From aa3082e78af9cc58b1cda58c0045c996e5c39841 Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Sun, 17 May 2026 07:59:19 -0700 Subject: [PATCH 1/8] chore: Add template milestone 3 updates --- .../config-templates/add-multiple-services.md | 2 +- .../config-templates/author-templates.md | 140 +++++++- .../config-templates/import-templates.md | 17 +- .../config-templates/save-as-staged-config.md | 186 +++++++++-- .../config-templates/submit-templates.md | 301 ++++++++++++++---- .../config-templates/template-detail-view.md | 61 ++++ .../config-templates/template-versions.md | 70 ++++ 7 files changed, 694 insertions(+), 83 deletions(-) create mode 100644 content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md create mode 100644 content/nginx-one-console/nginx-configs/config-templates/template-versions.md diff --git a/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md b/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md index 061844ae1..b86dedc02 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md +++ b/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md @@ -11,7 +11,7 @@ weight: 400 This guide shows how to extend a working submission from the [Submit Templates Guide]({{< ref "submit-templates.md" >}}) by adding server augments for new services with dedicated location augments. -{{< call-out "note" "Note" >}}Because you can’t retrieve previous submissions, you must include the full request with any updates.{{< /call-out >}} +{{< call-out "note" "Note" >}}Submissions are persistent objects. Use the [Get a submission]({{< ref "submit-templates.md#get-a-submission" >}}) operation to retrieve the stored values from a previous submission before building an update.{{< /call-out >}} ## Import template diff --git a/content/nginx-one-console/nginx-configs/config-templates/author-templates.md b/content/nginx-one-console/nginx-configs/config-templates/author-templates.md index 2acd57e3f..e5b916e08 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/author-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/author-templates.md @@ -23,7 +23,7 @@ This guide explains how to write NGINX configuration templates for NGINX One Con | **Context Path** | A path notation representing the hierarchical structure of NGINX configuration blocks (e.g., `http`, `http/server`, `http/server/location`). Used to specify where augments can be inserted in base templates via `augment_includes` and where augments target during submission via `target_context`. | | **Extension Point** | A placeholder in a template using `{{ augment_includes "context_path" . }}` that marks where augment content can be inserted during rendering. Base templates use extension points to enable modular composition with augments. | | **Schema** | A JSON Schema Draft 7 file (YAML or JSON format) that defines template variables, their types, descriptions, and validation rules. Required for templates that use variables. Schema properties become available as template variables via dot notation. | -| **Template Submission** | The process of composing base and augment templates with values to render a complete NGINX configuration. Submissions are currently preview-only and generate rendered configurations that can be saved as Staged Configs. | +| **Template Submission** | The process of composing base and augment templates with values to render and deploy a complete NGINX configuration. Submissions are persistent objects that can be retrieved, updated, and deleted. A submission targets one or more existing staged configs, Config Sync Groups, or instances, and automatically re-publishes when updated. | | **Template Variable** | A placeholder in a template (e.g., `{{ .backend_url }}`) that gets replaced with user-provided values during rendering. All variables must be defined in the template's schema and provided during submission if marked as required. | {{}} @@ -80,6 +80,73 @@ add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST' always; ``` +### Static include files + +Templates can bundle static, non-templated files that are deployed alongside the rendered NGINX configuration. These are declared with `file_type: include` and are referenced from within the template using a standard NGINX `include` directive. + +**When to use include files:** + +- Bundling `mime.types` or other standard NGINX data files that the template requires +- Shipping shared configuration snippets (for example, TLS cipher lists, proxy header sets) as separate files that are included into the rendered output +- Any file that should be deployed to the NGINX host as-is, without Go template processing + +**How include files work:** + +When a submission is rendered, include files are written to the same directory as the rendered base configuration (derived from `conf_path`). The template references them using a relative or absolute `include` path matching the deployed filename. + +**Example:** + +`reverse-proxy.tmpl` (references an include file): +```nginx +user nginx; +worker_processes auto; + +http { + include mime.types; + + server { + listen {{ .listen_port }}; + proxy_pass {{ .backend_url }}; + } +} +``` + +`mime.types` (the bundled static file): +```nginx +types { + text/html html htm; + text/css css; + # ... +} +``` + +When importing using the API, declare the include file alongside the template file: + +```json +{ + "name": "reverse-proxy", + "type": "base", + "items": [ + { + "name": "reverse-proxy.tmpl", + "file_type": "template", + "file_format": "plain", + "mime_type": "text/plain", + "contents": "..." + }, + { + "name": "mime.types", + "file_type": "include", + "file_format": "plain", + "mime_type": "text/plain", + "contents": "types {\n text/html html;\n}" + } + ] +} +``` + +When using the import archive (`.tar.gz`), include files are placed at the root of the archive alongside the `.tmpl` and schema files. See [Import templates]({{< ref "import-templates.md" >}}) for archive structure details. + ### Type declaration during import When [Importing]({{< ref "import-templates.md#ready-to-import" >}}) templates, you must explicitly declare the type. @@ -678,11 +745,78 @@ additionalProperties: false ## Template Limitations - Template files must use the `.tmpl` file extension -- Templates cannot reference external files - all configuration must be contained within the template content -- External file references (such as `include /etc/nginx/mime.types`) are not supported +- Static files that a template references via NGINX `include` directives must be bundled with the template as `file_type: include` files. See [Static include files](#static-include-files) for details. + +## Template lifecycle management + +After a template has been imported, several API operations are available to manage its metadata and create copies. + +### Update template metadata + +Use the [Update template metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateMetadata" >}}) API operation (`PUT /templates/{templateObjectID}`) to replace all metadata on the latest template version. The `name` field is required; `description` and `state` are optional. + +**Example request body:** + +```json +{ + "name": "reverse-proxy-v2", + "description": "Updated reverse proxy configuration", + "state": "final" +} +``` + +### Partially update template metadata + +Use the [Patch template metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/patchTemplateMetadata" >}}) API operation (`PATCH /templates/{templateObjectID}`) to update only the fields provided. Omitted fields retain their existing values. + +**Example — promote a draft version to final:** + +```json +{ + "state": "final" +} +``` + +{{< call-out "caution" >}} +Promoting a template version from `draft` to `final` is **irreversible**. A `final` version cannot be edited. Any subsequent content changes (via [Create a new template version]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/createTemplateVersion" >}})) will create a new draft version rather than modifying the finalized one. +{{< /call-out >}} + +### Copy a template + +Use the [Copy a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/copyTemplate" >}}) API operation (`POST /templates/{templateObjectID}/copy`) to create a new template from the latest version of an existing template. + +The new template starts at version 1 in `draft` state. All files, the template type, and context configuration are copied from the source template. The `name` and `description` fields are optional — if omitted, the values are inherited from the source template. + +**Example request body:** + +```json +{ + "name": "reverse-proxy-copy", + "description": "Variant of the reverse proxy template" +} +``` + +**Example response (201 Created):** + +```json +{ + "object_id": "tmpl_-xeR3F2TQGm18jnl7bpaAw", + "latest_template_version_object_id": "tmplv_-xeR3F2TQGm18jnl7bpaAw", + "version": 1, + "latest_version": 1, + "state": "draft", + "name": "reverse-proxy-copy", + "description": "Variant of the reverse proxy template", + "type": "base" +} +``` + +This is useful for creating variations of a production template without modifying the original, or for experimenting with changes before promoting a new version. ## See also - [Import Templates]({{< ref "import-templates.md" >}}) +- [View template details]({{< ref "template-detail-view.md" >}}) +- [View template versions]({{< ref "template-versions.md" >}}) - [Submit Templates Guide]({{< ref "submit-templates.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/import-templates.md b/content/nginx-one-console/nginx-configs/config-templates/import-templates.md index bdf6ed9ba..214fd29ab 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/import-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/import-templates.md @@ -37,13 +37,14 @@ Each template archive must contain: - **Exactly one `.tmpl` file** (required) - contains your NGINX configuration template - **One `schema.yaml` or `schema.json` file** (optional) - required only if your template uses variables. For more information, see [Schema Definitions]({{< ref "author-templates.md#schema-definitions" >}}) -- **No other files** - additional files will be ignored or cause import failure +- **Static include files** (optional) - additional files referenced by NGINX `include` directives within the template. Any file extension is valid (`.conf`, `.types`, etc.). See [Static include files]({{< ref "author-templates.md#static-include-files" >}}) for details. ```text .tar.gz │ ├── .tmpl -└── .yaml +├── .yaml # optional +└── .conf # optional, one or more include files ``` ### Naming conventions @@ -170,6 +171,7 @@ ls -la /tmp/verify-archive/ ``` text reverse-proxy.tmpl schema.yaml +mime.types # only if template references include files ``` ### Complete example workflow @@ -268,7 +270,7 @@ ls -la *.tar.gz ### Tips -1. **Do not create nested directories in archives** + 1. **Do not create nested directories in archives** ```bash # Avoid - nested directory structure is not supported tar -czf template.tar.gz template-dir/ @@ -282,8 +284,8 @@ ls -la *.tar.gz # Avoid - hidden files, backups or other file extensions will be ignored tar -czf template.tar.gz *~ .* *.bak *.tmpl schema.yaml - # Correct - only include required files - tar -czf template.tar.gz *.tmpl schema.yaml + # Correct - only include required files and any desired static content files + tar -czf template.tar.gz *.tmpl schema.yaml *.conf *.types ``` 3. **Include a schema for templates with variables** @@ -294,6 +296,11 @@ ls -la *.tar.gz - Each archive must contain exactly one `.tmpl` file - Create separate archives for related templates +5. **Include files referenced by `include` directives** + - If your template uses a standard NGINX `include` directive to reference a static file (for example, `include mime.types;`), that file must be present in the archive. + - Include files are placed at the root of the archive alongside the `.tmpl` and schema files. + - Any file extension is valid (`.conf`, `.types`, etc.). + ### Ready to import After creating the archives, import them using the [Import a template API]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/importTemplate" >}}) operation. diff --git a/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md b/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md index 0267276a2..a59b46fa6 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md +++ b/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md @@ -9,43 +9,195 @@ weight: 300 # Overview -This guide explains how to save a [Submission]({{< ref "submit-templates.md#make-the-request" >}}) response as a new [Staged Config]({{< ref "/nginx-one-console/nginx-configs/staged-configs" >}}). +This guide explains how to save a rendered NGINX configuration as a [Staged Config]({{< ref "/nginx-one-console/nginx-configs/staged-configs" >}}) using the Templates API. -# How to save +There are two approaches: -The workflow involves two main steps: +- **[Direct submission](#direct-submission-recommended)** (recommended) — Submit templates with `preview_only=false` (the default). The API renders the configuration and automatically creates or updates a staged config in a single step. A persistent submission object is created to track the composition and allow future updates. +- **[Preview then save](#preview-then-save-alternative)** (alternative) — Submit templates with `preview_only=true` to get the rendered configuration for review, then manually call the staged config API to save it. No submission object is created. -1. **Submit templates for preview** - Use the [Submit Templates Guide]({{< ref "submit-templates.md" >}}) to render configuration -2. **Save as staged config** - Create a staged configuration object from the preview +Use the direct submission approach unless you specifically need to inspect or modify the rendered output before saving. -## Step 1: Submit templates for preview +## Direct submission (recommended) -First, use the [Submit templates]({{< ref "submit-templates.md#make-the-request" >}}) API operation to preview the configuration. +The direct approach renders the configuration and creates or updates the staged config in one API call, and stores a persistent submission that can be retrieved and re-used. -## Step 2: Save as staged configuration +### Create a new staged config + +Use the [Submit Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation with `preview_only=false` (or omit the parameter — `false` is the default). Omit `target_object_ids` from the request body to create a new staged config automatically. + +**Required fields:** + +- `conf_path` - The absolute path for the NGINX configuration file +- `base_template` - The base template version and input values +- `augments` - Ordered list of augment templates (can be empty) +- `description` - A description for the submission + +**Example request body:** + +```json +{ + "conf_path": "/etc/nginx/nginx.conf", + "description": "API Gateway reverse proxy", + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://api-service:8080" + } + }, + "augments": [ + { + "object_id": "tmplv_AFVNBQcoRDeV9jk9panxbw", + "target_context": "http/server/location", + "values": { + "cors_allowed_origins": "https://app.example.com", + "cors_allowed_methods": "GET, POST, PUT, DELETE, OPTIONS" + } + } + ] +} +``` + +**Successful response (202 Accepted):** + +```json +{ + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "target_results": [ + { + "staged_config_status": { + "status": "succeeded" + }, + "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" + } + ] +} +``` + +The `object_id` (`tmplsm_...`) is your **submission ID**. Save this value to retrieve, update, or delete the submission in the future. The `target_object_id` is the ID of the newly created staged config. + +### Update an existing staged config + +Include `target_object_ids` in the request body with the ID of an existing staged config. The API renders and publishes the configuration to that target. + +```json +{ + "conf_path": "/etc/nginx/nginx.conf", + "description": "API Gateway - updated backend", + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://api-service-v2:8080" + } + }, + "augments": [], + "target_object_ids": ["sc_cEoiYCVJRuekVpYOvV1raA"] +} +``` + +### Update a saved submission + +Once a submission exists, use the [Update a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateSubmission" >}}) or [Update a single template's values]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateSingleTemplateSubmission" >}}) operations to re-render and re-publish to the same target(s) without specifying the target again. See [Manage template submissions]({{< ref "submit-templates.md#manage-template-submissions" >}}) for details. + +## Preview then save (alternative) + +Use this approach when you need to review or modify the rendered NGINX configuration before committing it as a staged config. This two-step workflow does not create a persistent submission object. {{< call-out "tip" >}} You can save an NGINX configuration preview as a staged config, even if it contains parse errors. {{< /call-out >}} -Use the `config` object from the API response in step 1 to create a staged configuration. +### Step 1: Submit templates for preview -### Make the request +Use the [Submit Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation with `?preview_only=true`. This renders the full configuration and returns it in the response without creating any submission or publishing to any target. -Use the [Create a staged config]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/createStagedConfig" >}}) API operation. +**Example request URL:** `POST /api/v1/namespaces/{namespace}/templates/submissions?preview_only=true` -### Request body +**Example request body:** -Take the entire `config` object from the template submission response and wrap it in a `name` field. +```json +{ + "conf_path": "/etc/nginx/nginx.conf", + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://api-service:8080" + } + }, + "augments": [ + { + "object_id": "tmplv_AFVNBQcoRDeV9jk9panxbw", + "target_context": "http/server/location", + "values": { + "cors_allowed_origins": "https://app.example.com", + "cors_allowed_methods": "GET, POST, PUT, DELETE, OPTIONS" + } + } + ] +} +``` + +**Example preview response (200 OK):** + +```json +{ + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "17qlLiPmAqIWhhYxmVieE9mC5t92e+/7gIvz0GFRj/E=", + "configs": [ + { + "name": "/etc/nginx", + "files": [ + { + "name": "nginx.conf", + "contents": "", + "mtime": "0001-01-01T00:00:00Z", + "size": 371 + } + ] + }, + { + "name": "/etc/nginx/conf.d/augments", + "files": [ + { + "name": "cors-headers.tmpl.4aaf36d4a643.conf", + "contents": "", + "mtime": "0001-01-01T00:00:00Z", + "size": 159 + }, + { + "name": "health-check.tmpl.78346de4dae4.conf", + "contents": "", + "mtime": "0001-01-01T00:00:00Z", + "size": 109 + } + ] + } + ] + }, + "errors": null +} +``` + +Review the rendered configuration. If you see parse errors in the `errors` array, refer to [Template Limitations]({{< ref "author-templates.md#template-limitations" >}}) for guidance. + +### Step 2: Save as staged configuration + +Use the `config` object from the preview response to create a staged configuration. + +Use the [Create a staged config]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/createStagedConfig" >}}) API operation. + +Take the entire `config` object from the preview response and wrap it with a `name` field. **Required fields:** - `name` - Descriptive name for the staged configuration -- `config` - The complete `config` object from the template submission response +- `config` - The complete `config` object from the preview response **Optional fields:** - `description` - Details about the configuration purpose or changes -Here's an example of what you need to include with the API request: +**Example request body:** ```json { @@ -89,8 +241,6 @@ Here's an example of what you need to include with the API request: } ``` -### Response format - **Successful response (201 Created):** ```json @@ -104,5 +254,3 @@ Here's an example of what you need to include with the API request: - [Submit Templates Guide]({{< ref "submit-templates.md" >}}) - [Staged Configs]({{< ref "/nginx-one-console/nginx-configs/staged-configs" >}}) - - diff --git a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md index 71da228b1..79e2d41c2 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md @@ -6,32 +6,26 @@ toc: true weight: 200 --- -# Template submission and preview guide +# Template submission guide -This guide explains how to submit templates for rendering NGINX configurations and preview the results using the Templates API. +This guide explains how to submit templates to render and deploy NGINX configurations, and how to manage existing submissions using the Templates API. -Before submitting templates for preview, you need to import templates into NGINX One Console. +Before submitting templates, you need to import them into NGINX One Console. -- See the [Import Templates Guide]({{< ref "import-templates.md" >}}) for instructions on creating templates. +- See the [Import Templates Guide]({{< ref "import-templates.md" >}}) for instructions on creating and importing templates. - For guidance on writing templates, see the [Template Authoring Guide]({{< ref "author-templates.md" >}}). ## Overview -Template submission allows you to compose templates that generate complete NGINX configuration. The process involves: +Template submission allows you to compose templates that generate a complete NGINX configuration and deploy it to a target. The process involves: 1. **Discovering templates** - Find base and augment templates that match your infrastructure needs 1. **Understanding capabilities** - Review what contexts and features the base template supports 1. **Selecting augments** - Choose augments for additional features (CORS, rate limiting, SSL, etc.) 1. **Providing values** - Supply values for all template variables -1. **Preview and validate** - Generate and review the complete NGINX configuration -1. **Save as staged config** - Use NGINX One Console to save the preview as a staged configuration for deployment +1. **Submit** - Submit the composed request to render the NGINX configuration and create a staged config -## Current limitations - -- **Preview only:** Template submission currently only supports preview mode (`preview_only=true`) -- **No submission persistence:** Submissions are not saved as objects (planned for future release) -- **Manual staged config creation:** After preview, use the NGINX One Console to manually save the rendered configuration as a staged config for deployment to instances or Config Sync Groups -- **Static includes:** Templates cannot include external static files (planned for future release) +To review the rendered configuration before committing, use [preview mode](#preview-mode-preview_onlytrue) with `preview_only=true`. See [Save rendered config as staged config]({{< ref "save-as-staged-config.md" >}}) for the preview-first workflow. ## Template discovery @@ -76,7 +70,7 @@ Use the [List Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#op "http/server", "http/server/location" ], - "created_at": "2025-09-25T19:20:47.473935Z", + "created_at": "2025-09-25T19:20:47.473955Z", "description": "", "name": "reverse-proxy-base", "object_id": "tmpl_0rQSkSNSTamthLQVtSZb1g", @@ -125,12 +119,12 @@ Use the [Retrieve a Template]({{< ref "/nginx-one-console/api/api-reference-guid "http/server", "http/server/location" ], - "created_at": "2025-09-25T19:20:47.473935Z", + "created_at": "2025-09-25T19:20:47.473955Z", "description": "", "items": [ { "contents": "user nginx;\nworker_processes auto;\n\nhttp {\n {{ augment_includes \"http\" . }}\n \n server {\n listen 80;\n server_name _;\n\n {{ augment_includes \"http/server\" . }}\n \n location / {\n proxy_pass {{ .backend_url }};\n {{ augment_includes \"http/server/location\" . }}\n }\n }\n}\n", - "ctime": "2025-09-25T19:20:47.473935Z", + "ctime": "2025-09-25T19:20:47.473955Z", "file_format": "FILE_FORMAT_PLAIN", "file_type": "FILE_TYPE_TEMPLATE", "mime_type": "FILE_MIME_TYPE_TEXT", @@ -139,7 +133,7 @@ Use the [Retrieve a Template]({{< ref "/nginx-one-console/api/api-reference-guid }, { "contents": "$schema: \"http://json-schema.org/draft-07/schema#\"\ntype: object\nproperties:\n backend_url:\n type: string\n description: \"Backend server URL\"\nrequired:\n - backend_url\nadditionalProperties: false\n", - "ctime": "2025-09-25T19:20:47.473935Z", + "ctime": "2025-09-25T19:20:47.473955Z", "file_format": "FILE_FORMAT_PLAIN", "file_type": "FILE_TYPE_SCHEMA", "mime_type": "FILE_MIME_TYPE_YAML", @@ -161,17 +155,20 @@ Use the [Retrieve a Template]({{< ref "/nginx-one-console/api/api-reference-guid ## API endpoint -Use the [Submit templates for previewing NGINX configuration]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation to render and preview NGINX configurations from templates. - -## Request structure +Use the [Submit templates for previewing NGINX configuration]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation to render NGINX configurations from templates. -The following sections describe what you need for the request: +The `preview_only` query parameter controls the mode: -### Required parameters +{{}} +| `preview_only` | Behavior | Response | +|---|---|---| +| `false` (default) | Renders the configuration, creates a persistent submission, and publishes to the target(s). | `202 Accepted` with submission `object_id` and target results. | +| `true` | Renders the configuration for inspection **without** creating a submission or publishing. | `200 OK` with the rendered NGINX configuration. | +{{}} -**Query Parameter:** +## Request structure -- `preview_only=true` - Currently the only supported mode. Renders configuration for preview without creating a submission object. +The following sections describe what you need for the request. ### Configuration path (`conf_path`) @@ -200,12 +197,12 @@ Where `base_dir` is derived from `conf_path`: **Base Template:** -- `object_id` - Template unique identifier (use a template where `type` is `base`) +- `object_id` - Template version unique identifier (`tmplv_...`) for the version to use - `values` - Key-value pairs for template variables **Augment Templates:** -- `object_id` - Template unique identifier (use a template where `type` is `augment`) +- `object_id` - Template version unique identifier (`tmplv_...`) - `target_context` - NGINX context where the augment should be applied - `values` - Key-value pairs for template variables (optional if template has no variables) - `child_augments` - Optional nested augments that render within this augment's output @@ -231,9 +228,103 @@ See the [Template Authoring Guide]({{< ref "author-templates.md#config-templates For more information, see [Understanding Rendering Order](#understanding-rendering-order). -## Make the request +## Submission mode (default) + +Use the [Submit Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation without `preview_only=true` (or explicitly with `preview_only=false`) to render and persist a submission. + +{{< call-out "note" >}} +**Current limitation:** Submission targets are currently limited to staged configurations. Targeting Config Sync Groups or instances directly is not yet supported. +{{< /call-out >}} + +### Create a new staged config + +Omit `target_object_ids` from the request body. The API renders the configuration and automatically creates a new staged config. + +**Required fields:** + +- `conf_path` - Configuration file path +- `base_template` - Base template version and values +- `augments` - Ordered list of augment templates (can be empty) +- `description` - A description for the submission (required in submission mode) + +**Request body:** + +```json +{ + "conf_path": "/etc/nginx/nginx.conf", + "description": "Reverse proxy with rate limiting", + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://example.com:8080" + } + }, + "augments": [ + { + "object_id": "tmplv_-abR3F2TQGm18jnl7bpaXw", + "target_context": "http", + "values": { + "zone_name": "req_limit", + "memory": "10m", + "rate": "10r/s" + } + } + ] +} +``` -Use the [Submit Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/submitTemplates" >}}) API operation with your composed request and the required `preview_only=true` parameter. +**Successful response (202 Accepted):** + +```json +{ + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "target_results": [ + { + "staged_config_status": { + "status": "succeeded" + }, + "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" + } + ] +} +``` + +The `object_id` in the response is your **submission ID** (`tmplsm_...`). Save this value — it is used to retrieve, update, or delete the submission later. The `target_object_id` is the newly created staged config. + +### Update an existing staged config + +Include `target_object_ids` in the request body with the ID of an existing staged config. The API renders the configuration and publishes it to the specified target. + +**Request body:** + +```json +{ + "conf_path": "/etc/nginx/nginx.conf", + "description": "Reverse proxy with rate limiting - updated", + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://example.com:8080" + } + }, + "augments": [ + { + "object_id": "tmplv_-abR3F2TQGm18jnl7bpaXw", + "target_context": "http", + "values": { + "zone_name": "req_limit", + "memory": "10m", + "rate": "10r/s" + } + } + ], + "target_object_ids": ["sc_cEoiYCVJRuekVpYOvV1raA"] +} +``` + +## Preview mode (`preview_only=true`) + +Add `?preview_only=true` to the request URL to render the configuration for inspection without creating a submission or publishing to any target. This is useful for validating your template values before committing. ### Request body @@ -243,14 +334,14 @@ Here's an example of what you need to include with the API request: { "conf_path": "/etc/nginx/nginx.conf", "base_template": { - "object_id": "", + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", "values": { "backend_url": "http://example.com:8080" } }, "augments": [ { - "object_id": "", + "object_id": "tmplv_AFVNBQcoRDeV9jk9panxbw", "target_context": "http/server/location", "values": { "cors_allowed_origins": "https://app.example.com", @@ -258,7 +349,7 @@ Here's an example of what you need to include with the API request: } }, { - "object_id": "", + "object_id": "tmplv_rT6Ul8RvQtSZPkNfsIExPQ", "target_context": "http/server" } ] @@ -312,7 +403,7 @@ Here's an example of what you need to include with the API request: #### Response with parse errors (200 OK) -If the rendered configuration has NGINX syntax errors. You can use this information to debug and correct your submission request. +If the rendered configuration has NGINX syntax errors, you can use this information to debug and correct your submission request. {{< call-out "caution" >}} Parse errors indicate the rendered configuration has NGINX syntax issues, often due to missing include files or incomplete template logic. See [Template Limitations]({{< ref "author-templates.md#template-limitations" >}}). @@ -328,30 +419,13 @@ Parse errors indicate the rendered configuration has NGINX syntax issues, often { "files": [ { - "contents": "dXNlciBuZ2lueDsKd29ya2VyX3Byb2Nlc3NlcyBhdXRvOwoKaHR0cCB7CiAgICAKICAgIAogICAgc2VydmVyIHsKICAgICAgICBsaXN0ZW4gODA7CiAgICAgICAgc2VydmVyX25hbWUgXzsKCiAgICAgICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC9hdWdtZW50cy9oZWFsdGgtY2hlY2sudG1wbC43ODM0NmRlNGRhZTQuY29uZjsKCiAgICAgICAgCiAgICAgICAgbG9jYXRpb24gLyB7CiAgICAgICAgICAgIHByb3h5X3Bhc3MgaHR0cDovL2FwaS1zZXJ2aWNlOjgwODA7CiAgICAgICAgICAgIGluY2x1ZGUgL2V0Yy9uZ2lueC9jb25mLmQvYXVnbWVudHMvY29ycy1oZWFkZXJzLnRtcGwuNGFhZjM2ZDRhNjQzLmNvbmY7CgogICAgICAgIH0KICAgIH0KfQo=", + "contents": "", "mtime": "0001-01-01T00:00:00Z", "name": "nginx.conf", "size": 371 } ], "name": "/etc/nginx" - }, - { - "files": [ - { - "contents": "YWRkX2hlYWRlciAnQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luJyAnaHR0cHM6Ly9hcHAuZXhhbXBsZS5jb20nIGFsd2F5czsKYWRkX2hlYWRlciAnQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kcycgJ0dFVCwgUE9TVCwgUFVULCBERUxFVEUsIE9QVElPTlMnIGFsd2F5czsK", - "mtime": "0001-01-01T00:00:00Z", - "name": "cors-headers.tmpl.4aaf36d4a643.conf", - "size": 159 - }, - { - "contents": "bG9jYXRpb24gL2hlYWx0aCB7CiAgICBhY2Nlc3NfbG9nIG9mZjsKICAgIHJldHVybiAyMDAgImhlYWx0aHlcbiI7CiAgICBhZGRfaGVhZGVyIENvbnRlbnQtVHlwZSB0ZXh0L3BsYWluOwp9Cg==", - "mtime": "0001-01-01T00:00:00Z", - "name": "health-check.tmpl.78346de4dae4.conf", - "size": 109 - } - ], - "name": "/etc/nginx/conf.d/augments" } ] }, @@ -365,6 +439,122 @@ Parse errors indicate the rendered configuration has NGINX syntax issues, often } ``` +## Manage template submissions + +Submissions are persistent objects that store the template composition and input values used to generate a configuration. Each submission tracks its target(s) and can be retrieved, updated, or deleted. + +### Get a submission + +Use the [Get a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/getTemplateSubmission" >}}) API operation (`GET /templates/submissions/{submissionObjectID}`) to retrieve the full details of a submission, including the templates used, their input values, and target object IDs. + +**Example response:** + +```json +{ + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "description": "Reverse proxy with rate limiting", + "target_object_ids": ["sc_cEoiYCVJRuekVpYOvV1raA"], + "created_at": "2025-09-25T19:20:47.473955Z", + "modified_at": "2025-09-25T19:20:47.473955Z", + "templates": [ + { + "template_object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "template_version_object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "name": "reverse-proxy-base", + "type": "base", + "state": "final", + "version": 1, + "latest_version": 1, + "values": { + "backend_url": "http://example.com:8080" + } + } + ] +} +``` + +### Update a submission + +Use the [Update a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateSubmission" >}}) API operation (`PUT /templates/submissions/{submissionObjectID}`) to fully replace the input values and payloads for all templates in the submission. + +The `conf_path` and target object IDs are preserved from the original submission and cannot be changed through this endpoint. After the update, the configuration is re-rendered and re-published to the existing target(s). + +**Request body:** + +```json +{ + "base_template": { + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "backend_url": "http://new-backend.example.com:9090" + } + }, + "augments": [ + { + "object_id": "tmplv_-abR3F2TQGm18jnl7bpaXw", + "target_context": "http", + "values": { + "zone_name": "req_limit", + "memory": "20m", + "rate": "20r/s" + } + } + ] +} +``` + +**Successful response (202 Accepted):** + +```json +{ + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "target_results": [ + { + "staged_config_status": { + "status": "succeeded" + }, + "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" + } + ] +} +``` + +To preview the updated configuration before persisting, add `?preview_only=true` to the request. The response returns the re-rendered configuration as a `200 OK` without saving any changes. + +### Update a single template's values + +Use the [Update a single template's values in a submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateSingleTemplateSubmission" >}}) API operation (`PUT /templates/{templateObjectID}/submissions/{submissionObjectID}`) to update the input values for one specific template within a submission, without changing any other template's values. + +All other templates in the submission retain their stored values. Payloads, target objects, and `conf_path` are preserved. The full configuration is re-rendered using the merged values and re-published to the existing target(s). + +This is useful when only one template's configuration needs to change — for example, updating a rate limiting zone name without resubmitting the full composition. + +**Request body:** + +```json +{ + "values": { + "zone_name": "api_limit", + "memory": "10m", + "rate": "5r/s" + } +} +``` + +**Successful response (202 Accepted):** Same shape as the full update — the submission `object_id` and updated target results. + +To preview the change before persisting, add `?preview_only=true`. The response returns the re-rendered configuration as a `200 OK` without saving any changes. + +### Delete a submission + +Use the [Delete a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateSubmission" >}}) API operation (`DELETE /templates/submissions/{submissionObjectID}`) to permanently remove a submission. + +{{< call-out "caution" >}} +Deleting a submission is **irreversible** and removes all stored input values and payloads for that submission. The target staged config is not affected — only the submission record is deleted. +{{< /call-out >}} + +**Successful response:** `204 No Content` + ## Rendered file structure When templates are successfully rendered, the system creates multiple files: @@ -462,18 +652,18 @@ When multiple augments target the same context, they render in the order specifi { "conf_path": "/etc/nginx/nginx.conf", "base_template": { - "object_id": "", + "object_id": "tmplv_-uvR3F2TQGm18jnl7bpaGw", "values": { "backend_url": "http://example.com:8080" } }, "augments": [ { - "object_id": "tmpl_rate_limit_zone", + "object_id": "tmplv_rate_limit_zone", "target_context": "http" }, { - "object_id": "tmpl_upstream_definition", + "object_id": "tmplv_upstream_definition", "target_context": "http" } ] @@ -504,9 +694,10 @@ For example: - Upstream blocks should be defined before server blocks reference them - Map directives typically appear early in the http block -When composing templates submissions, arrange your augments array to match the required directive order for valid NGINX configuration. +When composing template submissions, arrange your augments array to match the required directive order for valid NGINX configuration. ## See also - [Template Authoring Guide]({{< ref "author-templates.md" >}}) -- [Add More Services]({{< ref "add-multiple-services.md" >}}) +- [Add Service-Specific Locations]({{< ref "add-multiple-services.md" >}}) +- [Save rendered config as staged config]({{< ref "save-as-staged-config.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md new file mode 100644 index 000000000..f4e7b4625 --- /dev/null +++ b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md @@ -0,0 +1,61 @@ +--- +f5-content-type: how-to +f5-docs: DOCS-000 +f5-product: NONECO +title: View template details +toc: true +weight: 110 +--- + +# Overview + +This guide explains how to view detailed information about a template using the NGINX One Console. The Template Detail page provides key metadata about a template and its version history through two tabs: **Details** and **Versions**. + +## Navigate to the Template Detail page + +1. In the NGINX One Console, go to **Manage > Config Templates**. +2. Select a template name from the list. + +The Template Detail page opens showing the **Details** tab by default. Select the **Versions** tab to view the full version history. + +## Details tab + +The **Details** tab displays a summary card with the following fields: + +{{}} +| Field | Description | +|-------|-------------| +| **Created** | The date and time the template was originally created. | +| **Type** | The template type: `base` or `augment`. See [Template types]({{< ref "author-templates.md#template-types" >}}) for details. | +| **Object ID** | The unique identifier for the template (`tmpl_...`). Use the copy button to copy this value for template-level API operations such as [updating metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateMetadata" >}}) or [copying a template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/copyTemplate" >}}). | +| **State** | The state of the latest template version: `draft` (editable) or `final` (immutable, shown with a lock icon). | +| **Latest Version** | The version number of the most recent template version. | +| **Description** | The human-readable description of the template, if one was provided. | +| **Latest Object ID** | The unique identifier for the latest template version (`tmplv_...