/FilterNameDataPlaneKeys" } } }, - "FilterFieldTemplateVersions": { - "name": "filter_fields", + "FilterOperands": { + "name": "filter_ops", "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameTemplateVersions" - } + "$ref": "#/components/schemas/FilterOperands" } }, - "FilterFieldSecurityEvents": { - "name": "filter_fields", + "FilterValues": { + "name": "filter_values", "in": "query", - "description": "An array of field names to filter by. Works in conjunction with `filter_values` and `filter_ops`.\n", + "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/AnalyticsFilterField" + "type": "string", + "example": "value1|value2|value3", + "minLength": 1, + "maxLength": 1024 } } - } - }, - "schemas": { - "FilterNameDataPlaneKeys": { - "type": "string", - "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", - "enum": [ - "name", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_data_plane_key_name", - "filter_name_data_plane_key_status", - "filter_name_data_plane_key_object_id" - ] - }, - "FilterOperand": { - "type": "string", - "enum": [ - "IN" - ], - "x-enum-varnames": [ - "filter_operands_in" - ] - }, - "FilterOperands": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterOperand" - } }, - "PaginationResponse": { - "type": "object", - "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", - "required": [ - "total", - "count" - ], - "properties": { - "total": { - "type": "integer", - "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" - }, - "count": { - "type": "integer", - "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" - }, - "start_index": { - "type": "integer", - "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" - }, - "items_per_page": { - "type": "integer", - "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" - } + "DataPlaneKeyParamObjectID": { + "name": "data_plane_key_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "example": { - "total": 101, - "count": 1, - "start_index": 1, - "items_per_page": 100 - } - }, - "DataPlaneKeyObjectID": { - "description": "A globally unique identifier for the data plane key.", - "type": "string", - "format": "object_id", - "pattern": "^key_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "A globally unique identifier for the data plane key.\n", + "required": true }, - "DataPlaneKey": { - "type": "object", - "description": "Represents a data plane key with details such as object_id, name, and timestamps.", - "required": [ - "object_id", - "name", - "revoked", - "expires_at", - "created_at", - "modified_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "name": { - "description": "The name given to the data plane key.", - "type": "string" - }, - "revoked": { - "description": "Indicates whether the data plane key has been revoked or not.", - "type": "boolean" - }, - "revoked_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was revoked." - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key expires." - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was last modified." - }, - "instances_count": { - "type": "integer", - "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" - }, - "control_planes_count": { - "type": "integer", - "description": "The number of observed control planes using this data plane key." + "FilterFieldCertificates": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificates" } } }, - "DataPlaneKeyListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of data plane keys.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of DataPlaneKey objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKey" - } - } - } - } - ] - }, - "Error": { - "description": "This object contains details about the errors that are returned when API requests fail.", - "type": "object", - "required": [ - "message", - "request_id", - "timestamp" - ], - "properties": { - "message": { - "description": "The error message describing the problem.", - "type": "string" - }, - "request_id": { - "description": "The unique identifier of the API request that failed.", - "type": "string" - }, - "timestamp": { - "description": "The date and time (in UTC) when the error happened.", - "type": "string" - }, - "detail": { - "description": "Additional information about the error, if available.", - "type": "string" - } + "SortDirection": { + "name": "sort_dir", + "in": "query", + "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "schema": { + "type": "string", + "enum": [ + "Ascending", + "Descending" + ], + "x-enum-varnames": [ + "ascending", + "descending" + ] } }, - "DataPlaneKeyCreateRequest": { - "type": "object", - "description": "Request structure for creating a new data plane key.", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Give the data plane key a name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "expires_at": { + "SortNameCertificatesDep": { + "name": "sort_certificates", + "in": "query", + "deprecated": true, + "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time", - "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" + "enum": [ + "name", + "subject_name", + "not_before", + "not_after" + ], + "x-enum-varnames": [ + "sort_name_certificates_name", + "sort_name_certificates_subject_name", + "sort_name_certificates_not_before", + "sort_name_certificates_not_after" + ] } } }, - "DataPlaneKeyResponse": { - "type": "object", - "description": "Response structure containing details of the created or retrieved data plane key.", - "required": [ - "key", - "object_id", - "expires_at" - ], - "properties": { - "name": { - "description": "The name to be give to the new data plane key.", - "type": "string" - }, - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "key": { - "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", - "type": "string" - }, - "expires_at": { + "SortNameCertificates": { + "name": "sort_fields", + "in": "query", + "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key will expire." + "enum": [ + "name", + "subject_name", + "not_before", + "not_after" + ], + "x-enum-varnames": [ + "sort_name_certificates_name", + "sort_name_certificates_subject_name", + "sort_name_certificates_not_before", + "sort_name_certificates_not_after" + ] } } }, - "BulkRequestAction": { - "type": "string", - "default": "modify", - "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", - "enum": [ - "create", - "modify", - "delete" - ], - "x-enum-varnames": [ - "bulk_action_create", - "bulk_action_modify", - "bulk_action_delete" - ] - }, - "DataPlaneKeyBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a data plane key, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } + "CertificateParamObjectID": { + "name": "certificateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "example": { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } + "description": "A globally unique identifier for the certificate.\n", + "required": true }, - "DataPlaneKeyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" + "DeleteFromDataPlanesParamFlag": { + "name": "deleteFromDataPlanes", + "in": "query", + "schema": { + "type": "boolean" }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "key_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] + "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" }, - "ObjectID": { - "description": "A globally unique identifier.", - "type": "string", - "format": "object_id", - "pattern": "^\\w+_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldCertificateDeployments": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificateDeployments" + } } }, - "BulkRequestObjectStatus": { - "type": "object", - "required": [ - "outcome" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "type": "string", - "description": "this is the user facing name of the object." - }, - "outcome": { + "SortNameCertificateDeploymentsDep": { + "name": "sort_certificate_deployments", + "in": "query", + "deprecated": true, + "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", "enum": [ - "deleted", - "accepted", - "failed", - "invalid" + "name" ], "x-enum-varnames": [ - "build_request_object_status_deleted", - "build_request_object_status_accepted", - "build_request_object_status_failed", - "build_request_object_status_invalid" + "sort_name_certificate_deployments_name" ] - }, - "failure_reason": { - "type": "string", - "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." } } }, - "DataPlaneKeyBulkResponse": { - "description": "The data plane key bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "DataPlaneKeyUpdateRequest": { - "type": "object", - "description": "Request structure for updating an existing data plane key.", - "properties": { - "name": { - "description": "Give the data plane key a new name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "expires_at": { + "SortNameCertificateDeployments": { + "name": "sort_fields", + "in": "query", + "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time", - "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_certificate_deployments_name" + ] } } }, - "CertificateStatus": { - "type": "string", - "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", - "enum": [ - "valid", - "expiring", - "expired", - "not_ready" - ], - "x-enum-varnames": [ - "certificate_status_valid", - "certificate_status_expiring", - "certificate_status_expired", - "certificate_status_not_ready" - ] + "FilterFieldConfigSyncGroups": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + } + } }, - "CertificateSummaryItem": { - "description": "summary information for certificate with certain status.", - "type": "object", - "required": [ - "status", - "count", - "affected_instances" - ], - "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "count": { - "description": "The total number of SSL certificates for each status category.", - "type": "integer" - }, - "affected_instances": { - "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", - "type": "integer" + "SortNameConfigSyncGroupsDep": { + "name": "sort_config_sync_groups", + "in": "query", + "deprecated": true, + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] } } }, - "SummaryDisplayCount": { - "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", - "type": "object", - "required": [ - "name", - "count" - ], - "properties": { - "name": { - "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", - "type": "string" - }, - "count": { - "description": "The number of resources matching the given type.", - "type": "integer" - }, - "display": { - "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", - "type": "string" + "SortNameConfigSyncGroups": { + "name": "sort_fields", + "in": "query", + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] } } }, - "OperatingSystemVersionSummary": { - "description": "An array of operating systems and their versions on the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } + "ConfigSyncGroupParamObjectID": { + "name": "configSyncGroupObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group.\n", + "required": true }, - "NGINXVersionSummary": { - "description": "An array of NGINX versions installed across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } + "ConfigSyncGroupConfigurationParamObjectID": { + "name": "configSyncGroupConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group configuration.\n", + "required": true }, - "StatusSummary": { - "description": "An overview of the status for each NGINX instance, indicating availability.", - "type": "object", - "required": [ - "online", - "offline", - "unavailable" - ], - "properties": { - "online": { - "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "type": "integer" - }, - "offline": { - "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", - "type": "integer" - }, - "unavailable": { - "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", - "type": "integer" + "PublicationParamObjectID": { + "name": "publicationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "description": "A globally unique identifier for a Publication.\n", + "required": true + }, + "SortNameControlPlanes": { + "name": "sort_fields", + "in": "query", + "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_control_plane_name" + ] } } }, - "CveSeverityType": { - "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", - "enum": [ - "high", - "medium", - "low", - "none", - "other" - ], - "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" - ] - }, - "CveSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "object", - "required": [ - "severity", - "count", - "affected_instances" - ], - "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" - }, - "affected_instances": { - "description": "The number of NGINX instances affected by each CVE.", - "type": "integer" + "FilterFieldControlPlanes": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameControlPlanes" } } }, - "RecommendationType": { - "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", - "enum": [ - "best_practice", - "security", - "optimization", - "other" - ], - "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" - ] + "ControlPlaneParamObjectID": { + "name": "controlPlaneObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "description": "A globally unique identifier for the control plane.\n", + "required": true }, - "IssueSummary": { - "description": "A summary of issue details from the configuration analysis report.", - "type": "object", - "required": [ - "type", - "count", - "affected_instances" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The number of times this recommendation appears in the configuration analysis report.", - "type": "integer" - }, - "affected_instances": { - "description": "The number of instances affected by this issue.", - "type": "integer" + "SortNameCVEsDep": { + "name": "sort_cves", + "in": "query", + "deprecated": true, + "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "instance_count", + "control_plane_count", + "severity", + "cve_id", + "published_at" + ], + "x-enum-varnames": [ + "sort_instance_count", + "sort_control_plane_count", + "sort_cve_severity", + "sort_cve_id", + "sort_published_at" + ] } } }, - "InstanceSummary": { - "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's status across all NGINX instances.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateSummaryItem" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystemVersionSummary" - }, - "nginx_versions": { - "$ref": "#/components/schemas/NGINXVersionSummary" - }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" - }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveSummary" - } - }, - "recommendations": { - "description": "An array summarizing the suggestions from the configuration analysis report.", - "type": "array", - "items": { - "$ref": "#/components/schemas/IssueSummary" - } + "SortNameCVEs": { + "name": "sort_fields", + "in": "query", + "description": "Sort CVEs by the number of instances or control planes affected by that CVE.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "instance_count", + "control_plane_count", + "severity", + "cve_id", + "published_at" + ], + "x-enum-varnames": [ + "sort_instance_count", + "sort_control_plane_count", + "sort_cve_severity", + "sort_cve_id", + "sort_published_at" + ] } } }, - "FilterNameInstances": { - "type": "string", - "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "hostname", - "nginx_version", - "os_version", - "instance_status", - "cert_status", - "cve_severity", - "config_recommendation", - "key_object_id", - "system_id", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_instances_hostname", - "filter_name_instances_nginx_version", - "filter_name_instances_os_version", - "filter_name_instances_instance_status", - "filter_name_instances_cert_status", - "filter_name_instances_cve_severity", - "filter_name_instances_config_recommendation", - "filter_name_instances_key_object_id", - "filter_name_instances_system_id", - "filter_name_instances_object_id" - ] + "NginxCVEParamID": { + "name": "nginxCVEID", + "in": "path", + "schema": { + "type": "string", + "pattern": "^\\d{4}-\\d{4,19}$" + }, + "description": "A globally unique identifier for NGINX CVE.\n", + "required": true }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", - "type": "string", - "format": "object_id", - "pattern": "^inst_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "SortNameCVEImpactedInstancesDep": { + "name": "sort_cve_impacted_instances", + "in": "query", + "deprecated": true, + "description": "Sort the Instances that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_instances_hostname", + "sort_name_cve_impacted_instances_status" + ] + } } }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", - "type": "object", - "required": [ - "version" - ], - "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" - }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" - }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" + "SortNameCVEImpactedInstances": { + "name": "sort_fields", + "in": "query", + "description": "Sort the Instances that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_instances_hostname", + "sort_name_cve_impacted_instances_status" + ] } } }, - "NginxAppProtectVersions": { - "description": "Version information regarding NGINX App Protect.\n", - "type": "object", - "required": [ - "engine_version" - ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" + "FilterFieldEvents": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameEvents" } } }, - "NginxAppProtectDeploymentCounts": { - "type": "object", - "description": "Summary count of NAP policy version deployment statues.", - "required": [ - "total", - "deployed", - "deploying", - "failed" - ], - "properties": { - "total": { - "description": "Total count of NAP policy versions across the NGINX data plane.", - "type": "integer" - }, - "deployed": { - "description": "The number of NAP policy versions that have deployed.", - "type": "integer" - }, - "deploying": { - "description": "The number of NAP policy versions that are deploying.", - "type": "integer" - }, - "failed": { - "description": "The number of NAP policy versions that have failed deployment.", - "type": "integer" + "EventParamObjectID": { + "name": "eventObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/EventObjectID" + }, + "description": "A globally unique identifier for an event.\n", + "required": true + }, + "FilterFieldInstances": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameInstances" } } }, - "NginxAppProtectSummary": { - "description": "Summary information regarding NGINX App Protect.\n", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/NginxAppProtectVersions" - }, - { - "type": "object", - "required": [ - "deployments" + "SortNameInstancesDep": { + "name": "sort_instances", + "in": "query", + "deprecated": true, + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" ], - "properties": { - "deployments": { - "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" - } - } + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] } - ] + } }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", - "type": "object", - "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" - ], - "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" - }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" - }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "SortNameInstances": { + "name": "sort_fields", + "in": "query", + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" + ], + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] } } }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The total number of each CVE type.", - "type": "integer" - } - } + "InstanceParamObjectID": { + "name": "instanceObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "description": "A globally unique identifier for the NGINX instance.\n", + "required": true }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", - "type": "integer" + "InstanceConfigurationParamObjectID": { + "name": "instanceConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX instance configuration.\n", + "required": true + }, + "FilterFieldStagedConfigs": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterStagedConfigs" } } }, - "ControlPlaneObjectID": { - "description": "A globally unique identifier for the control plane.", - "type": "string", - "format": "object_id", - "pattern": "^ecp_.*", - "x-go-type": "objects.ID" - }, - "ControlPlaneBaseInfo": { - "type": "object", - "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", - "required": [ - "name", - "product_version", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "name": { - "description": "Control plane name.", - "type": "string" - }, - "product_version": { - "description": "Control plane product name and version.", - "type": "string" - }, - "created_at": { + "SortNameStagedConfigsDep": { + "name": "sort_staged_configs", + "in": "query", + "deprecated": true, + "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time", - "description": "The date and time when the control plane was created." + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_staged_config_name" + ] } } }, - "Instance": { - "type": "object", - "description": "Summary information about a NGINX instance.", - "required": [ - "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status", - "has_container_host" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" - }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", - "type": "string" - }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", - "type": "string" - }, - "agent_version": { - "description": "The version of the NGINX Agent.", - "type": "string" - }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" - }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", - "type": "string", - "example": "ubuntu_jammy" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectSummary" - }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", - "type": "string", - "format": "date-time" - }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", - "type": "string", - "format": "date-time" - }, - "status": { + "SortNameStagedConfigs": { + "name": "sort_fields", + "in": "query", + "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", "enum": [ - "unknown", - "unavailable", - "offline", - "online" + "name" + ], + "x-enum-varnames": [ + "sort_name_staged_config_name" ] - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } - }, - "recommendations": { - "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", - "items": { - "$ref": "#/components/schemas/IssueDetails" - } - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - "has_container_host": { - "type": "boolean", - "description": "Indicates whether the instance is running in a containerized environment." } } }, - "InstanceListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of data plane instances.", - "required": [ - "items" + "StagedConfigParamObjectID": { + "name": "stagedConfigObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/StagedConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX staged config.\n", + "required": true + }, + "StagedConfigImportParseOnly": { + "name": "parseOnly", + "in": "query", + "schema": { + "type": "boolean", + "default": false + }, + "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", + "required": false + }, + "NapCompileNapRelease": { + "name": "nap_release", + "in": "query", + "schema": { + "type": "string" + }, + "description": "NGINX App Protect release version to request the compilation for. The value must match a supported NGINX App Protect release (e.g. \"5.10.0\").\n", + "required": true, + "example": "5.10.0" + }, + "NapCompileDownload": { + "name": "download", + "in": "query", + "schema": { + "type": "boolean", + "default": false + }, + "description": "Whether to download the compiled bundle. When `true`, the request blocks until the bundle is ready and returns the bundle content. The request may take longer depending on the bundle's compilation status.\n", + "required": false, + "example": true + }, + "NapSignatureID": { + "name": "signatureID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureID" + }, + "description": "An unique identifier for the NGINX App Protect signature.\n", + "required": true + }, + "NapSignatureSetObjectID": { + "name": "signatureSetObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" + }, + "description": "A globally unique identifier for the NGINX App Protect signature set.\n", + "required": true + }, + "SortNameNapSignatures": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signatures by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_id" ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Instance" - } - } - } + "x-enum-varnames": [ + "sort_name_nap_signatures_name", + "sort_name_nap_signatures_signature_id" + ] } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "agent_version": "v2.30.3", - "hostname": "4d116619f106", - "key": "key_Tet21AeYTHCj7taOwVfzyw", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "has_container_host": false - } - ] } }, - "InstanceBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", - "required": [ - "action" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "SortNameNapSignatureSets": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signature sets by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_count" + ], + "x-enum-varnames": [ + "sort_name_nap_signature_sets_name", + "sort_name_nap_signature_sets_signature_count" + ] } - }, - "example": { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "InstanceBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InstanceBulkRequestData" - }, - "maxItems": 50, - "example": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "FilterFieldNapSignatures": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `accuracy`, `risk`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatures" } - ] - }, - "InstanceBulkResponse": { - "description": "The NGINX instance bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "NginxSecurityAdvisory": { - "type": "object", - "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", - "required": [ - "id", - "severity", - "advisory", - "info" - ], - "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "advisory": { - "description": "The URL to detailed information about the security advisory.", - "type": "string" - }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "FilterFieldNapSignatureSets": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `type`, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatureSets" } } }, - "CertificateObjectID": { - "description": "A globally unique identifier for the certificates.", - "type": "string", - "format": "object_id", - "pattern": "^cert_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "CertificateType": { - "type": "string", - "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", - "enum": [ - "ca_bundle", - "cert_key", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_type_ca_bundle", - "certificate_type_pem_cert_key", - "certificate_type_unmanaged" - ] - }, - "CertificateDeploymentStatus": { - "type": "string", - "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", - "enum": [ - "latest", - "stale", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_deployment_status_latest", - "certificate_deployment_status_stale", - "certificate_deployment_status_unmanaged" - ] - }, - "CertAssociation": { - "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", - "required": [ - "name", - "object_id", - "cert_type", - "subject_name", - "not_before", - "not_after", - "cert_status", - "deployment_status" - ], - "properties": { - "name": { - "type": "string", - "description": "A friendly name for the certificate." - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" - }, - "cert_paths": { - "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], - "items": { - "type": "string" - } - }, - "key_paths": { - "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" - ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "subject_name": { - "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" - }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "not_before": { - "type": "string", - "format": "date-time", - "description": "the effective date of the certificate." - }, - "not_after": { + "SortNameNapLogProfilesDep": { + "name": "sort_nap_log_profiles", + "in": "query", + "deprecated": true, + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time", - "description": "The expiration date for the certificate." + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_log_profiles_name" + ] } } }, - "OperatingSystem": { - "description": "Release details for the operating system.", - "type": "object", - "required": [ - "name", - "id", - "codename", - "version", - "version_id" - ], - "properties": { - "name": { - "description": "The official name of the operating system release.", - "type": "string" - }, - "id": { - "description": "The distinctive identifier for the operating system release.", - "type": "string" - }, - "codename": { - "description": "The codename assigned to the operating system release.", - "type": "string" - }, - "version": { - "description": "The version label for the operating system, which may include the name and version number or codename.", - "type": "string" - }, - "version_id": { - "description": "The specific version number of the operating system release.", - "type": "string" + "SortNameNapLogProfiles": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_log_profiles_name" + ] } - }, - "example": { - "name": "Ubuntu", - "id": "ubuntu", - "codename": "bionic", - "version": "18.04.5 LTS (Bionic Beaver)", - "version_id": "18.04" } }, - "ConfigSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", - "type": "string", - "format": "object_id", - "pattern": "^csg_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldNapLogProfile": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapLogProfile" + } } }, - "ConfigSyncGroupMeta": { - "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", - "required": [ - "object_id", - "name", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", - "type": "string", - "format": "date-time" - }, - "created_at": { - "description": "The date and time when the config sync group was created.", + "NapLogProfileParamObjectID": { + "name": "nap_log_profile_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapLogProfileObjectID" + }, + "description": "A globally unique identifier for the App Protect log profile.\n", + "required": true + }, + "SortNameNapLogProfileDeployments": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect log profile deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time" + "enum": [ + "name", + "type", + "status", + "deployed_on" + ], + "x-enum-varnames": [ + "sort_name_nap_log_profile_deployments_name", + "sort_name_nap_log_profile_deployments_type", + "sort_name_nap_log_profile_deployments_status", + "sort_name_nap_log_profile_deployments_deployed_on" + ] } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z", - "created_at": "2023-12-05T22:30:20.220114Z" } }, - "ConfigSyncStatus": { - "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] - }, - "ConfigSyncGroupInstanceMeta": { - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" - }, - { - "type": "object", - "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", - "properties": { - "instance_config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - } - } + "FilterFieldNapLogProfileDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapLogProfileDeployment" } - ] + } }, - "NapPolicyObjectID": { - "description": "A globally unique identifier for the App Protect policy.", - "type": "string", - "format": "object_id", - "pattern": "^pol_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "SortNameNapPoliciesDep": { + "name": "sort_nap_policies", + "in": "query", + "deprecated": true, + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" + ], + "x-enum-varnames": [ + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" + ] + } } }, - "NapPolicyVersionObjectID": { - "description": "A globally unique identifier for the App Protect policy version.", - "type": "string", - "format": "object_id", - "pattern": "^pv_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "SortNameNapPolicies": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" + ], + "x-enum-varnames": [ + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" + ] + } } }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", - "type": "string", - "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldNapPolicy": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicy" + } } }, - "NapPolicyEnforcementMode": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", - "type": "string", - "enum": [ - "blocking", - "transparent" - ], - "x-enum-varnames": [ - "nap_enforcement_mode_blocking", - "nap_enforcement_mode_transparent" - ] - }, - "NapDeploymentStatus": { - "description": "The current deployment status of the NGINX App Protect policy or log profile, with the following possible values:\n* `deployed` - The NGINX App Protect policy or log profile has been deployed.\n* `not_deployed` - The NGINX App Protect policy or log profile has not been deployed.\n* `deploying` - The NGINX App Protect policy or log profile is currently being deployed.\n* `failed` - The NGINX App Protect policy or log profile failed deploying.\n", - "type": "string", - "enum": [ - "deployed", - "not_deployed", - "deploying", - "failed" - ], - "x-enum-varnames": [ - "nap_deployment_status_deployed", - "nap_deployment_status_not_deployed", - "nap_deployment_status_deploying", - "nap_deployment_status_failed" - ] + "NapPolicyParamObjectID": { + "name": "nap_policy_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "description": "A globally unique identifier for the App Protect policy.