`). Use the copy button to copy this value for version-level API operations, such as providing the `object_id` when [submitting templates]({{< ref "submit-templates.md" >}}). | +{{}} + +{{< call-out "tip" >}} +Both **Object ID** and **Latest Object ID** are copyable directly from the UI. + +- **Object ID** (`tmpl_...`) identifies the template itself and is used for template-level operations (metadata updates, copy, delete, listing versions). +- **Latest Object ID** (`tmplv_...`) identifies the current version and is used as the `object_id` in submission requests. +{{< /call-out >}} + +## Versions tab + +The **Versions** tab lists every version created for the template, along with submission counts and modification timestamps. See [View template versions]({{< ref "template-versions.md" >}}) for full details. + +## Refresh + +Select **Refresh** at the top right of the page to reload the template details from the server. + +## API reference + +The Template Detail page uses the [Retrieve a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/getTemplate" >}}) API operation, which returns the latest version details including metadata, file contents, and submission count. + +## See also + +- [View template versions]({{< ref "template-versions.md" >}}) +- [Author templates]({{< ref "author-templates.md" >}}) +- [Import templates]({{< ref "import-templates.md" >}}) +- [Submit templates]({{< ref "submit-templates.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-versions.md b/content/nginx-one-console/nginx-configs/config-templates/template-versions.md new file mode 100644 index 000000000..daf2b3687 --- /dev/null +++ b/content/nginx-one-console/nginx-configs/config-templates/template-versions.md @@ -0,0 +1,70 @@ +--- +f5-content-type: how-to +f5-docs: DOCS-000 +f5-product: NONECO +title: View template versions +toc: true +weight: 120 +--- + +# Overview + +This guide explains how to view and manage the version history of a template using the NGINX One Console. The **Versions** tab on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every version created for a template and shows how many active submissions reference each version. + +A new version is created each time the template content changes. Versions progress through two states: + +- **`draft`** — editable; content can still be updated in place. +- **`final`** — immutable; any further content changes create a new draft version. + +## Navigate to the Versions tab + +1. In the NGINX One Console, go to **Manage > Config Templates**. +2. Select a template name from the list. +3. Select the **Versions** tab. + +## Versions data grid + +The **Versions** tab displays the following columns: + +{{}} +| Column | Description | +|--------|-------------| +| **Version** | The sequential version number. Version 1 is the initial version created at import. Each subsequent content change increments this number. | +| **Modified** | The date and time the version was last modified. | +| **Description** | The description associated with the template version, if one was provided. | +| **Submissions** | The total number of template submissions that reference this specific version. | +{{}} + +The list can be sorted by **Version**, **Modified**, or **Description**, and supports text search across all visible columns. + +{{< call-out "note" >}} +The **Submissions** count reflects the number of submissions referencing a specific version, not the latest version overall. A version with a non-zero submission count cannot be deleted. +{{< /call-out >}} + +## Delete a version + +To delete a template version, select the delete action on the version row and confirm the dialog. + +{{< call-out "important" >}} +The following constraints apply when deleting a template version: + +- **The latest version cannot be deleted.** To remove the entire template including the latest version, use [Delete a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplate" >}}) instead. +- **A version with associated submissions cannot be deleted.** The **Submissions** column shows the count. Resolve or delete the associated submissions before attempting to remove the version. +{{< /call-out >}} + +## Refresh + +Select **Refresh** at the top right of the page to reload the version list from the server. + +## API reference + +The **Versions** tab uses the following API operations: + +- [List template versions]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/listTemplateVersions" >}}) — retrieves all versions for a template. +- [Delete a template version]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateVersion" >}}) — deletes a specific version by its `templateVersionObjectID`. Returns `409 Conflict` if the version has associated submissions. + +## See also + +- [View template details]({{< ref "template-detail-view.md" >}}) +- [Author templates]({{< ref "author-templates.md" >}}) +- [Submit templates]({{< ref "submit-templates.md" >}}) From 4dc244eaa7708096f9a26d8f9848d5d03eca781b Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Mon, 18 May 2026 14:59:37 -0700 Subject: [PATCH 2/8] Add detail on f5 default templates --- .../nginx-configs/config-templates/submit-templates.md | 1 + .../nginx-configs/config-templates/template-detail-view.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md index 79e2d41c2..2d98eb508 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md @@ -95,6 +95,7 @@ Use the [List Templates]({{< ref "/nginx-one-console/api/api-reference-guide/#op - **type** - Identifies base templates (use exactly one) vs augment templates (use zero or more) - **allowed_in_contexts** - Shows where augment templates can be applied within a base template - **augment_includes** - Shows which contexts the base template supports for augments +- **is_f5_default** - When `true`, the template is provided by F5 and is immutable. These templates are also identified in the NGINX One Console by the F5 logo icon in the templates list. The API response contains all information needed for creating a submission to render NGINX configurations. You need template details **only** if you want to examine the actual template content or variable requirements. diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md index f4e7b4625..0ee1e0e6d 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md @@ -14,7 +14,7 @@ This guide explains how to view detailed information about a template using the ## Navigate to the Template Detail page 1. In the NGINX One Console, go to **Manage > Config Templates**. -2. Select a template name from the list. +2. Select a template name from the list. Templates provided by F5 are identified by the F5 logo icon in the list. The Template Detail page opens showing the **Details** tab by default. Select the **Versions** tab to view the full version history. @@ -27,6 +27,7 @@ The **Details** tab displays a summary card with the following fields: |-------|-------------| | **Created** | The date and time the template was originally created. | | **Type** | The template type: `base` or `augment`. See [Template types]({{< ref "author-templates.md#template-types" >}}) for details. | +| **Is F5 Default** | Displayed for templates provided by F5. F5 default templates are immutable and cannot be modified or deleted. | | **Object ID** | The unique identifier for the template (`tmpl_...`). Use the copy button to copy this value for template-level API operations such as [updating metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateMetadata" >}}) or [copying a template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/copyTemplate" >}}). | | **State** | The state of the latest template version: `draft` (editable) or `final` (immutable, shown with a lock icon). | | **Latest Version** | The version number of the most recent template version. | From 29654854943fa2a32c64555df9c037ea1a09f536 Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Wed, 20 May 2026 10:53:11 -0700 Subject: [PATCH 3/8] Add View template submissions documentation --- .../config-templates/template-detail-view.md | 5 +- .../template-submissions-view.md | 67 +++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md index 0ee1e0e6d..fa45c809d 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md @@ -20,7 +20,9 @@ The Template Detail page opens showing the **Details** tab by default. Select th ## Details tab -The **Details** tab displays a summary card with the following fields: +The **Details** tab contains a metadata summary card for the template and a [Submissions section]({{< ref "template-submissions-view.md" >}}) below it listing all submissions made using this template. + +The metadata summary card displays the following fields: {{}} | Field | Description | @@ -57,6 +59,7 @@ The Template Detail page uses the [Retrieve a Template]({{< ref "/nginx-one-cons ## See also - [View template versions]({{< ref "template-versions.md" >}}) +- [View template submissions]({{< ref "template-submissions-view.md" >}}) - [Author templates]({{< ref "author-templates.md" >}}) - [Import templates]({{< ref "import-templates.md" >}}) - [Submit templates]({{< ref "submit-templates.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md new file mode 100644 index 000000000..781242ac3 --- /dev/null +++ b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md @@ -0,0 +1,67 @@ +--- +f5-content-type: how-to +f5-docs: DOCS-000 +f5-product: NONECO +title: View template submissions +toc: true +weight: 130 +--- + +# Overview + +This guide explains how to view and manage submissions associated with a template using the NGINX One Console. The **Submissions** section on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every submission made using that template. + +Each row represents a persisted submission that was created by the [Submit Templates]({{< ref "submit-templates.md" >}}) API. From this view you can inspect which templates and targets are involved in each submission and delete submissions that are no longer needed. + +## Navigate to the Submissions section + +1. In the NGINX One Console, go to **Manage > Config Templates**. +2. Select a template name from the list. +3. On the **Details** tab, scroll down to the **Submissions** section below the metadata card. + +## Submissions data grid + +The **Submissions** section displays the following columns: + +{{}} +| Column | Description | +|--------|-------------| +| **Created On** | The date and time the submission was originally created. | +| **Description** | The description provided when the submission was created, if one was set. | +| **Templates** | Tag list of all templates included in the submission (base and augments). Hover over a tag to see the template name, type, version used, and latest available version. | +| **Targets** | A count badge showing the number of staged config targets the submission published to. Hover over the badge to see each target's object ID. | +| **Last Modified** | The date and time the submission was last updated. | +{{}} + +The list supports sorting by **Created On**, **Description**, and **Last Modified**, and text search across all visible columns. + +{{< call-out "tip" >}} +The **Templates** column tooltip surfaces the version used at submission time alongside the latest available version. If these differ, a newer version of the template is available and the submission can be updated using [Update a submission]({{< ref "submit-templates.md#update-a-submission" >}}). +{{< /call-out >}} + +## Delete a submission + +To delete a submission, select the **Delete** action on the submission row and confirm the dialog. + +{{< call-out "caution" >}} +Deleting a submission is **irreversible** and permanently removes all stored input values and payloads for that submission. The target staged config is not affected — only the submission record is deleted. +{{< /call-out >}} + +## Refresh + +Select **Refresh** at the top right of the Details tab to reload both the template metadata card and the submissions list from the server. + +## API reference + +The Submissions section uses the following API operations: + +- [List Template Submissions for Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/listTemplateSubmissionsForTemplate" >}}) — retrieves all submissions scoped to a specific template. +- [Delete a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateSubmission" >}}) — permanently removes a submission by its `submissionObjectID`. + +For full submission management operations including retrieving, updating, and deleting submissions via the API, see [Manage template submissions]({{< ref "submit-templates.md#manage-template-submissions" >}}). + +## See also + +- [View template details]({{< ref "template-detail-view.md" >}}) +- [Submit templates]({{< ref "submit-templates.md" >}}) +- [View template versions]({{< ref "template-versions.md" >}}) From 0dcae4d1457dcb82cfa757f5df11e6b7af02be85 Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Wed, 20 May 2026 12:06:03 -0700 Subject: [PATCH 4/8] Make details bold --- .../nginx-configs/config-templates/template-submissions-view.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md index 781242ac3..026de51bf 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md @@ -49,7 +49,7 @@ Deleting a submission is **irreversible** and permanently removes all stored inp ## Refresh -Select **Refresh** at the top right of the Details tab to reload both the template metadata card and the submissions list from the server. +Select **Refresh** at the top right of the **Details** tab to reload both the template metadata card and the submissions list from the server. ## API reference From d8fd152a8cdb755f61acdda93871afb96d0ee235 Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Wed, 20 May 2026 13:56:38 -0700 Subject: [PATCH 5/8] Add one.json --- .../config-templates/author-templates.md | 2 +- static/nginx-one-console/api/one.json | 20804 ++++++++++------ 2 files changed, 13403 insertions(+), 7403 deletions(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/author-templates.md b/content/nginx-one-console/nginx-configs/config-templates/author-templates.md index e5b916e08..d47137d99 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/author-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/author-templates.md @@ -82,7 +82,7 @@ add_header 'Access-Control-Allow-Methods' 'GET, POST' always; ### Static include files -Templates can bundle static, non-templated files that are deployed alongside the rendered NGINX configuration. These are declared with `file_type: include` and are referenced from within the template using a standard NGINX `include` directive. +Templates can bundle static files that are deployed alongside the rendered NGINX configuration. Unlike template files (which use Go template syntax and the `.tmpl` extension), these files contain plain static content — such as NGINX configuration snippets or data files — and are not processed by the template engine. They are declared with `file_type: include` and are referenced from within the template using a standard NGINX `include` directive. **When to use include files:** diff --git a/static/nginx-one-console/api/one.json b/static/nginx-one-console/api/one.json index 9b77dfb08..f8b9cdcab 100644 --- a/static/nginx-one-console/api/one.json +++ b/static/nginx-one-console/api/one.json @@ -25,7 +25,12 @@ "namespace": { "default": "default" } - } + }, + "x-nodoc": true + }, + { + "url": "/api", + "x-nodoc": true } ], "tags": [ @@ -39,6 +44,12 @@ "description": "The `Instance` object represents an active NGINX installation. \nYou can access detailed information about each NGINX instance, including its configuration analysis, security advisories, and operational status.\n", "x-displayName": "Instances" }, + { + "name": "Feature Flags", + "x-nodoc": true, + "description": "Get details about which feature flags are enabled in the NGINX One console. \nFeature flags are used to toggle the availability of application features or modules without changing code.\n", + "x-displayName": "Feature Flags" + }, { "name": "Config Sync Groups", "description": "The `ConfigSyncGroups` object represents a NGINX config sync group where `Instances` are grouped to have same configuration. \nYou can access detailed information about each NGINX config sync group, including its configuration analysis and operational status.\n", @@ -71,6 +82,8 @@ }, { "name": "Metrics", + "x-nodoc": true, + "description": "Get system metrics for your NGINX data plane instances. These metrics are collected by the NGINX Agent and reported to NGINX One.\n", "x-displayName": "Metrics" }, { @@ -78,6 +91,24 @@ "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n", "x-displayName": "Settings" }, + { + "name": "Usage", + "x-nodoc": true, + "description": "Usage information", + "x-displayName": "Usage" + }, + { + "name": "Chatbot", + "x-nodoc": true, + "description": "This API allows you to interact with the chatbot assistant", + "x-displayName": "Chatbot" + }, + { + "name": "Inventory", + "x-nodoc": true, + "description": "Get tenant usage information for NGINX Plus data plane instances. These metrics are collected by the NGINX data plane instances and reported to NGINX One Console.\n", + "x-displayName": "Inventory" + }, { "name": "NGINX App Protect", "description": "Manage and publish security policies on your NGINX data plane instances.\n", @@ -88,15 +119,38 @@ "description": "Manage WAF log profiles for security logging and monitoring.\n", "x-displayName": "WAF Log Profiles" }, + { + "name": "Deployments", + "description": "Manage NAAS deployments.", + "x-displayName": "Deployments" + }, + { + "name": "Load Test", + "x-nodoc": true, + "description": "Load Test actions", + "x-displayName": "Load Test" + }, { "name": "Templates", - "description": "**⚠️ Experimental API** - This API is in active development and subject to breaking changes.\n\n* Import, list, and retrieve NGINX configuration templates.\n* Generate and preview full NGINX configurations by composing templates, before saving it as a staged config.\n", + "description": "* Manage NGINX configuration templates — import, create, copy, list, retrieve, update, delete templates and their versions.\n* Generate a standalone NGINX configuration snippet for an individual augment template.\n* Compose a base template with augment templates to preview or render a full NGINX configuration, optionally saving it as a staged config.\n* Manage template submissions — create, list, retrieve, update (full or per-template), and delete submissions that record applied template inputs for NGINX configuration generation.\n", "x-displayName": "Templates" }, { "name": "NGINX One App Protect", "description": "Security analytics endpoints for NGINX One App Protect.\n", "x-displayName": "NGINX One App Protect" + }, + { + "name": "NGINX One Billing Usage Events", + "x-nodoc": true, + "description": "Billing usage events endpoints for NGINX One.\n", + "x-displayName": "NGINX One Billing Usage Events" + }, + { + "name": "UsageIngest", + "x-nodoc": true, + "description": "Usage information", + "x-displayName": "UsageIngest" } ], "paths": { @@ -166,38 +220,48 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "data plane key", + "post": { "tags": [ "Data Plane Key" ], - "summary": "Bulk operation on multiple data plane keys", - "operationId": "BulkDataPlaneKeys", - "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "data plane key", + "summary": "Create a data plane key", + "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", + "operationId": "createDataPlaneKey", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" + "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" + }, + "examples": { + "DataPlaneKeyCreateRequest": { + "$ref": "#/components/examples/DataPlaneKeyRequest" + } } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully created the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" + "$ref": "#/components/schemas/DataPlaneKeyResponse" + }, + "examples": { + "DataPlaneKeyResponse": { + "$ref": "#/components/examples/DataPlaneKeyResponse" + } } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -218,48 +282,38 @@ } } }, - "post": { + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "data plane key", "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "data plane key", - "summary": "Create a data plane key", - "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", - "operationId": "createDataPlaneKey", + "summary": "Bulk operation on multiple data plane keys", + "operationId": "BulkDataPlaneKeys", + "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" - }, - "examples": { - "DataPlaneKeyCreateRequest": { - "$ref": "#/components/examples/DataPlaneKeyRequest" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the data plane key.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyResponse" - }, - "examples": { - "DataPlaneKeyResponse": { - "$ref": "#/components/examples/DataPlaneKeyResponse" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -282,36 +336,36 @@ } }, "/data-plane-keys/{data_plane_key_id}": { - "delete": { + "get": { "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "data plane key", - "summary": "Delete a data plane key", - "description": "Deletes a data plane key.\n", - "operationId": "deleteDataPlaneKey", + "summary": "Retrieve a data plane key", + "description": "Retrieves the details for an existing data plane key.\n", + "operationId": "getDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted the data plane key." - }, - "404": { - "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "200": { + "description": "Successfully retrieved the details of the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/DataPlaneKey" + }, + "examples": { + "DataPlaneKeys": { + "$ref": "#/components/examples/DataPlaneKey" + } } } } }, - "409": { - "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -332,36 +386,36 @@ } } }, - "get": { + "delete": { "tags": [ "Data Plane Key" ], - "summary": "Retrieve a data plane key", - "description": "Retrieves the details for an existing data plane key.\n", - "operationId": "getDataPlaneKey", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "data plane key", + "summary": "Delete a data plane key", + "description": "Deletes a data plane key.\n", + "operationId": "deleteDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "200": { - "description": "Successfully retrieved the details of the data plane key.", + "204": { + "description": "Successfully deleted the data plane key." + }, + "404": { + "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKey" - }, - "examples": { - "DataPlaneKeys": { - "$ref": "#/components/examples/DataPlaneKey" - } + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "409": { + "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", "content": { "application/json": { "schema": { @@ -514,13 +568,56 @@ } } }, - "/certificates": { + "/instances/summary": { "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "List all SSL certificates", - "description": "Returns a paginated list showing metadata for every SSL certificate.\n", + "summary": "Retrieve a summary for all instances", + "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", + "operationId": "listSummary", + "responses": { + "200": { + "description": "Successfully retrieved the summary of NGINX instances.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceSummary" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/instances": { + "get": { + "tags": [ + "Instances" + ], + "summary": "List all instances", + "operationId": "listInstances", + "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -532,7 +629,7 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldCertificates" + "$ref": "#/components/parameters/FilterFieldInstances" }, { "$ref": "#/components/parameters/FilterOperands" @@ -544,20 +641,19 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameCertificatesDep" + "$ref": "#/components/parameters/SortNameInstancesDep" }, { - "$ref": "#/components/parameters/SortNameCertificates" + "$ref": "#/components/parameters/SortNameInstances" } ], - "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificates.", + "description": "Successfully retrieved the list of instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateListResponse" + "$ref": "#/components/schemas/InstanceListResponse" } } } @@ -586,19 +682,19 @@ }, "patch": { "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX certificate", + "x-nginx-one-entity": "NGINX instance", "tags": [ - "Certificates" + "Instances" ], - "summary": "Bulk operation on multiple managed certificates", - "operationId": "bulkCertificates", - "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", + "summary": "Bulk operation on multiple instances", + "operationId": "BulkInstances", + "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateBulkRequest" + "$ref": "#/components/schemas/InstanceBulkRequest" } } } @@ -609,7 +705,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateBulkResponse" + "$ref": "#/components/schemas/InstanceBulkResponse" } } } @@ -635,39 +731,37 @@ } } } - }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX certificate", + } + }, + "/instances/{instanceObjectID}/cves": { + "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Create an SSL certificate", - "operationId": "createCertificate", - "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateRequest" - } - } + "summary": "Retrieve an instance's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", + "operationId": "listInstanceSecurityAdvisories", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully created the SSL certificate.", + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -676,8 +770,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -699,41 +793,26 @@ } } }, - "/certificates/{certificateObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX certificate", + "/instances/{instanceObjectID}": { + "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Delete an SSL certificate", - "operationId": "deleteCertificate", - "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", + "summary": "Retrieve an instance", + "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", + "operationId": "getInstance", "parameters": [ { - "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { - "202": { - "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationBulkResponse" - } - } - } - }, - "204": { - "description": "Successfully deleted the SSL certificate." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully retrieved the details of the NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/InstanceDetails" } } } @@ -749,7 +828,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -770,23 +849,23 @@ } } }, - "get": { + "delete": { "tags": [ - "Certificates" + "Instances" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX instance", + "summary": "Delete an instance", + "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", + "operationId": "deleteInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } ], - "summary": "Retrieve an SSL certificate", - "operationId": "getCertificate", - "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { - "200": { - "description": "Successfully retrieved the details of the SSL certificate.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateResponse" - } - } - } + "204": { + "description": "Successfully deleted the NGINX instance." }, "401": { "description": "Access denied.", @@ -799,7 +878,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -819,38 +898,35 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - } - ], - "patch": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX certificate", + } + }, + "/instances/parse-nginx-config": { + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Update an SSL certificate", - "operationId": "updateCertificate", - "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", + "x-nginx-one-action": "parse", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate a crossplane representation of provided NGINX configuration.", + "description": "Returns a crossplane representation of provided NGINX config.", + "operationId": "parseNginxConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateUpdateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully updated the specified SSL certificate.", + "description": "Successfully parsed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/ParsedNginxConfig" } } } @@ -875,16 +951,6 @@ } } }, - "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -898,69 +964,35 @@ } } }, - "/certificates/{certificateObjectID}/deployments": { + "/instances/{instanceObjectID}/config-report": { + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "get": { "tags": [ - "Certificates" - ], - "summary": "List SSL certificate deployments", - "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldCertificateDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeploymentsDep" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeployments" - } + "Instances" ], - "operationId": "listCertificateDeployments", + "summary": "Retrieve an analysis report for an instance's configuration", + "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getInstanceConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificate deployments.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateDeploymentListResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -980,35 +1012,33 @@ } } } - } - }, - "/certificates/parse": { - "post": { - "x-nginx-one-action": "validate", - "x-nginx-one-entity": "NGINX certificate", + }, + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Parse and validate an SSL certificate", - "operationId": "parseCertificate", - "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided configuration", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", + "operationId": "analyzeInstanceConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully parsed and validated the SSL certificate.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } @@ -1033,6 +1063,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1044,18 +1084,16 @@ } } } - } - }, - "/config-report": { - "post": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX configuration", + }, + "patch": { "tags": [ - "Staged Configs" + "Instances" ], - "summary": "Generate an analysis report for the provided NGINX configuration", - "operationId": "analyzeNginxConfig", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided modified configuration", + "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", + "operationId": "analyzeInstanceConfigWithModify", "requestBody": { "required": true, "content": { @@ -1097,6 +1135,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1110,50 +1158,26 @@ } } }, - "/config-sync-groups": { + "/instances/{instanceObjectID}/config": { + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "get": { "tags": [ - "Config Sync Groups" - ], - "summary": "List all config sync groups", - "operationId": "listConfigSyncGroups", - "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroupsDep" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroups" - } + "Instances" ], + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details of deployed SSL/TLS certificates, private keys, WAF policies, and log profiles.\n* Unique identifiers\n", + "operationId": "getInstanceConfig", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX config sync groups.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupListResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -1168,6 +1192,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1180,32 +1214,42 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "config sync group", + "put": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Bulk operation on multiple config sync groups", - "operationId": "BulkConfigSyncGroups", - "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Publish a configuration to an instance", + "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component. \nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", + "operationId": "publishInstanceConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Batch request completed.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" + "$ref": "#/components/schemas/PublicationInstance" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -1220,6 +1264,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1232,58 +1286,38 @@ } } }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group", + "patch": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Create an NGINX config sync group", - "operationId": "createConfigSyncGroup", - "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Apply partial updates to an instance's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", + "operationId": "publishInstanceConfigWithModify", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Successfully created NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" - } - } - } - }, - "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "409": { - "description": "The NGINX config sync group can't be created because the name is already in use", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/PublicationInstance" } } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -1291,26 +1325,9 @@ } } } - } - } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config sync group", - "tags": [ - "Config Sync Groups" - ], - "summary": "Delete an NGINX config sync group", - "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", - "operationId": "deleteConfigSyncGroup", - "responses": { - "204": { - "description": "Successfully deleted the NGINX config sync group" }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1320,7 +1337,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1340,32 +1357,37 @@ } } } - }, + } + }, + "/instances/{instanceObjectID}/configs": { + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Retrieve an NGINX config sync group", - "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", - "operationId": "getConfigSyncGroup", + "summary": "Retrieves the stored NGINX configurations for an instance", + "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", + "operationId": "listInstanceConfigurations", "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX config sync group.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupDetails" - }, - "examples": { - "ConfigSyncGroupDetails": { - "$ref": "#/components/examples/ConfigSyncGroupDetails" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" } } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1375,7 +1397,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1395,24 +1417,27 @@ } } } - }, + } + }, + "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { "parameters": [ { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/config": { + ], "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Retrieve a config sync group's configuration details", - "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfig", + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", "content": { "application/json": { "schema": { @@ -1432,7 +1457,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1452,54 +1477,37 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], - "patch": { + } + }, + "/instances/{instanceObjectID}/publications": { + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Apply partial updates to config sync group's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", - "operationId": "patchConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve the publications for an instance", + "description": "Returns a list of all publications for a NGINX instance.", + "operationId": "listInstancePublications", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "type": "array", + "items": { + "$ref": "#/components/schemas/PublicationInstance" + } } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1508,28 +1516,8 @@ } } }, - "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -1539,59 +1527,37 @@ } } } - }, - "put": { + } + }, + "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Publish a configuration to NGINX config sync group", - "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", - "operationId": "publishConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve a publication for an NGINX instance.", + "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", + "operationId": "getInstancePublication", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/PublicationInstance" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1601,7 +1567,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1623,30 +1589,31 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config-report": { + "/features": { "get": { + "x-nodoc": true, "tags": [ - "Config Sync Groups" + "Feature Flags" ], - "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", - "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getConfigSyncGroupConfigReport", + "summary": "List all enabled feature flags", + "description": "Returns a list of all the enabled feature flags in the NGINX One console.", + "operationId": "getEnabledFeatureFlags", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", + "description": "Successfully retrieved the list of enabled feature flags.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "type": "array", + "items": { + "$ref": "#/components/schemas/FeatureFlagKey" + } } } } }, - "204": { - "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1666,48 +1633,35 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], - "patch": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + } + }, + "/config-sync-groups": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ "Config Sync Groups" ], - "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", - "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", - "operationId": "analyzeConfigSyncGroupConfigPatch", + "summary": "Create an NGINX config sync group", + "operationId": "createConfigSyncGroup", + "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully created NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" } } } @@ -1722,8 +1676,8 @@ } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "409": { + "description": "The NGINX config sync group can't be created because the name is already in use", "content": { "application/json": { "schema": { @@ -1744,38 +1698,55 @@ } } }, - "put": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + "get": { "tags": [ "Config Sync Groups" ], - "summary": "Generate an analysis report for the configuration of the NGINX config sync group", - "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", - "operationId": "analyzeConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "List all config sync groups", + "operationId": "listConfigSyncGroups", + "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroupsDep" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroups" } - }, + ], "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully retrieved the list of NGINX config sync groups.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/ConfigSyncGroupListResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1784,8 +1755,8 @@ } } }, - "401": { - "description": "Access denied", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -1793,9 +1764,41 @@ } } } + } + } + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "config sync group", + "tags": [ + "Config Sync Groups" + ], + "summary": "Bulk operation on multiple config sync groups", + "operationId": "BulkConfigSyncGroups", + "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" + } + } + } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1817,21 +1820,31 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { + "/config-sync-groups/{configSyncGroupObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve details the NGINX config sync group", - "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfigWithObjectID", + "summary": "Retrieve an NGINX config sync group", + "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", + "operationId": "getConfigSyncGroup", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", + "description": "Successfully retrieved the details of the NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/ConfigSyncGroupDetails" + }, + "examples": { + "ConfigSyncGroupDetails": { + "$ref": "#/components/examples/ConfigSyncGroupDetails" + } } } } @@ -1847,7 +1860,7 @@ } }, "404": { - "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1868,36 +1881,18 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" - } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/configs": { - "get": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ "Config Sync Groups" ], - "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", - "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", - "operationId": "listConfigSyncGroupConfigurations", + "summary": "Delete an NGINX config sync group", + "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", + "operationId": "deleteConfigSyncGroup", "responses": { - "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" - } - } - } - } + "204": { + "description": "Successfully deleted the NGINX config sync group" }, "401": { "description": "Access denied", @@ -1930,37 +1925,34 @@ } } } - }, + } + }, + "/config-sync-groups/{configSyncGroupObjectID}/config": { "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/publications": { + ], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve the publications for the NGINX config sync group", - "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "operationId": "listConfigSyncGroupPublications", + "summary": "Retrieve a config sync group's configuration details", + "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfig", "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } + "$ref": "#/components/schemas/NginxConfig" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1991,43 +1983,48 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { - "get": { + "put": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "description": "Returns a publication for a NGINX config sync group.", - "operationId": "getConfigSyncGroupPublication", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Publish a configuration to NGINX config sync group", + "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", + "operationId": "publishConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the publication for the specified NGINX config sync group.", + "description": "Successfully stored the configuration of the NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" + "$ref": "#/components/schemas/NginxConfig" } } } }, - "401": { - "description": "Access denied", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupPublication" } } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -2036,8 +2033,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "401": { + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2045,240 +2042,151 @@ } } } - } - } - }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" - } - ] - }, - "/control-planes": { - "get": { - "tags": [ - "Control Planes" - ], - "summary": "List control planes", - "operationId": "listControlPlanes", - "description": "Returns a paginated list of control planes.\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameControlPlanes" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldControlPlanes" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the list of control planes.", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneListResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } }, "patch": { - "x-feature-flag": "control-plane-bulk-delete", - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "Control Plane", "tags": [ - "Control Planes" + "Config Sync Groups" ], - "summary": "Bulk operation on multiple control planes", - "operationId": "BulkControlPlanes", - "description": "Performs bulk operation on one or more control planes, only delete is supported.\n\n**Important:** This operation processes each item independently within a single transaction.\nSuccessfully deleted items will persist even if subsequent items fail. The response \nincludes the outcome for each item, allowing you to identify which deletions succeeded \nand which failed.\n", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Apply partial updates to config sync group's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing config sync group metadata.\n", + "operationId": "patchConfigSyncGroupConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneBulkRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully stored the configuration of the NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneBulkResponse" + "$ref": "#/components/schemas/NginxConfig" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PublicationInstance" + } + } + } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/{controlPlaneObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "Control Plane", - "tags": [ - "Control Planes" - ], - "summary": "Delete a control plane", - "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", - "operationId": "deleteControlPlane", - "responses": { - "204": { - "description": "Successfully deleted the control plane" + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a control plane", - "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", - "operationId": "getControlPlane", - "responses": { - "200": { - "description": "Successfully retrieved the details of the control plane.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneDetails" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } - }, + } + }, + "/config-sync-groups/{configSyncGroupObjectID}/configs": { "parameters": [ { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ] - }, - "/control-planes/summary": { + ], "get": { "tags": [ - "Control Planes" + "Config Sync Groups" ], - "summary": "Retrieve a summary for all Control Planes.", - "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", - "operationId": "getControlPlaneSummary", + "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", + "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", + "operationId": "listConfigSyncGroupConfigurations", "responses": { "200": { - "description": "Successfully retrieved the summary of control planes.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneSummary" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/cves": { - "get": { - "tags": [ - "CVEs" - ], - "summary": "List of all CVEs affecting any instance or control plane", - "operationId": "listNginxCVEs", - "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEsDep" - }, - { - "$ref": "#/components/parameters/SortNameCVEs" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the list of CVEs.", + "description": "Access denied", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEListResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2300,32 +2208,35 @@ } } }, - "/cves/{nginxCVEID}": { + "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" + } + ], "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve NGINX CVE details", - "operationId": "GetNginxCVEDetails", - "description": "Retrieve CVE details\n", - "parameters": [ - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Config Sync Groups" ], + "summary": "Retrieve details the NGINX config sync group", + "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved NGINX CVE details.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxCVEDetailsResponse" + "$ref": "#/components/schemas/NginxConfig" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2335,7 +2246,7 @@ } }, "404": { - "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2357,50 +2268,35 @@ } } }, - "/cves/{nginxCVEID}/impacted_instances": { + "/config-sync-groups/{configSyncGroupObjectID}/publications": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve the instances impacted by a CVE", - "description": "Retrieves a list of the instances impacted by a security advisory.", - "operationId": "listCVEImpactedInstances", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstancesDep" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstances" - }, - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Config Sync Groups" ], + "summary": "Retrieve the publications for the NGINX config sync group", + "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "operationId": "listConfigSyncGroupPublications", "responses": { "200": { - "description": "Successfully retrieved the list of instances affected by the CVE.", + "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2410,7 +2306,7 @@ } }, "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2432,47 +2328,45 @@ } } }, - "/events": { + "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" + } + ], "get": { "tags": [ - "Events" - ], - "summary": "Retrieve system events.", - "description": "Retrieves a list of the system events.", - "operationId": "listEvents", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldEvents" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } + "Config Sync Groups" ], + "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "description": "Returns a publication for a NGINX config sync group.", + "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully retrieved the list of events.", + "description": "Successfully retrieved the publication for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/EventsListResponse" + "$ref": "#/components/schemas/ConfigSyncGroupPublication" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2494,42 +2388,35 @@ } } }, - "/events/{eventObjectID}": { + "/config-sync-groups/{configSyncGroupObjectID}/config-report": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ - "Events" - ], - "operationId": "getEvent", - "summary": "Retrieve specific event.", - "description": "Retrieve a specific event using the event object_id.", - "parameters": [ - { - "$ref": "#/components/parameters/EventParamObjectID" - } + "Config Sync Groups" ], + "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", + "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the details of the event.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." }, "404": { - "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2549,58 +2436,59 @@ } } } - } - }, - "/instances": { - "get": { + }, + "put": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "List all instances", - "operationId": "listInstances", - "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldInstances" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameInstancesDep" - }, - { - "$ref": "#/components/parameters/SortNameInstances" + "summary": "Generate an analysis report for the configuration of the NGINX config sync group", + "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", + "operationId": "analyzeConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of instances.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceListResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2622,47 +2510,37 @@ } }, "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX instance", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Bulk operation on multiple instances", - "operationId": "BulkInstances", - "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", + "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", + "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", + "operationId": "analyzeConfigSyncGroupConfigPatch", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", + "description": "Successfully analyzed the provided NGINX configuration", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -2670,31 +2548,9 @@ } } } - } - } - } - }, - "/instances/{instanceObjectID}": { - "delete": { - "tags": [ - "Instances" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX instance", - "summary": "Delete an instance", - "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", - "operationId": "deleteInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the NGINX instance." }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2704,7 +2560,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2724,26 +2580,52 @@ } } } - }, + } + }, + "/certificates": { "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an instance", - "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", - "operationId": "getInstance", + "summary": "List all SSL certificates", + "description": "Returns a paginated list showing metadata for every SSL certificate.\n", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificates" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificatesDep" + }, + { + "$ref": "#/components/parameters/SortNameCertificates" } ], + "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX instance.", + "description": "Successfully retrieved the list of SSL certificates.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceDetails" + "$ref": "#/components/schemas/CertificateListResponse" } } } @@ -2758,16 +2640,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -2779,29 +2651,39 @@ } } } - } - }, - "/instances/{instanceObjectID}/config": { - "get": { + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details of deployed SSL/TLS certificates, private keys, WAF policies, and log profiles.\n* Unique identifiers\n", - "operationId": "getInstanceConfig", + "summary": "Create an SSL certificate", + "operationId": "createCertificate", + "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance.", + "description": "Successfully created the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/CertificateResponse" } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -2810,8 +2692,8 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2832,63 +2714,38 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Apply partial updates to an instance's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", - "operationId": "publishInstanceConfigWithModify", + "summary": "Bulk operation on multiple managed certificates", + "operationId": "bulkCertificates", + "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateBulkRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "200": { + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CertificateBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2908,33 +2765,35 @@ } } } - }, - "put": { + } + }, + "/certificates/parse": { + "post": { + "x-nginx-one-action": "validate", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Publish a configuration to an instance", - "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component. \nAdditional details:\n * `conf_path` is optional. When provided, it must be an absolute path that references a file present in the provided configurations. When omitted, the system uses the conf_path from the existing instance metadata.\n", - "operationId": "publishInstanceConfig", + "summary": "Parse and validate an SSL certificate", + "operationId": "parseCertificate", + "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "200": { + "description": "Successfully parsed and validated the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -2959,16 +2818,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -2982,30 +2831,42 @@ } } }, - "/instances/{instanceObjectID}/config-report": { + "/certificates/{certificateObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + } + ], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an analysis report for an instance's configuration", - "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getInstanceConfigReport", + "summary": "Retrieve an SSL certificate", + "operationId": "getCertificate", + "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", + "description": "Successfully retrieved the details of the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } }, - "204": { - "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3026,37 +2887,32 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], "patch": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided modified configuration", - "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", - "operationId": "analyzeInstanceConfigWithModify", + "summary": "Update an SSL certificate", + "operationId": "updateCertificate", + "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully updated the specified SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -3082,7 +2938,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3103,36 +2959,34 @@ } } }, - "put": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided configuration", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", - "operationId": "analyzeInstanceConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Delete an SSL certificate", + "operationId": "deleteCertificate", + "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", + "parameters": [ + { + "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" } - }, + ], "responses": { - "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "202": { + "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/PublicationBulkResponse" } } } }, + "204": { + "description": "Successfully deleted the SSL certificate." + }, "400": { "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { @@ -3154,7 +3008,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3176,24 +3030,53 @@ } } }, - "/instances/{instanceObjectID}/configs": { + "/certificates/{certificateObjectID}/deployments": { "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieves the stored NGINX configurations for an instance", - "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", - "operationId": "listInstanceConfigurations", + "summary": "List SSL certificate deployments", + "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificateDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeploymentsDep" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeployments" + } + ], + "operationId": "listCertificateDeployments", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", + "description": "Successfully retrieved the list of SSL certificate deployments.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" - } + "$ref": "#/components/schemas/CertificateDeploymentListResponse" } } } @@ -3209,7 +3092,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3229,28 +3112,43 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ] + } }, - "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { + "/cves": { "get": { "tags": [ - "Instances" + "CVEs" + ], + "summary": "List of all CVEs affecting any instance or control plane", + "operationId": "listNginxCVEs", + "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEsDep" + }, + { + "$ref": "#/components/parameters/SortNameCVEs" + } ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", + "description": "Successfully retrieved the list of CVEs.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/CVEListResponse" } } } @@ -3265,16 +3163,6 @@ } } }, - "404": { - "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3286,39 +3174,28 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, - { - "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" - } - ] + } }, - "/instances/{instanceObjectID}/cves": { + "/cves/{nginxCVEID}": { "get": { "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve an instance's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", - "operationId": "listInstanceSecurityAdvisories", + "summary": "Retrieve NGINX CVE details", + "operationId": "GetNginxCVEDetails", + "description": "Retrieve CVE details\n", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", + "description": "Successfully retrieved NGINX CVE details.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } + "$ref": "#/components/schemas/NginxCVEDetailsResponse" } } } @@ -3334,7 +3211,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3356,29 +3233,44 @@ } } }, - "/instances/{instanceObjectID}/publications": { + "/cves/{nginxCVEID}/impacted_instances": { "get": { "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve the publications for an instance", - "description": "Returns a list of all publications for a NGINX instance.", - "operationId": "listInstancePublications", + "summary": "Retrieve the instances impacted by a CVE", + "description": "Retrieves a list of the instances impacted by a security advisory.", + "operationId": "listCVEImpactedInstances", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstancesDep" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstances" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", + "description": "Successfully retrieved the list of instances affected by the CVE.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PublicationInstance" - } + "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" } } } @@ -3393,6 +3285,16 @@ } } }, + "404": { + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3406,29 +3308,44 @@ } } }, - "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "/cves/{nginxCVEID}/control-planes": { "get": { "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve a publication for an NGINX instance.", - "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", - "operationId": "getInstancePublication", + "summary": "Retrieve the control planes impacted by a CVE", + "description": "Retrieves a list of the control planes impacted by a security advisory.", + "operationId": "listCVEImpactedControlPlanes", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/Paginated" }, { - "$ref": "#/components/parameters/PublicationParamObjectID" + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanesDep" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanes" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", + "description": "Successfully retrieved the list of control planes affected by the CVE.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CVEImpactedControlPlanesListResponse" } } } @@ -3444,49 +3361,7 @@ } }, "404": { - "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/instances/summary": { - "get": { - "tags": [ - "Instances" - ], - "summary": "Retrieve a summary for all instances", - "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", - "operationId": "listSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of NGINX instances.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceSummary" - } - } - } - }, - "401": { - "description": "Access denied.", + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", "content": { "application/json": { "schema": { @@ -3508,14 +3383,14 @@ } } }, - "/staged-configs": { + "/events": { "get": { "tags": [ - "Staged Configs" + "Events" ], - "summary": "List all staged configs", - "operationId": "listStagedConfigs", - "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", + "summary": "Retrieve system events.", + "description": "Retrieves a list of the system events.", + "operationId": "listEvents", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -3527,31 +3402,22 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldStagedConfigs" + "$ref": "#/components/parameters/FilterFieldEvents" }, { "$ref": "#/components/parameters/FilterOperands" }, { "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameStagedConfigsDep" - }, - { - "$ref": "#/components/parameters/SortNameStagedConfigs" } ], "responses": { "200": { - "description": "Successfully retrieved the list of NGINX staged configs.", + "description": "Successfully retrieved the list of events.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigListResponse" + "$ref": "#/components/schemas/EventsListResponse" } } } @@ -3577,33 +3443,28 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX staged configs", + } + }, + "/events/{eventObjectID}": { + "get": { "tags": [ - "Staged Configs" + "Events" ], - "summary": "Bulk operation on multiple staged configs", - "operationId": "bulkStagedConfigs", - "description": "Performs bulk operation on one or more staged configs, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigBulkRequest" - } - } + "operationId": "getEvent", + "summary": "Retrieve specific event.", + "description": "Retrieve a specific event using the event object_id.", + "parameters": [ + { + "$ref": "#/components/parameters/EventParamObjectID" } - }, + ], "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully retrieved the details of the event.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigBulkResponse" + "$ref": "#/components/schemas/Event" } } } @@ -3618,6 +3479,16 @@ } } }, + "404": { + "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3629,7 +3500,9 @@ } } } - }, + } + }, + "/staged-configs": { "post": { "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX staged configs", @@ -3691,34 +3564,39 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX staged config", + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX staged configs", "tags": [ "Staged Configs" ], - "summary": "Delete an NGINX staged config", - "description": "Delete a NGINX staged config from the NGINX One console.\n", - "operationId": "deleteStagedConfig", + "summary": "Bulk operation on multiple staged configs", + "operationId": "bulkStagedConfigs", + "description": "Performs bulk operation on one or more staged configs, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkRequest" + } + } + } + }, "responses": { - "204": { - "description": "Successfully deleted the NGINX staged configs" - }, - "401": { - "description": "Access denied", + "200": { + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/StagedConfigBulkResponse" } } } }, - "404": { - "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3743,9 +3621,85 @@ "tags": [ "Staged Configs" ], - "summary": "Retrieve an NGINX staged config meta", - "description": "Retrieve the meta details for an NGINX staged config.\n", - "operationId": "getStagedConfigMeta", + "summary": "List all staged configs", + "operationId": "listStagedConfigs", + "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldStagedConfigs" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameStagedConfigsDep" + }, + { + "$ref": "#/components/parameters/SortNameStagedConfigs" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of NGINX staged configs.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/staged-configs/{stagedConfigObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], + "get": { + "tags": [ + "Staged Configs" + ], + "summary": "Retrieve an NGINX staged config meta", + "description": "Retrieve the meta details for an NGINX staged config.\n", + "operationId": "getStagedConfigMeta", "responses": { "200": { "description": "Successfully retrieved the details of the NGINX staged config meta.", @@ -3789,13 +3743,58 @@ } } }, + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX staged config", + "tags": [ + "Staged Configs" + ], + "summary": "Delete an NGINX staged config", + "description": "Delete a NGINX staged config from the NGINX One console.\n", + "operationId": "deleteStagedConfig", + "responses": { + "204": { + "description": "Successfully deleted the NGINX staged configs" + }, + "401": { + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/staged-configs/{stagedConfigObjectID}/config": { "parameters": [ { "$ref": "#/components/parameters/StagedConfigParamObjectID" } - ] - }, - "/staged-configs/{stagedConfigObjectID}/config": { + ], "get": { "tags": [ "Staged Configs" @@ -3846,33 +3845,28 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], - "patch": { + "put": { "tags": [ "Staged Configs" ], - "x-nginx-one-action": "update", + "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX staged config", - "summary": "Apply partial updates to staged config", - "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", - "operationId": "patchStagedConfig", + "summary": "Replace existing state", + "description": "Completely replaces existing staged config with payload of new request. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", + "operationId": "replaceStagedConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigChangeRequest" + "$ref": "#/components/schemas/StagedConfigUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully stored the NGINX staged configuration.", + "description": "Successfully updated the NGINX configuration.", "content": { "application/json": { "schema": { @@ -3911,16 +3905,6 @@ } } }, - "409": { - "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3933,28 +3917,28 @@ } } }, - "put": { + "patch": { "tags": [ "Staged Configs" ], - "x-nginx-one-action": "create", + "x-nginx-one-action": "update", "x-nginx-one-entity": "NGINX staged config", - "summary": "Replace existing state", - "description": "Completely replaces existing staged config with payload of new request. Additional details:\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", - "operationId": "replaceStagedConfig", + "summary": "Apply partial updates to staged config", + "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n * `conf_path` is optional. When omitted, the system auto-detects the conf_path from the configs by finding the file with an `events {}` block.\n", + "operationId": "patchStagedConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigUpdateRequest" + "$ref": "#/components/schemas/StagedConfigChangeRequest" } } } }, "responses": { "200": { - "description": "Successfully updated the NGINX configuration.", + "description": "Successfully stored the NGINX staged configuration.", "content": { "application/json": { "schema": { @@ -3993,6 +3977,16 @@ } } }, + "409": { + "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -4007,6 +4001,11 @@ } }, "/staged-configs/{stagedConfigObjectID}/config-report": { + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], "get": { "tags": [ "Staged Configs" @@ -4050,11 +4049,6 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], "patch": { "x-nginx-one-action": "analyze", "x-nginx-one-entity": "NGINX staged configuration", @@ -4273,43 +4267,33 @@ } } }, - "/monitor/metrics_query_topx": { + "/config-report": { "post": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX configuration", "tags": [ - "Metrics" + "Staged Configs" ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "summary": "Generate an analysis report for the provided NGINX configuration", + "operationId": "analyzeNginxConfig", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.request.count" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully retrieved system metrics.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "$ref": "#/components/schemas/NginxConfigReports" } } } @@ -4324,8 +4308,8 @@ } } }, - "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4347,83 +4331,20 @@ } } }, - "/settings/instance-cleanup": { + "/control-planes": { "get": { "tags": [ - "Settings" + "Control Planes" ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", - "responses": { - "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } + "summary": "List control planes", + "operationId": "listControlPlanes", + "description": "Returns a paginated list of control planes.\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", - "tags": [ - "Settings" - ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/log-profiles": { - "get": { - "tags": [ - "WAF Log Profiles" - ], - "summary": "List WAF log profiles", - "description": "Returns a list of WAF log profiles.", - "operationId": "listWafLogProfiles", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" + { + "$ref": "#/components/parameters/Limit" }, { "$ref": "#/components/parameters/Offset" @@ -4432,10 +4353,7 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapLogProfilesDep" - }, - { - "$ref": "#/components/parameters/SortNameNapLogProfiles" + "$ref": "#/components/parameters/SortNameControlPlanes" }, { "$ref": "#/components/parameters/FilterOperands" @@ -4444,126 +4362,179 @@ "$ref": "#/components/parameters/FilterValues" }, { - "$ref": "#/components/parameters/FilterFieldNapLogProfile" + "$ref": "#/components/parameters/FilterFieldControlPlanes" } ], "responses": { "200": { - "description": "Successfully returned WAF log profiles.", + "description": "Successfully retrieved the list of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileListResponse" + "$ref": "#/components/schemas/ControlPlaneListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } }, - "post": { + "patch": { + "x-feature-flag": "control-plane-bulk-delete", + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "Control Plane", "tags": [ - "WAF Log Profiles" + "Control Planes" ], - "summary": "Create WAF log profile", - "description": "Creates a WAF log profile.", - "operationId": "createWafLogProfile", + "summary": "Bulk operation on multiple control planes", + "operationId": "BulkControlPlanes", + "description": "Performs bulk operation on one or more control planes, only delete is supported.\n\n**Important:** This operation processes each item independently within a single transaction.\nSuccessfully deleted items will persist even if subsequent items fail. The response \nincludes the outcome for each item, allowing you to identify which deletions succeeded \nand which failed.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileCreateRequest" + "$ref": "#/components/schemas/ControlPlaneBulkRequest" } } } }, "responses": { - "201": { - "description": "Successfully created WAF log profile.", + "200": { + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "$ref": "#/components/schemas/ControlPlaneBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/summary": { + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a summary for all Control Planes.", + "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", + "operationId": "getControlPlaneSummary", + "responses": { + "200": { + "description": "Successfully retrieved the summary of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneSummary" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/{controlPlaneObjectID}": { + "parameters": [ + { + "$ref": "#/components/parameters/ControlPlaneParamObjectID" + } + ], + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a control plane", + "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", + "operationId": "getControlPlane", + "responses": { + "200": { + "description": "Successfully retrieved the details of the control plane.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneDetails" } } } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "Control Plane", + "tags": [ + "Control Planes" + ], + "summary": "Delete a control plane", + "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", + "operationId": "deleteControlPlane", + "responses": { + "204": { + "description": "Successfully deleted the control plane" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/log-profiles/{nap_log_profile_object_id}": { - "delete": { + "/control-planes/{controlPlaneObjectID}/cves": { + "get": { "tags": [ - "WAF Log Profiles" + "Control Planes" ], - "summary": "Delete WAF log profile", - "description": "Deletes a WAF log profile.", - "operationId": "deleteWafLogProfile", + "summary": "Retrieve a control plane's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX control plane.", + "operationId": "listControlPlaneSecurityAdvisories", "parameters": [ { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "$ref": "#/components/parameters/ControlPlaneParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted WAF log profile." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } @@ -4579,7 +4550,7 @@ } }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX control plane with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4599,26 +4570,49 @@ } } } - }, - "get": { + } + }, + "/monitor/metrics_query": { + "post": { "tags": [ - "WAF Log Profiles" + "Metrics" ], - "summary": "Get WAF log profile details", - "description": "Returns WAF log profile details.", - "operationId": "getWafLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" + "summary": "Retrieve system metrics for instances", + "operationId": "queryMetricsInput", + "description": "Returns (up to 10,000) system metrics for NGINX instances based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "5m", + "metrics": [ + { + "name": "nginx.http.request.count", + "aggregate": "sum" + } + ], + "order_by": [ + { + "direction": "asc", + "dimension": "instance_object_id" + } + ] + } + } } - ], + }, "responses": { "200": { - "description": "Successfully returned WAF log profile details.", + "description": "Successfully retrieved system metrics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileObjectDetails" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } @@ -4633,18 +4627,8 @@ } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4664,36 +4648,45 @@ } } } - }, - "put": { + } + }, + "/monitor/metrics_query_topx": { + "post": { "tags": [ - "WAF Log Profiles" - ], - "summary": "Update WAF log profile details", - "description": "Updates WAF log profile details.", - "operationId": "updateWafLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - } + "Metrics" ], + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", "requestBody": { - "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileUpdateRequest" + "$ref": "#/components/schemas/MetricTopXQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "1m", + "metrics": [ + { + "aggregate": "sum", + "name": "nginx.http.request.count" + } + ], + "series_limit": 1, + "group_series_by": "instance_object_id" } } } }, "responses": { "200": { - "description": "Successfully updated WAF log profile details.", + "description": "Successfully retrieved system metrics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } @@ -4708,18 +4701,8 @@ } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4741,70 +4724,65 @@ } } }, - "/app-protect/log-profiles/{nap_log_profile_object_id}/compile": { - "get": { - "x-feature-flag": "log-profile-deployment", + "/monitor/dimensions_query": { + "x-feature-flag": "observability-zones-support", + "post": { "tags": [ - "WAF Log Profiles" - ], - "summary": "Compile WAF log profile", - "description": "Compiles a WAF log profile and returns the request status or compiled bundle.", - "operationId": "compileWafLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapCompileNapRelease" - }, - { - "$ref": "#/components/parameters/NapCompileDownload" - }, - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - } + "Metrics" ], - "responses": { - "200": { - "description": "WAF log profile compiled successfully, when `download` is `true`.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapCompileStatus" - } + "summary": "Retrieve dimensions values.", + "operationId": "queryDimensionsInput", + "description": "Returns dimensions values for NGINX entities based on query parameters.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DimensionsQueryRequest" }, - "application/gzip": { - "schema": { - "type": "string", - "format": "binary", - "example": "log_all.tar.gz" - } + "example": { + "start_time": "now-1h", + "end_time": "now", + "dimensions": [ + "server_zone" + ], + "filter": [ + { + "filterSet": [ + { + "dimension": "instance_object_id", + "operator": "=", + "values": [ + "instance-obj-1" + ] + } + ] + } + ] } } - }, - "202": { - "description": "Accepted the WAF log profile compile request.", + } + }, + "responses": { + "200": { + "description": "Successfully retrieved dimension values.