\n", + "required": true }, - "NapAssociation": { - "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", - "required": [ - "name", - "version", - "policy_object_id", - "policy_version_object_id", - "paths", - "deployment_status", - "publication_object_id", - "deployed_on", - "enforcement_mode" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the policy at the time of the deployment." - }, - "version": { + "SortNameNapPolicyDeploymentsDep": { + "name": "sort_nap_deployments", + "in": "query", + "deprecated": true, + "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "Version of the policy at the time of the deployment." - }, - "policy_object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_policy.tgz", - "/etc/nginx/default_policy_server_2.tgz" + "enum": [ + "name", + "type", + "policy_version", + "status", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "x-enum-varnames": [ + "sort_name_nap_policy_deployments_name", + "sort_name_nap_policy_deployments_type", + "sort_name_nap_policy_deployments_policy_version", + "sort_name_nap_policy_deployments_status", + "sort_name_nap_policy_deployments_deployed_on", + "sort_name_nap_policy_deployments_threat_campaign_version", + "sort_name_nap_policy_deployments_attack_signature_version", + "sort_name_nap_policy_deployments_bot_signature_version" + ] } - }, - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "NapSignatureVersion": { - "description": "The version of the NGINX App Protect resource.", - "type": "string", - "example": "2023.12.06" - }, - "NapInstanceAssociation": { - "allOf": [ - { - "$ref": "#/components/schemas/NapAssociation" - }, - { - "type": "object", - "required": [ + "SortNameNapPolicyDeployments": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "type", + "policy_version", + "status", + "deployed_on", "threat_campaign_version", "attack_signature_version", "bot_signature_version" ], - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } + "x-enum-varnames": [ + "sort_name_nap_policy_deployments_name", + "sort_name_nap_policy_deployments_type", + "sort_name_nap_policy_deployments_policy_version", + "sort_name_nap_policy_deployments_status", + "sort_name_nap_policy_deployments_deployed_on", + "sort_name_nap_policy_deployments_threat_campaign_version", + "sort_name_nap_policy_deployments_attack_signature_version", + "sort_name_nap_policy_deployments_bot_sigature_version" + ] } - ], - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "threat_campaign_version": "2025.01.23", - "attack_signature_version": "2025.01.19", - "bot_signature_version": "2025.01.19" } }, - "NginxAppProtectDetails": { - "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", - "type": "object", - "required": [ - "engine_version", - "deployments" - ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" - }, - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapInstanceAssociation" - } + "FilterFieldNapPolicyDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" + } + } + }, + "SortNameNapPolicyVersionsDep": { + "name": "sort_nap_policy_versions", + "in": "query", + "deprecated": true, + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "created_at", + "deployment_status", + "deployment_count", + "enforcement_mode" + ], + "x-enum-varnames": [ + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" + ] + } + } + }, + "SortNameNapPolicyVersions": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "created_at", + "deployment_status", + "deployment_count", + "enforcement_mode" + ], + "x-enum-varnames": [ + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" + ] } } }, - "NapLatestDeployed": { - "description": "Whether the latest F5 WAF object (i.e., log profile) was deployed, with the following possible values:\n* `yes` - The latest NAP object has been deployed.\n* `no` - The latest NAP object has not been deployed.\n", - "type": "string", - "enum": [ - "yes", - "no" - ], - "x-enum-varnames": [ - "nap_latest_deployed_yes", - "nap_latest_deployed_no" - ] - }, - "NapLogProfileObjectID": { - "description": "A globally unique identifier for the App Protect log profile.", - "type": "string", - "format": "object_id", - "pattern": "^lp_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldNapPolicyVersion": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + } } }, - "LogProfileAssociation": { - "description": "Details for a F5 WAF log profile that's associated with an instance or a config sync group.", - "required": [ - "name", - "nap_release", - "latest_deployed", - "log_profile_object_id", - "publication_object_id", - "paths", - "deployment_status", - "deployed_on" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the log profile at the time of the deployment." - }, - "nap_release": { + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "description": "A globally unique identifier for the App Protect policy version.\n", + "required": true + }, + "TemplateParamObjectID": { + "name": "templateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateObjectID" + }, + "description": "A globally unique identifier for the template.\n", + "required": true + }, + "TemplateVersionParamObjectID": { + "name": "templateVersionObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateVersionObjectID" + }, + "description": "A globally unique identifier for the template version.\n", + "required": true + }, + "SortNameTemplates": { + "name": "sort_fields", + "in": "query", + "description": "Sort the list of templates by the specified fields.\nThe default sort order is ascending. To sort in descending order, use the `sort_dir` parameter.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "The release version of the compiler used for the log profile." - }, - "latest_deployed": { - "$ref": "#/components/schemas/NapLatestDeployed" - }, - "log_profile_object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" - }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled log profile bundle file is installed. \nSince a single compiled log profile bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_log_profile.tgz", - "/etc/nginx/default_log_profile_2.tgz" + "enum": [ + "name", + "type" ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "x-enum-varnames": [ + "sort_name_templates_name", + "sort_name_templates_type" + ] } - }, - "example": { - "name": "default_log_profile", - "nap_release": "5.10.0", - "latest_deployed": "yes", - "log_profile_object_id": "lp_panEdeY-Sh2rWm365y7wsw", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_log_profile.tgz" - ], - "deployment_status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "LogProfileDetails": { - "description": "Information regarding deployed log profiles for F5 WAF.\n", - "type": "object", - "required": [ - "nap_release", - "deployments" - ], - "properties": { - "nap_release": { + "SortNameSubmissions": { + "name": "sort_fields", + "in": "query", + "description": "Sort the list of template submissions by the specified fields.\nThe default sort order is descending (most recent first).\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "The release version of the compiler used for log profiles." - }, - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/LogProfileAssociation" - } + "enum": [ + "created_at", + "modified_at" + ], + "x-enum-varnames": [ + "sort_name_submissions_created_at", + "sort_name_submissions_modified_at" + ] } } }, - "InstanceDetails": { - "type": "object", - "description": "Detailed information about an NGINX instance.", - "allOf": [ - { - "$ref": "#/components/schemas/Instance" - }, - { - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystem" - }, - "config_sync_group": { - "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectDetails" - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - "log_profile": { - "$ref": "#/components/schemas/LogProfileDetails" - } - } - } - ], - "example": { - "agent_version": "v2.30.3", - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ], - "hostname": "4d116619f106", - "key": "key_wN3IhLCmR3qmwybG_6ptEg", - "control_plane": { - "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z" - }, - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "os": { - "codename": "jammy", - "id": "ubuntu", - "name": "Ubuntu", - "version": "22.04.3 LTS (Jammy Jellyfish)", - "version_id": "22.04" - }, - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "has_container_host": false + "SortNameVersions": { + "name": "sort_fields", + "in": "query", + "description": "Sort the list of template versions by the specified fields.\nThe default sort order is descending (highest version first).\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "version" + ], + "x-enum-varnames": [ + "sort_name_versions_version" + ] + } } }, - "ConfigPath": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf" + "TemplateSubmissionPreviewOnly": { + "name": "preview_only", + "in": "query", + "schema": { + "type": "boolean", + "default": false + }, + "description": "Optional flag to control how a template submission request is processed.\n - When `true`, the request renders the full NGINX configuration for preview **without creating a template submission object** (this is currently the only supported mode).\n - When `false` or omitted (the default), the request is intended to render the configuration **and create a submission object**, but this feature is **not supported yet** and will return an error.\nNote: Currently, only preview (stateless render) mode is supported. Submission creation is not yet implemented.\n", + "required": false }, - "FileDataRequest": { - "type": "object", - "description": "Details about a file, name, and content.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", - "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "TemplateSubmissionParamObjectID": { + "name": "submissionObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionObjectID" + }, + "description": "A globally unique identifier for the template submission.\n", + "required": true + }, + "FilterFieldTemplates": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `type`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameTemplates" } } }, - "DirectoryRequestWithFileContent": { - "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", - "required": [ - "name", - "files" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "The complete path of the directory." - }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileDataRequest" - } + "FilterFieldSubmissions": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameSubmissions" } } }, - "NginxConfigObjectRequest": { - "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "configs" - ], - "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" - }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } - }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "FilterFieldTemplateVersions": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameTemplateVersions" } } }, - "NginxConfigPayloadContents": { + "FilterFieldSecurityEvents": { + "name": "filter_fields", + "in": "query", + "description": "An array of field names to filter by. Works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AnalyticsFilterField" + } + } + } + }, + "schemas": { + "FilterNameDataPlaneKeys": { "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", + "enum": [ + "name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_data_plane_key_name", + "filter_name_data_plane_key_status", + "filter_name_data_plane_key_object_id" + ] }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", + "FilterOperand": { "type": "string", - "format": "object_id", - "pattern": "^(cert|pv|lp)_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "enum": [ + "IN" + ], + "x-enum-varnames": [ + "filter_operands_in" + ] }, - "NginxConfigPayloadPaths": { + "FilterOperands": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/FilterOperand" } }, - "NginxConfigPayload": { + "PaginationResponse": { "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, WAF policies and WAF log profiles to a data plane instance.\n", + "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", "required": [ - "type", - "paths" + "total", + "count" ], "properties": { - "type": { - "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of WAF policy managed by NGINX One Console.\n - nap_log_profile - indicates a WAF log profile managed by NGINX One Console.\n", - "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version", - "nap_log_profile" - ], - "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version", - "nginx_config_payload_nap_log_profile" - ] + "total": { + "type": "integer", + "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" }, - "contents": { - "$ref": "#/components/schemas/NginxConfigPayloadContents" + "count": { + "type": "integer", + "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" }, - "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "start_index": { + "type": "integer", + "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" }, - "paths": { - "$ref": "#/components/schemas/NginxConfigPayloadPaths" + "items_per_page": { + "type": "integer", + "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" } }, "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/ssl/server.crt" - ] + "total": 101, + "count": 1, + "start_index": 1, + "items_per_page": 100 } }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that define which objects should be deployed and the file paths where each object will be placed on the data plane instance.\n* When the type is `managed_certificate`, `managed_key`, `nap_policy_version`, or `nap_log_profile`, you must specify an `object_id`. \nThe `object_id` must refer to a managed object.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys respectively, with `contents`. When you retrieve certificate deployment details, \nonly the file paths of managed certificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] + "DataPlaneKeyObjectID": { + "description": "A globally unique identifier for the data plane key.", + "type": "string", + "format": "object_id", + "pattern": "^key_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "DataPlaneKey": { + "type": "object", + "description": "Represents a data plane key with details such as object_id, name, and timestamps.", + "required": [ + "object_id", + "name", + "revoked", + "expires_at", + "created_at", + "modified_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "name": { + "description": "The name given to the data plane key.", + "type": "string" }, - { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "revoked": { + "description": "Indicates whether the data plane key has been revoked or not.", + "type": "boolean" }, - { - "type": "nap_policy_version", - "object_id": "pv_dM68MUcVTe6pfDaCNsM9Qw", - "paths": [ - "/etc/nginx/strict_policy.tgz" - ] + "revoked_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was revoked." }, - { - "type": "nap_log_profile", - "object_id": "lp_dM68MUcVTe6pfDaCNsM9Qw", - "paths": [ - "/etc/nginx/log_all.tgz" - ] + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key expires." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was last modified." + }, + "instances_count": { + "type": "integer", + "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" + }, + "control_planes_count": { + "type": "integer", + "description": "The number of observed control planes using this data plane key." } - ] + } }, - "NginxConfigRequest": { + "DataPlaneKeyListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of data plane keys.", + "required": [ + "items" + ], "properties": { - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of DataPlaneKey objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKey" + } } } } ] }, - "NginxConfigDirectives": { - "type": "array", - "x-go-type": "xp.Directives", - "x-go-type-import": { - "name": "xp", - "path": "github.com/nginxinc/nginx-go-crossplane" - }, - "items": { - "$ref": "#/components/schemas/NginxConfigDirective" - } - }, - "NginxConfigDirective": { + "Error": { + "description": "This object contains details about the errors that are returned when API requests fail.", "type": "object", - "x-go-type": "xp.Directive", - "x-go-type-import": { - "name": "xp", - "path": "github.com/nginxinc/nginx-go-crossplane" - }, "required": [ - "directive", - "line", - "args" + "message", + "request_id", + "timestamp" ], "properties": { - "directive": { + "message": { + "description": "The error message describing the problem.", "type": "string" }, - "line": { - "type": "integer" - }, - "args": { - "type": "array", - "items": { - "type": "string" - } - }, - "file": { + "request_id": { + "description": "The unique identifier of the API request that failed.", "type": "string" }, - "includes": { - "type": "array", - "items": { - "type": "integer" - } - }, - "block": { - "$ref": "#/components/schemas/NginxConfigDirectives" + "timestamp": { + "description": "The date and time (in UTC) when the error happened.", + "type": "string" }, - "comment": { + "detail": { + "description": "Additional information about the error, if available.", "type": "string" } } }, - "ParsedNginxConfig": { + "DataPlaneKeyCreateRequest": { "type": "object", + "description": "Request structure for creating a new data plane key.", "required": [ - "file", - "parsed" + "name" ], "properties": { - "file": { + "name": { + "description": "Give the data plane key a name so you can tell it apart from others.", "type": "string", - "description": "NGINX Instance configuration file, corresponds to the conf-path." + "minLength": 1, + "maxLength": 128 }, - "parsed": { - "$ref": "#/components/schemas/NginxConfigDirectives" + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" } } }, - "NginxConfigProblem": { + "DataPlaneKeyResponse": { "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", + "description": "Response structure containing details of the created or retrieved data plane key.", + "required": [ + "key", + "object_id", + "expires_at" + ], "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" - }, - "file": { - "description": "File where the issue is detected.", + "name": { + "description": "The name to be give to the new data plane key.", "type": "string" }, - "line": { - "description": "Line number in the configuration where the issue is found.", - "type": "integer" + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "message": { - "description": "Details about the identified issue.", + "key": { + "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", "type": "string" + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key will expire." } } }, - "NginxConfigReport": { + "BulkRequestAction": { + "type": "string", + "default": "modify", + "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", + "enum": [ + "create", + "modify", + "delete" + ], + "x-enum-varnames": [ + "bulk_action_create", + "bulk_action_modify", + "bulk_action_delete" + ] + }, + "DataPlaneKeyBulkRequestData": { "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "description": "Part of bulk operation on a data plane key, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "info": { - "description": "A detailed description of the issue.", - "type": "string" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "DataPlaneKeyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, - "severity": { - "description": "The severity level of the issue.", - "type": "string" + { + "object_id": "key_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "ObjectID": { + "description": "A globally unique identifier.", + "type": "string", + "format": "object_id", + "pattern": "^\\w+_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "BulkRequestObjectStatus": { + "type": "object", + "required": [ + "outcome" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "category": { - "description": "Classification category of the issue.", - "type": "string" + "name": { + "type": "string", + "description": "this is the user facing name of the object." }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } + "outcome": { + "type": "string", + "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", + "enum": [ + "deleted", + "accepted", + "failed", + "invalid" + ], + "x-enum-varnames": [ + "build_request_object_status_deleted", + "build_request_object_status_accepted", + "build_request_object_status_failed", + "build_request_object_status_invalid" + ] }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigProblem" - } + "failure_reason": { + "type": "string", + "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." } } }, - "NginxConfigReports": { + "DataPlaneKeyBulkResponse": { + "description": "The data plane key bulk outcome.", "type": "array", "items": { - "$ref": "#/components/schemas/NginxConfigReport" + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "FileData": { + "DataPlaneKeyUpdateRequest": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", - "required": [ - "name", - "contents", - "size", - "mtime" - ], + "description": "Request structure for updating an existing data plane key.", "properties": { "name": { + "description": "Give the data plane key a new name so you can tell it apart from others.", "type": "string", - "description": "The file's relative path to the parent directory.", "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." + "maxLength": 128 }, - "mtime": { + "expires_at": { "type": "string", "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" } } }, - "DirectoryWithFileContent": { - "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", - "required": [ + "FilterNameCertificates": { + "type": "string", + "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ "name", - "files" + "management", + "type", + "subject_name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_certificates_name", + "filter_name_certificates_management", + "filter_name_certificates_type", + "filter_name_certificates_subject_name", + "filter_name_certificates_status", + "filter_name_certificates_object_id" + ] + }, + "CertificateObjectID": { + "description": "A globally unique identifier for the certificates.", + "type": "string", + "format": "object_id", + "pattern": "^cert_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "CertificateManagement": { + "type": "string", + "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "enum": [ + "managed", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_management_managed", + "certificate_management_unmanaged" + ] + }, + "CertificateType": { + "type": "string", + "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", + "enum": [ + "ca_bundle", + "cert_key", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_type_ca_bundle", + "certificate_type_pem_cert_key", + "certificate_type_unmanaged" + ] + }, + "CertificateObjectMetadata": { + "required": [ + "management", + "type" ], "properties": { "name": { - "type": "string", - "description": "The complete path of the directory." + "description": "Name of the certificate, optionally specified upon creation", + "type": "string" }, - "permissions": { - "type": "string", - "description": "The permissions for the directory." + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "mtime": { - "type": "string", - "description": "The date and time when the directory was last modified.", - "format": "date-time" + "management": { + "$ref": "#/components/schemas/CertificateManagement" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileData" - } + "type": { + "$ref": "#/components/schemas/CertificateType" + }, + "certs_count": { + "description": "The number of public certificates under this certificate object.", + "type": "integer", + "format": "int64" } + }, + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "certs_count": 5 } }, - "NginxConfigObject": { + "CertificateStatus": { + "type": "string", + "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", + "enum": [ + "valid", + "expiring", + "expired", + "not_ready" + ], + "x-enum-varnames": [ + "certificate_status_valid", + "certificate_status_expiring", + "certificate_status_expired", + "certificate_status_not_ready" + ] + }, + "CertificateDisplayMetadata": { + "description": "This represents the essential metadata of a public certificate.", "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "conf_path", - "configs" + "subject_name", + "status", + "not_before", + "not_after" ], "properties": { - "config_version": { + "subject_name": { "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" + "example": "www.example.com", + "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "not_before": { + "type": "string", + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." } }, "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 - } - ], - "name": "/etc/nginx/conf.d" - }, - { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, - { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 - } - ], - "name": "/etc/nginx" - } - ] + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z" } }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", - "type": "string", - "format": "object_id", - "pattern": "^nc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "CertificateOverviewMetadata": { + "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/CertificateObjectMetadata" + }, + { + "$ref": "#/components/schemas/CertificateDisplayMetadata" + } + ], + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "CertificateListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObject" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of SSL certificates.", "required": [ - "object_id" + "items" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateOverviewMetadata" + } } } } - ] + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 1 + }, + { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 + } + ] + } }, - "PublicationStatusCause": { - "description": "Cause of the failure, provided only if the status is `failed`.", + "CertificateContent": { "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "required": [ + "public_certs" + ], "properties": { - "cause": { - "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", + "public_certs": { "type": "string", - "enum": [ - "unknown", - "timeout", - "remote", - "payload" - ], - "x-enum-varnames": [ - "publication_instance_status_cause_unknown", - "publication_instance_status_cause_timeout", - "publication_instance_status_cause_remote", - "publication_instance_status_cause_payload" - ] + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" }, - "message": { + "private_key": { "type": "string", - "description": "more specific failure message from the agent." + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } + }, + "example": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "PublicationInstance": { - "description": "Details of a publication request for an NGINX instance.", + "CertificateRequest": { + "type": "object", + "description": "Request structure for parsing or upserting certificates with an optional private key.\n", "required": [ - "status", - "created_at", - "modified_at" + "content" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" - }, - "status": { - "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", - "type": "string", - "enum": [ - "pending", - "failed", - "succeeded", - "succeeded_with_warnings" - ], - "x-enum-varnames": [ - "publication_instance_status_pending", - "publication_instance_status_failed", - "publication_instance_status_succeeded", - "publication_instance_status_succeeded_with_warnings" - ] - }, - "status_cause": { - "$ref": "#/components/schemas/PublicationStatusCause" - }, - "created_at": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "minLength": 1, + "maxLength": 128 }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "content": { + "$ref": "#/components/schemas/CertificateContent" } }, "example": { - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "created_at": "2024-05-14T20:36:06.272704Z", - "modified_at": "2024-05-14T20:36:06.272704Z", - "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", - "status": "pending" + "name": "example-ca-bundle", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "private_key": "" + } } }, - "NginxConfigMeta": { + "CertificateMetadata": { + "description": "A comprehensive list of all the metadata for a public certificate.", "type": "object", - "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", "required": [ - "object_id", - "config_version", - "created_at", - "modified_at", - "config_source" + "status", + "serial_number", + "signature_algorithm", + "not_before", + "not_after", + "public_key_type", + "thumbprint" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "config_version": { + "version": { + "type": "integer", + "format": "int64", + "example": 3, + "description": "The version of the certificate, typically 3 for X.509 certificates." + }, + "serial_number": { "type": "string", - "description": "A hash that uniquely identifies the contents of the config object.\n" + "example": "16469416336579571270", + "description": "A unique identifier for the certificate." }, - "created_at": { + "signature_algorithm": { + "type": "string", + "example": "SHA-256", + "description": "Identifies the algorithm used to sign the certificate." + }, + "issuer": { + "type": "string", + "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", + "description": "Identifies the entity who signed and issued the certificate." + }, + "not_before": { "type": "string", "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "modified_at": { + "not_after": { "type": "string", "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." }, - "config_source": { + "subject": { "type": "string", - "enum": [ - "NGINX One", - "Other", - "Unspecified" - ], - "x-enum-varnames": [ - "config_source_nginx_one", - "config_source_other", - "config_source_unspecified" + "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", + "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + }, + "subject_alternative_name": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "DNS:www.example.com", + "DNS:example.com", + "email:info@example.com" ], - "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" + }, + "public_key_type": { + "type": "string", + "example": "RSA (2048 Bits)", + "description": "Identifies the encryption algorithm used to create the public key for the certificate." + }, + "common_name": { + "type": "string", + "example": "www.example.com", + "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + }, + "authority_key_identifier": { + "type": "string", + "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", + "description": "The identifier of the signing authority for the certificate." + }, + "subject_key_identifier": { + "type": "string", + "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", + "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + }, + "thumbprint_algorithm": { + "type": "string", + "example": "SHA-1", + "description": "Defines the algorithm used to hash the certificate." + }, + "thumbprint": { + "type": "string", + "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", + "description": "A hash to ensure that the certificate has not been modified." } }, "example": { - "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", - "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z", - "config_source": "NGINX One" + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "self_ca_signed", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "FeatureFlagKey": { - "type": "string", - "description": "String representation of a feature flag key." - }, - "FilterNameConfigSyncGroups": { - "type": "string", - "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", - "enum": [ - "name", - "config_status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_config_sync_group_name", - "filter_name_config_sync_group_config_status", - "filter_name_config_sync_group_object_id" - ] - }, - "ListConfigSyncGroupObject": { + "PrivateKeyMetadata": { "type": "object", - "description": "Summary information of the NGINX config sync group.", - "required": [ - "object_id", - "name", - "created_at", - "instances_count", - "config_status" - ], + "description": "Metadata for a private key.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "key_size": { + "description": "Size of the private key in bits.", + "type": "integer", + "format": "int64" }, - "name": { - "description": "Name of the NGINX config sync group.", + "encryption_algorithm": { + "description": "The encryption algorithm used for the private key.", "type": "string" - }, - "created_at": { - "description": "The date and time when the config sync group was created.", - "type": "string", - "format": "date-time" - }, - "instances_count": { - "description": "Number of instances in the NGINX config sync group.", - "type": "integer" - }, - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" } + }, + "example": { + "key_size": 512, + "encryption_algorithm": "RSA" } }, - "ConfigSyncGroupListResponse": { + "CertificateResponse": { + "type": "object", + "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/CertificateOverviewMetadata" }, { "type": "object", - "description": "List of NGINX config sync groups.", - "required": [ - "items" - ], "properties": { - "items": { - "description": "An array of Config Sync Group objects.", + "warnings": { + "type": "string", + "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" + }, + "certs": { + "description": "An array of metadata for all the public certificates under the cert object.", "type": "array", "items": { - "$ref": "#/components/schemas/ListConfigSyncGroupObject" + "$ref": "#/components/schemas/CertificateMetadata" } + }, + "key": { + "$ref": "#/components/schemas/PrivateKeyMetadata" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "warnings": "The provided private key does not match the certificate's signing key.", + "certs_count": 1, + "certs": [ { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-05T22:30:20.220114Z", - "config_status": "in_sync", - "instances_count": 1 + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "eg3bsriq_cert_B", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } - ] + ], + "key": { + "key_size": 512, + "encryption_algorithm": "RSA" + }, + "modified_at": "2023-11-01T00:00:00Z", + "created_at": "2023-10-01T00:00:00Z" } }, - "ConfigSyncGroupCreateRequest": { - "description": "Body to create a NGINX config sync group.", + "CertificateBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a certificate, only `delete` is supported.", "required": [ - "name" + "action", + "object_id" ], "properties": { - "name": { - "type": "string", - "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", - "minLength": 1, - "maxLength": 256, - "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "name": "my-nginx-config-sync-group" + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "ConfigSyncGroupCreateResponse": { - "description": "Response to a create NGINX config sync group request.", - "required": [ - "object_id", - "name" - ], + "CertificateBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "CertificateBulkResponse": { + "description": "The certificate bulk operation outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "PublicationBulkResponse": { + "description": "The publication bulk operation outcome.