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" + "$ref": "#/components/schemas/DimensionsQueryResultEx" } } } }, "400": { - "description": "WAF log profile compilation failed, when `download` is `true`.", + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapCompileStatus" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -4818,148 +4796,171 @@ } } }, - "/app-protect/log-profiles/{nap_log_profile_object_id}/deployments": { + "/settings/instance-cleanup": { "get": { - "x-feature-flag": "log-profile-deployment", "tags": [ - "WAF Log Profiles" - ], - "summary": "List WAF log profile deployments", - "description": "Returns a list of WAF log profile deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Deployment status\n", - "operationId": "listWafLogProfileDeployments", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapLogProfileDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapLogProfileDeployment" - } + "Settings" ], + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", "responses": { "200": { - "description": "Successfully returned WAF log profile deployments.", + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapLogProfileDeploymentsListResponse" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } + "$ref": "#/components/responses/InvalidRequest" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + "tags": [ + "Settings" + ], + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } - }, - "401": { - "description": "Access denied.", + } + }, + "responses": { + "200": { + "description": "Successfully updated settings for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, - "404": { - "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/settings/acme": { + "get": { + "x-feature-flag": "acme-cert", + "x-nodoc": true, + "tags": [ + "Settings" + ], + "summary": "Retrieve settings", + "description": "Retrieves settings for ACME Integration to provision SSL certificates\n", + "operationId": "getSettingACME", + "responses": { + "200": { + "description": "Successfully retrieved the setting for ACME integration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/SettingsACMEIntegration" } } } }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "x-nodoc": true, + "x-feature-flag": "acme-cert", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX ACME Integrations Setting", + "tags": [ + "Settings" + ], + "summary": "Update settings", + "description": "Update settings for ACME Integration to provision SSL certificates\n", + "operationId": "updateSettingACME", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsACMEIntegration" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated settings for ACME integration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/SettingsACMEIntegration" } } } - } - } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } } }, - "/app-protect/policies": { - "get": { + "/nginx-usage": { + "post": { "tags": [ - "NGINX App Protect" + "Usage" ], - "summary": "List NGINX App Protect policies", - "description": "Returns a list of NGINX App Protect policies along with deployment details.", - "operationId": "listNapPolicies", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPoliciesDep" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicies" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, + "x-feature-flag": "entitlement", + "summary": "Use http POST on this API to register NGINX instances", + "description": "Creates a usage entry from NGINX instance", + "operationId": "postUsageTracking", + "security": [ { - "$ref": "#/components/parameters/FilterFieldNapPolicy" + "BearerAuth": [] } ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policies.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyListResponse" + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxUsageTrackingRequest" + }, + "examples": { + "nginxUsageTrackingRequest": { + "$ref": "#/components/examples/NginxUsageTrackingRequest" } } } + } + }, + "responses": { + "204": { + "description": "Successfully created the usage entry." }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Missing or bad data in request.", "content": { "application/json": { "schema": { @@ -4989,33 +4990,54 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX App Protect Policies", + } + }, + "/nginx-usage/batch": { + "post": { "tags": [ - "NGINX App Protect" + "Usage" + ], + "x-feature-flag": "entitlement-batch", + "summary": "Use http POST on this API to send usage information in batch", + "description": "Creates a usage entry from NGINX instance", + "operationId": "postUsageTrackingBatch", + "security": [ + { + "BearerAuth": [] + } ], - "summary": "Bulk operation on multiple Nap policy", - "operationId": "bulkNAPPolicy", - "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyBulkRequest" + "$ref": "#/components/schemas/NginxUsageTrackingBatchRequest" + }, + "examples": { + "nginxUsageTrackingBatchRequest": { + "$ref": "#/components/examples/NginxUsageTrackingBatchRequest" + } + } + }, + "application/gzip": { + "schema": { + "type": "string", + "format": "binary", + "description": "Compressed JSON array of usage tracking requests" } } } }, "responses": { - "200": { - "description": "Batch request completed.", + "204": { + "description": "Successfully process batch of usage entries." + }, + "400": { + "description": "Missing or bad data in request.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapBulkResponse" + "$ref": "#/components/schemas/Error" } } } @@ -5041,91 +5063,53 @@ } } } - }, + } + }, + "/chatbot/message": { "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX App Protect Policies", + "x-nginx-one-action": "query", + "x-nginx-one-entity": "NGINX One AI Assistant", + "x-nodoc": true, "tags": [ - "NGINX App Protect" + "Chatbot" ], - "summary": "Create NGINX App Protect policy", - "description": "Creates NGINX App Protect policy.", - "operationId": "createNapPolicy", + "summary": "Send a prompt to the AI Gateway", + "description": "This endpoint sends a prompt as a specified persona to the AI Gateway.", + "operationId": "sendChatbotMessage", "requestBody": { + "description": "The request body contains the message you want to send to the chatbot", "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicy" + "$ref": "#/components/schemas/ChatbotRequest" + }, + "examples": { + "ChatbotRequest": { + "$ref": "#/components/examples/ChatbotRequest" + } } } } }, "responses": { - "201": { - "description": "Successfully created NGINX App Protect policy.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "200": { + "description": "The message was sent successfully.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ChatbotResponse" + }, + "examples": { + "ChatbotResponse": { + "$ref": "#/components/examples/ChatbotResponse" + } } } } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}": { - "delete": { - "tags": [ - "NGINX App Protect" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Delete NGINX App Protect policy", - "description": "Deletes NGINX App Protect policy.", - "operationId": "deleteNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect policy." }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "The request is missing data or contains bad data.", "content": { "application/json": { "schema": { @@ -5135,7 +5119,7 @@ } }, "401": { - "description": "Access denied.", + "description": "Access is denied.", "content": { "application/json": { "schema": { @@ -5144,8 +5128,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "422": { + "description": "Prompt cannot be answered due to a policy violation.", "content": { "application/json": { "schema": { @@ -5155,7 +5139,7 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "description": "A server error occurred. Please try again later.", "content": { "application/json": { "schema": { @@ -5165,32 +5149,42 @@ } } } - }, - "get": { + } + }, + "/chatbot/feedback": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX One AI Assistant", + "x-nodoc": true, "tags": [ - "NGINX App Protect" - ], - "summary": "Get NGINX App Protect policy details", - "description": "Returns NGINX App Protect policy summary.", - "operationId": "getNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } + "Chatbot" ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policy details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyObject" + "summary": "Record feedback for a specific response from the AI Assistant", + "description": "This endpoint records feedback for a specific response from the AI Assistant which is then stored in an s3 bucket", + "operationId": "saveChatbotFeedback", + "requestBody": { + "description": "The request body contains the feedback for a specific response from the AI Assistant", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ChatbotFeedback" + }, + "examples": { + "ChatbotRequest": { + "$ref": "#/components/examples/ChatbotFeedback" } } } + } + }, + "responses": { + "200": { + "description": "The feedback was sent successfully.", + "content": {} }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "The request is missing data or contains bad data.", "content": { "application/json": { "schema": { @@ -5200,17 +5194,7 @@ } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "Access is denied.", "content": { "application/json": { "schema": { @@ -5220,7 +5204,7 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "description": "A server error occurred. Please try again later.", "content": { "application/json": { "schema": { @@ -5230,38 +5214,59 @@ } } } - }, - "put": { + } + }, + "/inventory": { + "post": { + "x-feature-flag": "inventory", "tags": [ - "NGINX App Protect" - ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Update NGINX App Protect policy details", - "description": "Update NGINX App Protect policy details.", - "operationId": "updateNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } + "Inventory" ], + "summary": "NGINX Plus: Retrieve tenant usage information", + "operationId": "getInventory", + "description": "Based on query parameters.\n\nYou can filter and aggregate metrics by name and `start_time` through `end_time`.\n", "requestBody": { - "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicy" + "$ref": "#/components/schemas/InventoryMetricQueryRequest" + }, + "example": { + "start_time": "now-1d", + "end_time": "now", + "metrics": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count", + "sum", + "avg", + "min", + "max" + ] + }, + { + "name": "k8s.cluster.nodes", + "aggregate": [ + "count", + "sum", + "avg", + "min", + "max" + ] + } + ] } } } }, "responses": { - "201": { - "description": "Successfully created an NGINX App Protect policy version.", + "200": { + "description": "Successfully retrieved tenant usage information.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" + "$ref": "#/components/schemas/InventoryResponse" } } } @@ -5276,28 +5281,8 @@ } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -5309,18 +5294,15 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}/deployments": { + "/app-protect/signatures": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "List NGINX App Protect deployments", - "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", - "operationId": "listNapPolicyDeployments", + "summary": "List Signatures", + "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", + "operationId": "listSignatures", "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, { "$ref": "#/components/parameters/Paginated" }, @@ -5334,10 +5316,7 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapPolicyDeploymentsDep" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyDeployments" + "$ref": "#/components/parameters/SortNameNapSignatures" }, { "$ref": "#/components/parameters/FilterOperands" @@ -5346,132 +5325,71 @@ "$ref": "#/components/parameters/FilterValues" }, { - "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" + "$ref": "#/components/parameters/FilterFieldNapSignatures" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect deployments.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully returned list of signatures.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapSignatureListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/version": { + "/app-protect/signatures/{signatureID}": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "Get the latest NGINX App Protect policy version details", - "description": "Returns the latest NGINX App Protect policy version details.", - "operationId": "getLatestNapPolicyVersion", + "summary": "Retrieve a NGINX App Protect signature.", + "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" + "$ref": "#/components/parameters/NapSignatureID" } ], + "operationId": "getSignature", "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy version details.", + "description": "Successfully returned the specified signature.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" + "$ref": "#/components/schemas/NapSignature" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/versions": { + "/app-protect/signature-sets": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "List NGINX App Protect policy versions", - "description": "Returns NGINX App Protect policy versions.", - "operationId": "listNapPolicyVersions", + "summary": "List NGINX App Protect signature sets", + "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", + "operationId": "listSignatureSets", "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, { "$ref": "#/components/parameters/Paginated" }, @@ -5485,10 +5403,7 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameNapPolicyVersionsDep" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyVersions" + "$ref": "#/components/parameters/SortNameNapSignatureSets" }, { "$ref": "#/components/parameters/FilterOperands" @@ -5497,97 +5412,119 @@ "$ref": "#/components/parameters/FilterValues" }, { - "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + "$ref": "#/components/parameters/FilterFieldNapSignatureSets" } ], "responses": { "200": { - "description": "Successfully returned the NGINX App Protect policy versions.", + "description": "Successfully returned signature sets.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + "$ref": "#/components/schemas/NapSignatureSetListResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature set", + "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", + "operationId": "getSignatureSet", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned Signature Sets.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapSignatureSet" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/Unauthorized" }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect signatures in the specified signature set.", + "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", + "operationId": "listSignatureSetSignatures", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned signatures for signature set.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureMeta" + } } } } }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policy Version", + "/app-protect/threat-campaign/versions": { + "get": { "tags": [ "NGINX App Protect" ], - "summary": "Delete NGINX App Protect policy version", - "description": "Deletes the NGINX App Protect policy version.", - "operationId": "deleteNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" - } - ], + "summary": "List Threat Campaign versions", + "description": "Returns Threat Campaign versions.", + "operationId": "listThreatCampaignVersions", "responses": { - "204": { - "description": "Successfully deleted the NGINX App Protect policy version." - }, - "401": { - "description": "Access denied.", + "200": { + "description": "Successfully returned Threat Campaign versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ThreatCampaignVersionsListResponse" } } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5607,29 +5544,23 @@ } } } - }, + } + }, + "/app-protect/attack-signature/versions": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "Get the specified NGINX App Protect policy version details", - "description": "Returns the specified NGINX App Protect policy version details.", - "operationId": "getNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" - } - ], + "summary": "List Attack Signature versions", + "description": "Returns Attack Signature versions.", + "operationId": "listAttackSignatureVersions", "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy version details.", + "description": "Successfully returned Attack Signature versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" + "$ref": "#/components/schemas/AttackSignatureVersionsListResponse" } } } @@ -5644,16 +5575,6 @@ } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -5667,224 +5588,98 @@ } } }, - "/app-protect/signature-sets": { + "/app-protect/bot-signature/versions": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "List NGINX App Protect signature sets", - "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", - "operationId": "listSignatureSets", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatureSets" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatureSets" - } - ], + "summary": "List Bot Signature versions", + "description": "Returns Bot Signature versions.", + "operationId": "listBotSignatureVersions", "responses": { "200": { - "description": "Successfully returned signature sets.", + "description": "Successfully returned Bot Signature versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureSetListResponse" + "$ref": "#/components/schemas/BotSignatureVersionsListResponse" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Retrieve a NGINX App Protect signature set", - "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", - "operationId": "getSignatureSet", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureSetObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned Signature Sets.", + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureSet" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect signatures in the specified signature set.", - "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", - "operationId": "listSignatureSetSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureSetObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned signatures for signature set.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureMeta" - } + "$ref": "#/components/schemas/Error" } } } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/signatures": { + "/app-protect/versions": { "get": { "tags": [ "NGINX App Protect" ], - "summary": "List Signatures", - "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", - "operationId": "listSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatures" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatures" - } - ], + "summary": "List supported NGINX App Protect versions", + "description": "Returns supported NGINX App Protect versions details for releases.", + "operationId": "listNapVersions", "responses": { "200": { - "description": "Successfully returned list of signatures.", + "description": "Successfully returned NGINX App Protect versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignatureListResponse" + "$ref": "#/components/schemas/NapVersionsListResponse" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signatures/{signatureID}": { - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Retrieve a NGINX App Protect signature.", - "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureID" - } - ], - "operationId": "getSignature", - "responses": { - "200": { - "description": "Successfully returned the specified signature.", + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } } }, - "/templates": { + "/app-protect/policies": { "get": { "tags": [ - "Templates" + "NGINX App Protect" ], - "summary": "List Templates", - "description": "Retrieves a list of templates.\n", - "operationId": "listTemplates", + "summary": "List NGINX App Protect policies", + "description": "Returns a list of NGINX App Protect policies along with deployment details.", + "operationId": "listNapPolicies", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -5899,59 +5694,34 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameTemplates" + "$ref": "#/components/parameters/SortNameNapPoliciesDep" }, { - "$ref": "#/components/parameters/FilterFieldTemplates" + "$ref": "#/components/parameters/SortNameNapPolicies" }, { "$ref": "#/components/parameters/FilterOperands" }, { "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicy" } ], "responses": { "200": { - "description": "Successfully returned list of templates.", + "description": "Successfully returned NGINX App Protect policies.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplatesListResponse" + "$ref": "#/components/schemas/NapPolicyListResponse" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/templates/{templateObjectID}": { - "delete": { - "tags": [ - "Templates" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Delete a Template", - "description": "Deletes an NGINX configuration template by its unique identifier.\n", - "operationId": "deleteTemplate", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the template." - }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -5960,8 +5730,8 @@ } } }, - "404": { - "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5982,181 +5752,244 @@ } } }, - "get": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ - "Templates" + "NGINX App Protect" ], - "summary": "Retrieve a Template", - "description": "Retrieves detailed information about a latest template version by its unique identifier.\n", - "parameters": [ - { - "$ref": "#/components/parameters/TemplateParamObjectID" + "summary": "Create NGINX App Protect policy", + "description": "Creates NGINX App Protect policy.", + "operationId": "createNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } } - ], - "operationId": "getTemplate", + }, "responses": { - "200": { - "description": "Successfully returned details of the specified template.", + "201": { + "description": "Successfully created NGINX App Protect policy.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateDetailsResponse" + "$ref": "#/components/schemas/NapPolicyMetadata" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, - "404": { - "$ref": "#/components/responses/NotFound" + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } - } - }, - "/templates/{templateObjectID}/copy": {}, - "/templates/{templateObjectID}/submissions": {}, - "/templates/{templateObjectID}/versions": {}, - "/templates/{templateObjectID}/versions/{templateVersionObjectID}": {}, - "/templates/{templateVersionObjectID}/config": {}, - "/templates/import": { - "post": { + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ - "Templates" + "NGINX App Protect" ], - "x-nginx-one-action": "import", - "x-nginx-one-entity": "NGINX config templates", - "summary": "Import a Template\n", - "description": "Imports a new template from a `.tar.gz` archive.\n\nUpon successful validation, the template will be created and made available for use.\n\n**Size limits:**\n- Maximum compressed archive size: 1 MB\n- Maximum uncompressed file size (per file): 5 MB\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", - "operationId": "importTemplate", + "summary": "Bulk operation on multiple Nap policy", + "operationId": "bulkNAPPolicy", + "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", "requestBody": { "required": true, "content": { - "multipart/form-data": { + "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateImportRequest" - }, - "encoding": { - "file": { - "contentType": "application/gzip, application/x-gzip" + "$ref": "#/components/schemas/NapPolicyBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapBulkResponse" } - }, - "examples": { - "TemplateBaseExample": { - "$ref": "#/components/examples/TemplateBaseSummary" - }, - "TemplateAugmentExample": { - "$ref": "#/components/examples/TemplateAugmentSummary" + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } } - }, + } + } + }, + "/app-protect/policies/{nap_policy_object_id}": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect policy details", + "description": "Returns NGINX App Protect policy summary.", + "operationId": "getNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], "responses": { - "201": { - "description": "Successfully imported and created the template.\n", + "200": { + "description": "Successfully returned NGINX App Protect policy details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateSummary" + "$ref": "#/components/schemas/NapPolicyObject" } } } }, "400": { - "$ref": "#/components/responses/InvalidRequest" + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } - } - }, - "/templates/submissions": { - "post": { + }, + "put": { "tags": [ - "Templates" + "NGINX App Protect" ], - "summary": "Submit templates for previewing NGINX configuration.", - "description": "Submits a set of templates for rendering NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `true`, the API validates template parameters and renders the full NGINX configuration for preview **without creating a template submission object**. (**Currently, only this mode is supported.**)\n - When `preview_only` is `false` or omitted, the API is intended to render and create a submission. \n - If no target object ID is provided, a new staged config will be created.\n", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Update NGINX App Protect policy details", + "description": "Update NGINX App Protect policy details.", + "operationId": "updateNapPolicy", "parameters": [ { - "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" + "$ref": "#/components/parameters/NapPolicyParamObjectID" } ], - "operationId": "submitTemplates", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateSubmissionRequest" - }, - "examples": { - "SubmissionWithPreviewOnly": { - "$ref": "#/components/examples/SubmissionWithPreviewOnly" - }, - "SubmissionForCreateNewStagedConfig": { - "$ref": "#/components/examples/SubmissionForCreateNewStagedConfig" - }, - "SubmissionForUpdateExistingStagedConfigTarget": { - "$ref": "#/components/examples/SubmissionForUpdateExistingStagedConfigTarget" - } + "$ref": "#/components/schemas/NapPolicy" } } } }, "responses": { - "200": { - "description": "Returned only when the `preview_only` flag is set to `true`.\nResponds with the rendered NGINX configuration that can be used for preview or to create/replace a staged configuration manually.\n", + "201": { + "description": "Successfully created an NGINX App Protect policy version.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PreviewNginxConfig" + "$ref": "#/components/schemas/NapPolicyMetadata" } } } }, - "202": { - "description": "The template submission has been accepted and is being processed.\nPublication status(es) can be retrieved by querying the appropriate publications endpoint for the target object.\n", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemplateSubmissionResponse" - }, - "examples": { - "staged_config_outcome": { - "summary": "Example successful response for a target submission that creates a staged config", - "value": { - "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", - "target_results": [ - { - "staged_config_status": { - "status": "succeeded" - }, - "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" - } - ] - } - } + "$ref": "#/components/schemas/Error" } } } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, - "409": { - "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -6166,18 +5999,2958 @@ } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } - } - }, - "/app-protect/analytics/attacks": { - "post": { + }, + "delete": { "tags": [ - "NGINX One App Protect" + "NGINX App Protect" ], - "summary": "Query attack analytics", - "operationId": "queryAttackAnalytics", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Delete NGINX App Protect policy", + "description": "Deletes NGINX App Protect policy.", + "operationId": "deleteNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policy versions", + "description": "Returns NGINX App Protect policy versions.", + "operationId": "listNapPolicyVersions", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersionsDep" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + } + ], + "responses": { + "200": { + "description": "Successfully returned the NGINX App Protect policy versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/version": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get the latest NGINX App Protect policy version details", + "description": "Returns the latest NGINX App Protect policy version details.", + "operationId": "getLatestNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionDetails" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get the specified NGINX App Protect policy version details", + "description": "Returns the specified NGINX App Protect policy version details.", + "operationId": "getNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionDetails" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policy Version", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect policy version", + "description": "Deletes the NGINX App Protect policy version.", + "operationId": "deleteNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the NGINX App Protect policy version." + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}/compile": { + "get": { + "x-feature-flag": "nap-policy-version-download", + "tags": [ + "NGINX App Protect" + ], + "summary": "Compile WAF Policy Version", + "description": "Compiles a WAF policy version and returns the request status or compiled bundle.", + "operationId": "compileWafPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapCompileNapRelease" + }, + { + "$ref": "#/components/parameters/NapCompileDownload" + }, + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "200": { + "description": "WAF policy version compiled successfully, when `download` is `true`.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + }, + "application/gzip": { + "schema": { + "type": "string", + "format": "binary", + "example": "policy.tar.gz" + } + } + } + }, + "202": { + "description": "Accepted the WAF policy version compile request.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + }, + "400": { + "description": "WAF policy version compilation failed, when `download` is `true`.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/deployments": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect deployments", + "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", + "operationId": "listNapPolicyDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyDeploymentsDep" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles": { + "get": { + "tags": [ + "WAF Log Profiles" + ], + "summary": "List WAF log profiles", + "description": "Returns a list of WAF log profiles.", + "operationId": "listWafLogProfiles", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfilesDep" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfiles" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapLogProfile" + } + ], + "responses": { + "200": { + "description": "Successfully returned WAF log profiles.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "tags": [ + "WAF Log Profiles" + ], + "summary": "Create WAF log profile", + "description": "Creates a WAF log profile.", + "operationId": "createWafLogProfile", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileCreateRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created WAF log profile.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles/{nap_log_profile_object_id}": { + "get": { + "tags": [ + "WAF Log Profiles" + ], + "summary": "Get WAF log profile details", + "description": "Returns WAF log profile details.", + "operationId": "getWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned WAF log profile details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileObjectDetails" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "tags": [ + "WAF Log Profiles" + ], + "summary": "Update WAF log profile details", + "description": "Updates WAF log profile details.", + "operationId": "updateWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileUpdateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated WAF log profile details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "tags": [ + "WAF Log Profiles" + ], + "summary": "Delete WAF log profile", + "description": "Deletes a WAF log profile.", + "operationId": "deleteWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted WAF log profile." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles/{nap_log_profile_object_id}/deployments": { + "get": { + "x-feature-flag": "log-profile-deployment", + "tags": [ + "WAF Log Profiles" + ], + "summary": "List WAF log profile deployments", + "description": "Returns a list of WAF log profile deployments, providing details such as:\n * Target of the deployment, either an instance or CSG\n * Time of deployment\n * Deployment status\n", + "operationId": "listWafLogProfileDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfileDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapLogProfileDeployment" + } + ], + "responses": { + "200": { + "description": "Successfully returned WAF log profile deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileDeploymentsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The WAF log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles/{nap_log_profile_object_id}/compile": { + "get": { + "x-feature-flag": "log-profile-deployment", + "tags": [ + "WAF Log Profiles" + ], + "summary": "Compile WAF log profile", + "description": "Compiles a WAF log profile and returns the request status or compiled bundle.", + "operationId": "compileWafLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapCompileNapRelease" + }, + { + "$ref": "#/components/parameters/NapCompileDownload" + }, + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "200": { + "description": "WAF log profile compiled successfully, when `download` is `true`.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + }, + "application/gzip": { + "schema": { + "type": "string", + "format": "binary", + "example": "log_all.tar.gz" + } + } + } + }, + "202": { + "description": "Accepted the WAF log profile compile request.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + }, + "400": { + "description": "WAF log profile compilation failed, when `download` is `true`.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/global-settings": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect global setting objects", + "description": "Returns NGINX App Protect global setting objects.", + "operationId": "listNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapGlobalSettingsDep" + }, + { + "$ref": "#/components/parameters/SortNameNapGlobalSettings" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapGlobalSetting" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect global settings.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect global setting object", + "description": "Creates NGINX App Protect global setting object.", + "operationId": "createNapGlobalSetting", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingCreateRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect global setting object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/global-settings/{nap_global_setting_object_id}": { + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect global setting details", + "description": "Returns the NGINX App Protect global setting details.", + "operationId": "getNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect global setting details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingGetResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect global setting details", + "description": "Update NGINX App Protect global setting details.", + "operationId": "updateNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingUpdateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated NGINX App Protect global setting details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect global setting object", + "description": "Deletes NGINX App Protect global setting object.", + "operationId": "deleteNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect global setting object." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/deployments": { + "get": { + "tags": [ + "Deployments" + ], + "summary": "List NAAS deployments", + "description": "Returns a list of NAAS deployments.", + "operationId": "listDeployments", + "responses": { + "200": { + "description": "Successfully returned the list of NAAS deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentListResponse" + }, + "examples": { + "DeploymentListResponse": { + "$ref": "#/components/examples/DeploymentListResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Deployments" + ], + "summary": "Create deployment", + "description": "Creates a new NAAS deployment.", + "operationId": "createDeployment", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentCreateRequest" + }, + "examples": { + "DeploymentCreateRequest": { + "$ref": "#/components/examples/DeploymentCreateRequest" + } + } + } + } + }, + "responses": { + "202": { + "description": "Successfully created the NAAS deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentCreateResponse": { + "$ref": "#/components/examples/DeploymentCreateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "403": { + "$ref": "#/components/responses/Forbidden" + }, + "409": { + "$ref": "#/components/responses/Conflict" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/deployments/{deployment_id}": { + "get": { + "tags": [ + "Deployments" + ], + "summary": "Get NAAS deployment", + "description": "Returns NAAS deployment details.", + "operationId": "getDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned the deployment details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentGetResponse": { + "$ref": "#/components/examples/DeploymentCreateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "patch": { + "tags": [ + "Deployments" + ], + "summary": "Update NAAS deployment", + "description": "Updates the specified NAAS deployment.", + "operationId": "updateDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentUpdateRequest" + }, + "examples": { + "DeploymentUpdateRequest": { + "$ref": "#/components/examples/DeploymentUpdateRequest" + } + } + } + } + }, + "responses": { + "202": { + "description": "Successfully updated the deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentUpdateResponse": { + "$ref": "#/components/examples/DeploymentUpdateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "403": { + "$ref": "#/components/responses/Forbidden" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "409": { + "$ref": "#/components/responses/Conflict" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "tags": [ + "Deployments" + ], + "summary": "Delete NAAS deployment", + "description": "Deletes the specified NAAS deployment.", + "operationId": "deleteDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "responses": { + "202": { + "description": "Successfully deleted the deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentDeleteResponse": { + "$ref": "#/components/examples/DeploymentDeleteResponse" + } + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/load-test/load-model": { + "post": { + "tags": [ + "Load Test" + ], + "summary": "Create a new load model", + "description": "Creates a new load model with specified parameters and begins pre-loading.", + "requestBody": { + "required": true, + "content": { + "text/plain": { + "schema": { + "type": "string", + "example": "numberOfInstances: 10\ntype: monitor\ncustomer: customer_1\n" + } + } + } + }, + "responses": { + "202": { + "description": "Load model created successfully and pre-loading started", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "loadModelUID": { + "type": "string", + "example": "644f78cf1e7342af967707d5" + } + } + } + } + } + }, + "400": { + "description": "Invalid input", + "$ref": "#/components/responses/InvalidRequest" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/configuration": { + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get load runner configuration and model details", + "description": "Returns details of the load model and configuration after creation.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Configuration details", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ModelConfigurationResponse" + }, + "examples": { + "ModelConfiguration": { + "$ref": "#/components/examples/ModelConfiguration" + } + } + } + } + }, + "404": { + "description": "Configuration not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/status": { + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get current status of a load test", + "description": "Returns the current status of a load test run (e.g., in-progress, not started, provisioning).", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Status details for a load test that's ready to run, is running, or has completed.", + "content": { + "application/json": { + "schema": { + "type": "string", + "example": "not started" + } + } + } + }, + "202": { + "description": "Status details for a load test that is currently being provisioned or failed to be provisioned.", + "content": { + "application/json": { + "schema": { + "type": "string", + "example": "provisioning" + } + } + } + }, + "404": { + "description": "Status not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/start": { + "get": { + "tags": [ + "Load Test" + ], + "summary": "Begins the run for a load model", + "description": "Starts a load test after data preloading is complete.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Operation successful" + }, + "404": { + "description": "Failed to start run", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/shutdown": { + "put": { + "tags": [ + "Load Test" + ], + "summary": "Initiate stop, shutdown, and cleanup", + "description": "Stops an ongoing load test and performs necessary cleanup operations.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Optional comment to associate with the shutdown." + } + }, + "required": [ + "comment" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Operation successful" + }, + "400": { + "description": "Invalid action or LoadModelUID", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/{loadModelUID}/summary": { + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get summary by LoadModelUID of a load test run", + "description": "Returns the summary of a load test run including metrics and results.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Load test summary", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "loadModelUID": { + "type": "string" + }, + "summaryDetails": { + "type": "object", + "example": { + "instancesChecked": 10, + "totalRequests": 10000, + "averageResponseTime": "200ms", + "successRate": "99.9%" + } + } + }, + "required": [ + "loadModelUID", + "summaryDetails" + ] + } + } + } + }, + "404": { + "description": "Load test not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/observability-metrics": { + "post": { + "tags": [ + "Load Test" + ], + "summary": "Store observability metrics for the current load test run", + "description": "Stores observability metrics generated during the test run (e.g., CPU, memory, network usage).", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObservabilityMetricsRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Metrics stored successfully" + }, + "400": { + "description": "Invalid input data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/templates/import": { + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "import", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Import a Template\n", + "description": "Imports a new template from a `.tar.gz` archive.\n\nUpon successful validation, the template will be created and made available for use.\n\n**Size limits:**\n- Maximum compressed archive size: 1 MB\n- Maximum uncompressed file size (per file): 5 MB\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", + "operationId": "importTemplate", + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "$ref": "#/components/schemas/TemplateImportRequest" + }, + "encoding": { + "file": { + "contentType": "application/gzip, application/x-gzip" + } + }, + "examples": { + "TemplateBaseExample": { + "$ref": "#/components/examples/TemplateBaseSummary" + }, + "TemplateAugmentExample": { + "$ref": "#/components/examples/TemplateAugmentSummary" + } + } + } + } + }, + "responses": { + "201": { + "description": "Successfully imported and created the template.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSummary" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates": { + "get": { + "tags": [ + "Templates" + ], + "summary": "List Templates", + "description": "Retrieves a list of templates.\n", + "operationId": "listTemplates", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameTemplates" + }, + { + "$ref": "#/components/parameters/FilterFieldTemplates" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of templates.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplatesListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Create a new Template\n", + "description": "Creates a new Template.\n\nUpon successful validation, the template will be created and made available for use.\n\nRefer to the [Template Authoring Guide](https://docs.nginx.com/nginx-one-console/nginx-configs/config-templates/) for best practices on writing Go-based NGINX templates.\n", + "operationId": "createTemplate", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateCreationRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created the template.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}": { + "get": { + "tags": [ + "Templates" + ], + "summary": "Retrieve a Template", + "description": "Retrieves detailed information about a latest template version by its unique identifier.\n", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "operationId": "getTemplate", + "responses": { + "200": { + "description": "Successfully returned details of the specified template.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update all metadata of an existing template.", + "description": "Updates all the metadata of an existing template.\n", + "operationId": "updateTemplateMetadata", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateMetadataUpdateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated the template metadata.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSummary" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "patch": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Updates metadata for an existing template.", + "description": "Partially updates the specified metadata of an existing template. Only fields provided in the request body will be updated; omitted fields will retain their existing values.\n", + "operationId": "patchTemplateMetadata", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateMetadataPatchRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully patched the template metadata.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSummary" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Delete a Template", + "description": "Deletes an NGINX configuration template by its unique identifier.\n", + "operationId": "deleteTemplate", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the template." + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/templates/{templateObjectID}/copy": { + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Copy a Template", + "description": "Creates a new template by copying the latest version of an existing template.\nThe new template starts at version 1 in draft state.\nFiles, type, and context configuration are copied from the source template.\n", + "operationId": "copyTemplate", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateCopyRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully copied the template.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateVersionObjectID}/config": { + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-entity": "NGINX config templates", + "summary": "Generates an NGINX configuration for an augment template.", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateVersionParamObjectID" + } + ], + "description": "Generates an NGINX configuration snippet for a single augment template using inputs validated against its template schema. \nThe snippet should be placed into an appropriate block in an existing NGINX configuration.\n\nAny `augment_includes` will be preserved as directives in the config output, for example: `augment_includes \"http\";`. \nThese directives can be used to determine available augment attachment points (and their labels) for powering dynamic, \ninteractive config construction experiences.\n", + "operationId": "getPartialConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSnippetRenderRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Responds with the rendered snippet of NGINX configuration.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSnippetRenderResponse" + }, + "example": { + "files": [ + { + "contents": "CnNlcnZlciAzNS45NS40MS40Mjo4MDgxIGRvd247CnNlcnZlciAzNC4yMTAuMTYuMDo4MDgxOw==", + "mtime": "0001-01-01T00:00:00Z", + "name": "upstream.conf", + "size": 55 + } + ], + "errors": [] + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}/submissions": { + "get": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "summary": "List Template Submissions for Template", + "description": "Retrieves a list of template submissions scoped to a specific template (any version).\n", + "operationId": "listTemplateSubmissionsForTemplate", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameSubmissions" + }, + { + "$ref": "#/components/parameters/FilterFieldSubmissions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of template submissions for the specified template.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "description": "Template with the specified object_id was not found.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}/versions": { + "get": { + "tags": [ + "Templates" + ], + "summary": "List template versions", + "description": "Lists all versions for a specific template.\n", + "operationId": "listTemplateVersions", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameVersions" + }, + { + "$ref": "#/components/parameters/FilterFieldTemplateVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of template versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateVersionsListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Create a new template version", + "description": "Creates a new version for a template or updates an existing draft version, based on the provided content and the state of the latest version:\n\n- If the latest version is a **draft** and the content has changed, the draft is updated in place.\n- If the latest version is **final** and the content has changed, a new draft version is created.\n- If the content is unchanged (matches the latest version), no changes are made and the latest version is returned.\n\nThe response indicates whether a new version was created/updated (`201 Created`) or if the content was unchanged (`200 OK`).\n", + "operationId": "createTemplateVersion", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateCreationRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Content hash matches existing version. Returns the existing version.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "201": { + "description": "Successfully created or updated the template version.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}/versions/{templateVersionObjectID}": { + "get": { + "tags": [ + "Templates" + ], + "summary": "Get a specific template version", + "description": "Retrieves a specific version of a template by its version ID.\n", + "operationId": "getTemplateVersion", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateVersionParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned template version.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetailsResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "tags": [ + "Templates" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Delete a template version", + "description": "Deletes a specific version of a template by its version ID, the following constraints apply:\n\n- The latest version cannot be deleted. If you wish to delete the latest version you can delete the entire template via a separate API which will remove all versions.\n", + "operationId": "deleteTemplateVersion", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateVersionParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the template version." + }, + "400": { + "description": "Cannot delete the latest version.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "409": { + "description": "Cannot delete a template version that is associated with template submissions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/submissions": { + "get": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "summary": "List Template Submissions", + "description": "Retrieves a list of template submissions.\n", + "operationId": "listTemplateSubmissions", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameSubmissions" + }, + { + "$ref": "#/components/parameters/FilterFieldSubmissions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of template submissions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Templates" + ], + "summary": "Submit templates for previewing NGINX configuration.", + "description": "Submits a set of templates for rendering NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `true`, the API validates template parameters and renders the full NGINX configuration for preview **without creating a template submission object**. (**Currently, only this mode is supported.**)\n - When `preview_only` is `false` or omitted, the API is intended to render and create a submission. \n - If no target object ID is provided, a new staged config will be created.\n", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" + } + ], + "operationId": "submitTemplates", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionRequest" + }, + "examples": { + "SubmissionWithPreviewOnly": { + "$ref": "#/components/examples/SubmissionWithPreviewOnly" + }, + "SubmissionForCreateNewStagedConfig": { + "$ref": "#/components/examples/SubmissionForCreateNewStagedConfig" + }, + "SubmissionForUpdateExistingStagedConfigTarget": { + "$ref": "#/components/examples/SubmissionForUpdateExistingStagedConfigTarget" + } + } + } + } + }, + "responses": { + "200": { + "description": "Returned only when the `preview_only` flag is set to `true`.\nResponds with the rendered NGINX configuration that can be used for preview or to create/replace a staged configuration manually.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PreviewNginxConfig" + } + } + } + }, + "202": { + "description": "The template submission has been accepted and is being processed.\nPublication status(es) can be retrieved by querying the appropriate publications endpoint for the target object.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionResponse" + }, + "examples": { + "staged_config_outcome": { + "summary": "Example successful response for a target submission that creates a staged config", + "value": { + "object_id": "tmplsm_frBobKIAQ_21grAwV83VYz", + "target_results": [ + { + "staged_config_status": { + "status": "succeeded" + }, + "target_object_id": "sc_cEoiYCVJRuekVpYOvV1raA" + } + ] + } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "409": { + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/submissions/{submissionObjectID}": { + "get": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "summary": "Get a Template Submission", + "description": "Retrieves detailed information about a template submission by its unique identifier.\n", + "operationId": "getTemplateSubmission", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned the template submission details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionDetailResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update a Template Submission", + "description": "Performs a full update (replacement) of an existing template submission by\nreplacing all input values and payloads, then re-rendering the NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", + "operationId": "updateTemplateSubmission", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateTemplateSubmissionRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PreviewNginxConfig" + } + } + } + }, + "202": { + "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionResponse" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "409": { + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "template submissions", + "summary": "Delete a Template Submission", + "description": "Deletes a template submission by its unique identifier.\nThis action is irreversible and will remove all inputs and payloads for the submission.\n", + "operationId": "deleteTemplateSubmission", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the template submission." + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}/submissions/{submissionObjectID}": { + "put": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m3-api", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Update a single template's values in a submission", + "description": "Partially updates an existing template submission by replacing the input values\nfor a single template identified by `templateObjectID`. All other templates in\nthe submission retain their existing values, and the full NGINX configuration is\nre-rendered using the merged values.\n\nPayloads and target objects are preserved from the existing submission and cannot\nbe changed through this endpoint.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `false` (default), the API re-renders, persists the updated values,\n and re-publishes to the submission's existing targets.\n - When `preview_only` is `true`, the API re-renders the NGINX configuration\n with the new values for preview **without persisting** the changes.\n", + "operationId": "updateSingleTemplateSubmission", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateSubmissionParamObjectID" + }, + { + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateSingleTemplateSubmissionRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Returned only when `preview_only` is `true`.\nResponds with the re-rendered NGINX configuration using the updated input values.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PreviewNginxConfig" + } + } + } + }, + "202": { + "description": "Returned when `preview_only` is `false`.\nThe updated submission has been accepted and re-published to existing targets.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionResponse" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "409": { + "description": "The submission cannot be completed due to one or more template validation errors. See the error details for more information.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/analytics/attacks": { + "post": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Query attack analytics", + "operationId": "queryAttackAnalytics", "description": "Returns attack analytics with optional dimensional breakdown.\n\n**Response behavior:**\n- Without `group_by`: Returns `total` count for the time range\n- With `group_by`: Returns breakdown for that dimension, `total` is omitted\n\n**Response structure by dimension type:**\n- **Fixed enum dimensions** (`request_status`, `request_method`): Returns object with known keys and counts\n- **Dynamic dimensions** (`ip`, `country`, `policy`, `url`, etc.): Returns array of items with cross-dimension context in `distinct` object\n\n**Filter behavior:**\n- All filters are combined with AND logic\n- Use the `in` operator to achieve OR within a single dimension\n", "requestBody": { "required": true, @@ -7312,19 +10085,230 @@ ] } } - } + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/events": { + "get": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "List security events", + "operationId": "listSecurityEvents", + "description": "Returns a paginated list of security events.\n\n**Filtering:**\n- Use the `filter_fields`, `filter_values`, and `filter_ops` parameters to filter events by various dimensions\n- All filter parameters must have matching array lengths\n- `support_id` is unique per event, so filtering by it returns a single-item list\n- Time range filtering via `start_time` and `end_time` is recommended to limit results\n- Multiple filter values can be chained using the `|` character (e.g., `blocked|alerted`)\n\n**Pagination:**\n- Results are paginated using standard Nginx One Console pagination\n- Results are sorted by timestamp descending (most recent first) by default\n\n**Response:**\n- Returns summary fields suitable for list display\n- Use `GET /app-protect/events/{id}` for full event details including raw request\n", + "parameters": [ + { + "name": "start_time", + "in": "query", + "description": "Beginning of the time range (inclusive).\nAccepts ISO 8601 format or relative offset (e.g., `now-24h`).\n", + "schema": { + "type": "string" + }, + "example": "now-24h" + }, + { + "name": "end_time", + "in": "query", + "description": "End of the time range (exclusive).\nDefaults to current time if not specified.\n", + "schema": { + "type": "string" + }, + "example": "now" + }, + { + "$ref": "#/components/parameters/FilterFieldSecurityEvents" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/Limit" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of security events.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SecurityEventListResponse" + }, + "example": { + "total": 1080, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "timestamp": "2024-01-22T12:13:25Z", + "support_id": "1844305495056427365", + "request_status": "blocked", + "policy_name": "app_protect_default_policy", + "client_ip": "192.168.1.100", + "url": "/api/users", + "method": "POST", + "response_code": 403, + "country_code": "US", + "violation_rating": 5, + "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/events/{id}": { + "get": { + "tags": [ + "NGINX One App Protect" + ], + "summary": "Get security event by supportID", + "operationId": "getSecurityEvent", + "description": "Returns a specific security event by its support ID.\n\n**Response:**\n- Returns full event details including:\n - Request metadata (headers, method, URL, response code)\n - WAF enforcement details (policy, outcome, violation_rating)\n - All triggered violations with context\n - All matched signatures with details\n - Raw HTTP request (if available and not truncated)\n - Threat campaign associations\n", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "description": "The support ID of the security event.", + "schema": { + "type": "string", + "minLength": 1 + }, + "example": "1844305495056427365" + } + ], + "responses": { + "200": { + "description": "Successfully returned the security event.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SecurityEvent" + }, + "example": { + "id": "d1cd4806-3519-4c72-a0e4-63fd611ee6fb", + "timestamp": "2024-01-22T12:13:25Z", + "support_id": "1844305495056427365", + "version": "v1.0", + "system_id": "31ed9d05-9cb0-48c3-9f97-d63b1b6dd342", + "parent_hostname": "nginx-host-01", + "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "http": { + "hostname": "example.com", + "remote_addr": "192.168.1.100", + "remote_port": 54321, + "server_addr": "10.0.0.1", + "server_port": 443, + "uri": "/", + "request_method": "GET", + "response_code": 403 + }, + "x_forwarded_for_header_value": "203.0.113.42", + "country_code": "US", + "policy_name": "app_protect_default_policy", + "request_status": "blocked", + "request_outcome": "rejected", + "request_outcome_reason": "SECURITY_WAF_VIOLATION", + "violation_rating": 5, + "blocking_exception_reason": "", + "is_truncated": false, + "signatures": [ + { + "id": 200001834, + "name": "XSS script tag end (Parameter)", + "accuracy": "high", + "risk": "high", + "cve": "", + "blocking_mask": "0x0", + "buffer": "param", + "offset": 0, + "length": 42 + } + ], + "violations": [ + { + "name": "Illegal meta character in value", + "sub_name": "", + "context": "parameter", + "detail_name": "VIOL_PARAMETER_VALUE_METACHAR", + "detail_context": "parameter", + "field_name": "param", + "field_value": "" + }, + { + "name": "Attack signature detected", + "sub_name": "", + "context": "parameter", + "detail_name": "VIOL_ATTACK_SIGNATURE", + "detail_context": "parameter", + "field_name": "param", + "field_value": "" + }, + { + "name": "Violation Rating Threat detected", + "sub_name": "", + "context": "other", + "detail_name": "", + "detail_context": "", + "field_name": "", + "field_value": "" + }, + { + "name": "Bot Client Detected", + "sub_name": "", + "context": "other", + "detail_name": "", + "detail_context": "", + "field_name": "", + "field_value": "" + } + ], + "threat_campaign_names": [], + "request": "GET /?param=%3Cscript%3Ealert%27xss%27%3C%2Fscript%3E HTTP/1.1\r\nHost: example.com\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\n\r\n" } } } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" + "404": { + "$ref": "#/components/responses/NotFound" } } } @@ -7524,15 +10508,27 @@ } } }, - "/app-protect/events": { + "/billing-usage/events": { "get": { "tags": [ - "NGINX One App Protect" + "NGINX One Billing Usage Events" ], - "summary": "List security events", - "operationId": "listSecurityEvents", - "description": "Returns a paginated list of security events.\n\n**Filtering:**\n- Use the `filter_fields`, `filter_values`, and `filter_ops` parameters to filter events by various dimensions\n- All filter parameters must have matching array lengths\n- `support_id` is unique per event, so filtering by it returns a single-item list\n- Time range filtering via `start_time` and `end_time` is recommended to limit results\n- Multiple filter values can be chained using the `|` character (e.g., `blocked|alerted`)\n\n**Pagination:**\n- Results are paginated using standard Nginx One Console pagination\n- Results are sorted by timestamp descending (most recent first) by default\n\n**Response:**\n- Returns summary fields suitable for list display\n- Use `GET /app-protect/events/{id}` for full event details including raw request\n", + "x-nodoc": true, + "summary": "List billing usage events by JWT token ID", + "operationId": "listBillingUsageEventsByTokenId", + "description": "Returns a list of billing usage events by its JWT token ID.\n\n**Response:**\n- Returns full event details including:\n - NGINX information (uid, version, nap status)\n - Usage metrics (client/upstream bytes sent/received, connections, requests)\n - NGINX metrics (user_agent, workers, uptime, reloads)\n - NGINX deployment details (cluster ID, node count, installation ID, product type)\n - JWT token information\n - Event metadata (timestamps, source type, dedup_version, event_id)\n", "parameters": [ + { + "name": "token_id", + "in": "query", + "required": true, + "description": "The JWT token ID (jti) of the billing usage event.", + "schema": { + "type": "string", + "format": "uuid" + }, + "example": "18a10260-0ec4-11f1-bbca-5d8e192a1888" + }, { "name": "start_time", "in": "query", @@ -7551,15 +10547,6 @@ }, "example": "now" }, - { - "$ref": "#/components/parameters/FilterFieldSecurityEvents" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, { "$ref": "#/components/parameters/Paginated" }, @@ -7572,33 +10559,16 @@ ], "responses": { "200": { - "description": "Successfully returned list of security events.", + "description": "Successfully returned the billing usage events.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SecurityEventListResponse" + "$ref": "#/components/schemas/BillingUsageEventsResponse" }, - "example": { - "total": 1080, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "timestamp": "2024-01-22T12:13:25Z", - "support_id": "1844305495056427365", - "request_status": "blocked", - "policy_name": "app_protect_default_policy", - "client_ip": "192.168.1.100", - "url": "/api/users", - "method": "POST", - "response_code": 403, - "country_code": "US", - "violation_rating": 5, - "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw" - } - ] + "examples": { + "BillingUsageEventsByTokenIdResponse": { + "$ref": "#/components/examples/BillingUsageEventsByTokenIdResponse" + } } } } @@ -7609,133 +10579,157 @@ "401": { "$ref": "#/components/responses/Unauthorized" }, + "403": { + "$ref": "#/components/responses/Forbidden" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, "500": { "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/events/{id}": { - "get": { + "/usage-ingest/nginx-usage": { + "post": { "tags": [ - "NGINX One App Protect" + "UsageIngest" ], - "summary": "Get security event by supportID", - "operationId": "getSecurityEvent", - "description": "Returns a specific security event by its support ID.\n\n**Response:**\n- Returns full event details including:\n - Request metadata (headers, method, URL, response code)\n - WAF enforcement details (policy, outcome, violation_rating)\n - All triggered violations with context\n - All matched signatures with details\n - Raw HTTP request (if available and not truncated)\n - Threat campaign associations\n", - "parameters": [ + "x-feature-flag": "usage-ingest-enabled", + "summary": "Use http POST on this API to register NGINX instances", + "description": "Creates a usage entry from NGINX instance", + "operationId": "trackUsage", + "security": [ { - "name": "id", - "in": "path", - "required": true, - "description": "The support ID of the security event.", - "schema": { - "type": "string", - "minLength": 1 - }, - "example": "1844305495056427365" + "BearerAuth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxUsageTrackingRequest" + }, + "examples": { + "nginxUsageTrackingRequest": { + "$ref": "#/components/examples/NginxUsageTrackingRequest" + } + } + } + } + }, + "responses": { + "204": { + "description": "Successfully created the usage entry." + }, + "400": { + "description": "Missing or bad data in request.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/usage-ingest/nginx-usage/batch": { + "post": { + "tags": [ + "UsageIngest" + ], + "x-feature-flag": "usage-ingest-enabled", + "summary": "Use http POST on this API to send usage information in batch", + "description": "Creates usage entries from NGINX instances in batch", + "operationId": "trackUsageBatch", + "security": [ + { + "BearerAuth": [] } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxUsageTrackingBatchRequest" + }, + "examples": { + "nginxUsageTrackingBatchRequest": { + "$ref": "#/components/examples/NginxUsageTrackingBatchRequest" + } + } + }, + "application/gzip": { + "schema": { + "type": "string", + "format": "binary", + "description": "Compressed JSON array of usage tracking requests" + } + } + } + }, "responses": { - "200": { - "description": "Successfully returned the security event.", + "204": { + "description": "Successfully processed batch of usage entries." + }, + "400": { + "description": "Missing or bad data in request.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SecurityEvent" - }, - "example": { - "id": "d1cd4806-3519-4c72-a0e4-63fd611ee6fb", - "timestamp": "2024-01-22T12:13:25Z", - "support_id": "1844305495056427365", - "version": "v1.0", - "system_id": "31ed9d05-9cb0-48c3-9f97-d63b1b6dd342", - "parent_hostname": "nginx-host-01", - "instance_object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "csg_object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "http": { - "hostname": "example.com", - "remote_addr": "192.168.1.100", - "remote_port": 54321, - "server_addr": "10.0.0.1", - "server_port": 443, - "uri": "/", - "request_method": "GET", - "response_code": 403 - }, - "x_forwarded_for_header_value": "203.0.113.42", - "country_code": "US", - "policy_name": "app_protect_default_policy", - "request_status": "blocked", - "request_outcome": "rejected", - "request_outcome_reason": "SECURITY_WAF_VIOLATION", - "violation_rating": 5, - "blocking_exception_reason": "", - "is_truncated": false, - "signatures": [ - { - "id": 200001834, - "name": "XSS script tag end (Parameter)", - "accuracy": "high", - "risk": "high", - "cve": "", - "blocking_mask": "0x0", - "buffer": "param", - "offset": 0, - "length": 42 - } - ], - "violations": [ - { - "name": "Illegal meta character in value", - "sub_name": "", - "context": "parameter", - "detail_name": "VIOL_PARAMETER_VALUE_METACHAR", - "detail_context": "parameter", - "field_name": "param", - "field_value": "" - }, - { - "name": "Attack signature detected", - "sub_name": "", - "context": "parameter", - "detail_name": "VIOL_ATTACK_SIGNATURE", - "detail_context": "parameter", - "field_name": "param", - "field_value": "" - }, - { - "name": "Violation Rating Threat detected", - "sub_name": "", - "context": "other", - "detail_name": "", - "detail_context": "", - "field_name": "", - "field_value": "" - }, - { - "name": "Bot Client Detected", - "sub_name": "", - "context": "other", - "detail_name": "", - "detail_context": "", - "field_name": "", - "field_value": "" - } - ], - "threat_campaign_names": [], - "request": "GET /?param=%3Cscript%3Ealert%27xss%27%3C%2Fscript%3E HTTP/1.1\r\nHost: example.com\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\n\r\n" + "$ref": "#/components/schemas/Error" } } } }, - "404": { - "$ref": "#/components/responses/NotFound" + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } } - }, - "/billing-usage/events": {} + } }, "components": { "parameters": { @@ -7801,13 +10795,174 @@ } } }, - "DataPlaneKeyParamObjectID": { - "name": "data_plane_key_id", + "DataPlaneKeyParamObjectID": { + "name": "data_plane_key_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "description": "A globally unique identifier for the data plane key.\n", + "required": true + }, + "FilterFieldInstances": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameInstances" + } + } + }, + "SortDirection": { + "name": "sort_dir", + "in": "query", + "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "schema": { + "type": "string", + "enum": [ + "Ascending", + "Descending" + ], + "x-enum-varnames": [ + "ascending", + "descending" + ] + } + }, + "SortNameInstancesDep": { + "name": "sort_instances", + "in": "query", + "deprecated": true, + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" + ], + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] + } + } + }, + "SortNameInstances": { + "name": "sort_fields", + "in": "query", + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" + ], + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] + } + } + }, + "InstanceParamObjectID": { + "name": "instanceObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "description": "A globally unique identifier for the NGINX instance.\n", + "required": true + }, + "InstanceConfigurationParamObjectID": { + "name": "instanceConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX instance configuration.\n", + "required": true + }, + "PublicationParamObjectID": { + "name": "publicationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "description": "A globally unique identifier for a Publication.\n", + "required": true + }, + "FilterFieldConfigSyncGroups": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + } + } + }, + "SortNameConfigSyncGroupsDep": { + "name": "sort_config_sync_groups", + "in": "query", + "deprecated": true, + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] + } + } + }, + "SortNameConfigSyncGroups": { + "name": "sort_fields", + "in": "query", + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] + } + } + }, + "ConfigSyncGroupParamObjectID": { + "name": "configSyncGroupObjectID", "in": "path", "schema": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "description": "A globally unique identifier for the data plane key.\n", + "description": "A globally unique identifier for the NGINX config sync group.\n", + "required": true + }, + "ConfigSyncGroupConfigurationParamObjectID": { + "name": "configSyncGroupConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group configuration.\n", "required": true }, "FilterFieldCertificates": { @@ -7821,22 +10976,6 @@ } } }, - "SortDirection": { - "name": "sort_dir", - "in": "query", - "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", - "schema": { - "type": "string", - "enum": [ - "Ascending", - "Descending" - ], - "x-enum-varnames": [ - "ascending", - "descending" - ] - } - }, "SortNameCertificatesDep": { "name": "sort_certificates", "in": "query", @@ -7947,116 +11086,6 @@ } } }, - "FilterFieldConfigSyncGroups": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameConfigSyncGroups" - } - } - }, - "SortNameConfigSyncGroupsDep": { - "name": "sort_config_sync_groups", - "in": "query", - "deprecated": true, - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] - } - } - }, - "SortNameConfigSyncGroups": { - "name": "sort_fields", - "in": "query", - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] - } - } - }, - "ConfigSyncGroupParamObjectID": { - "name": "configSyncGroupObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group.\n", - "required": true - }, - "ConfigSyncGroupConfigurationParamObjectID": { - "name": "configSyncGroupConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group configuration.\n", - "required": true - }, - "PublicationParamObjectID": { - "name": "publicationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "description": "A globally unique identifier for a Publication.\n", - "required": true - }, - "SortNameControlPlanes": { - "name": "sort_fields", - "in": "query", - "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_control_plane_name" - ] - } - } - }, - "FilterFieldControlPlanes": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameControlPlanes" - } - } - }, - "ControlPlaneParamObjectID": { - "name": "controlPlaneObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "description": "A globally unique identifier for the control plane.\n", - "required": true - }, "SortNameCVEsDep": { "name": "sort_cves", "in": "query", @@ -8157,96 +11186,63 @@ } } }, - "FilterFieldEvents": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameEvents" - } - } - }, - "EventParamObjectID": { - "name": "eventObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/EventObjectID" - }, - "description": "A globally unique identifier for an event.\n", - "required": true - }, - "FilterFieldInstances": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameInstances" - } - } - }, - "SortNameInstancesDep": { - "name": "sort_instances", + "SortNameCVEImpactedControlPlanesDep": { + "name": "sort_cve_impacted_control_planes", "in": "query", "deprecated": true, - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort the control planes that are affected by a CVE\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "hostname", - "status", - "last_reported" + "name", + "product_version" ], "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" + "sort_name_cve_impacted_control_planes_name", + "sort_name_cve_impacted_control_planes_product_version" ] } } }, - "SortNameInstances": { + "SortNameCVEImpactedControlPlanes": { "name": "sort_fields", "in": "query", - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort the control planes that are affected by a CVE\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "hostname", - "status", - "last_reported" + "name", + "product_version" ], "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" + "sort_name_cve_impacted_control_planes_name", + "sort_name_cve_impacted_control_planes_product_version" ] } } }, - "InstanceParamObjectID": { - "name": "instanceObjectID", - "in": "path", + "FilterFieldEvents": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "description": "A globally unique identifier for the NGINX instance.\n", - "required": true + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameEvents" + } + } }, - "InstanceConfigurationParamObjectID": { - "name": "instanceConfigurationObjectID", + "EventParamObjectID": { + "name": "eventObjectID", "in": "path", "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "$ref": "#/components/schemas/EventObjectID" }, - "description": "A globally unique identifier for the NGINX instance configuration.\n", + "description": "A globally unique identifier for an event.