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "CertificateUpdateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "public_certs": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } }, "example": { - "name": "my-nginx-config-sync-group", - "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" + "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } }, - "ConfigSyncGroupBulkRequestData": { + "CertificateUpdateRequest": { "type": "object", - "description": "Part of bulk operation on a config sync group, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], + "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "name": { + "description": "A name for the certificate, making it identifiable among others.", + "type": "string", + "minLength": 1, + "maxLength": 128 }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "content": { + "$ref": "#/components/schemas/CertificateUpdateContent" } }, "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "name": "example-cert-object", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } } }, - "ConfigSyncGroupBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } + "FilterNameCertificateDeployments": { + "type": "string", + "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", + "enum": [ + "name", + "association_type", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_certificate_deployments_name", + "filter_name_certificate_deployments_association_type", + "filter_name_certificate_deployments_deployment_status" ] }, - "ConfigSyncGroupBulkResponse": { - "description": "The config sync group bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "ConfigSyncGroupInstance": { - "allOf": [ - { - "$ref": "#/components/schemas/Instance" - }, - { - "type": "object", - "required": [ - "config_status", - "config_version" - ], - "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - } - } - } + "DeploymentAssociatedType": { + "type": "string", + "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", + "enum": [ + "instance", + "config_sync_group" + ], + "x-enum-varnames": [ + "deployment_associated_type_instance", + "deployment_associated_type_config_sync_group" ] }, - "ConfigSyncGroupPublicationStatus": { + "DeploymentAssociatedName": { "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + }, + "CertificateDeploymentStatus": { + "type": "string", + "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" + "latest", + "stale", + "unmanaged" ], "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" + "certificate_deployment_status_latest", + "certificate_deployment_status_stale", + "certificate_deployment_status_unmanaged" ] }, - "ConfigSyncGroup": { - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "CertificateDeployment": { + "type": "object", + "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", + "required": [ + "association_type", + "object_id", + "name", + "deployment_status" + ], + "properties": { + "association_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - { - "type": "object", - "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", - "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - }, - "instances": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupInstance" - } - }, - "last_publication_status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "nginx_app_protect": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapAssociation" - } - } - } - }, - "log_profile": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/LogProfileAssociation" - } - } - } - } + "object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "cert_paths": { + "description": "Deployment file paths for public certificates.", + "type": "array", + "items": { + "type": "string" + } + }, + "key_paths": { + "description": "Deployment file paths for the private key.", + "type": "array", + "items": { + "type": "string" } } - ], + }, "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456", - "has_container_host": false - } + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" ], - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } + "key_paths": [ + "/etc/nginx/example.key" ] } }, - "ConfigSyncGroupDetails": { - "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroup" - } - ] - }, - "ConfigSyncGroupPublicationStatusReason": { + "CertificateDeploymentListResponse": { "allOf": [ { - "$ref": "#/components/schemas/PublicationStatusCause" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of certificate deployments for a SSL certificate.", "required": [ - "object_id" + "items" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "items": { + "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateDeployment" + } } } } - ] + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] + }, + { + "association_type": "config_sync_group", + "name": "group1", + "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", + "deployment_status": "stale", + "cert_paths": [ + "/etc/nginx/cert.crt" + ], + "key_paths": [ + "/etc/nginx/server.key" + ] + } + ] + } }, - "ConfigSyncGroupPublication": { - "description": "Details of a publication request for the NGINX config sync group.", + "ConfigPath": { + "type": "string", + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf" + }, + "FileDataRequest": { + "type": "object", + "description": "Details about a file, name, and content.", "required": [ - "status", - "created_at", - "modified_at" + "name" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "created_at": { + "name": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "description": "The file's relative path to the parent directory, absolute path also accepted.", + "minLength": 1, + "maxLength": 4096 }, - "modified_at": { + "contents": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + } + } + }, + "DirectoryRequestWithFileContent": { + "type": "object", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "required": [ + "name", + "files" + ], + "properties": { + "name": { + "type": "string", + "minLength": 1, + "description": "The complete path of the directory." }, - "status_reasons": { - "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "files": { "type": "array", + "description": "The list of files in the directory.", "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + "$ref": "#/components/schemas/FileDataRequest" } - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" } - }, - "example": { - "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", - "created_at": "2024-05-23T21:57:13.048285Z", - "modified_at": "2024-05-23T21:57:13.048285Z", - "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", - "status": "failed", - "status_reasons": [ - { - "cause": "remote", - "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", - "object_id": "inst_QBBobKIAQ_21grAwV83VYw" - } - ] } }, - "FilterNameCertificates": { - "type": "string", - "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "name", - "management", - "type", - "subject_name", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_certificates_name", - "filter_name_certificates_management", - "filter_name_certificates_type", - "filter_name_certificates_subject_name", - "filter_name_certificates_status", - "filter_name_certificates_object_id" - ] - }, - "CertificateManagement": { - "type": "string", - "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", - "enum": [ - "managed", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_management_managed", - "certificate_management_unmanaged" - ] - }, - "CertificateObjectMetadata": { + "NginxConfigObjectRequest": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "management", - "type" + "configs" ], "properties": { - "name": { - "description": "Name of the certificate, optionally specified upon creation", - "type": "string" - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "management": { - "$ref": "#/components/schemas/CertificateManagement" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" }, - "type": { - "$ref": "#/components/schemas/CertificateType" + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } }, - "certs_count": { - "description": "The number of public certificates under this certificate object.", - "type": "integer", - "format": "int64" + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } } - }, - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "certs_count": 5 } }, - "CertificateDisplayMetadata": { - "description": "This represents the essential metadata of a public certificate.", + "NginxConfigPayloadContents": { + "type": "string", + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + }, + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", + "type": "string", + "format": "object_id", + "pattern": "^(cert|pv|lp)_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxConfigPayloadPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "NginxConfigPayload": { "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, WAF policies and WAF log profiles to a data plane instance.\n", "required": [ - "subject_name", - "status", - "not_before", - "not_after" + "type", + "paths" ], "properties": { - "subject_name": { + "type": { "type": "string", - "example": "www.example.com", - "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of WAF policy managed by NGINX One Console.\n - nap_log_profile - indicates a WAF log profile managed by NGINX One Console.\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version", + "nap_log_profile" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version", + "nginx_config_payload_nap_log_profile" + ] }, - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "contents": { + "$ref": "#/components/schemas/NginxConfigPayloadContents" }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "paths": { + "$ref": "#/components/schemas/NginxConfigPayloadPaths" } }, "example": { - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z" + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] } }, - "CertificateOverviewMetadata": { - "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", - "type": "object", - "allOf": [ + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that define which objects should be deployed and the file paths where each object will be placed on the data plane instance.\n* When the type is `managed_certificate`, `managed_key`, `nap_policy_version`, or `nap_log_profile`, you must specify an `object_id`. \nThe `object_id` must refer to a managed object.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys respectively, with `contents`. When you retrieve certificate deployment details, \nonly the file paths of managed certificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ { - "$ref": "#/components/schemas/CertificateObjectMetadata" + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] }, { - "$ref": "#/components/schemas/CertificateDisplayMetadata" + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] + }, + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" + ] + }, + { + "type": "nap_policy_version", + "object_id": "pv_dM68MUcVTe6pfDaCNsM9Qw", + "paths": [ + "/etc/nginx/strict_policy.tgz" + ] + }, + { + "type": "nap_log_profile", + "object_id": "lp_dM68MUcVTe6pfDaCNsM9Qw", + "paths": [ + "/etc/nginx/log_all.tgz" + ] } - ], - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 - } + ] }, - "CertificateListResponse": { + "NginxConfigRequest": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxConfigObjectRequest" }, { "type": "object", - "description": "List of SSL certificates.", - "required": [ - "items" - ], "properties": { - "items": { - "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateOverviewMetadata" - } + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" } } } - ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 1 - }, - { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 - } - ] - } + ] }, - "CertificateContent": { + "NginxConfigProblem": { "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", - "required": [ - "public_certs" - ], + "description": "Representation of a problem found during NGINX configuration analysis.", "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", + "type": "string" }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "file": { + "description": "File where the issue is detected.", + "type": "string" + }, + "line": { + "description": "Line number in the configuration where the issue is found.", + "type": "integer" + }, + "message": { + "description": "Details about the identified issue.", + "type": "string" } - }, - "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "CertificateRequest": { + "NginxConfigReport": { "type": "object", - "description": "Request structure for parsing or upserting certificates with an optional private key.\n", - "required": [ - "content" - ], + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "rule": { + "description": "The name of the configuration rule that was violated.", + "type": "string" }, - "content": { - "$ref": "#/components/schemas/CertificateContent" - } - }, - "example": { - "name": "example-ca-bundle", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", - "private_key": "" + "info": { + "description": "A detailed description of the issue.", + "type": "string" + }, + "severity": { + "description": "The severity level of the issue.", + "type": "string" + }, + "category": { + "description": "Classification category of the issue.", + "type": "string" + }, + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", + "type": "array", + "items": { + "type": "string" + } + }, + "where": { + "description": "Specific locations in the configuration where issues were detected.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigProblem" + } } } }, - "CertificateMetadata": { - "description": "A comprehensive list of all the metadata for a public certificate.", + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } + }, + "FilterNameConfigSyncGroups": { + "type": "string", + "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", + "enum": [ + "name", + "config_status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_config_sync_group_name", + "filter_name_config_sync_group_config_status", + "filter_name_config_sync_group_object_id" + ] + }, + "ConfigSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", + "type": "string", + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "ConfigSyncStatus": { + "type": "string", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", + "enum": [ + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" + ], + "x-enum-varnames": [ + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" + ] + }, + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", "type": "object", "required": [ - "status", - "serial_number", - "signature_algorithm", - "not_before", - "not_after", - "public_key_type", - "thumbprint" + "total", + "expired", + "expiring", + "valid", + "not_ready" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "version": { - "type": "integer", - "format": "int64", - "example": 3, - "description": "The version of the certificate, typically 3 for X.509 certificates." - }, - "serial_number": { - "type": "string", - "example": "16469416336579571270", - "description": "A unique identifier for the certificate." - }, - "signature_algorithm": { - "type": "string", - "example": "SHA-256", - "description": "Identifies the algorithm used to sign the certificate." - }, - "issuer": { - "type": "string", - "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", - "description": "Identifies the entity who signed and issued the certificate." - }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." - }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." - }, - "subject": { - "type": "string", - "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", - "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" - }, - "subject_alternative_name": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "DNS:www.example.com", - "DNS:example.com", - "email:info@example.com" - ], - "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" - }, - "public_key_type": { - "type": "string", - "example": "RSA (2048 Bits)", - "description": "Identifies the encryption algorithm used to create the public key for the certificate." - }, - "common_name": { - "type": "string", - "example": "www.example.com", - "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" }, - "authority_key_identifier": { - "type": "string", - "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", - "description": "The identifier of the signing authority for the certificate." + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "subject_key_identifier": { - "type": "string", - "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", - "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "thumbprint_algorithm": { - "type": "string", - "example": "SHA-1", - "description": "Defines the algorithm used to hash the certificate." + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" }, - "thumbprint": { - "type": "string", - "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", - "description": "A hash to ensure that the certificate has not been modified." + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } - }, - "example": { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "self_ca_signed", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "PrivateKeyMetadata": { + "ListConfigSyncGroupObject": { "type": "object", - "description": "Metadata for a private key.", + "description": "Summary information of the NGINX config sync group.", + "required": [ + "object_id", + "name", + "created_at", + "instances_count", + "config_status" + ], "properties": { - "key_size": { - "description": "Size of the private key in bits.", - "type": "integer", - "format": "int64" + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "encryption_algorithm": { - "description": "The encryption algorithm used for the private key.", + "name": { + "description": "Name of the NGINX config sync group.", "type": "string" + }, + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" + }, + "instances_count": { + "description": "Number of instances in the NGINX config sync group.", + "type": "integer" + }, + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" } - }, - "example": { - "key_size": 512, - "encryption_algorithm": "RSA" } }, - "CertificateResponse": { - "type": "object", - "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "ConfigSyncGroupListResponse": { "allOf": [ { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of NGINX config sync groups.", + "required": [ + "items" + ], "properties": { - "warnings": { - "type": "string", - "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" - }, - "certs": { - "description": "An array of metadata for all the public certificates under the cert object.", + "items": { + "description": "An array of Config Sync Group objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateMetadata" + "$ref": "#/components/schemas/ListConfigSyncGroupObject" } - }, - "key": { - "$ref": "#/components/schemas/PrivateKeyMetadata" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "warnings": "The provided private key does not match the certificate's signing key.", - "certs_count": 1, - "certs": [ + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "eg3bsriq_cert_B", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-05T22:30:20.220114Z", + "config_status": "in_sync", + "instances_count": 1 } - ], - "key": { - "key_size": 512, - "encryption_algorithm": "RSA" + ] + } + }, + "ConfigSyncGroupCreateRequest": { + "description": "Body to create a NGINX config sync group.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" + } + }, + "example": { + "name": "my-nginx-config-sync-group" + } + }, + "ConfigSyncGroupCreateResponse": { + "description": "Response to a create NGINX config sync group request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "modified_at": "2023-11-01T00:00:00Z", - "created_at": "2023-10-01T00:00:00Z" + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" + } + }, + "example": { + "name": "my-nginx-config-sync-group", + "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" } }, - "CertificateBulkRequestData": { + "ConfigSyncGroupBulkRequestData": { "type": "object", - "description": "Part of bulk operation on a certificate, only `delete` is supported.", + "description": "Part of bulk operation on a config sync group, only `delete` is supported.", "required": [ "action", "object_id" ], "properties": { "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, "action": { "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" } }, - "CertificateBulkRequest": { + "ConfigSyncGroupBulkRequest": { "type": "array", "items": { - "$ref": "#/components/schemas/CertificateBulkRequestData" + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" }, "minItems": 1, "maxItems": 50, "example": [ { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" }, { - "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", "action": "delete" } ] }, - "CertificateBulkResponse": { - "description": "The certificate bulk operation outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "PublicationBulkResponse": { - "description": "The publication bulk operation outcome.\n", + "ConfigSyncGroupBulkResponse": { + "description": "The config sync group bulk outcome.", "type": "array", "items": { "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "CertificateUpdateContent": { + "ConfigSyncGroupMeta": { "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "required": [ + "object_id", + "name", + "created_at" + ], "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" - } - }, - "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" - } - }, - "CertificateUpdateRequest": { - "type": "object", - "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", - "properties": { "name": { - "description": "A name for the certificate, making it identifiable among others.", + "description": "Name of the NGINX config sync group.", + "type": "string" + }, + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", "type": "string", - "minLength": 1, - "maxLength": 128 + "format": "date-time" }, - "content": { - "$ref": "#/components/schemas/CertificateUpdateContent" + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" } }, "example": { - "name": "example-cert-object", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" - } + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z", + "created_at": "2023-12-05T22:30:20.220114Z" } }, - "FilterNameCertificateDeployments": { - "type": "string", - "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", - "enum": [ - "name", - "association_type", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_certificate_deployments_name", - "filter_name_certificate_deployments_association_type", - "filter_name_certificate_deployments_deployment_status" - ] - }, - "DeploymentAssociatedType": { - "type": "string", - "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", - "enum": [ - "instance", - "config_sync_group" - ], - "x-enum-varnames": [ - "deployment_associated_type_instance", - "deployment_associated_type_config_sync_group" - ] - }, - "DeploymentAssociatedName": { + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", "type": "string", - "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + "format": "object_id", + "pattern": "^inst_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "CertificateDeployment": { + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", "type": "object", - "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", "required": [ - "association_type", - "object_id", - "name", - "deployment_status" + "version" ], "properties": { - "association_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" - }, - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "cert_paths": { - "description": "Deployment file paths for public certificates.", - "type": "array", - "items": { - "type": "string" - } - }, - "key_paths": { - "description": "Deployment file paths for the private key.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "example": { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - } - }, - "CertificateDeploymentListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "version": { + "description": "The version number of the base open-source NGINX.", + "type": "string" }, - { - "type": "object", - "description": "List of certificate deployments for a SSL certificate.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateDeployment" - } - } - } - } - ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - }, - { - "association_type": "config_sync_group", - "name": "group1", - "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", - "deployment_status": "stale", - "cert_paths": [ - "/etc/nginx/cert.crt" - ], - "key_paths": [ - "/etc/nginx/server.key" - ] - } - ] + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" + }, + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" + } } }, - "NginxCVEObject": { + "NginxAppProtectVersions": { + "description": "Version information regarding NGINX App Protect.\n", "type": "object", "required": [ - "id", - "severity", - "info", - "published_at" + "engine_version" ], - "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "id": { - "description": "The security advisory's unique identifier.", + "release_version": { + "description": "The release version of NGINX App Protect.", "type": "string" }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "info": { - "description": "A brief description of security advisory.", + "engine_version": { + "description": "The version of the App Protect enforcement engine.", "type": "string" + } + } + }, + "NginxAppProtectDeploymentCounts": { + "type": "object", + "description": "Summary count of NAP policy version deployment statues.", + "required": [ + "total", + "deployed", + "deploying", + "failed" + ], + "properties": { + "total": { + "description": "Total count of NAP policy versions across the NGINX data plane.", + "type": "integer" }, - "instances_impacted": { - "description": "Number of instances impacted by the security advisory", + "deployed": { + "description": "The number of NAP policy versions that have deployed.", "type": "integer" }, - "control_planes_impacted": { - "description": "Number of control planes impacted by the security advisory", + "deploying": { + "description": "The number of NAP policy versions that are deploying.", "type": "integer" }, - "published_at": { - "description": "The date and time when the cve was published", - "type": "string", - "format": "date-time" + "failed": { + "description": "The number of NAP policy versions that have failed deployment.", + "type": "integer" } } }, - "CVEListResponse": { + "NginxAppProtectSummary": { + "description": "Summary information regarding NGINX App Protect.\n", + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxAppProtectVersions" }, { "type": "object", - "description": "List of all CVEs.", "required": [ - "items" + "deployments" ], "properties": { - "items": { - "description": "An array of CVE objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxCVEObject" - } + "deployments": { + "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" } } } ] }, - "NginxProduct": { + "CveSeverityType": { "type": "string", - "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", "enum": [ - "noss", - "nplus", - "nic", - "ngf", - "unknown" + "high", + "medium", + "low", + "none", + "other" ], "x-enum-varnames": [ - "nginx_product_noss", - "nginx_product_nplus", - "nginx_product_nic", - "nginx_product_ngf", - "nginx_product_unknown" + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" ] }, - "CveImpactedNginxProduct": { + "CveDetails": { + "description": "CVEs details, including the type and count.\n", "type": "object", "required": [ - "versions", - "name" + "type", + "count" ], - "description": "security advisory impacted NGINX product and its version.", "properties": { - "versions": { - "description": "List of impacted NGINX product versions.", + "type": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "count": { + "description": "The total number of each CVE type.", + "type": "integer" + } + } + }, + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueDetails": { + "description": "Issue details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" + } + } + }, + "ControlPlaneObjectID": { + "description": "A globally unique identifier for the control plane.", + "type": "string", + "format": "object_id", + "pattern": "^ecp_.*", + "x-go-type": "objects.ID" + }, + "ControlPlaneBaseInfo": { + "type": "object", + "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", + "required": [ + "name", + "product_version", + "created_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "name": { + "description": "Control plane name.", + "type": "string" + }, + "product_version": { + "description": "Control plane product name and version.", + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the control plane was created." + } + } + }, + "Instance": { + "type": "object", + "description": "Summary information about a NGINX instance.", + "required": [ + "object_id", + "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", + "status", + "has_container_host" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" + }, + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" + }, + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" + }, + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" + }, + "os_version": { + "description": "The operating system's name and its and version or codename.\n", + "type": "string", + "example": "ubuntu_jammy" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectSummary" + }, + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", + "type": "string", + "format": "date-time" + }, + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", + "type": "string", + "format": "date-time" + }, + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "cve_severity": { + "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "items": { + "$ref": "#/components/schemas/CveDetails" + } + }, + "recommendations": { "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", "items": { - "type": "string" + "$ref": "#/components/schemas/IssueDetails" } }, - "name": { - "$ref": "#/components/schemas/NginxProduct" + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + "has_container_host": { + "type": "boolean", + "description": "Indicates whether the instance is running in a containerized environment." } } }, - "NginxCVEDetailsResponse": { + "ConfigSyncGroupInstance": { "allOf": [ { - "$ref": "#/components/schemas/NginxCVEObject" + "$ref": "#/components/schemas/Instance" }, { "type": "object", "required": [ - "detail", - "impacted_products" + "config_status", + "config_version" ], - "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", "properties": { - "impacted_products": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CveImpactedNginxProduct" - } + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" }, - "detail": { - "description": "the details about security advisory", + "config_version": { + "description": "A computed hash of current config on the config sync group.", "type": "string" } - }, - "example": { - "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", - "id": "CVE-ID", - "impacted_products": [ - { - "name": "nplus", - "versions": [ - "r1", - "r2" - ] - }, - { - "name": "noss", - "versions": [ - "1.11.1", - "1.20.2", - "1.19.9" - ] - }, - { - "name": "nic", - "versions": [ - "1.0.0", - "2.1.0" - ] - }, - { - "name": "ngf", - "versions": [ - "1.6.2", - "2.0.1" - ] - } - ], - "info": "Memory disclosure in the ngx_http_mp4_module", - "published_at": "2022-10-19T00:00:00Z", - "severity": "medium" } } ] }, - "NginxProductInfo": { + "ConfigSyncGroupPublicationStatus": { + "type": "string", + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "enum": [ + "pending", + "failed", + "succeeded", + "partially_succeeded" + ], + "x-enum-varnames": [ + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" + ] + }, + "CertAssociation": { "type": "object", - "description": "Information about an NGINX product type and its version", + "description": "Details for a certificate that's associated with an instance or a config sync group.", "required": [ "name", - "version" + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", + "deployment_status" ], "properties": { "name": { - "$ref": "#/components/schemas/NginxProduct" + "type": "string", + "description": "A friendly name for the certificate." }, - "version": { - "description": "version of the NGINX product installed on the instance.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "cert_type": { + "$ref": "#/components/schemas/CertificateType" + }, + "cert_paths": { + "type": "array", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], + "items": { + "type": "string" + } + }, + "key_paths": { + "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/key.pem", + "/etc/ssl/server.key" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "subject_name": { + "type": "string", + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" + }, + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { + "type": "string", + "format": "date-time", + "description": "the effective date of the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "description": "The expiration date for the certificate." } } }, - "CVEImpactedInstance": { - "type": "object", - "description": "Summary information about a NGINX instance.", + "NapPolicyVersionName": { + "description": "Version name for a WAF policy version. Either a sequential name (e.g. v1, v2, v10)\nor a legacy timestamp string (e.g. \"2023-12-06 22:37:24\").\n", + "type": "string", + "pattern": "^(v\\d+|\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})$", + "example": "v1" + }, + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", + "type": "string", + "format": "object_id", + "pattern": "^pol_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", + "type": "string", + "format": "object_id", + "pattern": "^pv_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "transparent" + ], + "x-enum-varnames": [ + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_transparent" + ] + }, + "NapDeploymentStatus": { + "description": "The current deployment status of the NGINX App Protect policy or log profile, with the following possible values:\n* `deployed` - The NGINX App Protect policy or log profile has been deployed.\n* `not_deployed` - The NGINX App Protect policy or log profile has not been deployed.\n* `deploying` - The NGINX App Protect policy or log profile is currently being deployed.\n* `failed` - The NGINX App Protect policy or log profile failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" + ] + }, + "NapAssociation": { + "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", "required": [ - "object_id", - "hostname", - "status" + "name", + "version", + "policy_object_id", + "policy_version_object_id", + "paths", + "deployment_status", + "publication_object_id", + "deployed_on", + "enforcement_mode" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "name": { + "type": "string", + "description": "Name of the policy at the time of the deployment." }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" + "version": { + "$ref": "#/components/schemas/NapPolicyVersionName" + }, + "policy_object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" }, - "products": { - "description": "List of NGINX products in the instance", + "paths": { "type": "array", + "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_policy.tgz", + "/etc/nginx/default_policy_server_2.tgz" + ], "items": { - "$ref": "#/components/schemas/NginxProductInfo" + "type": "string" } }, - "status": { + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] + "format": "date-time" } + }, + "example": { + "name": "default_policy", + "version": "v1", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "CVEImpactedInstancesListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of instances affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CVEImpactedInstance" - } - } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "hostname": "4d116619f106", - "products": [ - { - "name": "noss", - "version": "1.18.0" - } - ], - "status": "unknown" - } - ] - } - } - ] - }, - "CVEImpactedControlPlanesListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of control planes affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Control Plane objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - } - } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-08-10T16:59:15Z" - } - ] - } - } - ] - }, - "FilterNameEvents": { + "NapLatestDeployed": { + "description": "Whether the latest F5 WAF object (i.e., log profile) was deployed, with the following possible values:\n* `yes` - The latest NAP object has been deployed.\n* `no` - The latest NAP object has not been deployed.\n", "type": "string", - "description": "Keywords for events filters.\n", "enum": [ - "object_id" + "yes", + "no" ], "x-enum-varnames": [ - "filter_name_events_object_id" + "nap_latest_deployed_yes", + "nap_latest_deployed_no" ] }, - "EventObjectID": { - "description": "A globally unique identifier for a NGINX One system event.", + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", "type": "string", "format": "object_id", - "pattern": "^event_.