\n", "required": true }, "FilterFieldStagedConfigs": { @@ -8314,6 +11310,43 @@ "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", "required": false }, + "SortNameControlPlanes": { + "name": "sort_fields", + "in": "query", + "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_control_plane_name" + ] + } + } + }, + "FilterFieldControlPlanes": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameControlPlanes" + } + } + }, + "ControlPlaneParamObjectID": { + "name": "controlPlaneObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "description": "A globally unique identifier for the control plane.\n", + "required": true + }, "NapCompileNapRelease": { "name": "nap_release", "in": "query", @@ -8413,160 +11446,138 @@ } } }, - "SortNameNapLogProfilesDep": { - "name": "sort_nap_log_profiles", + "SortNameNapPoliciesDep": { + "name": "sort_nap_policies", "in": "query", "deprecated": true, - "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name" + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" ], "x-enum-varnames": [ - "sort_name_nap_log_profiles_name" + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" ] } } }, - "SortNameNapLogProfiles": { + "SortNameNapPolicies": { "name": "sort_fields", "in": "query", - "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name" + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" ], "x-enum-varnames": [ - "sort_name_nap_log_profiles_name" + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" ] } } }, - "FilterFieldNapLogProfile": { + "FilterFieldNapPolicy": { "name": "filter_fields", "in": "query", "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameNapLogProfile" + "$ref": "#/components/schemas/FilterNameNapPolicy" } } }, - "NapLogProfileParamObjectID": { - "name": "nap_log_profile_object_id", + "NapPolicyParamObjectID": { + "name": "nap_policy_object_id", "in": "path", "schema": { - "$ref": "#/components/schemas/NapLogProfileObjectID" + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "description": "A globally unique identifier for the App Protect log profile.\n", + "description": "A globally unique identifier for the App Protect policy.\n", "required": true }, - "SortNameNapLogProfileDeployments": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect log profile deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "status", - "deployed_on" - ], - "x-enum-varnames": [ - "sort_name_nap_log_profile_deployments_name", - "sort_name_nap_log_profile_deployments_type", - "sort_name_nap_log_profile_deployments_status", - "sort_name_nap_log_profile_deployments_deployed_on" - ] - } - } - }, - "FilterFieldNapLogProfileDeployment": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapLogProfileDeployment" - } - } - }, - "SortNameNapPoliciesDep": { - "name": "sort_nap_policies", + "SortNameNapPolicyVersionsDep": { + "name": "sort_nap_policy_versions", "in": "query", "deprecated": true, - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name", + "created_at", + "deployment_status", "deployment_count", - "enforcement_mode", - "last_deployed" + "enforcement_mode" ], "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" ] } } }, - "SortNameNapPolicies": { + "SortNameNapPolicyVersions": { "name": "sort_fields", "in": "query", - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name", + "created_at", + "deployment_status", "deployment_count", - "enforcement_mode", - "last_deployed" + "enforcement_mode" ], "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" ] } } }, - "FilterFieldNapPolicy": { + "FilterFieldNapPolicyVersion": { "name": "filter_fields", "in": "query", "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameNapPolicy" + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" } } }, - "NapPolicyParamObjectID": { - "name": "nap_policy_object_id", + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", "in": "path", "schema": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "description": "A globally unique identifier for the App Protect policy.\n", + "description": "A globally unique identifier for the App Protect policy version.\n", "required": true }, "SortNameNapPolicyDeploymentsDep": { @@ -8643,73 +11654,170 @@ } } }, - "SortNameNapPolicyVersionsDep": { - "name": "sort_nap_policy_versions", + "SortNameNapLogProfilesDep": { + "name": "sort_nap_log_profiles", "in": "query", "deprecated": true, - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" + "name" ], "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" + "sort_name_nap_log_profiles_name" ] } } }, - "SortNameNapPolicyVersions": { + "SortNameNapLogProfiles": { "name": "sort_fields", "in": "query", - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" + "name" ], "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" + "sort_name_nap_log_profiles_name" ] } } }, - "FilterFieldNapPolicyVersion": { + "FilterFieldNapLogProfile": { "name": "filter_fields", "in": "query", "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + "$ref": "#/components/schemas/FilterNameNapLogProfile" } } }, - "NapPolicyVersionParamObjectID": { - "name": "nap_policy_version_object_id", + "NapLogProfileParamObjectID": { + "name": "nap_log_profile_object_id", "in": "path", "schema": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "description": "A globally unique identifier for the App Protect policy version.\n", + "description": "A globally unique identifier for the App Protect log profile.\n", + "required": true + }, + "SortNameNapLogProfileDeployments": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect log profile deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "type", + "status", + "deployed_on" + ], + "x-enum-varnames": [ + "sort_name_nap_log_profile_deployments_name", + "sort_name_nap_log_profile_deployments_type", + "sort_name_nap_log_profile_deployments_status", + "sort_name_nap_log_profile_deployments_deployed_on" + ] + } + } + }, + "FilterFieldNapLogProfileDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapLogProfileDeployment" + } + } + }, + "SortNameNapGlobalSettingsDep": { + "name": "sort_nap_global_settings", + "in": "query", + "deprecated": true, + "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_global_settings_name" + ] + } + } + }, + "SortNameNapGlobalSettings": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_global_settings_name" + ] + } + } + }, + "FilterFieldNapGlobalSetting": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapGlobalSettings" + } + } + }, + "NapGlobalSettingParamObjectID": { + "name": "nap_global_setting_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" + }, + "description": "A globally unique identifier for the App Protect global settings object.\n", + "required": true + }, + "DeploymentObjectID": { + "name": "deployment_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DeploymentObjectID" + }, + "description": "A globally unique identifier for the NAAS deployment.", "required": true }, + "loadModelUID": { + "name": "loadModelUID", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + }, + "description": "A globally unique identifier for a Load Model.", + "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" + }, "TemplateParamObjectID": { "name": "templateObjectID", "in": "path", @@ -8719,6 +11827,15 @@ "description": "A globally unique identifier for the template.\n", "required": true }, + "TemplateVersionParamObjectID": { + "name": "templateVersionObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateVersionObjectID" + }, + "description": "A globally unique identifier for the template version.\n", + "required": true + }, "SortNameTemplates": { "name": "sort_fields", "in": "query", @@ -8738,6 +11855,42 @@ } } }, + "SortNameSubmissions": { + "name": "sort_fields", + "in": "query", + "description": "Sort the list of template submissions by the specified fields.\nThe default sort order is descending (most recent first).\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "created_at", + "modified_at" + ], + "x-enum-varnames": [ + "sort_name_submissions_created_at", + "sort_name_submissions_modified_at" + ] + } + } + }, + "SortNameVersions": { + "name": "sort_fields", + "in": "query", + "description": "Sort the list of template versions by the specified fields.\nThe default sort order is descending (highest version first).\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "version" + ], + "x-enum-varnames": [ + "sort_name_versions_version" + ] + } + } + }, "TemplateSubmissionPreviewOnly": { "name": "preview_only", "in": "query", @@ -8748,6 +11901,15 @@ "description": "Optional flag to control how a template submission request is processed.\n - When `true`, the request renders the full NGINX configuration for preview **without creating a template submission object** (this is currently the only supported mode).\n - When `false` or omitted (the default), the request is intended to render the configuration **and create a submission object**, but this feature is **not supported yet** and will return an error.\nNote: Currently, only preview (stateless render) mode is supported. Submission creation is not yet implemented.\n", "required": false }, + "TemplateSubmissionParamObjectID": { + "name": "submissionObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionObjectID" + }, + "description": "A globally unique identifier for the template submission.\n", + "required": true + }, "FilterFieldTemplates": { "name": "filter_fields", "in": "query", @@ -8759,6 +11921,28 @@ } } }, + "FilterFieldSubmissions": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameSubmissions" + } + } + }, + "FilterFieldTemplateVersions": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameTemplateVersions" + } + } + }, "FilterFieldSecurityEvents": { "name": "filter_fields", "in": "query", @@ -9058,667 +12242,737 @@ "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "BulkRequestObjectStatus": { + "BulkRequestObjectStatus": { + "type": "object", + "required": [ + "outcome" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "name": { + "type": "string", + "description": "this is the user facing name of the object." + }, + "outcome": { + "type": "string", + "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", + "enum": [ + "deleted", + "accepted", + "failed", + "invalid" + ], + "x-enum-varnames": [ + "build_request_object_status_deleted", + "build_request_object_status_accepted", + "build_request_object_status_failed", + "build_request_object_status_invalid" + ] + }, + "failure_reason": { + "type": "string", + "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + } + } + }, + "DataPlaneKeyBulkResponse": { + "description": "The data plane key bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "DataPlaneKeyUpdateRequest": { + "type": "object", + "description": "Request structure for updating an existing data plane key.", + "properties": { + "name": { + "description": "Give the data plane key a new name so you can tell it apart from others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + } + } + }, + "CertificateStatus": { + "type": "string", + "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", + "enum": [ + "valid", + "expiring", + "expired", + "not_ready" + ], + "x-enum-varnames": [ + "certificate_status_valid", + "certificate_status_expiring", + "certificate_status_expired", + "certificate_status_not_ready" + ] + }, + "CertificateSummaryItem": { + "description": "summary information for certificate with certain status.", + "type": "object", + "required": [ + "status", + "count", + "affected_instances" + ], + "properties": { + "status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "count": { + "description": "The total number of SSL certificates for each status category.", + "type": "integer" + }, + "affected_instances": { + "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", + "type": "integer" + } + } + }, + "SummaryDisplayCount": { + "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "type": "object", + "required": [ + "name", + "count" + ], + "properties": { + "name": { + "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", + "type": "string" + }, + "count": { + "description": "The number of resources matching the given type.", + "type": "integer" + }, + "display": { + "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", + "type": "string" + } + } + }, + "OperatingSystemVersionSummary": { + "description": "An array of operating systems and their versions on the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "NGINXVersionSummary": { + "description": "An array of NGINX versions installed across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "StatusSummary": { + "description": "An overview of the status for each NGINX instance, indicating availability.", + "type": "object", + "required": [ + "online", + "offline", + "unavailable" + ], + "properties": { + "online": { + "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "type": "integer" + }, + "offline": { + "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", + "type": "integer" + }, + "unavailable": { + "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", + "type": "integer" + } + } + }, + "CveSeverityType": { + "type": "string", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", + "enum": [ + "high", + "medium", + "low", + "none", + "other" + ], + "x-enum-varnames": [ + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" + ] + }, + "CveSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "object", + "required": [ + "severity", + "count", + "affected_instances" + ], + "properties": { + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of NGINX instances affected by each CVE.", + "type": "integer" + } + } + }, + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueSummary": { + "description": "A summary of issue details from the configuration analysis report.", "type": "object", "required": [ - "outcome" + "type", + "count", + "affected_instances" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "type": "string", - "description": "this is the user facing name of the object." + "type": { + "$ref": "#/components/schemas/RecommendationType" }, - "outcome": { - "type": "string", - "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", - "enum": [ - "deleted", - "accepted", - "failed", - "invalid" - ], - "x-enum-varnames": [ - "build_request_object_status_deleted", - "build_request_object_status_accepted", - "build_request_object_status_failed", - "build_request_object_status_invalid" - ] + "count": { + "description": "The number of times this recommendation appears in the configuration analysis report.", + "type": "integer" }, - "failure_reason": { - "type": "string", - "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + "affected_instances": { + "description": "The number of instances affected by this issue.", + "type": "integer" } } }, - "DataPlaneKeyBulkResponse": { - "description": "The data plane key bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "DataPlaneKeyUpdateRequest": { + "InstanceSummary": { + "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", "type": "object", - "description": "Request structure for updating an existing data plane key.", "properties": { - "name": { - "description": "Give the data plane key a new name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "certs": { + "description": "An array detailing each certificate's status across all NGINX instances.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateSummaryItem" + } }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + "os": { + "$ref": "#/components/schemas/OperatingSystemVersionSummary" + }, + "nginx_versions": { + "$ref": "#/components/schemas/NGINXVersionSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + }, + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveSummary" + } + }, + "recommendations": { + "description": "An array summarizing the suggestions from the configuration analysis report.", + "type": "array", + "items": { + "$ref": "#/components/schemas/IssueSummary" + } } } }, - "FilterNameCertificates": { + "FilterNameInstances": { "type": "string", - "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", "enum": [ - "name", - "management", - "type", - "subject_name", - "status", + "hostname", + "nginx_version", + "os_version", + "instance_status", + "cert_status", + "cve_severity", + "config_recommendation", + "key_object_id", + "system_id", "object_id" ], "x-enum-varnames": [ - "filter_name_certificates_name", - "filter_name_certificates_management", - "filter_name_certificates_type", - "filter_name_certificates_subject_name", - "filter_name_certificates_status", - "filter_name_certificates_object_id" + "filter_name_instances_hostname", + "filter_name_instances_nginx_version", + "filter_name_instances_os_version", + "filter_name_instances_instance_status", + "filter_name_instances_cert_status", + "filter_name_instances_cve_severity", + "filter_name_instances_config_recommendation", + "filter_name_instances_key_object_id", + "filter_name_instances_system_id", + "filter_name_instances_object_id" ] }, - "CertificateObjectID": { - "description": "A globally unique identifier for the certificates.", + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", "type": "string", "format": "object_id", - "pattern": "^cert_.*", + "pattern": "^inst_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "CertificateManagement": { - "type": "string", - "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", - "enum": [ - "managed", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_management_managed", - "certificate_management_unmanaged" - ] - }, - "CertificateType": { - "type": "string", - "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", - "enum": [ - "ca_bundle", - "cert_key", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_type_ca_bundle", - "certificate_type_pem_cert_key", - "certificate_type_unmanaged" - ] - }, - "CertificateObjectMetadata": { + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", + "type": "object", "required": [ - "management", - "type" + "version" ], "properties": { - "name": { - "description": "Name of the certificate, optionally specified upon creation", + "version": { + "description": "The version number of the base open-source NGINX.", "type": "string" }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "management": { - "$ref": "#/components/schemas/CertificateManagement" - }, - "type": { - "$ref": "#/components/schemas/CertificateType" + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" }, - "certs_count": { - "description": "The number of public certificates under this certificate object.", - "type": "integer", - "format": "int64" + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" } - }, - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "certs_count": 5 } }, - "CertificateStatus": { - "type": "string", - "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", - "enum": [ - "valid", - "expiring", - "expired", - "not_ready" - ], - "x-enum-varnames": [ - "certificate_status_valid", - "certificate_status_expiring", - "certificate_status_expired", - "certificate_status_not_ready" - ] - }, - "CertificateDisplayMetadata": { - "description": "This represents the essential metadata of a public certificate.", + "NginxAppProtectVersions": { + "description": "Version information regarding NGINX App Protect.\n", "type": "object", "required": [ - "subject_name", - "status", - "not_before", - "not_after" + "engine_version" ], "properties": { - "subject_name": { - "type": "string", - "example": "www.example.com", - "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" - }, - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" } - }, - "example": { - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z" } }, - "CertificateOverviewMetadata": { - "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "NginxAppProtectDeploymentCounts": { "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/CertificateObjectMetadata" + "description": "Summary count of NAP policy version deployment statues.", + "required": [ + "total", + "deployed", + "deploying", + "failed" + ], + "properties": { + "total": { + "description": "Total count of NAP policy versions across the NGINX data plane.", + "type": "integer" }, - { - "$ref": "#/components/schemas/CertificateDisplayMetadata" + "deployed": { + "description": "The number of NAP policy versions that have deployed.", + "type": "integer" + }, + "deploying": { + "description": "The number of NAP policy versions that are deploying.", + "type": "integer" + }, + "failed": { + "description": "The number of NAP policy versions that have failed deployment.", + "type": "integer" } - ], - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 } }, - "CertificateListResponse": { + "NginxAppProtectSummary": { + "description": "Summary information regarding NGINX App Protect.\n", + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxAppProtectVersions" }, { "type": "object", - "description": "List of SSL certificates.", "required": [ - "items" + "deployments" ], "properties": { - "items": { - "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateOverviewMetadata" - } + "deployments": { + "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" } } } + ] + }, + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", + "type": "object", + "required": [ + "total", + "expired", + "expiring", + "valid", + "not_ready" ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 1 - }, - { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 - } - ] + "properties": { + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" + }, + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" + }, + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" + }, + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" + } } }, - "CertificateContent": { + "CveDetails": { + "description": "CVEs details, including the type and count.\n", "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "required": [ - "public_certs" + "type", + "count" ], "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + "type": { + "$ref": "#/components/schemas/CveSeverityType" }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "count": { + "description": "The total number of each CVE type.", + "type": "integer" } - }, - "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "CertificateRequest": { + "IssueDetails": { + "description": "Issue details, including the type and count.\n", "type": "object", - "description": "Request structure for parsing or upserting certificates with an optional private key.\n", "required": [ - "content" + "type", + "count" ], "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "type": { + "$ref": "#/components/schemas/RecommendationType" }, - "content": { - "$ref": "#/components/schemas/CertificateContent" + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" } - }, - "example": { - "name": "example-ca-bundle", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", - "private_key": "" + } + }, + "ControlPlaneObjectID": { + "description": "A globally unique identifier for the control plane.", + "type": "string", + "format": "object_id", + "pattern": "^ecp_.*", + "x-go-type": "objects.ID" + }, + "ControlPlaneBaseInfo": { + "type": "object", + "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", + "required": [ + "name", + "product_version", + "created_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "name": { + "description": "Control plane name.", + "type": "string" + }, + "product_version": { + "description": "Control plane product name and version.", + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the control plane was created." } } }, - "CertificateMetadata": { - "description": "A comprehensive list of all the metadata for a public certificate.", + "Instance": { "type": "object", + "description": "Summary information about a NGINX instance.", "required": [ + "object_id", + "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", "status", - "serial_number", - "signature_algorithm", - "not_before", - "not_after", - "public_key_type", - "thumbprint" + "has_container_host" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "version": { - "type": "integer", - "format": "int64", - "example": 3, - "description": "The version of the certificate, typically 3 for X.509 certificates." + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "serial_number": { - "type": "string", - "example": "16469416336579571270", - "description": "A unique identifier for the certificate." + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" }, - "signature_algorithm": { - "type": "string", - "example": "SHA-256", - "description": "Identifies the algorithm used to sign the certificate." + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" }, - "issuer": { - "type": "string", - "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", - "description": "Identifies the entity who signed and issued the certificate." + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" }, - "subject": { + "os_version": { + "description": "The operating system's name and its and version or codename.\n", "type": "string", - "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", - "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + "example": "ubuntu_jammy" }, - "subject_alternative_name": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "DNS:www.example.com", - "DNS:example.com", - "email:info@example.com" - ], - "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectSummary" }, - "public_key_type": { + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", "type": "string", - "example": "RSA (2048 Bits)", - "description": "Identifies the encryption algorithm used to create the public key for the certificate." + "format": "date-time" }, - "common_name": { + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", "type": "string", - "example": "www.example.com", - "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + "format": "date-time" }, - "authority_key_identifier": { + "status": { "type": "string", - "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", - "description": "The identifier of the signing authority for the certificate." + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] }, - "subject_key_identifier": { - "type": "string", - "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", - "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" }, - "thumbprint_algorithm": { - "type": "string", - "example": "SHA-1", - "description": "Defines the algorithm used to hash the certificate." + "cve_severity": { + "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "items": { + "$ref": "#/components/schemas/CveDetails" + } }, - "thumbprint": { - "type": "string", - "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", - "description": "A hash to ensure that the certificate has not been modified." - } - }, - "example": { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "self_ca_signed", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" - } - }, - "PrivateKeyMetadata": { - "type": "object", - "description": "Metadata for a private key.", - "properties": { - "key_size": { - "description": "Size of the private key in bits.", - "type": "integer", - "format": "int64" + "recommendations": { + "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", + "items": { + "$ref": "#/components/schemas/IssueDetails" + } }, - "encryption_algorithm": { - "description": "The encryption algorithm used for the private key.", - "type": "string" + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + "has_container_host": { + "type": "boolean", + "description": "Indicates whether the instance is running in a containerized environment." } - }, - "example": { - "key_size": 512, - "encryption_algorithm": "RSA" } }, - "CertificateResponse": { - "type": "object", - "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "InstanceListResponse": { "allOf": [ { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of data plane instances.", + "required": [ + "items" + ], "properties": { - "warnings": { - "type": "string", - "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" - }, - "certs": { - "description": "An array of metadata for all the public certificates under the cert object.", + "items": { + "description": "An array of Instance objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateMetadata" + "$ref": "#/components/schemas/Instance" } - }, - "key": { - "$ref": "#/components/schemas/PrivateKeyMetadata" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "warnings": "The provided private key does not match the certificate's signing key.", - "certs_count": 1, - "certs": [ + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "eg3bsriq_cert_B", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + "agent_version": "v2.30.3", + "hostname": "4d116619f106", + "key": "key_Tet21AeYTHCj7taOwVfzyw", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "has_container_host": false } - ], - "key": { - "key_size": 512, - "encryption_algorithm": "RSA" - }, - "modified_at": "2023-11-01T00:00:00Z", - "created_at": "2023-10-01T00:00:00Z" + ] } }, - "CertificateBulkRequestData": { + "InstanceBulkRequestData": { "type": "object", - "description": "Part of bulk operation on a certificate, only `delete` is supported.", + "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", "required": [ - "action", - "object_id" + "action" ], "properties": { "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "$ref": "#/components/schemas/InstanceObjectID" }, "action": { "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" } }, - "CertificateBulkRequest": { + "InstanceBulkRequest": { "type": "array", "items": { - "$ref": "#/components/schemas/CertificateBulkRequestData" + "$ref": "#/components/schemas/InstanceBulkRequestData" }, - "minItems": 1, "maxItems": 50, "example": [ { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" }, { - "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", "action": "delete" } ] }, - "CertificateBulkResponse": { - "description": "The certificate bulk operation outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "PublicationBulkResponse": { - "description": "The publication bulk operation outcome.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "CertificateUpdateContent": { - "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", - "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" - }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" - } - }, - "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + "InstanceBulkResponse": { + "description": "The NGINX instance bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "CertificateUpdateRequest": { + "NginxSecurityAdvisory": { "type": "object", - "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", + "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", + "required": [ + "id", + "severity", + "advisory", + "info" + ], "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "content": { - "$ref": "#/components/schemas/CertificateUpdateContent" - } - }, - "example": { - "name": "example-cert-object", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "advisory": { + "description": "The URL to detailed information about the security advisory.", + "type": "string" + }, + "info": { + "description": "A brief description of security advisory.", + "type": "string" } } }, - "FilterNameCertificateDeployments": { + "CertificateObjectID": { + "description": "A globally unique identifier for the certificates.", "type": "string", - "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", - "enum": [ - "name", - "association_type", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_certificate_deployments_name", - "filter_name_certificate_deployments_association_type", - "filter_name_certificate_deployments_deployment_status" - ] + "format": "object_id", + "pattern": "^cert_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "DeploymentAssociatedType": { + "CertificateType": { "type": "string", - "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", + "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", "enum": [ - "instance", - "config_sync_group" + "ca_bundle", + "cert_key", + "unmanaged" ], "x-enum-varnames": [ - "deployment_associated_type_instance", - "deployment_associated_type_config_sync_group" + "certificate_type_ca_bundle", + "certificate_type_pem_cert_key", + "certificate_type_unmanaged" ] }, - "DeploymentAssociatedName": { - "type": "string", - "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" - }, "CertificateDeploymentStatus": { "type": "string", "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", @@ -9733,1267 +12987,1426 @@ "certificate_deployment_status_unmanaged" ] }, - "CertificateDeployment": { + "CertAssociation": { "type": "object", - "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", + "description": "Details for a certificate that's associated with an instance or a config sync group.", "required": [ - "association_type", - "object_id", "name", + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", "deployment_status" ], "properties": { - "association_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" + "name": { + "type": "string", + "description": "A friendly name for the certificate." }, "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "$ref": "#/components/schemas/CertificateObjectID" }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" + "cert_type": { + "$ref": "#/components/schemas/CertificateType" }, "cert_paths": { - "description": "Deployment file paths for public certificates.", "type": "array", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], "items": { "type": "string" } }, "key_paths": { - "description": "Deployment file paths for the private key.", "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/key.pem", + "/etc/ssl/server.key" + ], "items": { "type": "string" } - } - }, - "example": { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - } - }, - "CertificateDeploymentListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" }, - { - "type": "object", - "description": "List of certificate deployments for a SSL certificate.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateDeployment" - } - } - } + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "subject_name": { + "type": "string", + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" + }, + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { + "type": "string", + "format": "date-time", + "description": "the effective date of the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "description": "The expiration date for the certificate." } - ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - }, - { - "association_type": "config_sync_group", - "name": "group1", - "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", - "deployment_status": "stale", - "cert_paths": [ - "/etc/nginx/cert.crt" - ], - "key_paths": [ - "/etc/nginx/server.key" - ] - } - ] } }, - "ConfigPath": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf" - }, - "FileDataRequest": { + "OperatingSystem": { + "description": "Release details for the operating system.", "type": "object", - "description": "Details about a file, name, and content.", "required": [ - "name" + "name", + "id", + "codename", + "version", + "version_id" ], "properties": { "name": { - "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", - "minLength": 1, - "maxLength": 4096 + "description": "The official name of the operating system release.", + "type": "string" }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "id": { + "description": "The distinctive identifier for the operating system release.", + "type": "string" + }, + "codename": { + "description": "The codename assigned to the operating system release.", + "type": "string" + }, + "version": { + "description": "The version label for the operating system, which may include the name and version number or codename.", + "type": "string" + }, + "version_id": { + "description": "The specific version number of the operating system release.", + "type": "string" } + }, + "example": { + "name": "Ubuntu", + "id": "ubuntu", + "codename": "bionic", + "version": "18.04.5 LTS (Bionic Beaver)", + "version_id": "18.04" } }, - "DirectoryRequestWithFileContent": { + "ConfigSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", + "type": "string", + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "ConfigSyncGroupMeta": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", "required": [ + "object_id", "name", - "files" + "created_at" ], "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + }, "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" + }, + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", "type": "string", - "minLength": 1, - "description": "The complete path of the directory." + "format": "date-time" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileDataRequest" - } + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" } + }, + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z", + "created_at": "2023-12-05T22:30:20.220114Z" } }, - "NginxConfigObjectRequest": { - "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "configs" + "ConfigSyncStatus": { + "type": "string", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", + "enum": [ + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" ], - "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" - }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "x-enum-varnames": [ + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" + ] + }, + "ConfigSyncGroupInstanceMeta": { + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + { + "type": "object", + "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", + "properties": { + "instance_config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + } } } - } + ] }, - "NginxConfigPayloadContents": { + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "format": "object_id", + "pattern": "^pol_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", "type": "string", "format": "object_id", - "pattern": "^(cert|pv|lp)_.*", + "pattern": "^pv_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigPayloadPaths": { - "type": "array", - "items": { - "type": "string" + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigPayload": { - "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, WAF policies and WAF log profiles to a data plane instance.\n", + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "transparent" + ], + "x-enum-varnames": [ + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_transparent" + ] + }, + "NapDeploymentStatus": { + "description": "The current deployment status of the NGINX App Protect policy or log profile, with the following possible values:\n* `deployed` - The NGINX App Protect policy or log profile has been deployed.\n* `not_deployed` - The NGINX App Protect policy or log profile has not been deployed.\n* `deploying` - The NGINX App Protect policy or log profile is currently being deployed.\n* `failed` - The NGINX App Protect policy or log profile failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" + ] + }, + "NapAssociation": { + "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", "required": [ - "type", - "paths" + "name", + "version", + "policy_object_id", + "policy_version_object_id", + "paths", + "deployment_status", + "publication_object_id", + "deployed_on", + "enforcement_mode" ], "properties": { - "type": { + "name": { "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of WAF policy managed by NGINX One Console.\n - nap_log_profile - indicates a WAF log profile managed by NGINX One Console.\n", - "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version", - "nap_log_profile" - ], - "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version", - "nginx_config_payload_nap_log_profile" - ] + "description": "Name of the policy at the time of the deployment." }, - "contents": { - "$ref": "#/components/schemas/NginxConfigPayloadContents" + "version": { + "type": "string", + "description": "Version of the policy at the time of the deployment." }, - "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "policy_object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "paths": { - "$ref": "#/components/schemas/NginxConfigPayloadPaths" - } - }, - "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/ssl/server.crt" - ] - } - }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that define which objects should be deployed and the file paths where each object will be placed on the data plane instance.\n* When the type is `managed_certificate`, `managed_key`, `nap_policy_version`, or `nap_log_profile`, you must specify an `object_id`. \nThe `object_id` must refer to a managed object.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys respectively, with `contents`. When you retrieve certificate deployment details, \nonly the file paths of managed certificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "paths": { + "type": "array", + "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_policy.tgz", + "/etc/nginx/default_policy_server_2.tgz" + ], + "items": { + "type": "string" + } }, - { - "type": "nap_policy_version", - "object_id": "pv_dM68MUcVTe6pfDaCNsM9Qw", - "paths": [ - "/etc/nginx/strict_policy.tgz" - ] + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" }, - { - "type": "nap_log_profile", - "object_id": "lp_dM68MUcVTe6pfDaCNsM9Qw", - "paths": [ - "/etc/nginx/log_all.tgz" - ] + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } - ] + }, + "example": { + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } }, - "NginxConfigRequest": { + "NapSignatureVersion": { + "description": "The version of the NGINX App Protect resource.", + "type": "string", + "example": "2023.12.06" + }, + "NapInstanceAssociation": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/NapAssociation" }, { "type": "object", + "required": [ + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" + ], "properties": { - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" } } } - ] - }, - "NginxConfigProblem": { - "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", - "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" - }, - "file": { - "description": "File where the issue is detected.", - "type": "string" - }, - "line": { - "description": "Line number in the configuration where the issue is found.", - "type": "integer" - }, - "message": { - "description": "Details about the identified issue.", - "type": "string" - } + ], + "example": { + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "threat_campaign_version": "2025.01.23", + "attack_signature_version": "2025.01.19", + "bot_signature_version": "2025.01.19" } }, - "NginxConfigReport": { + "NginxAppProtectDetails": { + "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "required": [ + "engine_version", + "deployments" + ], "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", - "type": "string" - }, - "info": { - "description": "A detailed description of the issue.", - "type": "string" - }, - "severity": { - "description": "The severity level of the issue.", + "release_version": { + "description": "The release version of NGINX App Protect.", "type": "string" }, - "category": { - "description": "Classification category of the issue.", + "engine_version": { + "description": "The version of the App Protect enforcement engine.", "type": "string" }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } - }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", + "deployments": { "type": "array", "items": { - "$ref": "#/components/schemas/NginxConfigProblem" + "$ref": "#/components/schemas/NapInstanceAssociation" } } } }, - "NginxConfigReports": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigReport" - } - }, - "FilterNameConfigSyncGroups": { + "NapLatestDeployed": { + "description": "Whether the latest F5 WAF object (i.e., log profile) was deployed, with the following possible values:\n* `yes` - The latest NAP object has been deployed.\n* `no` - The latest NAP object has not been deployed.\n", "type": "string", - "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", "enum": [ - "name", - "config_status", - "object_id" + "yes", + "no" ], "x-enum-varnames": [ - "filter_name_config_sync_group_name", - "filter_name_config_sync_group_config_status", - "filter_name_config_sync_group_object_id" + "nap_latest_deployed_yes", + "nap_latest_deployed_no" ] }, - "ConfigSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", "type": "string", "format": "object_id", - "pattern": "^csg_.*", + "pattern": "^lp_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "ConfigSyncStatus": { - "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] - }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", - "type": "object", + "LogProfileAssociation": { + "description": "Details for a F5 WAF log profile that's associated with an instance or a config sync group.", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" + "name", + "nap_release", + "latest_deployed", + "log_profile_object_id", + "publication_object_id", + "paths", + "deployment_status", + "deployed_on" ], "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" + "name": { + "type": "string", + "description": "Name of the log profile at the time of the deployment." }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" + "nap_release": { + "type": "string", + "description": "The release version of the compiler used for the log profile." }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "latest_deployed": { + "$ref": "#/components/schemas/NapLatestDeployed" }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "log_profile_object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "paths": { + "type": "array", + "description": "The list of file system paths where the compiled log profile bundle file is installed. \nSince a single compiled log profile bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_log_profile.tgz", + "/etc/nginx/default_log_profile_2.tgz" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } + }, + "example": { + "name": "default_log_profile", + "nap_release": "5.10.0", + "latest_deployed": "yes", + "log_profile_object_id": "lp_panEdeY-Sh2rWm365y7wsw", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_log_profile.tgz" + ], + "deployment_status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "ListConfigSyncGroupObject": { + "LogProfileDetails": { + "description": "Information regarding deployed log profiles for F5 WAF.\n", "type": "object", - "description": "Summary information of the NGINX config sync group.", "required": [ - "object_id", - "name", - "created_at", - "instances_count", - "config_status" + "nap_release", + "deployments" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - }, - "created_at": { - "description": "The date and time when the config sync group was created.", + "nap_release": { "type": "string", - "format": "date-time" - }, - "instances_count": { - "description": "Number of instances in the NGINX config sync group.", - "type": "integer" - }, - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" + "description": "The release version of the compiler used for log profiles." }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/LogProfileAssociation" + } } } }, - "ConfigSyncGroupListResponse": { + "InstanceDetails": { + "type": "object", + "description": "Detailed information about an NGINX instance.", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/Instance" }, { "type": "object", - "description": "List of NGINX config sync groups.", - "required": [ - "items" - ], "properties": { - "items": { - "description": "An array of Config Sync Group objects.", + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", "type": "array", "items": { - "$ref": "#/components/schemas/ListConfigSyncGroupObject" + "$ref": "#/components/schemas/CertAssociation" } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystem" + }, + "config_sync_group": { + "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectDetails" + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + "log_profile": { + "$ref": "#/components/schemas/LogProfileDetails" } } } ], "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ + "agent_version": "v2.30.3", + "certs": [ { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-05T22:30:20.220114Z", - "config_status": "in_sync", - "instances_count": 1 + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" } - ] + ], + "hostname": "4d116619f106", + "key": "key_wN3IhLCmR3qmwybG_6ptEg", + "control_plane": { + "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z" + }, + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "os": { + "codename": "jammy", + "id": "ubuntu", + "name": "Ubuntu", + "version": "22.04.3 LTS (Jammy Jellyfish)", + "version_id": "22.04" + }, + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "has_container_host": false } }, - "ConfigSyncGroupCreateRequest": { - "description": "Body to create a NGINX config sync group.", + "ConfigPath": { + "type": "string", + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf" + }, + "FileDataRequest": { + "type": "object", + "description": "Details about a file, name, and content.", "required": [ "name" ], "properties": { "name": { "type": "string", - "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "description": "The file's relative path to the parent directory, absolute path also accepted.", "minLength": 1, - "maxLength": 256, - "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" - } - }, - "example": { - "name": "my-nginx-config-sync-group" - } - }, - "ConfigSyncGroupCreateResponse": { - "description": "Response to a create NGINX config sync group request.", - "required": [ - "object_id", - "name" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "maxLength": 4096 }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 } - }, - "example": { - "name": "my-nginx-config-sync-group", - "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" } }, - "ConfigSyncGroupBulkRequestData": { + "DirectoryRequestWithFileContent": { "type": "object", - "description": "Part of bulk operation on a config sync group, only `delete` is supported.", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", "required": [ - "action", - "object_id" + "name", + "files" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "ConfigSyncGroupBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "name": { + "type": "string", + "minLength": 1, + "description": "The complete path of the directory." }, - { - "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileDataRequest" + } } - ] - }, - "ConfigSyncGroupBulkResponse": { - "description": "The config sync group bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "ConfigSyncGroupMeta": { + "NginxConfigObjectRequest": { "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "object_id", - "name", - "created_at" + "configs" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", - "type": "string", - "format": "date-time" + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } }, - "created_at": { - "description": "The date and time when the config sync group was created.", - "type": "string", - "format": "date-time" + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z", - "created_at": "2023-12-05T22:30:20.220114Z" } }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", + "NginxConfigPayloadContents": { + "type": "string", + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + }, + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", "type": "string", "format": "object_id", - "pattern": "^inst_.*", + "pattern": "^(cert|pv|lp)_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", - "type": "object", - "required": [ - "version" - ], - "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" - }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" - }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" - } + "NginxConfigPayloadPaths": { + "type": "array", + "items": { + "type": "string" } }, - "NginxAppProtectVersions": { - "description": "Version information regarding NGINX App Protect.\n", + "NginxConfigPayload": { "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, WAF policies and WAF log profiles to a data plane instance.\n", "required": [ - "engine_version" + "type", + "paths" ], "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" + "type": { + "type": "string", + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of WAF policy managed by NGINX One Console.\n - nap_log_profile - indicates a WAF log profile managed by NGINX One Console.\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version", + "nap_log_profile" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version", + "nginx_config_payload_nap_log_profile" + ] }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" + "contents": { + "$ref": "#/components/schemas/NginxConfigPayloadContents" + }, + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" + }, + "paths": { + "$ref": "#/components/schemas/NginxConfigPayloadPaths" } + }, + "example": { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] } }, - "NginxAppProtectDeploymentCounts": { - "type": "object", - "description": "Summary count of NAP policy version deployment statues.", - "required": [ - "total", - "deployed", - "deploying", - "failed" - ], - "properties": { - "total": { - "description": "Total count of NAP policy versions across the NGINX data plane.", - "type": "integer" + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that define which objects should be deployed and the file paths where each object will be placed on the data plane instance.\n* When the type is `managed_certificate`, `managed_key`, `nap_policy_version`, or `nap_log_profile`, you must specify an `object_id`. \nThe `object_id` must refer to a managed object.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys respectively, with `contents`. When you retrieve certificate deployment details, \nonly the file paths of managed certificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ + { + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] }, - "deployed": { - "description": "The number of NAP policy versions that have deployed.", - "type": "integer" + { + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] }, - "deploying": { - "description": "The number of NAP policy versions that are deploying.", - "type": "integer" + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" + ] }, - "failed": { - "description": "The number of NAP policy versions that have failed deployment.", - "type": "integer" + { + "type": "nap_policy_version", + "object_id": "pv_dM68MUcVTe6pfDaCNsM9Qw", + "paths": [ + "/etc/nginx/strict_policy.tgz" + ] + }, + { + "type": "nap_log_profile", + "object_id": "lp_dM68MUcVTe6pfDaCNsM9Qw", + "paths": [ + "/etc/nginx/log_all.tgz" + ] } - } + ] }, - "NginxAppProtectSummary": { - "description": "Summary information regarding NGINX App Protect.\n", - "type": "object", + "NginxConfigRequest": { "allOf": [ { - "$ref": "#/components/schemas/NginxAppProtectVersions" + "$ref": "#/components/schemas/NginxConfigObjectRequest" }, { "type": "object", - "required": [ - "deployments" - ], "properties": { - "deployments": { - "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" } } } ] }, - "CveSeverityType": { - "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", - "enum": [ - "high", - "medium", - "low", - "none", - "other" - ], - "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" - ] + "NginxConfigDirectives": { + "type": "array", + "x-go-type": "xp.Directives", + "x-go-type-import": { + "name": "xp", + "path": "github.com/nginxinc/nginx-go-crossplane" + }, + "items": { + "$ref": "#/components/schemas/NginxConfigDirective" + } }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", + "NginxConfigDirective": { "type": "object", + "x-go-type": "xp.Directive", + "x-go-type-import": { + "name": "xp", + "path": "github.com/nginxinc/nginx-go-crossplane" + }, "required": [ - "type", - "count" + "directive", + "line", + "args" ], "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" + "directive": { + "type": "string" }, - "count": { - "description": "The total number of each CVE type.", + "line": { "type": "integer" + }, + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "file": { + "type": "string" + }, + "includes": { + "type": "array", + "items": { + "type": "integer" + } + }, + "block": { + "$ref": "#/components/schemas/NginxConfigDirectives" + }, + "comment": { + "type": "string" } } }, - "RecommendationType": { - "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", - "enum": [ - "best_practice", - "security", - "optimization", - "other" - ], - "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" - ] - }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", + "ParsedNginxConfig": { "type": "object", "required": [ - "type", - "count" + "file", + "parsed" ], "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" + "file": { + "type": "string", + "description": "NGINX Instance configuration file, corresponds to the conf-path." }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", - "type": "integer" + "parsed": { + "$ref": "#/components/schemas/NginxConfigDirectives" } } }, - "ControlPlaneObjectID": { - "description": "A globally unique identifier for the control plane.", - "type": "string", - "format": "object_id", - "pattern": "^ecp_.*", - "x-go-type": "objects.ID" - }, - "ControlPlaneBaseInfo": { + "NginxConfigProblem": { "type": "object", - "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", - "required": [ - "name", - "product_version", - "created_at" - ], + "description": "Representation of a problem found during NGINX configuration analysis.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "name": { - "description": "Control plane name.", + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", "type": "string" }, - "product_version": { - "description": "Control plane product name and version.", + "file": { + "description": "File where the issue is detected.", "type": "string" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the control plane was created." + "line": { + "description": "Line number in the configuration where the issue is found.", + "type": "integer" + }, + "message": { + "description": "Details about the identified issue.", + "type": "string" } } }, - "Instance": { + "NginxConfigReport": { "type": "object", - "description": "Summary information about a NGINX instance.", - "required": [ - "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status", - "has_container_host" - ], + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", + "rule": { + "description": "The name of the configuration rule that was violated.", "type": "string" }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "info": { + "description": "A detailed description of the issue.", "type": "string" }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "severity": { + "description": "The severity level of the issue.", "type": "string" }, - "agent_version": { - "description": "The version of the NGINX Agent.", + "category": { + "description": "Classification category of the issue.", "type": "string" }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" - }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", - "type": "string", - "example": "ubuntu_jammy" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectSummary" - }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", - "type": "string", - "format": "date-time" - }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", - "type": "string", - "format": "date-time" - }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - }, - "cve_severity": { + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", "items": { - "$ref": "#/components/schemas/CveDetails" + "type": "string" } }, - "recommendations": { + "where": { + "description": "Specific locations in the configuration where issues were detected.", "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", "items": { - "$ref": "#/components/schemas/IssueDetails" + "$ref": "#/components/schemas/NginxConfigProblem" } - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - "has_container_host": { - "type": "boolean", - "description": "Indicates whether the instance is running in a containerized environment." } } }, - "ConfigSyncGroupInstance": { - "allOf": [ - { - "$ref": "#/components/schemas/Instance" - }, - { - "type": "object", - "required": [ - "config_status", - "config_version" - ], - "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - } - } - } - ] + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } }, - "ConfigSyncGroupPublicationStatus": { - "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", - "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" + "FileData": { + "type": "object", + "description": "Details about a file, including its path, content, size, and last modified time.", + "required": [ + "name", + "contents", + "size", + "mtime" ], - "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" - ] + "properties": { + "name": { + "type": "string", + "description": "The file's relative path to the parent directory.", + "minLength": 1, + "maxLength": 4096 + }, + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + }, + "size": { + "type": "integer", + "description": "The size of the file, in bytes." + }, + "mtime": { + "type": "string", + "format": "date-time", + "description": "Timestamp of the last modification made to the file." + } + } }, - "CertAssociation": { + "DirectoryWithFileContent": { "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ "name", - "object_id", - "cert_type", - "subject_name", - "not_before", - "not_after", - "cert_status", - "deployment_status" + "files" ], "properties": { "name": { "type": "string", - "description": "A friendly name for the certificate." + "description": "The complete path of the directory." }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "permissions": { + "type": "string", + "description": "The permissions for the directory." }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" + "mtime": { + "type": "string", + "description": "The date and time when the directory was last modified.", + "format": "date-time" }, - "cert_paths": { + "files": { "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], + "description": "The list of files in the directory.", "items": { - "type": "string" + "$ref": "#/components/schemas/FileData" } + } + } + }, + "NginxConfigObject": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "required": [ + "conf_path", + "configs" + ], + "properties": { + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "key_paths": { + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + }, + "configs": { "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" - ], + "description": "An array of directories containing NGINX configuration files.", "items": { - "type": "string" + "$ref": "#/components/schemas/DirectoryWithFileContent" } }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "subject_name": { - "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" - }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "not_before": { - "type": "string", - "format": "date-time", - "description": "the effective date of the certificate." - }, - "not_after": { - "type": "string", - "format": "date-time", - "description": "The expiration date for the certificate." + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" + } } + }, + "example": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } + ], + "name": "/etc/nginx/conf.d" + }, + { + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } + ], + "name": "/etc/nginx" + } + ] } }, - "NapPolicyObjectID": { - "description": "A globally unique identifier for the App Protect policy.", - "type": "string", - "format": "object_id", - "pattern": "^pol_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapPolicyVersionObjectID": { - "description": "A globally unique identifier for the App Protect policy version.", - "type": "string", - "format": "object_id", - "pattern": "^pv_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", "type": "string", "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", + "pattern": "^nc_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NapPolicyEnforcementMode": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", - "type": "string", - "enum": [ - "blocking", - "transparent" - ], - "x-enum-varnames": [ - "nap_enforcement_mode_blocking", - "nap_enforcement_mode_transparent" + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "allOf": [ + { + "$ref": "#/components/schemas/NginxConfigObject" + }, + { + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } + } ] }, - "NapDeploymentStatus": { - "description": "The current deployment status of the NGINX App Protect policy or log profile, with the following possible values:\n* `deployed` - The NGINX App Protect policy or log profile has been deployed.\n* `not_deployed` - The NGINX App Protect policy or log profile has not been deployed.\n* `deploying` - The NGINX App Protect policy or log profile is currently being deployed.\n* `failed` - The NGINX App Protect policy or log profile failed deploying.\n", - "type": "string", - "enum": [ - "deployed", - "not_deployed", - "deploying", - "failed" - ], - "x-enum-varnames": [ - "nap_deployment_status_deployed", - "nap_deployment_status_not_deployed", - "nap_deployment_status_deploying", - "nap_deployment_status_failed" - ] + "PublicationStatusCause": { + "description": "Cause of the failure, provided only if the status is `failed`.", + "type": "object", + "properties": { + "cause": { + "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", + "type": "string", + "enum": [ + "unknown", + "timeout", + "remote", + "payload" + ], + "x-enum-varnames": [ + "publication_instance_status_cause_unknown", + "publication_instance_status_cause_timeout", + "publication_instance_status_cause_remote", + "publication_instance_status_cause_payload" + ] + }, + "message": { + "type": "string", + "description": "more specific failure message from the agent." + } + } }, - "NapAssociation": { - "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", + "PublicationInstance": { + "description": "Details of a publication request for an NGINX instance.", "required": [ - "name", - "version", - "policy_object_id", - "policy_version_object_id", - "paths", - "deployment_status", - "publication_object_id", - "deployed_on", - "enforcement_mode" + "status", + "created_at", + "modified_at" ], "properties": { - "name": { + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "config_version": { "type": "string", - "description": "Name of the policy at the time of the deployment." + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" }, - "version": { + "status": { + "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", "type": "string", - "description": "Version of the policy at the time of the deployment." + "enum": [ + "pending", + "failed", + "succeeded", + "succeeded_with_warnings" + ], + "x-enum-varnames": [ + "publication_instance_status_pending", + "publication_instance_status_failed", + "publication_instance_status_succeeded", + "publication_instance_status_succeeded_with_warnings" + ] }, - "policy_object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "status_cause": { + "$ref": "#/components/schemas/PublicationStatusCause" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + } + }, + "example": { + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "created_at": "2024-05-14T20:36:06.272704Z", + "modified_at": "2024-05-14T20:36:06.272704Z", + "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", + "status": "pending" + } + }, + "NginxConfigMeta": { + "type": "object", + "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", + "required": [ + "object_id", + "config_version", + "created_at", + "modified_at", + "config_source" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object.\n" }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_policy.tgz", - "/etc/nginx/default_policy_server_2.tgz" - ], - "items": { - "type": "string" - } + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." }, - "deployed_on": { - "description": "Date and time of the deployment.", + "config_source": { "type": "string", - "format": "date-time" + "enum": [ + "NGINX One", + "Other", + "Unspecified" + ], + "x-enum-varnames": [ + "config_source_nginx_one", + "config_source_other", + "config_source_unspecified" + ], + "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" } }, "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z" + "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", + "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z", + "config_source": "NGINX One" } }, - "NapLatestDeployed": { - "description": "Whether the latest F5 WAF object (i.e., log profile) was deployed, with the following possible values:\n* `yes` - The latest NAP object has been deployed.\n* `no` - The latest NAP object has not been deployed.\n", + "FeatureFlagKey": { + "type": "string", + "description": "String representation of a feature flag key." + }, + "FilterNameConfigSyncGroups": { "type": "string", + "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", "enum": [ - "yes", - "no" + "name", + "config_status", + "object_id" ], "x-enum-varnames": [ - "nap_latest_deployed_yes", - "nap_latest_deployed_no" + "filter_name_config_sync_group_name", + "filter_name_config_sync_group_config_status", + "filter_name_config_sync_group_object_id" ] }, - "NapLogProfileObjectID": { - "description": "A globally unique identifier for the App Protect log profile.", - "type": "string", - "format": "object_id", - "pattern": "^lp_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "LogProfileAssociation": { - "description": "Details for a F5 WAF log profile that's associated with an instance or a config sync group.", + "ListConfigSyncGroupObject": { + "type": "object", + "description": "Summary information of the NGINX config sync group.", "required": [ + "object_id", "name", - "nap_release", - "latest_deployed", - "log_profile_object_id", - "publication_object_id", - "paths", - "deployment_status", - "deployed_on" + "created_at", + "instances_count", + "config_status" ], "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + }, "name": { - "type": "string", - "description": "Name of the log profile at the time of the deployment." + "description": "Name of the NGINX config sync group.", + "type": "string" }, - "nap_release": { + "created_at": { + "description": "The date and time when the config sync group was created.", "type": "string", - "description": "The release version of the compiler used for the log profile." + "format": "date-time" }, - "latest_deployed": { - "$ref": "#/components/schemas/NapLatestDeployed" + "instances_count": { + "description": "Number of instances in the NGINX config sync group.", + "type": "integer" }, - "log_profile_object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + } + } + }, + "ConfigSyncGroupListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled log profile bundle file is installed. \nSince a single compiled log profile bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_log_profile.tgz", - "/etc/nginx/default_log_profile_2.tgz" + { + "type": "object", + "description": "List of NGINX config sync groups.", + "required": [ + "items" ], - "items": { - "type": "string" + "properties": { + "items": { + "description": "An array of Config Sync Group objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ListConfigSyncGroupObject" + } + } + } + } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-05T22:30:20.220114Z", + "config_status": "in_sync", + "instances_count": 1 } + ] + } + }, + "ConfigSyncGroupCreateRequest": { + "description": "Body to create a NGINX config sync group.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" + } + }, + "example": { + "name": "my-nginx-config-sync-group" + } + }, + "ConfigSyncGroupCreateResponse": { + "description": "Response to a create NGINX config sync group request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" + } + }, + "example": { + "name": "my-nginx-config-sync-group", + "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" + } + }, + "ConfigSyncGroupBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a config sync group, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "name": "default_log_profile", - "nap_release": "5.10.0", - "latest_deployed": "yes", - "log_profile_object_id": "lp_panEdeY-Sh2rWm365y7wsw", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_log_profile.tgz" - ], - "deployment_status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "ConfigSyncGroupBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "ConfigSyncGroupBulkResponse": { + "description": "The config sync group bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, + "ConfigSyncGroupInstance": { + "allOf": [ + { + "$ref": "#/components/schemas/Instance" + }, + { + "type": "object", + "required": [ + "config_status", + "config_version" + ], + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + } + } + } + ] + }, + "ConfigSyncGroupPublicationStatus": { + "type": "string", + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "enum": [ + "pending", + "failed", + "succeeded", + "partially_succeeded" + ], + "x-enum-varnames": [ + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" + ] + }, "ConfigSyncGroup": { "allOf": [ { @@ -11059,486 +14472,755 @@ } ], "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456", + "has_container_host": false + } + ], + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] + } + }, + "ConfigSyncGroupDetails": { + "type": "object", + "description": "Detailed information of the NGINX config sync group.", + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroup" + } + ] + }, + "ConfigSyncGroupPublicationStatusReason": { + "allOf": [ + { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + { + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + } + } + } + ] + }, + "ConfigSyncGroupPublication": { + "description": "Details of a publication request for the NGINX config sync group.", + "required": [ + "status", + "created_at", + "modified_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + }, + "status_reasons": { + "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + } + }, + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + } + }, + "example": { + "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", + "created_at": "2024-05-23T21:57:13.048285Z", + "modified_at": "2024-05-23T21:57:13.048285Z", + "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", + "status": "failed", + "status_reasons": [ + { + "cause": "remote", + "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", + "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + } + ] + } + }, + "FilterNameCertificates": { + "type": "string", + "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ + "name", + "management", + "type", + "subject_name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_certificates_name", + "filter_name_certificates_management", + "filter_name_certificates_type", + "filter_name_certificates_subject_name", + "filter_name_certificates_status", + "filter_name_certificates_object_id" + ] + }, + "CertificateManagement": { + "type": "string", + "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "enum": [ + "managed", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_management_managed", + "certificate_management_unmanaged" + ] + }, + "CertificateObjectMetadata": { + "required": [ + "management", + "type" + ], + "properties": { + "name": { + "description": "Name of the certificate, optionally specified upon creation", + "type": "string" + }, + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "management": { + "$ref": "#/components/schemas/CertificateManagement" + }, + "type": { + "$ref": "#/components/schemas/CertificateType" + }, + "certs_count": { + "description": "The number of public certificates under this certificate object.", + "type": "integer", + "format": "int64" + } + }, + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "certs_count": 5 + } + }, + "CertificateDisplayMetadata": { + "description": "This represents the essential metadata of a public certificate.", + "type": "object", + "required": [ + "subject_name", + "status", + "not_before", + "not_after" + ], + "properties": { + "subject_name": { + "type": "string", + "example": "www.example.com", + "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" + }, + "status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { + "type": "string", + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + } + }, + "example": { + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z" + } + }, + "CertificateOverviewMetadata": { + "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/CertificateObjectMetadata" + }, + { + "$ref": "#/components/schemas/CertificateDisplayMetadata" + } + ], + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 + } + }, + "CertificateListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of SSL certificates.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateOverviewMetadata" + } + } + } + } + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456", - "has_container_host": false - } - ], - "certs": [ + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 1 + }, { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } ] } }, - "ConfigSyncGroupDetails": { + "CertificateContent": { "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroup" + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "required": [ + "public_certs" + ], + "properties": { + "public_certs": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + }, + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } - ] + }, + "example": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } }, - "FileData": { + "CertificateRequest": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", + "description": "Request structure for parsing or upserting certificates with an optional private key.