*", + "pattern": "^lp_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "Event": { - "type": "object", - "description": "An Event is a system message.", + "LogProfileAssociation": { + "description": "Details for a F5 WAF log profile that's associated with an instance or a config sync group.", "required": [ - "type", - "timestamp", - "object_id", - "message" + "name", + "nap_release", + "latest_deployed", + "log_profile_object_id", + "publication_object_id", + "paths", + "deployment_status", + "deployed_on" ], "properties": { - "timestamp": { - "description": "time of the event", + "name": { "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "description": "Name of the log profile at the time of the deployment." }, - "type": { + "nap_release": { "type": "string", - "description": "type of event, indication for affected object type.", - "enum": [ - "instance_cleanup", - "certificates", - "publications", - "nap_compilation_jobs" - ], - "x-enum-varnames": [ - "event_type_instance_cleanup", - "event_type_certificates", - "event_type_publications", - "event_type_nap_compilation_jobs" - ] + "description": "The release version of the compiler used for the log profile." }, - "object_id": { - "$ref": "#/components/schemas/EventObjectID" + "latest_deployed": { + "$ref": "#/components/schemas/NapLatestDeployed" }, - "affected_object_id": { - "$ref": "#/components/schemas/ObjectID" + "log_profile_object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "hostname": { - "type": "string", - "description": "hostname of the affected instance, if any." + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "message": { + "paths": { + "type": "array", + "description": "The list of file system paths where the compiled log profile bundle file is installed. \nSince a single compiled log profile bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_log_profile.tgz", + "/etc/nginx/default_log_profile_2.tgz" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", "type": "string", - "description": "Details regarding the event.", - "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." + "format": "date-time" } }, "example": { - "timestamp": "2024-02-04T09:57:36.088757764Z", - "type": "instance_cleanup", - "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", - "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" + "name": "default_log_profile", + "nap_release": "5.10.0", + "latest_deployed": "yes", + "log_profile_object_id": "lp_panEdeY-Sh2rWm365y7wsw", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_log_profile.tgz" + ], + "deployment_status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "EventsListResponse": { + "ConfigSyncGroup": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { "type": "object", - "description": "List of Events.", - "required": [ - "items" - ], + "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", "properties": { - "items": { - "description": "An array of Event objects.", + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + }, + "instances": { + "description": "An array of Instance objects.", "type": "array", "items": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/ConfigSyncGroupInstance" + } + }, + "last_publication_status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "nginx_app_protect": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapAssociation" + } + } + } + }, + "log_profile": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/LogProfileAssociation" + } + } } } } } - ] - }, - "FilterStagedConfigs": { - "type": "string", - "description": "Keywords for staged configs filters.\n", - "enum": [ - "name", - "object_id" ], - "x-enum-varnames": [ - "filter_name_staged_config_name", - "filter_name_staged_config_object_id" - ] - }, - "StagedConfigObjectID": { - "description": "A globally unique identifier for the NGINX staged config.", - "type": "string", - "format": "object_id", - "pattern": "^sc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456", + "has_container_host": false + } + ], + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] } }, - "StagedConfigCertificateSummary": { + "ConfigSyncGroupDetails": { "type": "object", - "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", + "description": "Detailed information of the NGINX config sync group.", + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroup" + } + ] + }, + "FileData": { + "type": "object", + "description": "Details about a file, including its path, content, size, and last modified time.", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_found", - "not_ready" + "name", + "contents", + "size", + "mtime" ], "properties": { - "total": { - "description": "Total count of certificates used as `payloads` in NGINX config.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "name": { + "type": "string", + "description": "The file's relative path to the parent directory.", + "minLength": 1, + "maxLength": 4096 }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "not_found": { - "description": "The number of certificates that are not found on NGINX One Console.", - "type": "integer" + "size": { + "type": "integer", + "description": "The size of the file, in bytes." }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "mtime": { + "type": "string", + "format": "date-time", + "description": "Timestamp of the last modification made to the file." } } }, - "StagedConfigMeta": { + "DirectoryWithFileContent": { "type": "object", - "description": "Summary information of the NGINX staged config.", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ - "object_id", "name", - "created_at", - "modified_at" + "files" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" - }, "name": { - "description": "Name of the NGINX staged config", - "type": "string" + "type": "string", + "description": "The complete path of the directory." }, - "created_at": { + "permissions": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "description": "The permissions for the directory." }, - "modified_at": { + "mtime": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "description": "The date and time when the directory was last modified.", + "format": "date-time" }, - "cert_summary": { - "$ref": "#/components/schemas/StagedConfigCertificateSummary" + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileData" + } } } }, - "StagedConfigListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "NginxConfigObject": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "required": [ + "conf_path", + "configs" + ], + "properties": { + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - { - "type": "object", - "description": "List of NGINX staged configs.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Staged Config objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + }, + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" + } + }, + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" } } - ], + }, "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ { - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", - "name": "my-nginx-staged-config", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z" + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } + ], + "name": "/etc/nginx/conf.d" + }, + { + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } + ], + "name": "/etc/nginx" } ] } }, - "StagedConfigName": { + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", "type": "string", - "description": "A name to identify the NGINX staged config.", - "minLength": 1, - "maxLength": 256, - "pattern": "^[^\\s]+$" - }, - "StagedConfigCreateRequest": { - "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" - }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } + "format": "object_id", + "pattern": "^nc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "StagedConfigCreateResponse": { - "description": "Response to a create NGINX staged config request.", - "required": [ - "object_id", - "name" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "allOf": [ + { + "$ref": "#/components/schemas/NginxConfigObject" }, - "name": { - "description": "Name of the NGINX staged config.", - "type": "string" + { + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } } - }, - "example": { - "name": "my-nginx-staged-config", - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" - } + ] }, - "StagedConfigBulkRequestData": { + "PublicationStatusCause": { + "description": "Cause of the failure, provided only if the status is `failed`.", "type": "object", - "description": "Part of bulk operation on a staged config, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "cause": { + "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", + "type": "string", + "enum": [ + "unknown", + "timeout", + "remote", + "payload" + ], + "x-enum-varnames": [ + "publication_instance_status_cause_unknown", + "publication_instance_status_cause_timeout", + "publication_instance_status_cause_remote", + "publication_instance_status_cause_payload" + ] }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "message": { + "type": "string", + "description": "more specific failure message from the agent." } - }, - "example": { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "StagedConfigBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "ConfigSyncGroupPublicationStatusReason": { + "allOf": [ { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/PublicationStatusCause" }, { - "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + } + } } ] }, - "StagedConfigBulkResponse": { - "description": "The staged config bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "StagedConfigResponse": { - "description": "Get an NGINX staged config.", + "ConfigSyncGroupPublication": { + "description": "Details of a publication request for the NGINX config sync group.", "required": [ - "name" + "status", + "created_at", + "modified_at" ], "properties": { - "name": { + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "created_at": { "type": "string", - "description": "Name of the NGINX staged config." + "format": "date-time", + "description": "The date and time when the publication was created for the instance." }, - "config": { - "$ref": "#/components/schemas/NginxConfig" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + }, + "status_reasons": { + "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + } + }, + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" } + }, + "example": { + "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", + "created_at": "2024-05-23T21:57:13.048285Z", + "modified_at": "2024-05-23T21:57:13.048285Z", + "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", + "status": "failed", + "status_reasons": [ + { + "cause": "remote", + "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", + "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + } + ] } }, - "StagedConfigUpdateRequest": { - "description": "Body to update a NGINX staged config name and config contents.", + "PublicationInstance": { + "description": "Details of a publication request for an NGINX instance.", "required": [ - "name", - "config" + "status", + "created_at", + "modified_at" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + }, + "status": { + "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded", + "succeeded_with_warnings" + ], + "x-enum-varnames": [ + "publication_instance_status_pending", + "publication_instance_status_failed", + "publication_instance_status_succeeded", + "publication_instance_status_succeeded_with_warnings" ] - } - } - }, - "StagedConfigChangeRequest": { - "description": "Update an NGINX staged config.", - "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "status_cause": { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." } }, "example": { - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "created_at": "2024-05-14T20:36:06.272704Z", + "modified_at": "2024-05-14T20:36:06.272704Z", + "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", + "status": "pending" } }, - "StagedConfigImportRequest": { + "NginxConfigMeta": { "type": "object", - "description": "Body to import a NGINX staged config", + "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", "required": [ - "name", - "file", - "conf_path" + "object_id", + "config_version", + "created_at", + "modified_at", + "config_source" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "file": { + "config_version": { "type": "string", - "format": "binary", - "example": "my-staged-config.tar.gz", - "maxLength": 5242880 + "description": "A hash that uniquely identifies the contents of the config object.\n" }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." + }, + "config_source": { + "type": "string", + "enum": [ + "NGINX One", + "Other", + "Unspecified" + ], + "x-enum-varnames": [ + "config_source_nginx_one", + "config_source_other", + "config_source_unspecified" + ], + "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" } }, "example": { - "name": "my-nginx-config", - "file": "my-staged-config.tar.gz", - "conf_path": "/etc/nginx/nginx.conf", - "parse_only": true + "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", + "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z", + "config_source": "NGINX One" } }, "FilterNameControlPlanes": { @@ -16158,6 +12590,121 @@ "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, + "StatusSummary": { + "description": "An overview of the status for each NGINX instance, indicating availability.", + "type": "object", + "required": [ + "online", + "offline", + "unavailable" + ], + "properties": { + "online": { + "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "type": "integer" + }, + "offline": { + "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", + "type": "integer" + }, + "unavailable": { + "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", + "type": "integer" + } + } + }, + "ControlPlane": { + "type": "object", + "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", + "required": [ + "object_id", + "cluster_uuid", + "deployment_uuid", + "kubernetes_namespace" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "cluster_uuid": { + "description": "The Kubernetes UID assigned to the cluster that the product is running in.", + "type": "string" + }, + "deployment_uuid": { + "description": "The Kubernetes UID assigned to the control plane.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "kubernetes_namespace": { + "description": "The kubernetes namespace that the product is running in.", + "type": "string" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + } + } + }, + "ControlPlaneDetails": { + "type": "object", + "description": "Detailed information of control plane.", + "allOf": [ + { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + { + "$ref": "#/components/schemas/ControlPlane" + } + ], + "example": { + "name": "foo", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", + "product_version": "nginx-ingress-controller-1.0.0", + "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", + "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", + "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", + "kubernetes_namespace": "nginx-ingress-controller", + "created_at": "2023-12-06T22:37:24.120114Z", + "cert_summary": { + "total": 9, + "valid": 1, + "expired": 5, + "expiring": 3, + "not_ready": 0 + }, + "statuses": { + "offline": 0, + "online": 3, + "unavailable": 0 + } + } + }, + "SummaryDisplayCount": { + "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "type": "object", + "required": [ + "name", + "count" + ], + "properties": { + "name": { + "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", + "type": "string" + }, + "count": { + "description": "The number of resources matching the given type.", + "type": "integer" + }, + "display": { + "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", + "type": "string" + } + } + }, "ControlPlaneProductVersionSummary": { "description": "An array of control plane product names/versions.", "type": "array", @@ -16223,1200 +12770,1192 @@ ] } }, - "ControlPlane": { + "NginxCVEObject": { "type": "object", - "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", "required": [ - "object_id", - "cluster_uuid", - "deployment_uuid", - "kubernetes_namespace" + "id", + "severity", + "info", + "published_at" ], + "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "cluster_uuid": { - "description": "The Kubernetes UID assigned to the cluster that the product is running in.", - "type": "string" - }, - "deployment_uuid": { - "description": "The Kubernetes UID assigned to the control plane.", + "id": { + "description": "The security advisory's unique identifier.", "type": "string" }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "kubernetes_namespace": { - "description": "The kubernetes namespace that the product is running in.", + "info": { + "description": "A brief description of security advisory.", "type": "string" }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + "instances_impacted": { + "description": "Number of instances impacted by the security advisory", + "type": "integer" }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" + "control_planes_impacted": { + "description": "Number of control planes impacted by the security advisory", + "type": "integer" + }, + "published_at": { + "description": "The date and time when the cve was published", + "type": "string", + "format": "date-time" } } }, - "ControlPlaneDetails": { - "type": "object", - "description": "Detailed information of control plane.", + "CVEListResponse": { "allOf": [ { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/ControlPlane" + "type": "object", + "description": "List of all CVEs.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of CVE objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxCVEObject" + } + } + } } + ] + }, + "NginxProduct": { + "type": "string", + "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "enum": [ + "noss", + "nplus", + "nic", + "ngf", + "unknown" ], - "example": { - "name": "foo", - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "product_version": "nginx-ingress-controller-1.0.0", - "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", - "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", - "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", - "kubernetes_namespace": "nginx-ingress-controller", - "created_at": "2023-12-06T22:37:24.120114Z", - "cert_summary": { - "total": 9, - "valid": 1, - "expired": 5, - "expiring": 3, - "not_ready": 0 - }, - "statuses": { - "offline": 0, - "online": 3, - "unavailable": 0 - } - } + "x-enum-varnames": [ + "nginx_product_noss", + "nginx_product_nplus", + "nginx_product_nic", + "nginx_product_ngf", + "nginx_product_unknown" + ] }, - "MetricQueryResultEx": { + "CveImpactedNginxProduct": { "type": "object", "required": [ - "query_metadata", - "metrics" + "versions", + "name" ], + "description": "security advisory impacted NGINX product and its version.", "properties": { - "query_metadata": { - "$ref": "#/components/schemas/MetricQueryMetadata" - }, - "metrics": { - "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", + "versions": { + "description": "List of impacted NGINX product versions.", "type": "array", "items": { - "$ref": "#/components/schemas/MetricEx" + "type": "string" } + }, + "name": { + "$ref": "#/components/schemas/NginxProduct" } } }, - "DimensionsQueryResultEx": { - "type": "object", - "required": [ - "dimensions", - "query_metadata" - ], - "properties": { - "query_metadata": { - "$ref": "#/components/schemas/DimensionsQueryMetadata" + "NginxCVEDetailsResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NginxCVEObject" }, - "dimensions": { - "description": "A map of dimension names to an array of their corresponding values.\n", + { "type": "object", - "additionalProperties": { - "description": "An array of dimension values.\n", - "type": "array", - "items": { + "required": [ + "detail", + "impacted_products" + ], + "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", + "properties": { + "impacted_products": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CveImpactedNginxProduct" + } + }, + "detail": { + "description": "the details about security advisory", "type": "string" } + }, + "example": { + "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", + "id": "CVE-ID", + "impacted_products": [ + { + "name": "nplus", + "versions": [ + "r1", + "r2" + ] + }, + { + "name": "noss", + "versions": [ + "1.11.1", + "1.20.2", + "1.19.9" + ] + }, + { + "name": "nic", + "versions": [ + "1.0.0", + "2.1.0" + ] + }, + { + "name": "ngf", + "versions": [ + "1.6.2", + "2.0.1" + ] + } + ], + "info": "Memory disclosure in the ngx_http_mp4_module", + "published_at": "2022-10-19T00:00:00Z", + "severity": "medium" } } - } - }, - "MetricQueryMetadata": { - "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", - "type": "object", - "properties": { - "start_time": { - "description": "The beginning of the time period for the metrics query (inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "end_time": { - "description": "The end point for the time period for the metrics query (non-inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "resolution": { - "description": "The level of granularity for the time series data.", - "type": "string", - "example": "30m" - } - } + ] }, - "DimensionsQueryMetadata": { - "description": "This object includes details about the time period used in the dimensions query.\n", + "NginxProductInfo": { "type": "object", + "description": "Information about an NGINX product type and its version", + "required": [ + "name", + "version" + ], "properties": { - "start_time": { - "description": "The beginning of the time period for the dimensions query (inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "name": { + "$ref": "#/components/schemas/NginxProduct" }, - "end_time": { - "description": "The end point for the time period for the dimensions query (non-inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "version": { + "description": "version of the NGINX product installed on the instance.", + "type": "string" } } }, - "MetricEx": { + "CVEImpactedInstance": { "type": "object", + "description": "Summary information about a NGINX instance.", "required": [ - "metric", - "series" + "object_id", + "hostname", + "status" ], - "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "metric": { - "$ref": "#/components/schemas/MetricName" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "series": { - "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", + "products": { + "description": "List of NGINX products in the instance", "type": "array", "items": { - "$ref": "#/components/schemas/SeriesEx" - }, - "example": [ - { - "dimensions": { - "nginx_id": "some-instance-obj-1", - "parent_hostname": "hostname-for-instance-1" - }, - "data": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] - }, - { - "dimensions": { - "nginx_id": "some-instance-obj-2", - "parent_hostname": "hostname-for-instance-2" - }, - "data": [ - { - "timestamp": "2019-08-07T09:58:30Z", - "value": 5 - } - ] - } - ] - } - } - }, - "SeriesEx": { - "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", - "type": "object", - "required": [ - "dimensions", - "data" - ], - "properties": { - "dimensions": { - "description": "This object represents a set of data points aligned along one or more dimensions.\n", + "$ref": "#/components/schemas/NginxProductInfo" + } + }, + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] + } + } + }, + "CVEImpactedInstancesListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { "type": "object", - "additionalProperties": { - "description": "The name(s) of the dimensions used in the metrics query.\n", - "type": "string" + "description": "List of instances affected by a CVE.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CVEImpactedInstance" + } + } }, "example": { - "nginx_id": "some-instance-object-id", - "parent_hostname": "hostname-for-instance" + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "hostname": "4d116619f106", + "products": [ + { + "name": "noss", + "version": "1.18.0" + } + ], + "status": "unknown" + } + ] } - }, - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] } + ] + }, + "FilterNameEvents": { + "type": "string", + "description": "Keywords for events filters.\n", + "enum": [ + "object_id" + ], + "x-enum-varnames": [ + "filter_name_events_object_id" + ] + }, + "EventObjectID": { + "description": "A globally unique identifier for a NGINX One system event.", + "type": "string", + "format": "object_id", + "pattern": "^event_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "MetricData": { + "Event": { "type": "object", + "description": "An Event is a system message.", "required": [ + "type", "timestamp", - "value" + "object_id", + "message" ], "properties": { "timestamp": { + "description": "time of the event", "type": "string", - "description": "A date-time string that represent when the data point in the series was recorded.\n", - "format": "date-time" + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "value": { - "type": "number", - "format": "double", - "nullable": true, - "description": "A value for the data, where `null` indicates a gap.\n" + "type": { + "type": "string", + "description": "type of event, indication for affected object type.", + "enum": [ + "instance_cleanup", + "certificates", + "publications", + "nap_compilation_jobs" + ], + "x-enum-varnames": [ + "event_type_instance_cleanup", + "event_type_certificates", + "event_type_publications", + "event_type_nap_compilation_jobs" + ] + }, + "object_id": { + "$ref": "#/components/schemas/EventObjectID" + }, + "affected_object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "hostname": { + "type": "string", + "description": "hostname of the affected instance, if any." + }, + "message": { + "type": "string", + "description": "Details regarding the event.", + "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." } + }, + "example": { + "timestamp": "2024-02-04T09:57:36.088757764Z", + "type": "instance_cleanup", + "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", + "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "StartTime": { - "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "EndTime": { - "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" + "EventsListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of Events.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Event objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Event" + } + } + } + } + ] }, - "MetricAggregation": { + "FilterNameInstances": { "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n * accum_rate\n", + "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", "enum": [ - "min", - "max", - "sum", - "avg", - "rate", - "accum_rate" + "hostname", + "nginx_version", + "os_version", + "instance_status", + "cert_status", + "cve_severity", + "config_recommendation", + "key_object_id", + "system_id", + "object_id" ], "x-enum-varnames": [ - "metric_aggregation_min", - "metric_aggregation_max", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_rate", - "metric_aggregation_accum_rate" + "filter_name_instances_hostname", + "filter_name_instances_nginx_version", + "filter_name_instances_os_version", + "filter_name_instances_instance_status", + "filter_name_instances_cert_status", + "filter_name_instances_cve_severity", + "filter_name_instances_config_recommendation", + "filter_name_instances_key_object_id", + "filter_name_instances_system_id", + "filter_name_instances_object_id" ] }, - "MetricDimensions": { - "type": "array", - "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" + "InstanceListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of data plane instances.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Instance" + } + } + } + } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "agent_version": "v2.30.3", + "hostname": "4d116619f106", + "key": "key_Tet21AeYTHCj7taOwVfzyw", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "has_container_host": false + } + ] + } + }, + "InstanceBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", + "required": [ + "action" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "GroupByDimensions": { + "InstanceBulkRequest": { "type": "array", - "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", "items": { - "$ref": "#/components/schemas/MetricDimension" - } + "$ref": "#/components/schemas/InstanceBulkRequestData" + }, + "maxItems": 50, + "example": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] }, - "TopXMetricDimensions": { + "InstanceBulkResponse": { + "description": "The NGINX instance bulk outcome.", "type": "array", - "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", "items": { - "$ref": "#/components/schemas/MetricDimension" + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "MetricDimension": { - "type": "string", - "default": "display_name", - "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n * `upstream_zone` - upstream zone for the metric data.\n * `upstream_name` - upstream name for the metric data.\n * `peer_state` - Variant value for metric peer state for the metric `nginx.http.upstream.peer.count`.\n * `peer_health_check` - Variant value for metric peer health check for the metric `nginx.http.upstream.peer.health_checks`.\n * `peer_address` - peer address for metric data.\n * `peer_name` - peer name for metric data.\n * `ecp_object_id` - Unique ID of the External Control Plane registered with NGINX One Console.\n", - "enum": [ - "display_name", - "file_path", - "parent_hostname", - "instance_object_id", - "location_zone", - "mount_point", - "namespace", - "network_interface", - "nginx_id", - "server_zone", - "system_id", - "tenant", - "csg_object_id", - "mode", - "state", - "io_direction", - "status_range", - "logical_number", - "outcome", - "upstream_zone", - "upstream_name", - "peer_state", - "peer_health_check", - "peer_address", - "peer_name", - "ecp_object_id" - ], - "x-enum-varnames": [ - "metric_dimension_display_name", - "metric_dimension_file_path", - "metric_dimension_hostname", - "metric_dimension_instance_object_id", - "metric_dimension_location_zone", - "metric_dimension_mount_point", - "metric_dimension_namespace", - "metric_dimension_network_interface", - "metric_dimension_nginx_id", - "metric_dimension_server_zone", - "metric_dimension_system_id", - "metric_dimension_tenant", - "metric_dimension_csg_object_id", - "metric_dimension_mode", - "metric_dimension_state", - "metric_dimension_io_direction", - "metric_dimension_status_range", - "metric_dimension_logical_number", - "metric_dimension_outcome", - "metric_dimension_upstream_zone", - "metric_dimension_upstream_name", - "metric_dimension_peer_state", - "metric_dimension_peer_health_check", - "metric_dimension_peer_address", - "metric_dimension_peer_name", - "metric_dimension_ecp_object_id" - ] - }, - "BaseMetricQueryRequest": { + "OperatingSystem": { + "description": "Release details for the operating system.", "type": "object", "required": [ - "metrics", - "start_time", - "resolution" + "name", + "id", + "codename", + "version", + "version_id" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/MetricNames" + "name": { + "description": "The official name of the operating system release.", + "type": "string" }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" + "id": { + "description": "The distinctive identifier for the operating system release.", + "type": "string" }, - "start_time": { - "$ref": "#/components/schemas/StartTime" + "codename": { + "description": "The codename assigned to the operating system release.", + "type": "string" }, - "end_time": { - "$ref": "#/components/schemas/EndTime" + "version": { + "description": "The version label for the operating system, which may include the name and version number or codename.", + "type": "string" }, - "resolution": { - "type": "string", - "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", - "example": "30s" + "version_id": { + "description": "The specific version number of the operating system release.", + "type": "string" } + }, + "example": { + "name": "Ubuntu", + "id": "ubuntu", + "codename": "bionic", + "version": "18.04.5 LTS (Bionic Beaver)", + "version_id": "18.04" } }, - "MetricQueryRequest": { - "type": "object", + "ConfigSyncGroupInstanceMeta": { "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { "type": "object", + "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", "properties": { - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "group_by": { - "$ref": "#/components/schemas/GroupByDimensions" - }, - "order_by": { - "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/OrderBy" - } + "instance_config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" } } } ] }, - "MetricTopXQueryRequest": { - "type": "object", + "NapSignatureVersion": { + "description": "The version of the NGINX App Protect resource.", + "type": "string", + "example": "2023.12.06" + }, + "NapInstanceAssociation": { "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/NapAssociation" }, { "type": "object", "required": [ - "series_limit", - "group_series_by" + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], "properties": { - "dimensions": { - "$ref": "#/components/schemas/TopXMetricDimensions" - }, - "series_limit": { - "type": "integer", - "example": 25, - "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" }, - "group_series_by": { - "$ref": "#/components/schemas/MetricDimension" + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" }, - "order_series_by": { - "$ref": "#/components/schemas/OrderSeriesBy" + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" } } } - ] - }, - "DimensionsQueryRequest": { - "type": "object", - "required": [ - "start_time", - "dimensions", - "filter" ], - "properties": { - "start_time": { - "$ref": "#/components/schemas/StartTime" - }, - "end_time": { - "$ref": "#/components/schemas/EndTime" - }, - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" - }, - "order_direction": { - "$ref": "#/components/schemas/OrderDirection" - } - } - }, - "MetricNames": { - "type": "array", - "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", - "items": { - "$ref": "#/components/schemas/MetricQuery" - }, - "example": [ - { - "name": "system.cpu.utilization", - "aggregate": "avg", - "filter": [ - { - "filterSet": [ - { - "dimension": "mode", - "operator": "=", - "values": [ - "system" - ] - } - ] - } - ] - } - ] + "example": { + "name": "default_policy", + "version": "v1", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "threat_campaign_version": "2025.01.23", + "attack_signature_version": "2025.01.19", + "bot_signature_version": "2025.01.19" + } }, - "MetricQuery": { + "NginxAppProtectDetails": { + "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", "type": "object", "required": [ - "name" + "engine_version", + "deployments" ], "properties": { - "name": { - "$ref": "#/components/schemas/MetricName" + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" + }, + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapInstanceAssociation" + } } } }, - "MetricFilterPredicate": { - "type": "string", - "enum": [ - "AND", - "OR" + "LogProfileDetails": { + "description": "Information regarding deployed log profiles for F5 WAF.\n", + "type": "object", + "required": [ + "nap_release", + "deployments" ], - "x-enum-varnames": [ - "metric_filter_predicate_and", - "metric_filter_predicate_or" - ] + "properties": { + "nap_release": { + "type": "string", + "description": "The release version of the compiler used for log profiles." + }, + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/LogProfileAssociation" + } + } + } }, - "MetricFilters": { - "type": "array", - "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", - "items": { - "$ref": "#/components/schemas/MetricFilterSet" - }, - "example": [ + "InstanceDetails": { + "type": "object", + "description": "Detailed information about an NGINX instance.", + "allOf": [ { - "filterSet": [ - { - "dimension": "server_zone", - "operator": "!=", - "values": [ - "server_zone_1" - ] - }, - { - "predicate": "OR", - "dimension": "server_zone", - "operator": "=", - "values": [ - "server_zone_2" - ] - } - ] + "$ref": "#/components/schemas/Instance" }, { - "predicate": "AND", - "filterSet": [ - { - "dimension": "nginx_id", - "operator": "in", - "values": [ - "id1", - "id2" - ] + "type": "object", + "properties": { + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystem" + }, + "config_sync_group": { + "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectDetails" + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + "log_profile": { + "$ref": "#/components/schemas/LogProfileDetails" } - ] + } } - ] + ], + "example": { + "agent_version": "v2.30.3", + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ], + "hostname": "4d116619f106", + "key": "key_wN3IhLCmR3qmwybG_6ptEg", + "control_plane": { + "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z" + }, + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "os": { + "codename": "jammy", + "id": "ubuntu", + "name": "Ubuntu", + "version": "22.04.3 LTS (Jammy Jellyfish)", + "version_id": "22.04" + }, + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "has_container_host": false + } }, - "MetricFilterSet": { + "NginxSecurityAdvisory": { "type": "object", - "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", + "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", "required": [ - "filterSet" + "id", + "severity", + "advisory", + "info" ], "properties": { - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "filterSet": { - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricFilter" - } + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "advisory": { + "description": "The URL to detailed information about the security advisory.", + "type": "string" + }, + "info": { + "description": "A brief description of security advisory.", + "type": "string" } } }, - "MetricFilter": { + "CertificateSummaryItem": { + "description": "summary information for certificate with certain status.", "type": "object", "required": [ - "dimension", - "operator", - "values" + "status", + "count", + "affected_instances" ], "properties": { - "dimension": { - "$ref": "#/components/schemas/MetricDimension" - }, - "operator": { - "type": "string", - "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", - "enum": [ - "=", - "!=", - "in", - "not" - ], - "x-enum-varnames": [ - "metric_filter_equal", - "metric_filter_not_equal", - "metric_filter_in", - "metric_filter_not" - ] + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "values": { - "type": "array", - "description": "Single value used for all operators except `in` and `not`.", - "items": { - "type": "string" - } + "count": { + "description": "The total number of SSL certificates for each status category.", + "type": "integer" }, - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" + "affected_instances": { + "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", + "type": "integer" } } }, - "OrderDirection": { - "type": "string", - "enum": [ - "asc", - "desc" - ], - "x-enum-varnames": [ - "order_by_asc", - "order_by_desc" - ], - "default": "desc" + "OperatingSystemVersionSummary": { + "description": "An array of operating systems and their versions on the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "NGINXVersionSummary": { + "description": "An array of NGINX versions installed across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } }, - "OrderBy": { + "CveSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "direction", - "dimension" + "severity", + "count", + "affected_instances" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of NGINX instances affected by each CVE.", + "type": "integer" } } }, - "OrderSeriesBy": { + "IssueSummary": { + "description": "A summary of issue details from the configuration analysis report.", "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "type", + "count", + "affected_instances" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "type": { + "$ref": "#/components/schemas/RecommendationType" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" + "count": { + "description": "The number of times this recommendation appears in the configuration analysis report.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of instances affected by this issue.", + "type": "integer" } } }, - "MetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.http.request.count", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricSystemCpuUtilization" - }, - { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" - }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpRequestCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpResponseCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpConnections" + "InstanceSummary": { + "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", + "type": "object", + "properties": { + "certs": { + "description": "An array detailing each certificate's status across all NGINX instances.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateSummaryItem" + } }, - { - "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerCount" + "os": { + "$ref": "#/components/schemas/OperatingSystemVersionSummary" }, - { - "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerHealthChecks" + "nginx_versions": { + "$ref": "#/components/schemas/NGINXVersionSummary" }, - { - "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerHealthChecks" + "statuses": { + "$ref": "#/components/schemas/StatusSummary" }, - { - "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerCount" + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveSummary" + } }, - { - "$ref": "#/components/schemas/MetricNginxHttpRequestIo" + "recommendations": { + "description": "An array summarizing the suggestions from the configuration analysis report.", + "type": "array", + "items": { + "$ref": "#/components/schemas/IssueSummary" + } } - ] - }, - "MetricSystemCpuUtilization": { - "type": "string", - "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", - "enum": [ - "system.cpu.utilization" - ] - }, - "MetricSystemFilesystemUsage": { - "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", - "enum": [ - "system.filesystem.usage" - ] - }, - "MetricSystemMemoryUsage": { - "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.memory.usage" - ] - }, - "MetricSystemCpuLogicalCount": { - "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.logical.count" - ] - }, - "MetricNginxHttpConnectionCount": { - "type": "string", - "description": "Number of connections grouped by outcome ('ACTIVE', 'IDLE', 'READING', 'WRITING', 'WAITING').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connection.count" - ] - }, - "MetricNginxHttpConnections": { - "type": "string", - "description": "Total connections grouped by outcome ('ACCEPTED', 'HANDLED', 'DROPPED').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connections" - ] - }, - "MetricNginxHttpUpstreamPeerCount": { - "type": "string", - "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", - "enum": [ - "nginx.http.upstream.peer.count" - ] - }, - "MetricNginxStreamUpstreamPeerCount": { - "type": "string", - "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", - "enum": [ - "nginx.stream.upstream.peer.count" - ] - }, - "MetricNginxHttpUpstreamPeerHealthChecks": { - "type": "string", - "description": "The total number of health check requests made to a HTTP upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", - "enum": [ - "nginx.http.upstream.peer.health_checks" - ] - }, - "MetricNginxStreamUpstreamPeerHealthChecks": { - "type": "string", - "description": "The total number of health check requests made to a stream upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", - "enum": [ - "nginx.stream.upstream.peer.health_checks" - ] - }, - "MetricSystemNetworkIo": { - "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", - "enum": [ - "system.network.io" - ] - }, - "MetricNginxHttpRequestCount": { - "type": "string", - "description": "The current number of client requests received from clients.\n\nReplacement for deprecated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.count" - ] + } }, - "MetricNginxHttpResponseCount": { + "FilterStagedConfigs": { "type": "string", - "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "description": "Keywords for staged configs filters.\n", "enum": [ - "nginx.http.response.count" + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_staged_config_name", + "filter_name_staged_config_object_id" ] }, - "MetricNginxHttpRequestIo": { + "StagedConfigObjectID": { + "description": "A globally unique identifier for the NGINX staged config.", "type": "string", - "description": "The total number of bytes sent or received. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.request.bytes_rcvd\n * nginx.http.request.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.io" - ] - }, - "SettingsInstanceCleanup": { - "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", - "required": [ - "age_out_duration" - ], - "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 - } - }, - "example": { - "age_out_duration": 3 - } - }, - "SettingsACMEIntegration": { - "type": "object", - "description": "ACME Integration to provision SSL certificates", - "required": [ - "tos_accepted" - ], - "properties": { - "tos_accepted": { - "type": "boolean", - "description": "Accept or deny terms of service for ACME server \n* true - Registers ACME account with the associated server\n* false - Deletes registered ACME account with the associated server\n", - "default": false - }, - "server": { - "type": "string", - "description": "Name of ACME server to get SSL certificates from\n* `LE` - Let's Encrypt\n", - "enum": [ - "LE" - ], - "x-enum-varnames": [ - "acme_integration_server_lets_encrypt" - ] - } + "format": "object_id", + "pattern": "^sc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxUsageDeployment": { + "StagedConfigCertificateSummary": { "type": "object", + "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", "required": [ - "integration" + "total", + "expired", + "expiring", + "valid", + "not_found", + "not_ready" ], "properties": { - "integration": { - "type": "string", - "description": "Type of integration for NGINX Instance", - "enum": [ - "nic", - "ngf" - ], - "x-enum-varnames": [ - "integration_type_nic", - "integration_type_ngf" - ] + "total": { + "description": "Total count of certificates used as `payloads` in NGINX config.", + "type": "integer" }, - "cluster_id": { - "description": "UUID of the Kubernetes cluster where NGINX Instance is deployed", - "type": "string", - "format": "uuid" + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "cluster_node_count": { - "type": "integer", - "description": "Number of nodes in the cluster where NGINX Instance is deployed", - "minimum": 0 + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "installation_id": { - "type": "string", - "description": "UUID of the individual NIC/NGF deployment relationship", - "format": "uuid" - } - } - }, - "HttpUsage": { - "type": "object", - "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" - }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } - } - } - ] + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "not_found": { + "description": "The number of certificates that are not found on NGINX One Console.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } } }, - "StreamUsage": { + "StagedConfigMeta": { "type": "object", + "description": "Summary information of the NGINX staged config.", + "required": [ + "object_id", + "name", + "created_at", + "modified_at" + ], "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "name": { + "description": "Name of the NGINX staged config", + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." + }, + "cert_summary": { + "$ref": "#/components/schemas/StagedConfigCertificateSummary" } } }, - "UsageMetrics": { - "type": "object", - "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 - }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + "StagedConfigListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + { + "type": "object", + "description": "List of NGINX staged configs.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Staged Config objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/StagedConfigMeta" + } + } + } } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", + "name": "my-nginx-staged-config", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z" + } + ] } }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" + "StagedConfigName": { + "type": "string", + "description": "A name to identify the NGINX staged config.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[^\\s]+$" }, - "NginxUsageTrackingRequest": { - "type": "object", - "description": "Request structure for sending usage information.", + "StagedConfigCreateRequest": { + "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", "required": [ - "version", - "uuid", - "nap", - "start_time", - "end_time" + "name" ], "properties": { - "version": { - "type": "string", - "description": "Version of the NGINX instance.", - "minLength": 2, - "maxLength": 100 - }, - "hostname": { - "type": "string", - "description": "Hostname of the NGINX instance.", - "minLength": 3, - "maxLength": 255 - }, - "uuid": { - "type": "string", - "description": "UID of the NGINX instance, can be in hyphenated or non-hyphenated format.", - "maxLength": 38 + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "nap": { - "type": "string", - "description": "NAP status of the NGINX instance.", - "enum": [ - "inactive", - "active" - ], - "x-enum-varnames": [ - "nap_status_inactive", - "nap_status_active" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } ] - }, - "http": { - "$ref": "#/components/schemas/NginxUsageHttp" - }, - "stream": { - "$ref": "#/components/schemas/NginxUsageStream" - }, - "deployment": { - "$ref": "#/components/schemas/NginxUsageDeployment" - }, - "start_time": { - "type": "integer", - "description": "Usage collection start time (Unix epoch).", - "minimum": 0 - }, - "end_time": { - "type": "integer", - "description": "Usage collection end time (Unix epoch).", - "minimum": 0 - }, - "workers": { - "type": "integer", - "description": "Number of workers running on the NGINX Instance", - "minimum": 0 - }, - "uptime": { - "type": "integer", - "description": "Number of seconds the NGINX Instance has been continuously running", - "minimum": 0 - }, - "reloads": { - "type": "integer", - "description": "Number of times the instance was reloaded during uptime", - "minimum": 0 } } }, - "NginxUsageTrackingBatchRequest": { - "type": "array", - "description": "Request structure for sending usage information in batch.", - "items": { - "$ref": "#/components/schemas/NginxUsageTrackingRequest" - }, - "minItems": 1, - "maxItems": 500 - }, - "ChatbotMessage": { - "type": "object", - "description": "A singular message representing the actual content to be sent to AI Gateway.", + "StagedConfigCreateResponse": { + "description": "Response to a create NGINX staged config request.", + "required": [ + "object_id", + "name" + ], "properties": { - "role": { - "description": "The persona sending the prompt. Can be 'user' or 'assistant'.", - "type": "string", - "enum": [ - "user", - "assistant" - ], - "x-enum-varnames": [ - "chatbot_role_user", - "chatbot_role_assistant" - ] + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "content": { - "description": "The prompt to be sent.", - "type": "string", - "maxLength": 7000 + "name": { + "description": "Name of the NGINX staged config.", + "type": "string" } }, - "required": [ - "role", - "content" - ] + "example": { + "name": "my-nginx-staged-config", + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" + } }, - "ChatbotRequest": { + "StagedConfigBulkRequestData": { "type": "object", - "description": "Request structure for sending a prompt to the AI Gateway LLM.", - "properties": { - "messages": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ChatbotMessage" - } + "description": "Part of bulk operation on a staged config, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } }, - "required": [ - "messages" - ] + "example": { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } }, - "ChatbotResponseChoice": { - "type": "object", - "description": "An individual completion option in response to the prompt.", - "properties": { - "index": { - "description": "The index of the value in the array of completions.", - "type": "integer", - "format": "int16" + "StagedConfigBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/StagedConfigBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, - "text": { - "description": "The text of completion.", - "type": "string" + { + "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } + ] + }, + "StagedConfigBulkResponse": { + "description": "The staged config bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "ChatbotResponse": { - "type": "object", - "description": "Response structure containing details of the LLM's response to the prompt.", + "StagedConfigResponse": { + "description": "Get an NGINX staged config.", "required": [ - "id", - "created", - "choices", - "object" + "name" ], "properties": { - "id": { - "description": "The identifier for the response generated by the AI Gateway.", - "type": "string" - }, - "created": { - "description": "The time when the response was created.", + "name": { "type": "string", - "format": "date-time" - }, - "choices": { - "description": "An array of possible completions in response to the prompt given by the 'user' persona.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ChatbotResponseChoice" - } + "description": "Name of the NGINX staged config." }, - "object": { - "description": "The type of the object that the JSON is describing - will be 'text_completion'", - "type": "string" + "config": { + "$ref": "#/components/schemas/NginxConfig" } } }, - "ChatbotFeedbackTags": { - "type": "object", - "description": "Tags representing chatbot feedback (i.e. \"Inaccurate Data\", \"Unhelpful Answer\")\n", + "StagedConfigUpdateRequest": { + "description": "Body to update a NGINX staged config name and config contents.", "required": [ - "inaccurate", - "unhelpful", - "formatting", - "time", - "other" + "name", + "config" ], "properties": { - "inaccurate": { - "description": "Boolean representing whether the user thought the response from the LLM was inaccurate.", - "type": "boolean" - }, - "unhelpful": { - "description": "Boolean representing whether the user thought the response from the LLM was unhelpful.", - "type": "boolean" - }, - "formatting": { - "description": "Boolean representing whether the user thought the response from the LLM was poorly formatted.", - "type": "boolean" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "time": { - "description": "Boolean representing whether the user thought the response time was too lengthy.", - "type": "boolean" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } + } + }, + "StagedConfigChangeRequest": { + "description": "Update an NGINX staged config.", + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "other": { - "description": "Boolean representing whether the user wishes to provide any other feedback.", - "type": "boolean" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] } } }, - "ChatbotFeedback": { + "StagedConfigImportRequest": { "type": "object", - "description": "Response structure containing user provided feedback for a specific response from the LLM", + "description": "Body to import a NGINX staged config", "required": [ - "response_id", - "is_positive" + "name", + "file", + "conf_path" ], "properties": { - "response_id": { - "description": "The identifier for the response which the user is providing feedback on. It can be found in the response headers \"X-Request-ID\" property in a request to the AI Assistant", - "type": "string" - }, - "is_positive": { - "description": "A boolean property representing whether the user found the AI Assistant's response helpful", - "type": "boolean" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "message": { - "description": "Freeform feedback from the user regarding a specific response from the LLM", + "file": { "type": "string", - "maxLength": 512 + "format": "binary", + "example": "my-staged-config.tar.gz", + "maxLength": 5242880 }, - "tags": { - "$ref": "#/components/schemas/ChatbotFeedbackTags" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" } + }, + "example": { + "name": "my-nginx-config", + "file": "my-staged-config.tar.gz", + "conf_path": "/etc/nginx/nginx.conf", + "parse_only": true } }, - "InventoryResponse": { + "MetricQueryResultEx": { "type": "object", "required": [ "query_metadata", @@ -17424,29 +13963,29 @@ ], "properties": { "query_metadata": { - "$ref": "#/components/schemas/InventoryMetricQueryMetadata" + "$ref": "#/components/schemas/MetricQueryMetadata" }, "metrics": { - "description": "An array of collected metrics, which includes the name of the resource, aggregate function, and series details.", + "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", "type": "array", "items": { - "$ref": "#/components/schemas/Metric" + "$ref": "#/components/schemas/MetricEx" } } } }, - "InventoryMetricQueryMetadata": { - "description": "Includes details about the time period and resolution of the metrics query.\n", + "MetricQueryMetadata": { + "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", "type": "object", "properties": { "start_time": { - "description": "The start time of your metrics query.", + "description": "The beginning of the time period for the metrics query (inclusive).", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" }, "end_time": { - "description": "The end time of your metrics query.", + "description": "The end point for the time period for the metrics query (non-inclusive).", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" @@ -17454,11 +13993,11 @@ "resolution": { "description": "The level of granularity for the time series data.", "type": "string", - "example": "1h" + "example": "30m" } } }, - "Metric": { + "MetricEx": { "type": "object", "required": [ "metric", @@ -17467,30 +14006,38 @@ "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { "metric": { - "$ref": "#/components/schemas/InventoryMetricName" + "$ref": "#/components/schemas/MetricName" }, "aggregate": { - "$ref": "#/components/schemas/InventoryMetricAggregation" + "$ref": "#/components/schemas/MetricAggregation" }, "series": { - "description": "An array of data points.\n", + "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", "type": "array", "items": { - "$ref": "#/components/schemas/Series" + "$ref": "#/components/schemas/SeriesEx" }, "example": [ { + "dimensions": { + "nginx_id": "some-instance-obj-1", + "parent_hostname": "hostname-for-instance-1" + }, "data": [ { - "timestamp": "2019-08-07T09:00:00Z", + "timestamp": "2019-08-07T09:57:30Z", "value": 10 } ] }, { + "dimensions": { + "nginx_id": "some-instance-obj-2", + "parent_hostname": "hostname-for-instance-2" + }, "data": [ { - "timestamp": "2019-08-07T10:00:00Z", + "timestamp": "2019-08-07T09:58:30Z", "value": 5 } ] @@ -17499,1672 +14046,1436 @@ } } }, - "Series": { - "description": "This object represents a set of data points.", - "type": "object", - "required": [ - "data" - ], - "properties": { - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:00:00Z", - "value": 10 - } - ] - } - } - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "InventoryMetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "count", - "sum", - "avg", - "min", - "max" - ], - "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" - ] - }, - "BaseInventoryQueryRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" - }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" - }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" - } - } - }, - "InventoryMetricQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" - } - ] - }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ - { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] - } - ] - }, - "InventoryMetricQuery": { + "SeriesEx": { + "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", "type": "object", "required": [ - "name" + "dimensions", + "data" ], "properties": { - "name": { - "$ref": "#/components/schemas/InventoryMetricName" + "dimensions": { + "description": "This object represents a set of data points aligned along one or more dimensions.\n", + "type": "object", + "additionalProperties": { + "description": "The name(s) of the dimensions used in the metrics query.\n", + "type": "string" + }, + "example": { + "nginx_id": "some-instance-object-id", + "parent_hostname": "hostname-for-instance" + } }, - "aggregate": { + "data": { + "description": "Array of data points for a metric.\n", "type": "array", "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" - } + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] } } }, - "InventoryMetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" + "MetricData": { + "type": "object", + "required": [ + "timestamp", + "value" + ], + "properties": { + "timestamp": { + "type": "string", + "description": "A date-time string that represent when the data point in the series was recorded.\n", + "format": "date-time" }, - { - "$ref": "#/components/schemas/MetricK8sClusterNodes" + "value": { + "type": "number", + "format": "double", + "nullable": true, + "description": "A value for the data, where `null` indicates a gap.\n" } - ] + } }, - "MetricNginxInstancesPlus": { + "StartTime": { + "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "nginx.plus.instances" - ] + "example": "2019-08-07T09:57:36.088757764Z" }, - "MetricK8sClusterNodes": { + "EndTime": { + "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" - ] + "example": "2019-08-07T09:57:36.088757764Z" }, - "FilterNameNapSignatures": { + "MetricAggregation": { "type": "string", - "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n * accum_rate\n", "enum": [ - "accuracy", - "risk", - "signature_type" + "min", + "max", + "sum", + "avg", + "rate", + "accum_rate" ], "x-enum-varnames": [ - "filter_name_nap_signature_accuracy", - "filter_name_nap_signature_risk", - "filter_name_nap_signature_signature_type" + "metric_aggregation_min", + "metric_aggregation_max", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_rate", + "metric_aggregation_accum_rate" ] }, - "FilterNameNapSignatureSets": { + "MetricDimensions": { + "type": "array", + "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" + } + }, + "GroupByDimensions": { + "type": "array", + "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" + } + }, + "TopXMetricDimensions": { + "type": "array", + "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" + } + }, + "MetricDimension": { "type": "string", - "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", + "default": "display_name", + "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n * `upstream_zone` - upstream zone for the metric data.\n * `upstream_name` - upstream name for the metric data.\n * `peer_state` - Variant value for metric peer state for the metric `nginx.http.upstream.peer.count`.\n * `peer_health_check` - Variant value for metric peer health check for the metric `nginx.http.upstream.peer.health_checks`.\n * `peer_address` - peer address for metric data.\n * `peer_name` - peer name for metric data.\n * `ecp_object_id` - Unique ID of the External Control Plane registered with NGINX One Console.\n", "enum": [ - "type", - "name" + "display_name", + "file_path", + "parent_hostname", + "instance_object_id", + "location_zone", + "mount_point", + "namespace", + "network_interface", + "nginx_id", + "server_zone", + "system_id", + "tenant", + "csg_object_id", + "mode", + "state", + "io_direction", + "status_range", + "logical_number", + "outcome", + "upstream_zone", + "upstream_name", + "peer_state", + "peer_health_check", + "peer_address", + "peer_name", + "ecp_object_id" ], "x-enum-varnames": [ - "filter_name_nap_signature_set_type", - "filter_name_nap_signature_set_name" + "metric_dimension_display_name", + "metric_dimension_file_path", + "metric_dimension_hostname", + "metric_dimension_instance_object_id", + "metric_dimension_location_zone", + "metric_dimension_mount_point", + "metric_dimension_namespace", + "metric_dimension_network_interface", + "metric_dimension_nginx_id", + "metric_dimension_server_zone", + "metric_dimension_system_id", + "metric_dimension_tenant", + "metric_dimension_csg_object_id", + "metric_dimension_mode", + "metric_dimension_state", + "metric_dimension_io_direction", + "metric_dimension_status_range", + "metric_dimension_logical_number", + "metric_dimension_outcome", + "metric_dimension_upstream_zone", + "metric_dimension_upstream_name", + "metric_dimension_peer_state", + "metric_dimension_peer_health_check", + "metric_dimension_peer_address", + "metric_dimension_peer_name", + "metric_dimension_ecp_object_id" ] }, - "NapSignatureID": { - "description": "An unique identifier for the NGINX App Protect signature.", - "type": "integer", - "pattern": "^\\d{9}" - }, - "NapSignatureSetObjectID": { - "description": "A globally unique identifier for the NGINX App Protect signature set.", - "type": "string", - "format": "object_id", - "pattern": "^sigset_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapCompileStatus": { - "description": "Provide the status of the NGINX App Protect compilation request.", + "BaseMetricQueryRequest": { + "type": "object", "required": [ - "status", - "nap_release", - "created_at", - "modified_at" + "metrics", + "start_time", + "resolution" ], "properties": { - "nap_release": { - "description": "The NGINX App Protect release version the NGINX App Protect log profile compilation was requested for.", - "type": "string" - }, - "status": { - "description": "Status of the NGINX App Protect compilation request. * `pending` - The compilation request has been accepted and is currently processing. * `failed` - The compilation attempt failed. * `succeeded` - The compilation was successful.", - "type": "string", - "enum": [ - "pending", - "failed", - "succeeded" - ], - "x-enum-varnames": [ - "nap_compile_status_pending", - "nap_compile_status_failed", - "nap_compile_status_succeeded" - ] - }, - "failure_reason": { - "type": "string", - "description": "The failure reason populated when status is 'failed'." + "metrics": { + "$ref": "#/components/schemas/MetricNames" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the compile request was created." + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the compile request was last modified." + "start_time": { + "$ref": "#/components/schemas/StartTime" }, - "size": { - "type": "integer", - "description": "The size of the compiled bundle, only set when status is `succeeded`." + "end_time": { + "$ref": "#/components/schemas/EndTime" }, - "hash": { - "type": "string", - "description": "The sha256 hash value of the compiled bundle, only set when status is `succeeded`." - } - }, - "example": { - "nap_release": "5.10.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" + "resolution": { + "type": "string", + "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", + "example": "30s" + } } }, - "VersionsList": { + "MetricQueryRequest": { "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of versions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureVersion" + "allOf": [ + { + "$ref": "#/components/schemas/BaseMetricQueryRequest" + }, + { + "type": "object", + "properties": { + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" + }, + "group_by": { + "$ref": "#/components/schemas/GroupByDimensions" + }, + "order_by": { + "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/OrderBy" + } + } } } - } + ] }, - "NapVersion": { - "description": "A collection of NGINX App Protect release and associated engine versions.", + "MetricTopXQueryRequest": { "type": "object", - "required": [ - "release", - "engine" - ], - "properties": { - "release": { - "description": "The version of the NGINX App Protect release.", - "type": "string" + "allOf": [ + { + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, - "engine": { - "description": "The version of the NGINX App Protect engine.", - "type": "string" + { + "type": "object", + "required": [ + "series_limit", + "group_series_by" + ], + "properties": { + "dimensions": { + "$ref": "#/components/schemas/TopXMetricDimensions" + }, + "series_limit": { + "type": "integer", + "example": 25, + "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" + }, + "group_series_by": { + "$ref": "#/components/schemas/MetricDimension" + }, + "order_series_by": { + "$ref": "#/components/schemas/OrderSeriesBy" + } + } } - } - }, - "ThreatCampaignVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "AttackSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "BotSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" + ] }, - "NapVersionsListResponse": { - "description": "List of NGINX App Protect versions.", + "MetricNames": { "type": "array", + "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", "items": { - "$ref": "#/components/schemas/NapVersion" - } + "$ref": "#/components/schemas/MetricQuery" + }, + "example": [ + { + "name": "system.cpu.utilization", + "aggregate": "avg", + "filter": [ + { + "filterSet": [ + { + "dimension": "mode", + "operator": "=", + "values": [ + "system" + ] + } + ] + } + ] + } + ] }, - "NapPolicy": { - "description": "The base64-encoded contents of the NGINX App Protect policy.", + "MetricQuery": { "type": "object", "required": [ - "policy" + "name" ], "properties": { - "policy": { - "type": "string", - "format": "base64", - "maxLength": 3145728 + "name": { + "$ref": "#/components/schemas/MetricName" + }, + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" } } }, - "NapPolicyObject": { - "allOf": [ + "MetricFilterPredicate": { + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-enum-varnames": [ + "metric_filter_predicate_and", + "metric_filter_predicate_or" + ] + }, + "MetricFilters": { + "type": "array", + "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", + "items": { + "$ref": "#/components/schemas/MetricFilterSet" + }, + "example": [ { - "$ref": "#/components/schemas/NapPolicyMetadata" + "filterSet": [ + { + "dimension": "server_zone", + "operator": "!=", + "values": [ + "server_zone_1" + ] + }, + { + "predicate": "OR", + "dimension": "server_zone", + "operator": "=", + "values": [ + "server_zone_2" + ] + } + ] }, { - "$ref": "#/components/schemas/NapPolicyDeployments" + "predicate": "AND", + "filterSet": [ + { + "dimension": "nginx_id", + "operator": "in", + "values": [ + "id1", + "id2" + ] + } + ] } ] }, - "NapPolicyMetadata": { - "description": "Summary information about NGINX App Protect policy.", + "MetricFilterSet": { "type": "object", + "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "object_id", - "name", - "latest" + "filterSet" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "name": { - "description": "The name of the NGINX App Protect policy.", - "type": "string" - }, - "description": { - "type": "string", - "description": "Some detail on the NGINX App Protect policy." + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" }, - "latest": { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "filterSet": { + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricFilter" + } } } }, - "NapPolicyListResponse": { - "description": "List of all NGINX App Protect policies.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "MetricFilter": { + "type": "object", + "required": [ + "dimension", + "operator", + "values" + ], + "properties": { + "dimension": { + "$ref": "#/components/schemas/MetricDimension" }, - { - "description": "List of NGINX App Protect policies.", - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect policy objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyObject" - } - } - }, - "example": { - "items": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-policy", - "description": "test policy", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "latest": { - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "created_at": "2023-12-06T22:37:24.120114Z", - "deployment_status": "deployed", - "enforcement_mode": "blocking" - } - } - ] + "operator": { + "type": "string", + "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", + "enum": [ + "=", + "!=", + "in", + "not" + ], + "x-enum-varnames": [ + "metric_filter_equal", + "metric_filter_not_equal", + "metric_filter_in", + "metric_filter_not" + ] + }, + "values": { + "type": "array", + "description": "Single value used for all operators except `in` and `not`.", + "items": { + "type": "string" } + }, + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" } - ] + } }, - "NapPolicyVersionDeployments": { + "OrderDirection": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "x-enum-varnames": [ + "order_by_asc", + "order_by_desc" + ], + "default": "desc" + }, + "OrderBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", + "required": [ + "direction", + "dimension" + ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" - } + "direction": { + "$ref": "#/components/schemas/OrderDirection" + }, + "dimension": { + "$ref": "#/components/schemas/MetricDimension" } } }, - "NapDeploymentAssociation": { + "OrderSeriesBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "associated_type", - "associated_object_id", - "associated_name" + "direction", + "aggregate" ], "properties": { - "associated_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" - }, - "associated_object_id": { - "$ref": "#/components/schemas/ObjectID" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "associated_name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" } } }, - "NapDeployment": { - "allOf": [ + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.request.count", + "oneOf": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "$ref": "#/components/schemas/MetricSystemCpuUtilization" }, { - "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], - "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" - } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - } - ] - }, - "NapPolicyVersionDeployment": { - "allOf": [ + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" + }, { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "$ref": "#/components/schemas/MetricSystemMemoryUsage" }, { - "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], - "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" - } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" + }, + { + "$ref": "#/components/schemas/MetricSystemNetworkIo" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnections" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerHealthChecks" + }, + { + "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerHealthChecks" + }, + { + "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpRequestIo" } ] }, - "NapPolicyDeployments": { + "MetricSystemCpuUtilization": { + "type": "string", + "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "enum": [ + "system.cpu.utilization" + ] + }, + "MetricSystemFilesystemUsage": { + "type": "string", + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricNginxHttpConnectionCount": { + "type": "string", + "description": "Number of connections grouped by outcome ('ACTIVE', 'IDLE', 'READING', 'WRITING', 'WAITING').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connection.count" + ] + }, + "MetricNginxHttpConnections": { + "type": "string", + "description": "Total connections grouped by outcome ('ACCEPTED', 'HANDLED', 'DROPPED').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connections" + ] + }, + "MetricNginxHttpUpstreamPeerCount": { + "type": "string", + "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "enum": [ + "nginx.http.upstream.peer.count" + ] + }, + "MetricNginxStreamUpstreamPeerCount": { + "type": "string", + "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "enum": [ + "nginx.stream.upstream.peer.count" + ] + }, + "MetricNginxHttpUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a HTTP upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.http.upstream.peer.health_checks" + ] + }, + "MetricNginxStreamUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a stream upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.stream.upstream.peer.health_checks" + ] + }, + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" + ] + }, + "MetricNginxHttpRequestCount": { + "type": "string", + "description": "The current number of client requests received from clients.\n\nReplacement for deprecated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.count" + ] + }, + "MetricNginxHttpResponseCount": { + "type": "string", + "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.count" + ] + }, + "MetricNginxHttpRequestIo": { + "type": "string", + "description": "The total number of bytes sent or received. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.request.bytes_rcvd\n * nginx.http.request.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.io" + ] + }, + "SettingsInstanceCleanup": { "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "deployments" + "age_out_duration" ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeployment" - } + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 } + }, + "example": { + "age_out_duration": 3 } }, - "NapLogProfileDeployments": { - "type": "object", - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileDeployment" - } - } - } + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" }, - "NapLogProfileDeployment": { - "description": "Detailed information about a NGINX App Protect log-profile deployment.", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/NapDeployment" - }, - { - "type": "object", - "required": [ - "nap_release", - "publication_object_id", - "associated_name", - "associated_type", - "associated_object_id", - "status", - "deployed_on" - ], - "properties": { - "nap_release": { - "description": "The compiler version of NGINX App Protect the log profile was deployed with.", - "type": "string" - }, - "latest_deployed": { - "$ref": "#/components/schemas/NapLatestDeployed" - } - } - } + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "InventoryMetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "count", + "sum", + "avg", + "min", + "max" ], - "example": { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } + "x-enum-varnames": [ + "metric_aggregation_count", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_min", + "metric_aggregation_max" + ] }, - "NapPolicyDeployment": { - "description": "Detailed information about a NGINX App Protect policy deployment.", + "BaseInventoryQueryRequest": { "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on" + "metrics" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "properties": { + "metrics": { + "$ref": "#/components/schemas/InventoryMetricNames" }, - { - "type": "object", - "required": [ - "enforcement_mode", - "policy_version", - "policy_version_object_id" - ], - "properties": { - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "policy_version": { - "description": "The version associated with the NGINX App Protect policy.", - "type": "string" - }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - } - } + "start_time": { + "$ref": "#/components/schemas/MetricStartTime" + }, + "end_time": { + "$ref": "#/components/schemas/MetricEndTime" } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "NapPolicyDeploymentDetails": { + "InventoryMetricQueryRequest": { "type": "object", - "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], "allOf": [ { - "$ref": "#/components/schemas/NapPolicyDeployment" - }, - { - "type": "object", - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } + "$ref": "#/components/schemas/BaseInventoryQueryRequest" } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } + ] }, - "NapPolicyDeploymentsListResponse": { - "description": "List of all NGINX App Protect deployments.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, + "InventoryMetricNames": { + "type": "array", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", + "items": { + "$ref": "#/components/schemas/InventoryMetricQuery" + }, + "example": [ { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect deployments.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeploymentDetails" - } - } - }, - "example": { - "items": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - ] + "name": "nginx.plus.instances", + "aggregate": [ + "count" + ] + } + ] + }, + "InventoryMetricQuery": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/InventoryMetricName" + }, + "aggregate": { + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" } } - ] + } }, - "NapLogProfileDeploymentsListResponse": { - "description": "List of all NGINX App Protect log profile deployments.", - "allOf": [ + "InventoryMetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.plus.instances", + "oneOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/MetricNginxInstancesPlus" }, { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect log profile deployments.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileDeployment" - } - } - }, - "example": { - "items": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ] - } + "$ref": "#/components/schemas/MetricK8sClusterNodes" } ] }, - "NapPolicyVersionMetadata": { - "type": "object", - "description": "Summary information about the specific NGINX App Protect policy version.", + "MetricNginxInstancesPlus": { + "type": "string", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "nginx.plus.instances" + ] + }, + "MetricK8sClusterNodes": { + "type": "string", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "k8s.cluster.nodes" + ] + }, + "FilterNameNapSignatures": { + "type": "string", + "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", + "enum": [ + "accuracy", + "risk", + "signature_type" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_accuracy", + "filter_name_nap_signature_risk", + "filter_name_nap_signature_signature_type" + ] + }, + "FilterNameNapSignatureSets": { + "type": "string", + "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", + "enum": [ + "type", + "name" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_set_type", + "filter_name_nap_signature_set_name" + ] + }, + "NapSignatureID": { + "description": "An unique identifier for the NGINX App Protect signature.", + "type": "integer", + "pattern": "^\\d{9}" + }, + "NapSignatureSetObjectID": { + "description": "A globally unique identifier for the NGINX App Protect signature set.", + "type": "string", + "format": "object_id", + "pattern": "^sigset_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapCompileStatus": { + "description": "Provide the status of the NGINX App Protect compilation request.", "required": [ - "object_id", - "version", - "enforcement_mode", - "created_at" + "status", + "nap_release", + "created_at", + "modified_at" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "nap_release": { + "description": "The NGINX App Protect release version the NGINX App Protect log profile compilation was requested for.", + "type": "string" }, - "version": { - "$ref": "#/components/schemas/NapSignatureVersion" + "status": { + "description": "Status of the NGINX App Protect compilation request. * `pending` - The compilation request has been accepted and is currently processing. * `failed` - The compilation attempt failed. * `succeeded` - The compilation was successful.", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded" + ], + "x-enum-varnames": [ + "nap_compile_status_pending", + "nap_compile_status_failed", + "nap_compile_status_succeeded" + ] }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "failure_reason": { + "type": "string", + "description": "The failure reason populated when status is 'failed'." }, "created_at": { - "description": "The date and time when the NGINX App Protect policy version was created.", "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The date and time when the compile request was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the compile request was last modified." + }, + "size": { + "type": "integer", + "description": "The size of the compiled bundle, only set when status is `succeeded`." + }, + "hash": { + "type": "string", + "description": "The sha256 hash value of the compiled bundle, only set when status is `succeeded`." } + }, + "example": { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" } }, - "NapPolicyVersionDetails": { - "description": "Detailed information about NGINX App Protect policy version.", + "VersionsList": { "type": "object", "required": [ - "policy", - "object_id", - "version", - "enforcement_mode", - "created_at", - "bundles" + "items" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicy" - }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" - }, - { - "type": "object", - "required": [ - "bundles" - ], - "properties": { - "bundles": { - "description": "Compiled NGINX App Protect policy version bundles for this specific policy version.\nLists compilation status of the policy version contents across different NAP release versions.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapCompileStatus" - } - } + "properties": { + "items": { + "description": "An array of versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureVersion" } } - ], - "example": { - "object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "enforcement_mode": "blocking", - "created_at": "2023-12-06T22:37:24.120114Z", - "policy": "eyJwb2xpY3kiOiB7Im5hbWUiOiAiZGVmYXVsdCJ9fQ==", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "bundles": [ - { - "nap_release": "5.10.0", - "status": "succeeded", - "created_at": "2023-12-06T22:37:24.120114Z", - "modified_at": "2023-12-06T22:38:01.264956Z" - }, - { - "nap_release": "5.9.0", - "status": "succeeded", - "created_at": "2023-12-06T22:37:24.120114Z", - "modified_at": "2023-12-06T22:38:01.264956Z" - } - ] } }, - "NapPolicyVersionObject": { - "description": "Summary information about NGINX App Protect policy version.", + "ThreatCampaignVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "NapPolicyVersionComment": { + "description": "A user-provided comment describing what changed in this WAF policy version. \n**Note: This feature is under development and for future use.**\n", + "type": "string", + "maxLength": 150 + }, + "NapPolicy": { + "description": "The base64-encoded contents of the NGINX App Protect policy.", + "type": "object", + "required": [ + "policy" + ], + "properties": { + "policy": { + "type": "string", + "format": "base64", + "maxLength": 3145728 + }, + "version_comment": { + "$ref": "#/components/schemas/NapPolicyVersionComment" + } + } + }, + "NapPolicyObject": { "allOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "$ref": "#/components/schemas/NapPolicyMetadata" }, { - "type": "object", - "required": [ - "latest" - ], - "properties": { - "latest": { - "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", - "type": "boolean", - "default": false - } - } + "$ref": "#/components/schemas/NapPolicyDeployments" } ] }, - "NapPolicyVersionsListResponse": { - "description": "List of all NGINX App Protect versions.", + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", + "type": "object", + "required": [ + "object_id", + "name", + "latest" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "name": { + "description": "The name of the NGINX App Protect policy.", + "type": "string" + }, + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." + }, + "latest": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + } + } + }, + "NapPolicyListResponse": { + "description": "List of all NGINX App Protect policies.", "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { + "description": "List of NGINX App Protect policies.", "type": "object", "required": [ "items" ], "properties": { "items": { - "description": "An array of NGINX App Protect version objects.", + "description": "An array of NGINX App Protect policy objects.", "type": "array", "items": { - "$ref": "#/components/schemas/NapPolicyVersionObject" + "$ref": "#/components/schemas/NapPolicyObject" } } }, "example": { "items": [ { - "version": "2023-12-06 22:37:24", - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "created_at": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "latest": false + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "description": "test policy", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "enforcement_mode": "blocking", + "policy_version": "v1", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "latest": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "version": "v1", + "created_at": "2023-12-06T22:37:24.120114Z", + "deployment_status": "deployed", + "enforcement_mode": "blocking", + "version_comment": "Initial policy configuration" + } } ] } } ] }, - "NapLogProfileListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect log profiles.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileObject" - } - } - } - } - ] - }, - "NapLogProfileObjectDetails": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileObject" - }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string" - } - } - }, - { - "type": "object", - "required": [ - "bundles" - ], - "properties": { - "bundles": { - "description": "Compiled NGINX APP Protect log profile bundles for this specific log profile. \nShows compilation status of the latest log profile contents across different NAP release versions.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapCompileStatus" - } - } - } - } - ], - "example": { - "created_at": "2026-01-16T21:12:51.843434Z", - "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", - "modified_at": "2026-01-16T21:12:51.843434Z", - "name": "test-log-profiles", - "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", - "is_f5_default": false, - "config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=", - "deployments": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ], - "bundles": [ - { - "nap_release": "5.10.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" - }, - { - "nap_release": "5.9.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" + "NapPolicyVersionDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" } - ] - } - }, - "NapLogProfileObject": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileDeployments" - }, - { - "$ref": "#/components/schemas/NapLogProfileMetadata" } - ], - "example": { - "created_at": "2026-01-16T21:12:51.843434Z", - "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", - "modified_at": "2026-01-16T21:12:51.843434Z", - "name": "test-log-profiles", - "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", - "is_f5_default": false, - "deployments": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ] } }, - "NapLogProfileMetadata": { + "NapDeploymentAssociation": { "type": "object", "required": [ - "name", - "object_id", - "hash", - "is_f5_default", - "modified_at", - "created_at" + "associated_type", + "associated_object_id", + "associated_name" ], "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect log profile." - }, - "object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" - }, - "hash": { - "type": "string", - "description": "The hash value of the NGINX App Protect log profile configs." - }, - "is_f5_default": { - "$ref": "#/components/schemas/IsF5Default" - }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "associated_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the log profile was created." + "associated_object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the log profile was last modified." + "associated_name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" } } }, - "NapGlobalSettingsListResponse": { + "NapDeployment": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NapDeploymentAssociation" }, { "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", "required": [ - "items" + "publication_object_id", + "status", + "deployed_on" ], "properties": { - "items": { - "description": "An array of NGINX App Protect global settings.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" } } ] }, - "NapGlobalSettingGetResponse": { + "NapPolicyVersionDeployment": { "allOf": [ { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "$ref": "#/components/schemas/NapDeploymentAssociation" }, { "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", "required": [ - "config" + "publication_object_id", + "status", + "deployed_on" ], "properties": { - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string" + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" } } ] }, - "NapGlobalSettingMetadata": { + "NapPolicyDeployments": { "type": "object", "required": [ - "name", - "object_id" + "deployments" ], "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect global setting object." - }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "object_id": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeployment" + } } } }, - "NapGlobalSettingCreateRequest": { - "description": "Create NGINX App Protect global setting object.", + "NapLogProfileDeployments": { "type": "object", - "required": [ - "name", - "config" - ], "properties": { - "name": { - "description": "The name of the NGINX App Protect global setting object.", - "type": "string", - "minLength": 3, - "maxLength": 32 - }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileDeployment" + } } } }, - "NapGlobalSettingUpdateRequest": { - "description": "Update NGINX App Protect global setting object.", + "NapLogProfileDeployment": { + "description": "Detailed information about a NGINX App Protect log-profile deployment.", "type": "object", - "required": [ - "config" - ], - "properties": { - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "allOf": [ + { + "$ref": "#/components/schemas/NapDeployment" }, - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 + { + "type": "object", + "required": [ + "nap_release", + "publication_object_id", + "associated_name", + "associated_type", + "associated_object_id", + "status", + "deployed_on" + ], + "properties": { + "nap_release": { + "description": "The compiler version of NGINX App Protect the log profile was deployed with.", + "type": "string" + }, + "latest_deployed": { + "$ref": "#/components/schemas/NapLatestDeployed" + } + } } - } - }, - "NapLogProfileCreateRequest": { - "description": "Create NGINX App Protect log profile.", - "type": "object", - "required": [ - "name", - "config" ], - "properties": { - "name": { - "description": "The name of the NGINX App Protect log profile.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 - } + "example": { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" } }, - "NapLogProfileUpdateRequest": { - "description": "Update NGINX App Protect log profile.", + "NapPolicyDeployment": { + "description": "Detailed information about a NGINX App Protect policy deployment.", "type": "object", "required": [ - "config" + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on" ], - "properties": { - "name": { - "description": "The name of the NGINX App Protect log profile.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "description": { - "description": "Optional field to describe describing the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string", - "format": "base64", - "minLength": 5, - "maxLength": 3145728 - } - } - }, - "NapPolicyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "allOf": [ { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/NapPolicyVersionDeployment" }, { - "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] - }, - "NapPolicyBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "type": "object", + "required": [ + "enforcement_mode", + "policy_version", + "policy_version_object_id" + ], + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "policy_version": { + "$ref": "#/components/schemas/NapPolicyVersionName" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + } + } } - }, + ], "example": { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "NapBulkResponse": { - "description": "The Nap policy bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "policy_version": "v1", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "NapSignatureMeta": { + "NapPolicyDeploymentDetails": { + "type": "object", "required": [ - "signature_id", - "name", - "attack_type" + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], - "properties": { - "name": { - "type": "string" - }, - "signature_id": { - "type": "integer" + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyDeployment" }, - "attack_type": { - "type": "string" + { + "type": "object", + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "v1", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" } }, - "NapSignature": { - "description": "Detail information for NGINX App Protect signatures. Note: `description` is omitted for list operation.\n", + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", "allOf": [ { - "$ref": "#/components/schemas/NapSignatureMeta" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", "required": [ - "signature_type", - "risk", - "accuracy", - "has_cve", - "modified_at", - "systems" + "items" ], "properties": { - "accuracy": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_accuracy_high", - "nap_signature_accuracy_low", - "nap_signature_accuracy_medium" - ], - "type": "string" - }, - "description": { - "type": "string" - }, - "has_cve": { - "default": false, - "type": "boolean" - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature was last modified." - }, - "references": { - "items": { - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "default": "nessus", - "enum": [ - "bugtraq", - "cve", - "nessus", - "url" - ], - "x-enum-varnames": [ - "nap_signature_references_type_bugtrag", - "nap_signature_references_type_cve", - "nap_signature_references_type_nessus", - "nap_signature_references_type_url" - ], - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "risk": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_risk_high", - "nap_signature_risk_low", - "nap_signature_risk_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "request", - "response" - ], - "type": "string", - "x-enum-varnames": [ - "nap_signature_signature_type_request", - "nap_signature_signature_type_response" - ] - }, - "systems": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", "items": { - "type": "string" - }, - "type": "array" + "$ref": "#/components/schemas/NapPolicyDeploymentDetails" + } } + }, + "example": { + "items": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "v1", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + ] } } - ], - "example": { - "signature_id": 123456789, - "name": "Example Signature", - "description": "This is an example signature.", - "signature_type": "request", - "attack_type": "SQL Injection", - "risk": "high", - "accuracy": "medium", - "has_cve": true, - "modified_at": "2023-10-01T12:00:00Z", - "references": [ - { - "type": "cve", - "value": "CVE-2023-12345" - } - ], - "systems": [ - "System A" - ] - } + ] + }, + "NapLogProfileDeploymentsListResponse": { + "description": "List of all NGINX App Protect log profile deployments.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profile deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileDeployment" + } + } + }, + "example": { + "items": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ] + } + } + ] }, - "NapSignatureSet": { + "NapPolicyVersionMetadata": { "type": "object", + "description": "Summary information about the specific NGINX App Protect policy version.", "required": [ "object_id", - "name", - "type", - "category", - "signature_count", - "accuracy", - "default_alarm", - "default_block", - "default_learn", - "systems", - "modified_at" + "version", + "enforcement_mode", + "created_at" ], "properties": { "object_id": { - "$ref": "#/components/schemas/NapSignatureSetObjectID" - }, - "name": { - "type": "string" + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "accuracy": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "low", - "medium", - "high" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_low", - "nap_signature_set_accuracy_medium", - "nap_signature_set_accuracy_high" - ] - } + "version": { + "$ref": "#/components/schemas/NapPolicyVersionName" }, - "signature_count": { - "type": "integer" + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" }, - "category": { - "enum": [ - "User-defined", - "Basic", - "Attack Type Specific" - ], - "x-enum-varnames": [ - "nap_signature_set_category_user_defined", - "nap_signature_set_category_basic", - "nap_signature_set_category_attack_type_specific" - ], - "type": "string" + "created_at": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" }, - "default_alarm": { - "default": true, - "type": "boolean" + "version_comment": { + "$ref": "#/components/schemas/NapPolicyVersionComment" + } + } + }, + "NapPolicyVersionDetails": { + "description": "Detailed information about NGINX App Protect policy version.", + "type": "object", + "required": [ + "policy", + "object_id", + "version", + "enforcement_mode", + "created_at", + "bundles" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" }, - "default_block": { - "default": true, - "type": "boolean" + { + "$ref": "#/components/schemas/NapPolicy" }, - "default_learn": { - "default": true, - "type": "boolean" + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" }, - "filter": { + { + "type": "object", + "required": [ + "bundles" + ], "properties": { - "accuracy_filter": { - "default": "ge", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_accuracy_filter_all", - "nap_signature_set_filter_accuracy_filter_eq", - "nap_signature_set_filter_accuracy_filter_ge", - "nap_signature_set_filter_accuracy_filter_le" - ], - "type": "string" - }, - "accuracy_value": { - "default": "all", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_accuracy_value_all", - "nap_signature_set_filter_accuracy_value_high", - "nap_signature_set_filter_accuracy_value_low", - "nap_signature_set_filter_accuracy_value_medium" - ], - "type": "string" - }, - "attack_type": { - "properties": { - "name": { - "type": "string" - } - }, - "type": "object" - }, - "has_cve": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_have_cve_all", - "nap_signature_set_filter_have_cve_no", - "nap_signature_set_filter_have_cve_yes" - ], - "type": "string" - }, - "modified_at_filter": { - "default": "all", - "enum": [ - "after", - "all", - "before" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_modified_at_filter_after", - "nap_signature_set_filter_modified_at_filter_all", - "nap_signature_set_filter_modified_at_filter_before" - ], - "type": "string" - }, - "modified_at_value": { - "default": "1970-01-01", - "type": "string" - }, - "risk_filter": { - "default": "eq", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_filter_all", - "nap_signature_set_filter_risk_filter_eq", - "nap_signature_set_filter_risk_filter_ge", - "nap_signature_set_filter_risk_filter_le" - ], - "type": "string" - }, - "risk_value": { - "default": "low", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_value_all", - "nap_signature_set_filter_risk_value_high", - "nap_signature_set_filter_risk_value_low", - "nap_signature_set_filter_risk_value_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "all", - "request", - "response" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_signature_type_all", - "nap_signature_set_filter_signature_type_request", - "nap_signature_set_filter_signature_type_response" - ], - "type": "string" - }, - "user_defined_filter": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_user_defined_filter_all", - "nap_signature_set_filter_user_defined_filter_no", - "nap_signature_set_filter_user_defined_filter_yes" - ], - "type": "string" + "bundles": { + "description": "Compiled NGINX App Protect policy version bundles for this specific policy version.\nLists compilation status of the policy version contents across different NAP release versions.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapCompileStatus" + } } + } + } + ], + "example": { + "object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "version": "v1", + "enforcement_mode": "blocking", + "created_at": "2023-12-06T22:37:24.120114Z", + "version_comment": "Initial policy configuration", + "policy": "eyJwb2xpY3kiOiB7Im5hbWUiOiAiZGVmYXVsdCJ9fQ==", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "bundles": [ + { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2023-12-06T22:37:24.120114Z", + "modified_at": "2023-12-06T22:38:01.264956Z" }, - "type": "object" - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature-set was last modified." + { + "nap_release": "5.9.0", + "status": "succeeded", + "created_at": "2023-12-06T22:37:24.120114Z", + "modified_at": "2023-12-06T22:38:01.264956Z" + } + ] + } + }, + "NapPolicyVersionObject": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" }, - "systems": { - "items": { - "type": "string" - }, - "type": "array" + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" }, - "type": { - "default": "filter-based", - "enum": [ - "filter-based", - "manual" - ], - "x-enum-varnames": [ - "nap_signature_set_type_filter_based", - "nap_signature_set_type_manual" + { + "type": "object", + "required": [ + "latest" ], - "type": "string" + "properties": { + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } + } } - }, - "example": { - "default_block": true, - "default_learn": true, - "signature_count": 0, - "filter": { - "accuracy_value": "all", - "accuracy_filter": "all", - "attack_type": { - "name": "XML External Entities (XXE)" - }, - "risk_filter": "all", - "has_cve": "all", - "user_defined_filter": "all", - "risk_value": "all", - "modified_at_filter": "all", - "signature_type": "request" - }, - "assign_to_policy_by_default": false, - "default_alarm": true, - "accuracy": [], - "type": "filter-based", - "name": "XML External Entities (XXE) Signatures", - "object_id": "sigset_-ZMshmi83MBL97dr5d0a9w", - "category": "User-defined", - "modified_at": "2023-08-10T16:59:15Z", - "systems": [] - } + ] }, - "NapSignatureListResponse": { + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -19176,17 +15487,48 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect signatures.", + "description": "An array of NGINX App Protect version objects.", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/NapPolicyVersionObject" } } + }, + "example": { + "items": [ + { + "version": "v1", + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_at": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "version_comment": "Initial policy configuration", + "latest": false + } + ] } } ] }, - "NapSignatureSetListResponse": { + "NapPolicyVersionUpdate": { + "description": "Fields that can be updated on an existing WAF policy version.", + "type": "object", + "required": [ + "version_comment" + ], + "properties": { + "version_comment": { + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionComment" + } + ] + } + }, + "example": { + "version_comment": "Updated rate limiting thresholds" + } + }, + "NapLogProfileListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -19198,1197 +15540,864 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect signature sets.", + "description": "An array of NGINX App Protect log profiles.", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignatureSet" + "$ref": "#/components/schemas/NapLogProfileObject" } } } } ] }, - "FilterNameNapPolicy": { - "type": "string", - "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", - "enum": [ - "name", - "enforcement_mode", - "object_id", - "deployment_enforcement_mode", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_name", - "filter_name_nap_policy_enforcement_mode", - "filter_name_nap_policy_object_id", - "filter_name_nap_policy_deployment_enforcement_mode", - "filter_name_nap_policy_deployment_status" - ] - }, - "FilterNameNapPolicyVersion": { - "type": "string", - "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", - "enum": [ - "deployment_status", - "enforcement_mode", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_version_deployment_status", - "filter_name_nap_policy_version_enforcement_mode", - "filter_name_nap_policy_version_object_id" - ] - }, - "FilterNameNapPolicyDeployment": { - "type": "string", - "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "policy_version", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_policy_version", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] - }, - "FilterNameNapLogProfile": { - "type": "string", - "description": "Keywords for NGINX App Protect log profile filters.\n", - "enum": [ - "name", - "object_id", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_nap_log_profile_name", - "filter_name_nap_log_profile_object_id", - "filter_name_nap_log_profile_deployment_status" - ] - }, - "IsF5Default": { - "type": "boolean", - "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)." - }, - "FilterNameNapLogProfileDeployment": { - "type": "string", - "description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] - }, - "FilterNameNapGlobalSettings": { - "type": "string", - "description": "Keywords for NGINX App Protect global settings filters.\n", - "enum": [ - "name", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_global_setting_name", - "filter_name_nap_global_setting_object_id" - ] - }, - "NapGlobalSettingObjectID": { - "description": "A globally unique identifier for the App Protect global settings object.", - "type": "string", - "format": "object_id", - "pattern": "^gs_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "DeploymentName": { - "type": "string", - "description": "Name of an NGINXaaS resource.", - "minLength": 3, - "maxLength": 30, - "pattern": "^[a-z][a-z0-9-]*[a-z0-9]$", - "example": "mydeployment" - }, - "DeploymentCloudName": { - "type": "string", - "description": "Name of the cloud where deployment resources are provisioned.", - "enum": [ - "google", - "aws" - ] - }, - "DeploymentCloudProperties": { - "type": "object", - "description": "Cloud-specific deployment properties.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "google": { - "$ref": "#/components/schemas/GoogleDeploymentProperties" + "NapLogProfileObjectDetails": { + "allOf": [ + { + "$ref": "#/components/schemas/NapLogProfileObject" + }, + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string" + } + } }, - "aws": { - "$ref": "#/components/schemas/AWSDeploymentProperties" + { + "type": "object", + "required": [ + "bundles" + ], + "properties": { + "bundles": { + "description": "Compiled NGINX APP Protect log profile bundles for this specific log profile. \nShows compilation status of the latest log profile contents across different NAP release versions.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } } - } - }, - "DeploymentScale": { - "type": "object", - "description": "NaaS deployment scale info.", - "required": [ - "capacity" ], - "properties": { - "capacity": { - "type": "integer", - "description": "The number of desired NCUs for a NaaS deployment. Must be >= 10, <= 500.\n", - "minimum": 10, - "maximum": 500 - } + "example": { + "created_at": "2026-01-16T21:12:51.843434Z", + "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", + "modified_at": "2026-01-16T21:12:51.843434Z", + "name": "test-log-profiles", + "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", + "is_f5_default": false, + "config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=", + "deployments": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ], + "bundles": [ + { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" + }, + { + "nap_release": "5.9.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" + } + ] } }, - "CreateDeploymentCloudProperties": { - "type": "object", - "description": "Cloud-specific create properties.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "google": { - "$ref": "#/components/schemas/CreateGoogleDeploymentProperties" + "NapLogProfileObject": { + "allOf": [ + { + "$ref": "#/components/schemas/NapLogProfileDeployments" }, - "aws": { - "$ref": "#/components/schemas/CreateAWSDeploymentProperties" + { + "$ref": "#/components/schemas/NapLogProfileMetadata" } + ], + "example": { + "created_at": "2026-01-16T21:12:51.843434Z", + "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", + "modified_at": "2026-01-16T21:12:51.843434Z", + "name": "test-log-profiles", + "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", + "is_f5_default": false, + "deployments": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ] } }, - "UpdateDeploymentCloudProperties": { + "NapLogProfileMetadata": { "type": "object", - "description": "Cloud-specific update properties.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, + "required": [ + "name", + "object_id", + "hash", + "is_f5_default", + "modified_at", + "created_at" + ], "properties": { - "google": { - "$ref": "#/components/schemas/UpdateGoogleDeploymentProperties" + "name": { + "type": "string", + "description": "The name of the NGINX App Protect log profile." }, - "aws": { - "$ref": "#/components/schemas/UpdateAWSDeploymentProperties" - } - } - }, - "GoogleFrontendInfo": { - "type": "object", - "description": "Google frontend info returned in a deployment response.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/GooglePrivateEndpoint" + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/ManagedPublicEndpoint" - } - } - }, - "CreateGoogleFrontendInfo": { - "type": "object", - "description": "Google frontend info used in a create request.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/UpdateGooglePrivateEndpoint" + "hash": { + "type": "string", + "description": "The hash value of the NGINX App Protect log profile configs." }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/CreateManagedPublicEndpoint" - } - } - }, - "UpdateGoogleFrontendInfo": { - "type": "object", - "description": "Google frontend info used in an update request.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/UpdateGooglePrivateEndpoint" + "is_f5_default": { + "$ref": "#/components/schemas/IsF5Default" }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/UpdateManagedPublicEndpoint" - } - } - }, - "GooglePrivateEndpoint": { - "type": "object", - "description": "Google private endpoint info returned in a deployment response.", - "properties": { - "service_attachment": { - "$ref": "#/components/schemas/GoogleServiceAttachment" + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "service_attachment_accept_list": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptList" - } - } - }, - "UpdateGooglePrivateEndpoint": { - "type": "object", - "description": "Google private endpoint info used in a create or update request.", - "properties": { - "service_attachment_accept_list": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptList" - } - } - }, - "ManagedPublicEndpoint": { - "type": "object", - "description": "Managed public endpoint info returned in a deployment response.", - "required": [ - "acl" - ], - "properties": { - "acl": { - "$ref": "#/components/schemas/ManagedPublicEndpointACL" + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the log profile was created." }, - "service_endpoint": { + "modified_at": { "type": "string", - "description": "The public DNS name for the managed public endpoint.", - "readOnly": true - } - } - }, - "CreateManagedPublicEndpoint": { - "type": "object", - "description": "Managed public endpoint info used in a create request.", - "required": [ - "acl" - ], - "properties": { - "acl": { - "$ref": "#/components/schemas/ManagedPublicEndpointACL" - } - } - }, - "UpdateManagedPublicEndpoint": { - "type": "object", - "description": "Managed public endpoint info used in an update request.", - "properties": { - "acl": { - "$ref": "#/components/schemas/ManagedPublicEndpointACL" + "format": "date-time", + "description": "The date and time when the log profile was last modified." } } }, - "ManagedPublicEndpointACL": { - "type": "array", - "description": "Access control list for the managed public endpoint. Maximum of 40 rules.", - "maxItems": 40, - "items": { - "$ref": "#/components/schemas/ManagedPublicEndpointACLRule" - } - }, - "ManagedPublicEndpointACLRule": { - "type": "object", - "description": "A single ACL rule for the managed public endpoint.", - "required": [ - "source_prefixes" - ], - "oneOf": [ + "NapGlobalSettingsListResponse": { + "allOf": [ { - "required": [ - "protocol", - "port_range" - ] + "$ref": "#/components/schemas/PaginationResponse" }, { - "not": { - "anyOf": [ - { - "required": [ - "protocol" - ] - }, - { - "required": [ - "port_range" - ] + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect global settings.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" } - ] + } } } - ], - "properties": { - "description": { - "type": "string", - "description": "Optional description for the ACL rule.", - "maxLength": 256 + ] + }, + "NapGlobalSettingGetResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" }, - "source_prefixes": { - "type": "array", - "description": "List of CIDR blocks.", - "minItems": 1, - "maxItems": 60, - "uniqueItems": true, - "items": { - "type": "string", - "format": "cidr" + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string" + } } - }, - "protocol": { - "type": "string", - "description": "Network protocol for the rule. Must be specified if port_range is specified.", - "enum": [ - "tcp", - "udp" - ] - }, - "port_range": { - "type": "string", - "description": "Port range as either a single integer or a range separated by dash, inclusive. Must be specified if protocol is specified.", - "format": "port-range" } - } + ] }, - "GoogleDeploymentProperties": { + "NapGlobalSettingMetadata": { "type": "object", - "description": "Google deployment properties.", "required": [ - "region", - "project_id", - "network_attachment", - "frontend" + "name", + "object_id" ], "properties": { - "region": { - "$ref": "#/components/schemas/GoogleRegion" - }, - "project_id": { - "description": "The Google Cloud project ID where this deployment resides. This project_id can be used for the network attachment allowlist.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] - }, - "network_attachment": { - "$ref": "#/components/schemas/GoogleNetworkAttachment" - }, - "frontend": { - "$ref": "#/components/schemas/GoogleFrontendInfo" - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported.", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "name": { + "type": "string", + "description": "The name of the NGINX App Protect global setting object." }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported.", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "identity": { - "$ref": "#/components/schemas/GoogleIdentity" + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" } } }, - "CreateGoogleDeploymentProperties": { + "NapLogProfileCreateRequest": { + "description": "Create NGINX App Protect log profile.", "type": "object", - "description": "Google deployment properties used in a create request.", "required": [ - "region", - "network_attachment", - "frontend" + "name", + "config" ], "properties": { - "region": { - "$ref": "#/components/schemas/GoogleRegion" - }, - "network_attachment": { - "$ref": "#/components/schemas/GoogleNetworkAttachment" - }, - "frontend": { - "$ref": "#/components/schemas/CreateGoogleFrontendInfo" - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported. Omit the field to disable log exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 1, + "maxLength": 128 }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Omit the field to disable metric exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "identity": { - "$ref": "#/components/schemas/CreateGoogleIdentity" + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "UpdateGoogleDeploymentProperties": { + "NapLogProfileUpdateRequest": { + "description": "Update NGINX App Protect log profile.", "type": "object", - "description": "Google deployment properties used in an update request.", + "required": [ + "config" + ], "properties": { - "frontend": { - "$ref": "#/components/schemas/UpdateGoogleFrontendInfo" - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported. Set to an empty string to disable log exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/EmptyStringOrGoogleProjectID" - } - ] + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 1, + "maxLength": 128 }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Set to an empty string to disable metric exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/EmptyStringOrGoogleProjectID" - } - ] + "description": { + "description": "Optional field to describe describing the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "identity": { - "$ref": "#/components/schemas/UpdateGoogleIdentity" + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "minLength": 5, + "maxLength": 3145728 } } }, - "GoogleResourceName": { - "type": "string", - "minLength": 1, - "maxLength": 63, - "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleRegion": { - "description": "Google region.", - "$ref": "#/components/schemas/GoogleResourceName" - }, - "GoogleNetworkAttachment": { - "type": "string", - "description": "Google network attachment.", - "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/networkAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleServiceAttachment": { - "type": "string", - "description": "Google service attachment.", - "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/serviceAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleServiceAttachmentAcceptListItem": { - "type": "string", - "oneOf": [ + "NapPolicyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptNetworkItem" + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "$ref": "#/components/schemas/GoogleProjectID" + "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "GoogleServiceAttachmentAcceptList": { - "type": "array", - "description": "List of google networkURls or project ids that should connect to the service attachment. The list must contain either all network urls or all project ids but not both simultaneously. An empty list indicates all connections to the service attachment should be accepted.\n", - "items": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" - } - }, - "GoogleServiceAttachmentAcceptNetworkItem": { - "type": "string", - "pattern": "^(.*/networks/.*)" - }, - "GoogleProjectID": { - "type": "string", - "pattern": "^[a-z][a-z0-9\\-]{4,28}[a-z0-9]$" - }, - "EmptyStringOrGoogleProjectID": { - "type": "string", - "pattern": "^(?:|[a-z][a-z0-9\\-]{4,28}[a-z0-9])$" - }, - "GoogleWorkloadIdentityPoolProviderName": { - "type": "string", - "description": "The resource name of the Google workload identity pool provider", - "pattern": "^projects/(?:[a-z][a-z0-9\\-]{4,28}[a-z0-9]|[0-9]{4,30})/locations/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/workloadIdentityPools/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/providers/[a-z][a-z0-9\\-]{2,30}[a-z0-9]$" - }, - "EmptyStringOrGoogleWorkloadIdentityPoolProviderName": { - "type": "string", - "description": "The resource name of the Google workload identity pool provider", - "pattern": "^(?:|projects/(?:[a-z][a-z0-9\\-]{4,28}[a-z0-9]|[0-9]{4,30})/locations/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/workloadIdentityPools/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/providers/[a-z][a-z0-9\\-]{2,30}[a-z0-9])$" - }, - "GoogleServiceAccountUniqueID": { - "type": "string", - "description": "The unique numeric ID of the Google service account", - "pattern": "^[0-9]+$" - }, - "GoogleIdentity": { + "NapPolicyBulkRequestData": { "type": "object", - "description": "Identity info for a Google-based deployment", + "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], "properties": { - "workload_identity_pool_provider_name": { - "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "nginxaas_service_account_unique_id": { - "description": "The unique numeric ID of the Google service account created by NGINXaaS", - "readOnly": true, - "allOf": [ - { - "$ref": "#/components/schemas/GoogleServiceAccountUniqueID" - } - ] - } - } - }, - "CreateGoogleIdentity": { - "type": "object", - "description": "Identity info for a Google-based deployment used in a create or update request", - "properties": { - "workload_identity_pool_provider_name": { - "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "UpdateGoogleIdentity": { - "type": "object", - "description": "Identity info for a Google-based deployment used in a create or update request", - "properties": { - "workload_identity_pool_provider_name": { - "$ref": "#/components/schemas/EmptyStringOrGoogleWorkloadIdentityPoolProviderName" - } + "NapBulkResponse": { + "description": "The Nap policy bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "Deployment": { - "type": "object", - "description": "Deployment specification.", + "NapSignatureMeta": { "required": [ - "id", - "organization_id", + "signature_id", "name", - "description", - "cloud", - "cloud_properties", - "nginx_config_id", - "nginx_config_version_id", - "status", - "created_at", - "modified_at", - "scale" + "attack_type" ], "properties": { - "id": { - "$ref": "#/components/schemas/DeploymentObjectID" - }, - "organization_id": { - "$ref": "#/components/schemas/NginxaasOrganizationID" - }, "name": { - "$ref": "#/components/schemas/DeploymentName" - }, - "description": { - "$ref": "#/components/schemas/NginxaasDescription" - }, - "cloud": { - "$ref": "#/components/schemas/DeploymentCloudName" - }, - "cloud_properties": { - "$ref": "#/components/schemas/DeploymentCloudProperties" - }, - "status": { - "$ref": "#/components/schemas/DeploymentStatus" - }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" - }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" - }, - "created_at": { - "type": "string", - "description": "Datetime when request to create deployment was received.", - "format": "date-time" - }, - "modified_at": { - "type": "string", - "description": "Datetime when deployment was last modified.", - "format": "date-time" - }, - "deleted_at": { - "type": "string", - "description": "Datetime when request to delete deployment was received.", - "format": "date-time" + "type": "string" }, - "waf_enabled": { - "$ref": "#/components/schemas/WafEnabled" + "signature_id": { + "type": "integer" }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" + "attack_type": { + "type": "string" } } }, - "DeploymentStatus": { - "type": "object", - "description": "Deployment status info.", - "required": [ - "nginx_target_version", - "provisioning_state", - "config_state" - ], - "properties": { - "nginx_target_version": { - "type": "string", - "description": "Target nginx version in deployment" - }, - "provisioning_state": { - "$ref": "#/components/schemas/DeploymentProvisioningState" - }, - "config_state": { - "$ref": "#/components/schemas/DeploymentConfigState" + "NapSignature": { + "description": "Detail information for NGINX App Protect signatures. Note: `description` is omitted for list operation.\n", + "allOf": [ + { + "$ref": "#/components/schemas/NapSignatureMeta" }, - "waf_version": { - "type": "string", - "description": "The WAF version currently active on the deployment. Only populated if WAF is enabled" + { + "type": "object", + "required": [ + "signature_type", + "risk", + "accuracy", + "has_cve", + "modified_at", + "systems" + ], + "properties": { + "accuracy": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_accuracy_high", + "nap_signature_accuracy_low", + "nap_signature_accuracy_medium" + ], + "type": "string" + }, + "description": { + "type": "string" + }, + "has_cve": { + "default": false, + "type": "boolean" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature was last modified." + }, + "references": { + "items": { + "required": [ + "type", + "value" + ], + "properties": { + "type": { + "default": "nessus", + "enum": [ + "bugtraq", + "cve", + "nessus", + "url" + ], + "x-enum-varnames": [ + "nap_signature_references_type_bugtrag", + "nap_signature_references_type_cve", + "nap_signature_references_type_nessus", + "nap_signature_references_type_url" + ], + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "risk": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_risk_high", + "nap_signature_risk_low", + "nap_signature_risk_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "request", + "response" + ], + "type": "string", + "x-enum-varnames": [ + "nap_signature_signature_type_request", + "nap_signature_signature_type_response" + ] + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" + } + } } + ], + "example": { + "signature_id": 123456789, + "name": "Example Signature", + "description": "This is an example signature.", + "signature_type": "request", + "attack_type": "SQL Injection", + "risk": "high", + "accuracy": "medium", + "has_cve": true, + "modified_at": "2023-10-01T12:00:00Z", + "references": [ + { + "type": "cve", + "value": "CVE-2023-12345" + } + ], + "systems": [ + "System A" + ] } }, - "DeploymentState": { + "NapSignatureSet": { "type": "object", - "description": "Deployment state info", "required": [ - "state", + "object_id", + "name", + "type", + "category", + "signature_count", + "accuracy", + "default_alarm", + "default_block", + "default_learn", + "systems", "modified_at" ], "properties": { - "state": { - "type": "string", - "description": "State name/value.", - "enum": [ - "deleting", - "failed", - "pending", - "ready", - "suspended" - ] - }, - "details": { - "type": "string", - "description": "State details.", - "maxLength": 256 + "object_id": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" }, - "modified_at": { - "type": "string", - "description": "Datetime of last state change.", - "format": "date-time" - } - } - }, - "DeploymentProvisioningState": { - "$ref": "#/components/schemas/DeploymentState" - }, - "DeploymentConfigState": { - "$ref": "#/components/schemas/DeploymentState" - }, - "DeploymentListResponse": { - "type": "object", - "description": "List of deployments.", - "required": [ - "count", - "items" - ], - "properties": { - "count": { - "description": "The total number of deployments returned.", - "type": "integer" + "name": { + "type": "string" }, - "items": { + "accuracy": { "type": "array", "items": { - "$ref": "#/components/schemas/Deployment" + "type": "string", + "enum": [ + "low", + "medium", + "high" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_low", + "nap_signature_set_accuracy_medium", + "nap_signature_set_accuracy_high" + ] } - } - } - }, - "DeploymentCreateRequest": { - "type": "object", - "description": "Request spec for creating a deployment.", - "required": [ - "name", - "cloud_properties", - "nginx_config_id", - "nginx_config_version_id", - "scale" - ], - "properties": { - "name": { - "$ref": "#/components/schemas/DeploymentName" - }, - "description": { - "$ref": "#/components/schemas/NginxaasDescription" - }, - "cloud_properties": { - "$ref": "#/components/schemas/CreateDeploymentCloudProperties" }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + "signature_count": { + "type": "integer" }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + "category": { + "enum": [ + "User-defined", + "Basic", + "Attack Type Specific" + ], + "x-enum-varnames": [ + "nap_signature_set_category_user_defined", + "nap_signature_set_category_basic", + "nap_signature_set_category_attack_type_specific" + ], + "type": "string" }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" + "default_alarm": { + "default": true, + "type": "boolean" }, - "waf_enabled": { - "$ref": "#/components/schemas/WafEnabled" - } - } - }, - "DeploymentUpdateRequest": { - "type": "object", - "description": "Request spec for updating a deployment.", - "properties": { - "description": { - "$ref": "#/components/schemas/NginxaasDescription" + "default_block": { + "default": true, + "type": "boolean" }, - "cloud_properties": { - "$ref": "#/components/schemas/UpdateDeploymentCloudProperties" + "default_learn": { + "default": true, + "type": "boolean" }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + "filter": { + "properties": { + "accuracy_filter": { + "default": "ge", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_filter_all", + "nap_signature_set_filter_accuracy_filter_eq", + "nap_signature_set_filter_accuracy_filter_ge", + "nap_signature_set_filter_accuracy_filter_le" + ], + "type": "string" + }, + "accuracy_value": { + "default": "all", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_value_all", + "nap_signature_set_filter_accuracy_value_high", + "nap_signature_set_filter_accuracy_value_low", + "nap_signature_set_filter_accuracy_value_medium" + ], + "type": "string" + }, + "attack_type": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "has_cve": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_have_cve_all", + "nap_signature_set_filter_have_cve_no", + "nap_signature_set_filter_have_cve_yes" + ], + "type": "string" + }, + "modified_at_filter": { + "default": "all", + "enum": [ + "after", + "all", + "before" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_modified_at_filter_after", + "nap_signature_set_filter_modified_at_filter_all", + "nap_signature_set_filter_modified_at_filter_before" + ], + "type": "string" + }, + "modified_at_value": { + "default": "1970-01-01", + "type": "string" + }, + "risk_filter": { + "default": "eq", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_filter_all", + "nap_signature_set_filter_risk_filter_eq", + "nap_signature_set_filter_risk_filter_ge", + "nap_signature_set_filter_risk_filter_le" + ], + "type": "string" + }, + "risk_value": { + "default": "low", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_value_all", + "nap_signature_set_filter_risk_value_high", + "nap_signature_set_filter_risk_value_low", + "nap_signature_set_filter_risk_value_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "all", + "request", + "response" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_signature_type_all", + "nap_signature_set_filter_signature_type_request", + "nap_signature_set_filter_signature_type_response" + ], + "type": "string" + }, + "user_defined_filter": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_user_defined_filter_all", + "nap_signature_set_filter_user_defined_filter_no", + "nap_signature_set_filter_user_defined_filter_yes" + ], + "type": "string" + } + }, + "type": "object" }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature-set was last modified." }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" + "systems": { + "items": { + "type": "string" + }, + "type": "array" }, - "waf_enabled": { - "$ref": "#/components/schemas/WafEnabled" - } - } - }, - "WafEnabled": { - "type": "boolean", - "description": "Whether WAF is enabled for the deployment." - }, - "AWSAccountID": { - "type": "string", - "description": "AWS Account ID.", - "pattern": "^[0-9]{12}$" - }, - "AWSVpcID": { - "type": "string", - "description": "AWS VPC ID.", - "pattern": "^vpc-[a-z0-9]{8,17}$" - }, - "AWSVpcEndpointID": { - "type": "string", - "description": "AWS VPC Endpoint ID.", - "pattern": "^vpce-[a-z0-9]{8,17}$" - }, - "AWSIPv4CIDRBlock": { - "type": "string", - "description": "IPv4 CIDR block for the deployment VPC. Must be /22 - /18 in size and cannot be within any of these ranges: 0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 224.0.0.0/4, 172.17.0.0/16\n", - "format": "ipv4-cidr" - }, - "AWSIPv6CIDRBlock": { - "type": "string", - "description": "IPv6 CIDR block for the deployment VPC.", - "format": "cidr" - }, - "AWSVpcPeeringConnectionID": { - "type": "string", - "description": "AWS VPC peering connection ID.", - "pattern": "^pcx-[a-z0-9]{8,17}$" - }, - "AWSPrivateLinkServiceEndpointName": { - "type": "string", - "description": "The name of the AWS PrivateLink service endpoint for the deployment." - }, - "AWSRegion": { - "type": "string", - "description": "AWS region", - "minLength": 3, - "maxLength": 63, - "pattern": "^[a-z][-a-z0-9]*?$", - "example": "us-west-2" - }, - "AWSRoleARN": { - "type": "string", - "description": "Amazon Resource Name (ARN) for an IAM role", - "maxLength": 255, - "pattern": "^arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role(?:/[-a-zA-Z0-9+=,.@_]+)+$", - "example": "arn:aws:iam::123456789012:role/NGINXaaS" - }, - "EmptyStringOrAWSRoleARN": { - "type": "string", - "description": "Amazon Resource Name (ARN) for an IAM role, allowing empty strings", - "maxLength": 255, - "pattern": "^(?:|arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role(?:/[-a-zA-Z0-9+=,.@_]+)+)$" - }, - "AWSIdentity": { - "type": "object", - "description": "Identity info for an AWS-based deployment", - "properties": { - "customer_role_arn": { - "description": "The ARN of the IAM role created by the customer for NGINXaaS to assume.\n", - "allOf": [ - { - "$ref": "#/components/schemas/AWSRoleARN" - } - ] + "type": { + "default": "filter-based", + "enum": [ + "filter-based", + "manual" + ], + "x-enum-varnames": [ + "nap_signature_set_type_filter_based", + "nap_signature_set_type_manual" + ], + "type": "string" } + }, + "example": { + "default_block": true, + "default_learn": true, + "signature_count": 0, + "filter": { + "accuracy_value": "all", + "accuracy_filter": "all", + "attack_type": { + "name": "XML External Entities (XXE)" + }, + "risk_filter": "all", + "has_cve": "all", + "user_defined_filter": "all", + "risk_value": "all", + "modified_at_filter": "all", + "signature_type": "request" + }, + "assign_to_policy_by_default": false, + "default_alarm": true, + "accuracy": [], + "type": "filter-based", + "name": "XML External Entities (XXE) Signatures", + "object_id": "sigset_-ZMshmi83MBL97dr5d0a9w", + "category": "User-defined", + "modified_at": "2023-08-10T16:59:15Z", + "systems": [] } }, - "CreateAWSIdentity": { + "NapSignatureListResponse": { "allOf": [ { - "$ref": "#/components/schemas/AWSIdentity" + "$ref": "#/components/schemas/PaginationResponse" }, { + "type": "object", "required": [ - "customer_role_arn" - ] - } - ] - }, - "UpdateAWSIdentity": { - "type": "object", - "description": "Identity info for an AWS-based deployment", - "properties": { - "customer_role_arn": { - "description": "The ARN of the IAM role created by the customer for NGINXaaS to assume, or empty string to remove an existing role.\n", - "allOf": [ - { - "$ref": "#/components/schemas/EmptyStringOrAWSRoleARN" + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect signatures.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignature" + } } - ] - } - } - }, - "AWSFrontendInfo": { - "type": "object", - "description": "AWS frontend info returned in a deployment response.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/AWSPrivateEndpoint" - }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/ManagedPublicEndpoint" - } - } - }, - "CreateAWSFrontendInfo": { - "type": "object", - "description": "AWS frontend info used in a create request.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/AWSPrivateEndpoint" - }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/CreateManagedPublicEndpoint" - } - } - }, - "UpdateAWSFrontendInfo": { - "type": "object", - "description": "AWS frontend info used in an update request.", - "minProperties": 1, - "maxProperties": 1, - "additionalProperties": false, - "properties": { - "private_endpoint": { - "$ref": "#/components/schemas/AWSPrivateEndpoint" - }, - "managed_public_endpoint": { - "$ref": "#/components/schemas/UpdateManagedPublicEndpoint" - } - } - }, - "AWSPrivateEndpoint": { - "type": "object", - "description": "AWS private endpoint info returned in a deployment response.", - "properties": { - "private_link_service_endpoint_name": { - "$ref": "#/components/schemas/AWSPrivateLinkServiceEndpointName", - "readOnly": true - }, - "private_link_connection_allow_list": { - "$ref": "#/components/schemas/AWSPrivateLinkConnectionAllowList" + } } - } + ] }, - "AWSPrivateLinkConnectionAllowListItem": { - "type": "string", - "description": "An item in the allow list for AWS PrivateLink connections.", - "oneOf": [ + "NapSignatureSetListResponse": { + "allOf": [ { - "$ref": "#/components/schemas/AWSAccountID" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/AWSVpcEndpointID" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect signature sets.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureSet" + } + } + } } ] }, - "AWSPrivateLinkConnectionAllowList": { - "type": "array", - "description": "List of AWS Account IDs or VPC Endpoint IDs that are allowed to connect. The list must contain either all account IDs or all VPC endpoint IDs (cannot mix). An empty list indicates no connections should be allowed.\n", - "items": { - "$ref": "#/components/schemas/AWSPrivateLinkConnectionAllowListItem" - }, - "minItems": 0, - "maxItems": 20 - }, - "AWSVpcPeeringConnections": { - "type": "array", - "description": "List of AWS VPC peering connections between the deployment VPC and upstream network VPCs.", - "items": { - "$ref": "#/components/schemas/AWSVpcPeeringConnectionID" - }, - "minItems": 0, - "maxItems": 20 - }, - "AWSDeploymentProperties": { - "type": "object", - "description": "AWS deployment properties.", - "required": [ - "region", - "ipv4_cidr_block", - "frontend", - "account_id", - "vpc_id", - "ipv6_cidr_block", - "vpc_peering_connections" - ], - "properties": { - "region": { - "$ref": "#/components/schemas/AWSRegion" - }, - "ipv4_cidr_block": { - "$ref": "#/components/schemas/AWSIPv4CIDRBlock" - }, - "frontend": { - "$ref": "#/components/schemas/AWSFrontendInfo" - }, - "identity": { - "$ref": "#/components/schemas/AWSIdentity" - }, - "vpc_peering_connections": { - "$ref": "#/components/schemas/AWSVpcPeeringConnections" - }, - "account_id": { - "$ref": "#/components/schemas/AWSAccountID", - "readOnly": true - }, - "vpc_id": { - "$ref": "#/components/schemas/AWSVpcID", - "readOnly": true - }, - "ipv6_cidr_block": { - "$ref": "#/components/schemas/AWSIPv6CIDRBlock", - "readOnly": true - } - } - }, - "CreateAWSDeploymentProperties": { - "type": "object", - "description": "AWS deployment properties used in a create request.", - "required": [ - "region", - "ipv4_cidr_block", - "frontend" + "FilterNameNapLogProfile": { + "type": "string", + "description": "Keywords for NGINX App Protect log profile filters.\n", + "enum": [ + "name", + "object_id", + "deployment_status" ], - "properties": { - "region": { - "$ref": "#/components/schemas/AWSRegion" - }, - "ipv4_cidr_block": { - "$ref": "#/components/schemas/AWSIPv4CIDRBlock" - }, - "frontend": { - "$ref": "#/components/schemas/CreateAWSFrontendInfo" - }, - "identity": { - "$ref": "#/components/schemas/CreateAWSIdentity" - } - } + "x-enum-varnames": [ + "filter_name_nap_log_profile_name", + "filter_name_nap_log_profile_object_id", + "filter_name_nap_log_profile_deployment_status" + ] }, - "UpdateAWSDeploymentProperties": { - "type": "object", - "description": "AWS deployment properties used in an update request.", - "properties": { - "frontend": { - "$ref": "#/components/schemas/UpdateAWSFrontendInfo" - }, - "identity": { - "$ref": "#/components/schemas/UpdateAWSIdentity" - }, - "vpc_peering_connections": { - "$ref": "#/components/schemas/AWSVpcPeeringConnections" - } - } + "IsF5Default": { + "type": "boolean", + "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)." }, - "DeploymentObjectID": { + "FilterNameNapLogProfileDeployment": { "type": "string", - "description": "A globally unique identifier for the deployment.", - "format": "object_id", - "pattern": "^depl_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] }, - "NginxaasOrganizationID": { + "FilterNameNapPolicy": { "type": "string", - "description": "NGINXaaS organization id", - "format": "object_id", - "pattern": "^org_.*", - "example": "org_FsFgfeDtScOjGbQJDaVNiQ", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", + "enum": [ + "name", + "enforcement_mode", + "object_id", + "deployment_enforcement_mode", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id", + "filter_name_nap_policy_deployment_enforcement_mode", + "filter_name_nap_policy_deployment_status" + ] }, - "NginxaasDescription": { + "FilterNameNapPolicyDeployment": { "type": "string", - "description": "Description of a resource.", - "maxLength": 256, - "example": "My example description" + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] }, - "NginxaasNginxConfigObjectID": { + "FilterNameNapPolicyVersion": { "type": "string", - "description": "A globally unique identifier for the NGINX config.", - "format": "object_id", - "pattern": "^cfg_.*", - "example": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", + "enum": [ + "deployment_status", + "enforcement_mode", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" + ] }, - "NginxaasNginxConfigVersionObjectID": { + "NapGlobalSettingObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", "type": "string", - "description": "NGINX config version object id", "format": "object_id", - "pattern": "^cv_.*", - "example": "cv_DrRnpntTRpGOxaroQ6aOFg", + "pattern": "^gs_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "ObservabilityMetricsRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "description": "Array of observed metrics.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/ObservedMetric" - } - } - } - }, - "ObservedMetric": { - "description": "Details for a single observed metric.", - "type": "object", - "required": [ - "name", - "timestamp", - "unit", - "value" - ], - "properties": { - "name": { - "type": "string", - "example": "cpuUsage" - }, - "timestamp": { - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "unit": { - "type": "string", - "example": "%" - }, - "value": { - "type": "number", - "example": 80 - } - }, - "example": { - "name": "cpuUsage", - "timestamp": "2019-08-07T09:57:30Z", - "unit": "%", - "value": 80 - } - }, - "ModelConfigurationResponse": { - "description": "Model configuration details.", - "type": "object", - "required": [ - "loadModelUID", - "numberOfInstances", - "systemIDs" - ], - "properties": { - "loadModelUID": { - "type": "string", - "format": "uuid", - "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" - }, - "numberOfInstances": { - "type": "integer", - "example": 5 - }, - "systemIDs": { - "description": "Array of system IDs associated with the load model.", - "type": "array", - "items": { - "type": "string", - "format": "uuid" - }, - "minItems": 1, - "uniqueItems": true - } - } - }, "TemplateName": { "type": "string", "description": "The name of the template.\nMust be suitable for use as a file name and as an NGINX configuration include.\nOnly alphanumeric characters, underscores (single not double), dashes, and dots are allowed.\nNo spaces, slashes, or special characters.\n", @@ -20418,6 +16427,9 @@ }, "state": { "$ref": "#/components/schemas/TemplateVersionState" + }, + "directives_to_parse": { + "$ref": "#/components/schemas/DirectivesToParse" } }, "example": { @@ -20438,6 +16450,9 @@ }, "state": { "$ref": "#/components/schemas/TemplateVersionState" + }, + "directives_to_parse": { + "$ref": "#/components/schemas/DirectivesToParse" } }, "example": { @@ -20525,11 +16540,10 @@ }, "TemplateImportRequest": { "type": "object", - "description": "A request to import a template into the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", + "description": "A request to import a template into the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Making Templates Extensible](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates/#making-templates-extensible) for a complete list of supported functions.\n\n**Manifest support:** If the archive contains a `manifest.yaml` (or `manifest.yml`) at its root, the `type`\nand `allowed_in_contexts` values will be derived from the manifest, overriding any form field values provided\nin the request. The manifest must list all files it references; if any are missing from the archive, the\nrequest will be rejected with a 400 error.\n\nInclude files in the archive may use relative paths (e.g. `conf.d/foo.conf`) to preserve directory\nstructure in the rendered NGINX configuration output.\n", "required": [ "name", - "file", - "type" + "file" ], "properties": { "name": { @@ -20537,12 +16551,13 @@ }, "file": { "type": "string", - "description": "A .tar.gz archive containing a template and any necessary supporting files for generating an NGINX configuration.\n\nThe archive must include the following at its root:\n- A template file (e.g., reverse_proxy_base.tmpl) written in valid Go template syntax for NGINX.\n- If the template uses input variables, a schema file is also required. This file defines and validates the expected input data.\n- The schema file could be a JSON schema or YAML (e.g., schema.json, schema.yaml).\n\nFile structure:\n├── reverse_proxy_base.tmpl # Required Go template file\n├── schema.json or schema.yaml # Required only if input variables are used\n", + "description": "A .tar.gz archive containing a template and any necessary supporting files for generating an NGINX configuration.\n\nThe archive must include the following at its root:\n- A template file (e.g., reverse_proxy_base.tmpl) written in valid Go template syntax for NGINX.\n- If the template uses input variables, a schema file is also required. This file defines and validates the expected input data.\n- The schema file could be a JSON schema or YAML (e.g., schema.json, schema.yaml).\n- Optionally, a `manifest.yaml` file that declares metadata (type, allowed contexts) and the list of files.\n\nInclude files may be placed in subdirectories to preserve directory structure in the\nrendered output (e.g. `conf.d/upstream.conf`).\n\nFile structure:\n├── manifest.yaml # Optional: provides type, allowed_in_contexts, file listing\n├── reverse_proxy_base.tmpl # Required Go template file\n├── schema.json or schema.yaml # Required only if input variables are used\n├── conf.d/ # Optional subdirectories for include files\n│ └── upstream.conf\n", "format": "binary", "maxLength": 1000000, "example": "template.tar.gz" }, "type": { + "description": "The type of template (`base` or `augment`). Required when the archive does not contain a `manifest.yaml`; \noptional when the archive contains a `manifest.yaml` that specifies the type, in which case the manifest \nvalue takes precedence.\n", "$ref": "#/components/schemas/TemplateType" }, "description": { @@ -20550,10 +16565,13 @@ }, "allowed_in_contexts": { "type": "array", - "description": "Required when type is `augment`. Specifies the full hierarchical context path(s) within the NGINX configuration where the augment template output can be placed.\n", + "description": "Required when type is `augment`. Specifies the full hierarchical context path(s) within the NGINX configuration where the augment template output can be placed.\nCan also be derived from the `manifest.yaml` if present in the archive.\n", "items": { "$ref": "#/components/schemas/TemplateContextPath" } + }, + "directives_to_parse": { + "$ref": "#/components/schemas/DirectivesToParse" } } }, @@ -20652,6 +16670,9 @@ "allowed_in_contexts": [ "http/server/location" ], + "directives_to_parse": [ + "limit_req" + ], "augment_includes": [], "created_at": "2026-09-01T12:00:00Z", "modified_at": "2026-09-15T14:30:00Z" @@ -20788,6 +16809,9 @@ "$ref": "#/components/schemas/TemplateContextPath" } }, + "directives_to_parse": { + "$ref": "#/components/schemas/DirectivesToParse" + }, "augment_includes": { "type": "array", "description": "Lists the explicit hierarchical context paths within the NGINX configuration where augment template output can be injected.\n\nEach entry corresponds to a location in the template where an `augment_includes` function is used, indicating a supported point for augment insertion (e.g., \"http/server\", \"stream/server\").\n", @@ -20797,6 +16821,17 @@ } } }, + "DirectivesToParse": { + "type": "array", + "description": "Applicable when type is `augment`. Specifies explicit directive(s) used in the augment template that can be parsed within the allowed in context(s).\n\nUsed for input value extraction when generating configuration snippets.\n", + "items": { + "type": "string", + "minLength": 1, + "maxLength": 150, + "pattern": "^[a-zA-Z]([a-zA-Z0-9_])*$", + "example": "listen" + } + }, "TemplateSummary": { "description": "A summary of a template object, including its metadata, allowed contexts and augment includes.\n", "allOf": [ @@ -20843,10 +16878,10 @@ "properties": { "name": { "type": "string", - "description": "The name of a file inside a template archive (.tar.gz). File names must not be absolute paths or contain directory traversal components. For safety, leading slashes or \"..\" are not allowed.\n", + "description": "The name of a file inside a template. Must be a relative path without absolute prefixes or directory traversal components (\"..\"). File names must not contain subdirectory components unless the file type is `include`, which may use relative paths to preserve directory structure in the rendered NGINX configuration output (e.g. `conf.d/upstream.conf`).\n", "minLength": 1, "maxLength": 255, - "pattern": "^[a-zA-Z0-9_.\\-\\/]+$", + "pattern": "^[a-zA-Z0-9_.\\-][a-zA-Z0-9_.\\-\\/]*$", "example": "gzip-http.tmpl" }, "contents": { @@ -20910,7 +16945,7 @@ } }, "TemplateCreationRequest": { - "description": "A request to create a template in the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", + "description": "A request to create a template in the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Making Templates Extensible](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates/#making-templates-extensible) for a complete list of supported functions.\n", "type": "object", "allOf": [ { @@ -21037,7 +17072,7 @@ }, "TemplateSnippetRenderRequest": { "type": "object", - "description": "Defines a request to render a snippet of NGINX configuration for a specific template as standalone, without the need for a base template.\n\n### Validations and Constraints:\n- The template must specify its `target_context`.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template's Schema.\n\n### Processing:\n- The system validates that the template is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Template Function Reference](https://yourdocs.com/templates/functions)\n - [Template Authoring Guide](https://yourdocs.com/templates/guide)\n", + "description": "Defines a request to render a snippet of NGINX configuration for a specific template as standalone, without the need for a base template.\n\n### Validations and Constraints:\n- The template must specify its `target_context`.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template's Schema.\n\n### Processing:\n- The system validates that the template is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Making Templates Extensible](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates/#making-templates-extensible)\n - [Authoring Templates](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates)\n", "required": [ "values", "target_context" @@ -21063,7 +17098,7 @@ }, "TemplateSubmissionRequest": { "type": "object", - "description": "Defines a request to render an NGINX configuration by combining a single base template \nwith zero or more augment templates.\n\n### Validations and Constraints:\n- All templates referenced by Object ID must be available in the system before submission.\n- Only one base template can be submitted.\n- The base template must explicitly use custom Go function `augment_includes (\"\", .)` to apply `augments`.\n- Its not required to include all augments in the request that base template supports.\n- The order of augments in the list determines the order in which they are rendered and applied.\n- Each augment must specify its `target_context`, indicating where it should be applied in \n the base template.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template’s Schema.\n- The `payloads` for auxiliary files only accepts types of `managed_certificate` and `managed_key`.\n\n### Processing:\n- The `base_template` defines the starting point of the NGINX configuration rendering.\n- `conf_path` determines where the rendered configuration from base and augments should be placed within the NGINX directory structure.\n- Each `augment` template is applied in the order provided, inserted at the appropriate target context\n using the `augment_includes (\"\", .)` function declared in the base template.\n- The system validates that each augment is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Template Function Reference](https://yourdocs.com/templates/functions)\n - [Template Authoring Guide](https://yourdocs.com/templates/guide)\n", + "description": "Defines a request to render an NGINX configuration by combining a single base template \nwith zero or more augment templates.\n\n### Validations and Constraints:\n- All templates referenced by Object ID must be available in the system before submission.\n- Only one base template can be submitted.\n- The base template must explicitly use custom Go function `augment_includes (\"\", .)` to apply `augments`.\n- Its not required to include all augments in the request that base template supports.\n- The order of augments in the list determines the order in which they are rendered and applied.\n- Each augment must specify its `target_context`, indicating where it should be applied in \n the base template.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template’s Schema.\n- The `payloads` for auxiliary files only accepts types of `managed_certificate` and `managed_key`.\n\n### Processing:\n- The `base_template` defines the starting point of the NGINX configuration rendering.\n- `conf_path` determines where the rendered configuration from base and augments should be placed within the NGINX directory structure.\n- Each `augment` template is applied in the order provided, inserted at the appropriate target context\n using the `augment_includes (\"\", .)` function declared in the base template.\n- The system validates that each augment is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Making Templates Extensible](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates/#making-templates-extensible)\n - [Authoring Templates](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/author-templates)\n", "required": [ "conf_path", "base_template", @@ -21239,9 +17274,10 @@ }, "target_label": { "type": "string", - "description": "Optional label that identifies a specific section in the base template hierarchy (e.g., \"primary\").\n\nIf provided, the value must match the label parameter used by the base template’s `augment_includes` functions; otherwise, the augment will not be applied.\n", + "description": "Optional label that identifies a specific section in the base template hierarchy (e.g., \"primary\").\n\nIf provided, the value must match the label parameter used by the base template’s `augment_includes` functions; otherwise, the augment will not be applied.\n\nThe label is used to construct the augment output file name, so only alphanumeric characters, underscores, dots, and dashes are allowed. No spaces, slashes, or other path separators.\n", "minLength": 1, - "maxLength": 25 + "maxLength": 25, + "pattern": "^[a-zA-Z0-9_.-]+$" }, "child_augments": { "type": "array", @@ -21679,16 +17715,6 @@ "filter_name_submissions_object_id" ] }, - "FilterNameTemplateVersions": { - "type": "string", - "description": "Keywords for config template versions filters.\n", - "enum": [ - "object_id" - ], - "x-enum-varnames": [ - "filter_name_template_versions_object_id" - ] - }, "StagedConfigSubmission": { "type": "object", "required": [ @@ -21719,34 +17745,26 @@ } } }, - "EventRequestOutcome": { + "FilterNameTemplateVersions": { "type": "string", - "description": "Binary outcome of WAF processing for the request.", + "description": "Keywords for config template versions filters.\n", "enum": [ - "passed", - "rejected" + "object_id" ], "x-enum-varnames": [ - "request_outcome_passed", - "request_outcome_rejected" + "filter_name_template_versions_object_id" ] }, - "EventLevel": { + "EventRequestOutcome": { "type": "string", - "description": "Log level classification for the security event.\nFollows standard logging convention for severity.\n", + "description": "Binary outcome of WAF processing for the request.", "enum": [ - "DEBUG", - "INFO", - "WARNING", - "ERROR", - "CRITICAL" + "passed", + "rejected" ], "x-enum-varnames": [ - "event_level_debug", - "event_level_info", - "event_level_warning", - "event_level_error", - "event_level_critical" + "request_outcome_passed", + "request_outcome_rejected" ] }, "SignatureAccuracy": { @@ -21779,28 +17797,6 @@ "signature_risk_critical" ] }, - "HttpMethod": { - "type": "string", - "description": "HTTP request method.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE", - "PATCH", - "HEAD", - "OPTIONS" - ], - "x-enum-varnames": [ - "http_method_get", - "http_method_post", - "http_method_put", - "http_method_delete", - "http_method_patch", - "http_method_head", - "http_method_options" - ] - }, "RequestStatus": { "type": "string", "description": "WAF enforcement decision for the request.", @@ -21900,42 +17896,6 @@ "filter_operator_not" ] }, - "Filter": { - "type": "array", - "description": "Pre-aggregation filter conditions.\nAll filters are combined with AND logic.\nUse the `in` operator to achieve `OR` within a single dimension.\n", - "items": { - "$ref": "#/components/schemas/AttacksFilter" - }, - "default": [] - }, - "AttacksFilter": { - "type": "object", - "description": "A single filter condition on a dimension.\n", - "required": [ - "field", - "operator", - "values" - ], - "properties": { - "field": { - "$ref": "#/components/schemas/AttacksDimensionField" - }, - "operator": { - "$ref": "#/components/schemas/FilterOperator" - }, - "values": { - "type": "array", - "description": "Values to filter by.\n- For `=` and `!=`: only the first value is used\n- For `in` and `not`: all values are used\n\nNote: IP filtering uses exact match only; CIDR notation is not supported.\n", - "items": { - "type": "string" - }, - "minItems": 1, - "example": [ - "blocked" - ] - } - } - }, "SortOrderDirection": { "type": "string", "description": "Sort direction for query results.", @@ -22087,18 +18047,6 @@ } } }, - "BaseAnalyticsResponse": { - "type": "object", - "description": "Base response wrapper for analytics queries.\nContains query metadata and is extended by specific response types.\n", - "required": [ - "query_metadata" - ], - "properties": { - "query_metadata": { - "$ref": "#/components/schemas/QueryMetadata" - } - } - }, "AttacksQueryRequest": { "allOf": [ { @@ -23860,53 +19808,115 @@ "description": "Deduplication version timestamp assigned for storage-level upsert/deduplication.", "example": "2026-03-23T19:33:32.284Z" }, - "event_id": { - "type": "string", - "description": "Unique event identifier.", - "example": "4nNhnUFf23Zf4PExDYtcYZUkfHlyW48JouApQkxFqzo=" + "event_id": { + "type": "string", + "description": "Unique event identifier.", + "example": "4nNhnUFf23Zf4PExDYtcYZUkfHlyW48JouApQkxFqzo=" + } + } + }, + "SourceType": { + "type": "string", + "description": "Source type of the billing usage event.\n* `SOURCE_TYPE_NGINX_ONE` - NGINX One\n* `SOURCE_TYPE_NIM` - NGINX Instance Manager\n", + "enum": [ + "SOURCE_TYPE_NGINX_ONE", + "SOURCE_TYPE_NIM" + ], + "x-enum-varnames": [ + "source_type_nginx_one", + "source_type_nim" + ], + "example": "SOURCE_TYPE_NGINX_ONE" + }, + "NAPStatus": { + "type": "string", + "description": "NGINX App Protect status of the instance.\n* `NAP_STATUS_INACTIVE_OR_UNSPECIFIED` - Not specified or inactive\n* `NAP_STATUS_ACTIVE` - Active\n", + "enum": [ + "NAP_STATUS_INACTIVE_OR_UNSPECIFIED", + "NAP_STATUS_ACTIVE" + ], + "x-enum-varnames": [ + "nap_status_inactive_or_unspecified", + "nap_status_active" + ], + "example": "NAP_STATUS_ACTIVE" + }, + "ProductType": { + "type": "string", + "description": "Deployment product type.\n* `PRODUCT_TYPE_UNSPECIFIED` - Not specified is treated as being NGINX+\n* `PRODUCT_TYPE_NIC` - NGINX Ingress Controller\n* `PRODUCT_TYPE_NGF` - NGINX Gateway Fabric\n", + "enum": [ + "PRODUCT_TYPE_UNSPECIFIED", + "PRODUCT_TYPE_NIC", + "PRODUCT_TYPE_NGF" + ], + "x-enum-varnames": [ + "product_type_unspecified", + "product_type_nic", + "product_type_ngf" + ], + "example": "PRODUCT_TYPE_NIC" + }, + "HttpUsage": { + "type": "object", + "properties": { + "client": { + "allOf": [ + { + "$ref": "#/components/schemas/UsageMetrics" + }, + { + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 + } + } + } + ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "StreamUsage": { + "type": "object", + "properties": { + "client": { + "$ref": "#/components/schemas/UsageMetrics" + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "UsageMetrics": { + "type": "object", + "properties": { + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 + }, + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 + }, + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 } } }, - "SourceType": { - "type": "string", - "description": "Source type of the billing usage event.\n* `SOURCE_TYPE_NGINX_ONE` - NGINX One\n* `SOURCE_TYPE_NIM` - NGINX Instance Manager\n", - "enum": [ - "SOURCE_TYPE_NGINX_ONE", - "SOURCE_TYPE_NIM" - ], - "x-enum-varnames": [ - "source_type_nginx_one", - "source_type_nim" - ], - "example": "SOURCE_TYPE_NGINX_ONE" - }, - "NAPStatus": { - "type": "string", - "description": "NGINX App Protect status of the instance.\n* `NAP_STATUS_INACTIVE_OR_UNSPECIFIED` - Not specified or inactive\n* `NAP_STATUS_ACTIVE` - Active\n", - "enum": [ - "NAP_STATUS_INACTIVE_OR_UNSPECIFIED", - "NAP_STATUS_ACTIVE" - ], - "x-enum-varnames": [ - "nap_status_inactive_or_unspecified", - "nap_status_active" - ], - "example": "NAP_STATUS_ACTIVE" + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" }, - "ProductType": { - "type": "string", - "description": "Deployment product type.\n* `PRODUCT_TYPE_UNSPECIFIED` - Not specified is treated as being NGINX+\n* `PRODUCT_TYPE_NIC` - NGINX Ingress Controller\n* `PRODUCT_TYPE_NGF` - NGINX Gateway Fabric\n", - "enum": [ - "PRODUCT_TYPE_UNSPECIFIED", - "PRODUCT_TYPE_NIC", - "PRODUCT_TYPE_NGF" - ], - "x-enum-varnames": [ - "product_type_unspecified", - "product_type_nic", - "product_type_ngf" - ], - "example": "PRODUCT_TYPE_NIC" + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" } }, "examples": { @@ -24010,539 +20020,6 @@ ] } }, - "NginxUsageTrackingRequest": { - "value": { - "version": "1.25.3", - "hostname": "nginx-plus-r30", - "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", - "nap": "inactive", - "http": { - "client": { - "received": 0, - "sent": 0, - "connections": 0, - "requests": 0 - }, - "upstream": { - "received": 0, - "sent": 0, - "connections": 0 - } - }, - "stream": { - "client": { - "received": 0, - "sent": 0, - "connections": 0 - }, - "upstream": { - "received": 0, - "sent": 0, - "connections": 0 - } - }, - "deployment": { - "integration": "nic", - "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", - "cluster_node_count": 5, - "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" - }, - "workers": 2, - "uptime": 120, - "reloads": 0, - "start_time": 0, - "end_time": 0 - } - }, - "NginxUsageTrackingBatchRequest": { - "value": [ - { - "version": "1.25.3", - "hostname": "nginx-plus-r30-1", - "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", - "nap": "inactive", - "http": { - "client": { - "received": 1000, - "sent": 2000, - "connections": 10, - "requests": 50 - }, - "upstream": { - "received": 1500, - "sent": 1000, - "connections": 5 - } - }, - "stream": { - "client": { - "received": 0, - "sent": 0, - "connections": 0 - }, - "upstream": { - "received": 0, - "sent": 0, - "connections": 0 - } - }, - "deployment": { - "integration": "nic", - "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", - "cluster_node_count": 5, - "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" - }, - "workers": 2, - "uptime": 3600, - "reloads": 1, - "start_time": 1704067200, - "end_time": 1704070800 - }, - { - "version": "1.25.4", - "hostname": "nginx-plus-r30-2", - "uuid": "a1b2c3d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6", - "nap": "active", - "http": { - "client": { - "received": 5000, - "sent": 10000, - "connections": 50, - "requests": 250 - }, - "upstream": { - "received": 7500, - "sent": 5000, - "connections": 25 - } - }, - "stream": { - "client": { - "received": 100, - "sent": 200, - "connections": 2 - }, - "upstream": { - "received": 150, - "sent": 100, - "connections": 1 - } - }, - "deployment": { - "integration": "nic", - "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", - "cluster_node_count": 5, - "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" - }, - "workers": 4, - "uptime": 7200, - "reloads": 2, - "start_time": 1704067200, - "end_time": 1704070800 - } - ] - }, - "ChatbotRequest": { - "value": { - "messages": [ - { - "role": "user", - "content": "What is a dog and a cat?" - } - ] - } - }, - "ChatbotResponse": { - "value": { - "id": "cmpl-8a17ba557d904b2287bbf4e1ae22433b", - "object": "text_completion", - "created": "2023-10-01T00:00:00Z", - "choices": [ - { - "index": 0, - "text": "\n\nA dog is a domesticated mammal, a member of the species Canis lupus familiaris. Dogs are often referred to as \"man's best friend\" due to their long history of companionship with humans. They are highly social animals and thrive on interaction with their human families and other dogs. Dogs come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nA cat is a domesticated mammal, a member of the Felidae family. Cats are often independent and self-sufficient animals, but they also enjoy companionship with their human families and other cats. They are agile and graceful animals, known for their ability to jump high and climb trees. Cats come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nBoth dogs and cats have been domesticated for thousands of years and have become beloved companions for many people around the world. They each have their unique personalities and needs, and choosing between a dog and a cat ultimately comes down to personal preference and lifestyle." - } - ] - } - }, - "ChatbotFeedback": { - "value": { - "response_id": "chatcmpl-123", - "is_positive": false, - "message": "freeform evaluation", - "tags": { - "inaccurate": false, - "unhelpful": true, - "formatting": false, - "time": true, - "other": false - } - } - }, - "DeploymentListResponse": { - "value": { - "count": 3, - "items": [ - { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-6zyc64jkr0uxnoeclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - }, - { - "id": "depl_DrRnpntTRpGOxaroQ6aOFg", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-bar", - "description": "test w/ network attachment from project bar", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "eu-west-1", - "project_id": "depl-drrnpnttrpgoxaroq6aofg", - "network_attachment": "projects/bar/regions/us-east1/networkAttachments/bar", - "frontend": { - "private_endpoint": { - "service_attachment_accept_list": [ - "project-id1", - "project-id2" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 20 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "failed", - "details": "network attachment 'bar' not found", - "modified_at": "2025-03-31T11:03:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T11:00:00Z", - "modified_at": "2025-03-31T11:03:00Z" - }, - { - "id": "depl_4zYc35JKR0uxnoBcLH1gGA", - "organization_id": "org_AxFgfeDtScOjGbQJDaRHiQ", - "name": "tst-max", - "description": "", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-4zyc35jkr0uxnobclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-1/networks/vpc-net1", - "projects/project-2/networks/vpc-net2" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 100 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - ] - } - }, - "DeploymentCreateRequest": { - "value": { - "name": "tst-foo", - "description": "", - "cloud_properties": { - "google": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment_accept_list": [ - "project-foo", - "project-bar" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - } - } - }, - "DeploymentCreateResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-6zyc64jkr0uxnoeclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment_accept_list": [ - "project-foo", - "project-bar" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "status": { - "nginx_target_version": "", - "provisioning_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "scale": { - "capacity": 10 - }, - "created_at": "2025-03-31T10:05:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentGetResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-6zyc64jkr0uxnoeclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-foo/networks/vpc-foo", - "projects/project-bar/networks/vpc-bar" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentUpdateRequest": { - "value": { - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud_properties": { - "google": { - "frontend": { - "private_endpoint": { - "service_attachment_accept_list": [] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA" - } - }, - "DeploymentUpdateResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-6zyc64jkr0uxnoeclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentDeleteResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud": "google", - "cloud_properties": { - "google": { - "region": "us-east1", - "project_id": "depl-6zyc64jkr0uxnoeclh1gga", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "frontend": { - "private_endpoint": { - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-foo/networks/vpc-foo", - "projects/project-bar/networks/vpc-bar" - ] - } - } - } - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "nginx_target_version": "nginx-plus-r35", - "provisioning_state": { - "state": "deleting", - "details": "", - "modified_at": "2025-03-31T10:15:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z", - "deleted_at": "2025-03-31T10:15:00Z" - } - }, - "ModelConfiguration": { - "value": { - "loadModelUID": "f038dca0-b55c-410a-95a6-b9f876792ce8", - "numberOfInstances": 5, - "systemIDs": [ - "4c6941c2-013c-4fd3-a6d2-f9a0cd3f9171", - "8a5520d7-9bfb-44ee-b441-1deb6ddf6247", - "3e106049-fbfa-4004-a049-cf90cc420b0e", - "bbd4c6a0-d7ed-432a-a6e2-eb0d2b602aaf", - "d7bc43f5-d31b-4a3a-b0c7-e1ca4e3d33da" - ] - } - }, "SubmissionWithPreviewOnly": { "value": { "conf_path": "/etc/nginx/nginx.conf", @@ -24713,56 +20190,6 @@ "http" ] } - }, - "BillingUsageEventsByTokenIdResponse": { - "summary": "List of billing usage events for a JWT token ID", - "value": { - "total": 1, - "count": 1, - "start_index": 0, - "items_per_page": 100, - "items": [ - { - "nginx_uid": "b84b6b2a-721b-46ce-87a4-449fcbc62bae", - "nginx_version": "1.29.3", - "nap_status": "NAP_STATUS_ACTIVE", - "start_time": "2026-03-20T23:53:51.000Z", - "end_time": "2026-03-23T19:33:19.000Z", - "http_client_received": 11, - "http_client_sent": 12, - "http_client_connections": 13, - "http_client_requests": 14, - "http_upstream_received": 21, - "http_upstream_sent": 22, - "http_upstream_connections": 23, - "stream_client_received": 31, - "stream_client_sent": 32, - "stream_client_connections": 33, - "stream_upstream_received": 41, - "stream_upstream_sent": 42, - "stream_upstream_connections": 43, - "stream_connections": 0, - "user_agent": "nginx/r36", - "workers": 51, - "uptime": 52, - "reloads": 53, - "deployment_cluster_id": "d24cdb86-9788-4bb5-8d3d-b95d914a618c", - "deployment_cluster_node_count": 5, - "deployment_installation_id": "c548592a-5afb-4e23-84f0-8a5b197dcf96", - "deployment_product_type": "PRODUCT_TYPE_NIC", - "sub": "TST-ff13edf7-f912-42c0-ba2e-39c513bb3882", - "jti": "18a10260-0ec4-11f1-bbca-5d8e192a1888", - "f5_sat": 1772323200, - "f5_order_type": "paid", - "aud": "urn:f5:teem", - "iss": "F5 Inc.", - "iat": 1771637081, - "source_type": "SOURCE_TYPE_NGINX_ONE", - "dedup_version": "2026-03-23T19:33:32.284Z", - "event_id": "4nNhnUFf23Zf4PExDYtcYZUkfHlyW48JouApQkxFqzo=" - } - ] - } } }, "responses": { @@ -24805,26 +20232,6 @@ } } } - }, - "Forbidden": { - "description": "The requested operation is forbidden.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "Conflict": { - "description": "Requested operation cannot be performed at this time.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } } }, "securitySchemes": { @@ -24846,7 +20253,6 @@ "name": "Manage NGINX Instances", "tags": [ "Instances", - "Feature Flags", "Config Sync Groups", "Certificates", "CVEs", @@ -24867,24 +20273,6 @@ "Settings" ] }, - { - "name": "NGINX Usage API", - "tags": [ - "Usage" - ] - }, - { - "name": "Chatbot API", - "tags": [ - "Chatbot" - ] - }, - { - "name": "NGINX Plus Usage Inventory", - "tags": [ - "Inventory" - ] - }, { "name": "F5 WAF for NGINX", "tags": [ @@ -24892,18 +20280,6 @@ "WAF Log Profiles" ] }, - { - "name": "Manage NAAS deployments", - "tags": [ - "Deployments" - ] - }, - { - "name": "Load Test API", - "tags": [ - "Load Test" - ] - }, { "name": "NGINX One Templates", "tags": [ @@ -24915,18 +20291,6 @@ "tags": [ "NGINX One App Protect" ] - }, - { - "name": "NGINX One Billing Usage Events API", - "tags": [ - "NGINX One Billing Usage Events" - ] - }, - { - "name": "NGINX Usage Ingest API", - "tags": [ - "UsageIngest" - ] } ] } \ No newline at end of file