\n", "required": [ - "name", - "contents", - "size", - "mtime" + "content" ], "properties": { "name": { + "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "description": "The file's relative path to the parent directory.", "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." + "maxLength": 128 }, - "mtime": { - "type": "string", - "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "content": { + "$ref": "#/components/schemas/CertificateContent" + } + }, + "example": { + "name": "example-ca-bundle", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "private_key": "" } } }, - "DirectoryWithFileContent": { + "CertificateMetadata": { + "description": "A comprehensive list of all the metadata for a public certificate.", "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ - "name", - "files" + "status", + "serial_number", + "signature_algorithm", + "not_before", + "not_after", + "public_key_type", + "thumbprint" ], "properties": { - "name": { + "status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "version": { + "type": "integer", + "format": "int64", + "example": 3, + "description": "The version of the certificate, typically 3 for X.509 certificates." + }, + "serial_number": { "type": "string", - "description": "The complete path of the directory." + "example": "16469416336579571270", + "description": "A unique identifier for the certificate." }, - "permissions": { + "signature_algorithm": { "type": "string", - "description": "The permissions for the directory." + "example": "SHA-256", + "description": "Identifies the algorithm used to sign the certificate." }, - "mtime": { + "issuer": { "type": "string", - "description": "The date and time when the directory was last modified.", - "format": "date-time" + "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", + "description": "Identifies the entity who signed and issued the certificate." }, - "files": { + "not_before": { + "type": "string", + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + }, + "subject": { + "type": "string", + "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", + "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + }, + "subject_alternative_name": { "type": "array", - "description": "The list of files in the directory.", "items": { - "$ref": "#/components/schemas/FileData" - } + "type": "string" + }, + "example": [ + "DNS:www.example.com", + "DNS:example.com", + "email:info@example.com" + ], + "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" + }, + "public_key_type": { + "type": "string", + "example": "RSA (2048 Bits)", + "description": "Identifies the encryption algorithm used to create the public key for the certificate." + }, + "common_name": { + "type": "string", + "example": "www.example.com", + "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + }, + "authority_key_identifier": { + "type": "string", + "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", + "description": "The identifier of the signing authority for the certificate." + }, + "subject_key_identifier": { + "type": "string", + "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", + "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + }, + "thumbprint_algorithm": { + "type": "string", + "example": "SHA-1", + "description": "Defines the algorithm used to hash the certificate." + }, + "thumbprint": { + "type": "string", + "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", + "description": "A hash to ensure that the certificate has not been modified." } + }, + "example": { + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "self_ca_signed", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "NginxConfigObject": { + "PrivateKeyMetadata": { "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "conf_path", - "configs" - ], + "description": "Metadata for a private key.", "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" - }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "key_size": { + "description": "Size of the private key in bits.", + "type": "integer", + "format": "int64" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "encryption_algorithm": { + "description": "The encryption algorithm used for the private key.", + "type": "string" } }, "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 - } - ], - "name": "/etc/nginx/conf.d" - }, - { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, - { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 - } - ], - "name": "/etc/nginx" - } - ] - } - }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", - "type": "string", - "format": "object_id", - "pattern": "^nc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "key_size": 512, + "encryption_algorithm": "RSA" } }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "CertificateResponse": { + "type": "object", + "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObject" + "$ref": "#/components/schemas/CertificateOverviewMetadata" }, { "type": "object", - "required": [ - "object_id" - ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "warnings": { + "type": "string", + "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "certs": { + "description": "An array of metadata for all the public certificates under the cert object.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateMetadata" + } + }, + "key": { + "$ref": "#/components/schemas/PrivateKeyMetadata" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was last modified." } } } - ] - }, - "PublicationStatusCause": { - "description": "Cause of the failure, provided only if the status is `failed`.", - "type": "object", - "properties": { - "cause": { - "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", - "type": "string", - "enum": [ - "unknown", - "timeout", - "remote", - "payload" - ], - "x-enum-varnames": [ - "publication_instance_status_cause_unknown", - "publication_instance_status_cause_timeout", - "publication_instance_status_cause_remote", - "publication_instance_status_cause_payload" - ] + ], + "example": { + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "warnings": "The provided private key does not match the certificate's signing key.", + "certs_count": 1, + "certs": [ + { + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "eg3bsriq_cert_B", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + } + ], + "key": { + "key_size": 512, + "encryption_algorithm": "RSA" }, - "message": { - "type": "string", - "description": "more specific failure message from the agent." - } + "modified_at": "2023-11-01T00:00:00Z", + "created_at": "2023-10-01T00:00:00Z" } }, - "ConfigSyncGroupPublicationStatusReason": { - "allOf": [ - { - "$ref": "#/components/schemas/PublicationStatusCause" - }, - { - "type": "object", - "required": [ - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - } - } - } - ] - }, - "ConfigSyncGroupPublication": { - "description": "Details of a publication request for the NGINX config sync group.", + "CertificateBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a certificate, only `delete` is supported.", "required": [ - "status", - "created_at", - "modified_at" + "action", + "object_id" ], "properties": { "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." - }, - "status_reasons": { - "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" - } + "$ref": "#/components/schemas/CertificateObjectID" }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", - "created_at": "2024-05-23T21:57:13.048285Z", - "modified_at": "2024-05-23T21:57:13.048285Z", - "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", - "status": "failed", - "status_reasons": [ - { - "cause": "remote", - "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", - "object_id": "inst_QBBobKIAQ_21grAwV83VYw" - } - ] + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "CertificateBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "CertificateBulkResponse": { + "description": "The certificate bulk operation outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "PublicationInstance": { - "description": "Details of a publication request for an NGINX instance.", - "required": [ - "status", - "created_at", - "modified_at" - ], + "PublicationBulkResponse": { + "description": "The publication bulk operation outcome.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "CertificateUpdateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" - }, - "status": { - "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", - "type": "string", - "enum": [ - "pending", - "failed", - "succeeded", - "succeeded_with_warnings" - ], - "x-enum-varnames": [ - "publication_instance_status_pending", - "publication_instance_status_failed", - "publication_instance_status_succeeded", - "publication_instance_status_succeeded_with_warnings" - ] - }, - "status_cause": { - "$ref": "#/components/schemas/PublicationStatusCause" - }, - "created_at": { + "public_certs": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" }, - "modified_at": { + "private_key": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } }, "example": { - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "created_at": "2024-05-14T20:36:06.272704Z", - "modified_at": "2024-05-14T20:36:06.272704Z", - "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", - "status": "pending" + "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } }, - "NginxConfigMeta": { + "CertificateUpdateRequest": { "type": "object", - "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", - "required": [ - "object_id", - "config_version", - "created_at", - "modified_at", - "config_source" - ], + "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object.\n" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." - }, - "modified_at": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "minLength": 1, + "maxLength": 128 }, - "config_source": { - "type": "string", - "enum": [ - "NGINX One", - "Other", - "Unspecified" - ], - "x-enum-varnames": [ - "config_source_nginx_one", - "config_source_other", - "config_source_unspecified" - ], - "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + "content": { + "$ref": "#/components/schemas/CertificateUpdateContent" } }, "example": { - "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", - "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z", - "config_source": "NGINX One" + "name": "example-cert-object", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } } }, - "FilterNameControlPlanes": { + "FilterNameCertificateDeployments": { "type": "string", - "description": "Keywords for control plane filters.\n", + "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", "enum": [ "name", - "product_version", - "object_id", - "cve_severity" + "association_type", + "deployment_status" ], "x-enum-varnames": [ - "filter_name_control_plane_name", - "filter_name_control_plane_product_version", - "filter_name_control_plane_object_id", - "filter_name_control_plane_cve_severity" + "filter_name_certificate_deployments_name", + "filter_name_certificate_deployments_association_type", + "filter_name_certificate_deployments_deployment_status" ] }, - "ListControlPlaneObject": { - "allOf": [ - { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "DeploymentAssociatedType": { + "type": "string", + "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", + "enum": [ + "instance", + "config_sync_group" + ], + "x-enum-varnames": [ + "deployment_associated_type_instance", + "deployment_associated_type_config_sync_group" + ] + }, + "DeploymentAssociatedName": { + "type": "string", + "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + }, + "CertificateDeployment": { + "type": "object", + "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", + "required": [ + "association_type", + "object_id", + "name", + "deployment_status" + ], + "properties": { + "association_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - { - "type": "object", - "description": "Summary information about a control plane.", - "required": [ - "object_id", - "instances_count", - "online_instances_count" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "instances_count": { - "description": "Total number of instances in the control plane.", - "type": "integer" - }, - "online_instances_count": { - "description": "Total number of online instances in the control plane.", - "type": "integer" - }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } - } + "object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "cert_paths": { + "description": "Deployment file paths for public certificates.", + "type": "array", + "items": { + "type": "string" + } + }, + "key_paths": { + "description": "Deployment file paths for the private key.", + "type": "array", + "items": { + "type": "string" } } - ] + }, + "example": { + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] + } }, - "ControlPlaneListResponse": { + "CertificateDeploymentListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of control planes.", + "description": "List of certificate deployments for a SSL certificate.", "required": [ "items" ], "properties": { "items": { - "description": "An array of control plane objects.", + "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", "type": "array", "items": { - "$ref": "#/components/schemas/ListControlPlaneObject" + "$ref": "#/components/schemas/CertificateDeployment" } } } @@ -11546,675 +15228,841 @@ ], "example": { "total": 10, - "count": 1, + "count": 2, "start_index": 1, "items_per_page": 100, "items": [ { - "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z", - "instances_count": 5, - "online_instances_count": 3, - "cve_severity": [ - { - "count": 6, - "type": "medium" - }, - { - "count": 1, - "type": "high" - } + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" ] }, { - "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", - "name": "ngf-deployment", - "created_at": "2023-12-06T22:37:24.120114Z", - "product_version": "nginx-gateway-fabric-2.0.1", - "instances_count": 3, - "online_instances_count": 1, - "cve_severity": [ - { - "count": 2, - "type": "medium" - }, - { - "count": 3, - "type": "high" - } + "association_type": "config_sync_group", + "name": "group1", + "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", + "deployment_status": "stale", + "cert_paths": [ + "/etc/nginx/cert.crt" + ], + "key_paths": [ + "/etc/nginx/server.key" ] } ] } }, - "ControlPlaneBulkRequestData": { + "NginxCVEObject": { "type": "object", - "description": "Part of bulk operation on a control plane, only `delete` is supported.", "required": [ - "action", - "object_id" + "id", + "severity", + "info", + "published_at" ], + "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "info": { + "description": "A brief description of security advisory.", + "type": "string" + }, + "instances_impacted": { + "description": "Number of instances impacted by the security advisory", + "type": "integer" + }, + "control_planes_impacted": { + "description": "Number of control planes impacted by the security advisory", + "type": "integer" + }, + "published_at": { + "description": "The date and time when the cve was published", + "type": "string", + "format": "date-time" } - }, - "example": { - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "ControlPlaneBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ControlPlaneBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "CVEListResponse": { + "allOf": [ { - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/PaginationResponse" }, { - "object_id": "ecp_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "type": "object", + "description": "List of all CVEs.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of CVE objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxCVEObject" + } + } + } } ] }, - "ControlPlaneBulkResponse": { - "description": "The control plane bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "StatusSummary": { - "description": "An overview of the status for each NGINX instance, indicating availability.", - "type": "object", - "required": [ - "online", - "offline", - "unavailable" + "NginxProduct": { + "type": "string", + "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "enum": [ + "noss", + "nplus", + "nic", + "ngf", + "unknown" ], - "properties": { - "online": { - "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "type": "integer" - }, - "offline": { - "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", - "type": "integer" - }, - "unavailable": { - "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", - "type": "integer" - } - } + "x-enum-varnames": [ + "nginx_product_noss", + "nginx_product_nplus", + "nginx_product_nic", + "nginx_product_ngf", + "nginx_product_unknown" + ] }, - "ControlPlane": { + "CveImpactedNginxProduct": { "type": "object", - "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", "required": [ - "object_id", - "cluster_uuid", - "deployment_uuid", - "kubernetes_namespace" + "versions", + "name" ], + "description": "security advisory impacted NGINX product and its version.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "cluster_uuid": { - "description": "The Kubernetes UID assigned to the cluster that the product is running in.", - "type": "string" - }, - "deployment_uuid": { - "description": "The Kubernetes UID assigned to the control plane.", - "type": "string" - }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "kubernetes_namespace": { - "description": "The kubernetes namespace that the product is running in.", - "type": "string" - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + "versions": { + "description": "List of impacted NGINX product versions.", + "type": "array", + "items": { + "type": "string" + } }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" + "name": { + "$ref": "#/components/schemas/NginxProduct" } } }, - "ControlPlaneDetails": { - "type": "object", - "description": "Detailed information of control plane.", + "NginxCVEDetailsResponse": { "allOf": [ { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "$ref": "#/components/schemas/NginxCVEObject" }, { - "$ref": "#/components/schemas/ControlPlane" - } - ], - "example": { - "name": "foo", - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "product_version": "nginx-ingress-controller-1.0.0", - "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", - "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", - "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", - "kubernetes_namespace": "nginx-ingress-controller", - "created_at": "2023-12-06T22:37:24.120114Z", - "cert_summary": { - "total": 9, - "valid": 1, - "expired": 5, - "expiring": 3, - "not_ready": 0 - }, - "statuses": { - "offline": 0, - "online": 3, - "unavailable": 0 + "type": "object", + "required": [ + "detail", + "impacted_products" + ], + "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", + "properties": { + "impacted_products": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CveImpactedNginxProduct" + } + }, + "detail": { + "description": "the details about security advisory", + "type": "string" + } + }, + "example": { + "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", + "id": "CVE-ID", + "impacted_products": [ + { + "name": "nplus", + "versions": [ + "r1", + "r2" + ] + }, + { + "name": "noss", + "versions": [ + "1.11.1", + "1.20.2", + "1.19.9" + ] + }, + { + "name": "nic", + "versions": [ + "1.0.0", + "2.1.0" + ] + }, + { + "name": "ngf", + "versions": [ + "1.6.2", + "2.0.1" + ] + } + ], + "info": "Memory disclosure in the ngx_http_mp4_module", + "published_at": "2022-10-19T00:00:00Z", + "severity": "medium" + } } - } + ] }, - "SummaryDisplayCount": { - "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "NginxProductInfo": { "type": "object", + "description": "Information about an NGINX product type and its version", "required": [ "name", - "count" + "version" ], "properties": { "name": { - "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", - "type": "string" - }, - "count": { - "description": "The number of resources matching the given type.", - "type": "integer" + "$ref": "#/components/schemas/NginxProduct" }, - "display": { - "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", + "version": { + "description": "version of the NGINX product installed on the instance.", "type": "string" } } }, - "ControlPlaneProductVersionSummary": { - "description": "An array of control plane product names/versions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "CveControlPlaneSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", + "CVEImpactedInstance": { "type": "object", + "description": "Summary information about a NGINX instance.", "required": [ - "severity", - "count", - "affected_control_planes" + "object_id", + "hostname", + "status" ], "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "affected_control_planes": { - "description": "The number of control planes affected by each CVE.", - "type": "integer" + "products": { + "description": "List of NGINX products in the instance", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxProductInfo" + } + }, + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] } } }, - "ControlPlaneSummary": { - "description": "A summary of control planes including their product names/version details.", - "type": "object", - "properties": { - "product_versions": { - "$ref": "#/components/schemas/ControlPlaneProductVersionSummary" + "CVEImpactedInstancesListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveControlPlaneSummary" + { + "type": "object", + "description": "List of instances affected by a CVE.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CVEImpactedInstance" + } + } + }, + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "hostname": "4d116619f106", + "products": [ + { + "name": "noss", + "version": "1.18.0" + } + ], + "status": "unknown" + } + ] } } - }, - "example": { - "product_versions": [ - { - "count": 10, - "name": "nginx-ingress-controller-1.0.0" - } - ], - "cves": [ - { - "affected_control_planes": 3, - "count": 13, - "severity": "medium" + ] + }, + "CVEImpactedControlPlanesListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of control planes affected by a CVE.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Control Plane objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + } + } }, - { - "affected_control_planes": 2, - "count": 2, - "severity": "high" + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-08-10T16:59:15Z" + } + ] } - ] + } + ] + }, + "FilterNameEvents": { + "type": "string", + "description": "Keywords for events filters.\n", + "enum": [ + "object_id" + ], + "x-enum-varnames": [ + "filter_name_events_object_id" + ] + }, + "EventObjectID": { + "description": "A globally unique identifier for a NGINX One system event.", + "type": "string", + "format": "object_id", + "pattern": "^event_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxCVEObject": { + "Event": { "type": "object", + "description": "An Event is a system message.", "required": [ - "id", - "severity", - "info", - "published_at" + "type", + "timestamp", + "object_id", + "message" ], - "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" + "timestamp": { + "description": "time of the event", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" + "type": { + "type": "string", + "description": "type of event, indication for affected object type.", + "enum": [ + "instance_cleanup", + "certificates", + "publications", + "nap_compilation_jobs" + ], + "x-enum-varnames": [ + "event_type_instance_cleanup", + "event_type_certificates", + "event_type_publications", + "event_type_nap_compilation_jobs" + ] }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/EventObjectID" }, - "instances_impacted": { - "description": "Number of instances impacted by the security advisory", - "type": "integer" + "affected_object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "control_planes_impacted": { - "description": "Number of control planes impacted by the security advisory", - "type": "integer" + "hostname": { + "type": "string", + "description": "hostname of the affected instance, if any." }, - "published_at": { - "description": "The date and time when the cve was published", + "message": { "type": "string", - "format": "date-time" + "description": "Details regarding the event.", + "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." } + }, + "example": { + "timestamp": "2024-02-04T09:57:36.088757764Z", + "type": "instance_cleanup", + "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", + "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "CVEListResponse": { + "EventsListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of all CVEs.", + "description": "List of Events.", "required": [ "items" ], "properties": { "items": { - "description": "An array of CVE objects.", + "description": "An array of Event objects.", "type": "array", "items": { - "$ref": "#/components/schemas/NginxCVEObject" + "$ref": "#/components/schemas/Event" } } } } ] }, - "NginxProduct": { + "FilterStagedConfigs": { "type": "string", - "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "description": "Keywords for staged configs filters.\n", "enum": [ - "noss", - "nplus", - "nic", - "ngf", - "unknown" + "name", + "object_id" ], "x-enum-varnames": [ - "nginx_product_noss", - "nginx_product_nplus", - "nginx_product_nic", - "nginx_product_ngf", - "nginx_product_unknown" + "filter_name_staged_config_name", + "filter_name_staged_config_object_id" ] }, - "CveImpactedNginxProduct": { + "StagedConfigObjectID": { + "description": "A globally unique identifier for the NGINX staged config.", + "type": "string", + "format": "object_id", + "pattern": "^sc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "StagedConfigCertificateSummary": { "type": "object", + "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", "required": [ - "versions", - "name" + "total", + "expired", + "expiring", + "valid", + "not_found", + "not_ready" ], - "description": "security advisory impacted NGINX product and its version.", "properties": { - "versions": { - "description": "List of impacted NGINX product versions.", - "type": "array", - "items": { - "type": "string" - } + "total": { + "description": "Total count of certificates used as `payloads` in NGINX config.", + "type": "integer" + }, + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" + }, + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" + }, + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" + }, + "not_found": { + "description": "The number of certificates that are not found on NGINX One Console.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" + } + } + }, + "StagedConfigMeta": { + "type": "object", + "description": "Summary information of the NGINX staged config.", + "required": [ + "object_id", + "name", + "created_at", + "modified_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, "name": { - "$ref": "#/components/schemas/NginxProduct" + "description": "Name of the NGINX staged config", + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." + }, + "cert_summary": { + "$ref": "#/components/schemas/StagedConfigCertificateSummary" } } }, - "NginxCVEDetailsResponse": { + "StagedConfigListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxCVEObject" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of NGINX staged configs.", "required": [ - "detail", - "impacted_products" + "items" ], - "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", "properties": { - "impacted_products": { + "items": { + "description": "An array of Staged Config objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CveImpactedNginxProduct" + "$ref": "#/components/schemas/StagedConfigMeta" } - }, - "detail": { - "description": "the details about security advisory", - "type": "string" } - }, - "example": { - "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", - "id": "CVE-ID", - "impacted_products": [ - { - "name": "nplus", - "versions": [ - "r1", - "r2" - ] - }, - { - "name": "noss", - "versions": [ - "1.11.1", - "1.20.2", - "1.19.9" - ] - }, - { - "name": "nic", - "versions": [ - "1.0.0", - "2.1.0" - ] - }, - { - "name": "ngf", - "versions": [ - "1.6.2", - "2.0.1" - ] - } - ], - "info": "Memory disclosure in the ngx_http_mp4_module", - "published_at": "2022-10-19T00:00:00Z", - "severity": "medium" } } - ] + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", + "name": "my-nginx-staged-config", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z" + } + ] + } }, - "NginxProductInfo": { - "type": "object", - "description": "Information about an NGINX product type and its version", + "StagedConfigName": { + "type": "string", + "description": "A name to identify the NGINX staged config.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[^\\s]+$" + }, + "StagedConfigCreateRequest": { + "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", "required": [ - "name", - "version" + "name" ], "properties": { "name": { - "$ref": "#/components/schemas/NginxProduct" + "$ref": "#/components/schemas/StagedConfigName" }, - "version": { - "description": "version of the NGINX product installed on the instance.", + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } + } + }, + "StagedConfigCreateResponse": { + "description": "Response to a create NGINX staged config request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" + }, + "name": { + "description": "Name of the NGINX staged config.", "type": "string" } + }, + "example": { + "name": "my-nginx-staged-config", + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "CVEImpactedInstance": { + "StagedConfigBulkRequestData": { "type": "object", - "description": "Summary information about a NGINX instance.", + "description": "Part of bulk operation on a staged config, only `delete` is supported.", "required": [ - "object_id", - "hostname", - "status" + "action", + "object_id" ], "properties": { "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" - }, - "products": { - "description": "List of NGINX products in the instance", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxProductInfo" - } + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "CVEImpactedInstancesListResponse": { - "allOf": [ + "StagedConfigBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/StagedConfigBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/PaginationResponse" + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "type": "object", - "description": "List of instances affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CVEImpactedInstance" - } - } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "hostname": "4d116619f106", - "products": [ - { - "name": "noss", - "version": "1.18.0" - } - ], - "status": "unknown" - } - ] - } + "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "FilterNameEvents": { - "type": "string", - "description": "Keywords for events filters.\n", - "enum": [ - "object_id" - ], - "x-enum-varnames": [ - "filter_name_events_object_id" - ] - }, - "EventObjectID": { - "description": "A globally unique identifier for a NGINX One system event.", - "type": "string", - "format": "object_id", - "pattern": "^event_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "StagedConfigBulkResponse": { + "description": "The staged config bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "Event": { - "type": "object", - "description": "An Event is a system message.", + "StagedConfigResponse": { + "description": "Get an NGINX staged config.", "required": [ - "type", - "timestamp", - "object_id", - "message" + "name" ], "properties": { - "timestamp": { - "description": "time of the event", + "name": { "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "description": "Name of the NGINX staged config." }, - "type": { - "type": "string", - "description": "type of event, indication for affected object type.", - "enum": [ - "instance_cleanup", - "certificates", - "publications", - "nap_compilation_jobs" - ], - "x-enum-varnames": [ - "event_type_instance_cleanup", - "event_type_certificates", - "event_type_publications", - "event_type_nap_compilation_jobs" - ] + "config": { + "$ref": "#/components/schemas/NginxConfig" + } + } + }, + "StagedConfigUpdateRequest": { + "description": "Body to update a NGINX staged config name and config contents.", + "required": [ + "name", + "config" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "object_id": { - "$ref": "#/components/schemas/EventObjectID" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } + } + }, + "StagedConfigChangeRequest": { + "description": "Update an NGINX staged config.", + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "affected_object_id": { - "$ref": "#/components/schemas/ObjectID" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } + } + }, + "StagedConfigImportRequest": { + "type": "object", + "description": "Body to import a NGINX staged config", + "required": [ + "name", + "file", + "conf_path" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "hostname": { + "file": { "type": "string", - "description": "hostname of the affected instance, if any." + "format": "binary", + "example": "my-staged-config.tar.gz", + "maxLength": 5242880 }, - "message": { - "type": "string", - "description": "Details regarding the event.", - "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" } }, "example": { - "timestamp": "2024-02-04T09:57:36.088757764Z", - "type": "instance_cleanup", - "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", - "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" + "name": "my-nginx-config", + "file": "my-staged-config.tar.gz", + "conf_path": "/etc/nginx/nginx.conf", + "parse_only": true } }, - "EventsListResponse": { + "FilterNameControlPlanes": { + "type": "string", + "description": "Keywords for control plane filters.\n", + "enum": [ + "name", + "product_version", + "object_id", + "cve_severity" + ], + "x-enum-varnames": [ + "filter_name_control_plane_name", + "filter_name_control_plane_product_version", + "filter_name_control_plane_object_id", + "filter_name_control_plane_cve_severity" + ] + }, + "ListControlPlaneObject": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/ControlPlaneBaseInfo" }, { "type": "object", - "description": "List of Events.", + "description": "Summary information about a control plane.", "required": [ - "items" + "object_id", + "instances_count", + "online_instances_count" ], "properties": { - "items": { - "description": "An array of Event objects.", + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "instances_count": { + "description": "Total number of instances in the control plane.", + "type": "integer" + }, + "online_instances_count": { + "description": "Total number of online instances in the control plane.", + "type": "integer" + }, + "cve_severity": { "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", "items": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/CveDetails" } } } } ] }, - "FilterNameInstances": { - "type": "string", - "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "hostname", - "nginx_version", - "os_version", - "instance_status", - "cert_status", - "cve_severity", - "config_recommendation", - "key_object_id", - "system_id", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_instances_hostname", - "filter_name_instances_nginx_version", - "filter_name_instances_os_version", - "filter_name_instances_instance_status", - "filter_name_instances_cert_status", - "filter_name_instances_cve_severity", - "filter_name_instances_config_recommendation", - "filter_name_instances_key_object_id", - "filter_name_instances_system_id", - "filter_name_instances_object_id" - ] - }, - "InstanceListResponse": { + "ControlPlaneListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of data plane instances.", + "description": "List of control planes.", "required": [ "items" ], "properties": { "items": { - "description": "An array of Instance objects.", + "description": "An array of control plane objects.", "type": "array", "items": { - "$ref": "#/components/schemas/Instance" + "$ref": "#/components/schemas/ListControlPlaneObject" } } } @@ -12227,2302 +16075,3096 @@ "items_per_page": 100, "items": [ { - "agent_version": "v2.30.3", - "hostname": "4d116619f106", - "key": "key_Tet21AeYTHCj7taOwVfzyw", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "has_container_host": false + "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z", + "instances_count": 5, + "online_instances_count": 3, + "cve_severity": [ + { + "count": 6, + "type": "medium" + }, + { + "count": 1, + "type": "high" + } + ] + }, + { + "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", + "name": "ngf-deployment", + "created_at": "2023-12-06T22:37:24.120114Z", + "product_version": "nginx-gateway-fabric-2.0.1", + "instances_count": 3, + "online_instances_count": 1, + "cve_severity": [ + { + "count": 2, + "type": "medium" + }, + { + "count": 3, + "type": "high" + } + ] } ] } }, - "InstanceBulkRequestData": { + "ControlPlaneBulkRequestData": { "type": "object", - "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", + "description": "Part of bulk operation on a control plane, only `delete` is supported.", "required": [ - "action" + "action", + "object_id" ], "properties": { "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "$ref": "#/components/schemas/ControlPlaneObjectID" }, "action": { "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" } }, - "InstanceBulkRequest": { + "ControlPlaneBulkRequest": { "type": "array", "items": { - "$ref": "#/components/schemas/InstanceBulkRequestData" + "$ref": "#/components/schemas/ControlPlaneBulkRequestData" }, + "minItems": 1, "maxItems": 50, "example": [ { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" }, { - "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", + "object_id": "ecp_PL0c1XodRemmzVEjiXSsTg", "action": "delete" } ] }, - "InstanceBulkResponse": { - "description": "The NGINX instance bulk outcome.", + "ControlPlaneBulkResponse": { + "description": "The control plane bulk outcome.", "type": "array", "items": { "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "OperatingSystem": { - "description": "Release details for the operating system.", + "ControlPlaneProductVersionSummary": { + "description": "An array of control plane product names/versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "CveControlPlaneSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", "type": "object", "required": [ - "name", - "id", - "codename", - "version", - "version_id" + "severity", + "count", + "affected_control_planes" ], "properties": { - "name": { - "description": "The official name of the operating system release.", - "type": "string" - }, - "id": { - "description": "The distinctive identifier for the operating system release.", - "type": "string" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "codename": { - "description": "The codename assigned to the operating system release.", - "type": "string" + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" }, - "version": { - "description": "The version label for the operating system, which may include the name and version number or codename.", - "type": "string" + "affected_control_planes": { + "description": "The number of control planes affected by each CVE.", + "type": "integer" + } + } + }, + "ControlPlaneSummary": { + "description": "A summary of control planes including their product names/version details.", + "type": "object", + "properties": { + "product_versions": { + "$ref": "#/components/schemas/ControlPlaneProductVersionSummary" }, - "version_id": { - "description": "The specific version number of the operating system release.", - "type": "string" + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveControlPlaneSummary" + } } }, "example": { - "name": "Ubuntu", - "id": "ubuntu", - "codename": "bionic", - "version": "18.04.5 LTS (Bionic Beaver)", - "version_id": "18.04" + "product_versions": [ + { + "count": 10, + "name": "nginx-ingress-controller-1.0.0" + } + ], + "cves": [ + { + "affected_control_planes": 3, + "count": 13, + "severity": "medium" + }, + { + "affected_control_planes": 2, + "count": 2, + "severity": "high" + } + ] } }, - "ConfigSyncGroupInstanceMeta": { - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "ControlPlane": { + "type": "object", + "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", + "required": [ + "object_id", + "cluster_uuid", + "deployment_uuid", + "kubernetes_namespace" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "cluster_uuid": { + "description": "The Kubernetes UID assigned to the cluster that the product is running in.", + "type": "string" + }, + "deployment_uuid": { + "description": "The Kubernetes UID assigned to the control plane.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "kubernetes_namespace": { + "description": "The kubernetes namespace that the product is running in.", + "type": "string" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" }, - { - "type": "object", - "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", - "properties": { - "instance_config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - } - } + "statuses": { + "$ref": "#/components/schemas/StatusSummary" } - ] - }, - "NapSignatureVersion": { - "description": "The version of the NGINX App Protect resource.", - "type": "string", - "example": "2023.12.06" + } }, - "NapInstanceAssociation": { + "ControlPlaneDetails": { + "type": "object", + "description": "Detailed information of control plane.", "allOf": [ { - "$ref": "#/components/schemas/NapAssociation" + "$ref": "#/components/schemas/ControlPlaneBaseInfo" }, { - "type": "object", - "required": [ - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } + "$ref": "#/components/schemas/ControlPlane" } ], "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "threat_campaign_version": "2025.01.23", - "attack_signature_version": "2025.01.19", - "bot_signature_version": "2025.01.19" + "name": "foo", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", + "product_version": "nginx-ingress-controller-1.0.0", + "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", + "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", + "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", + "kubernetes_namespace": "nginx-ingress-controller", + "created_at": "2023-12-06T22:37:24.120114Z", + "cert_summary": { + "total": 9, + "valid": 1, + "expired": 5, + "expiring": 3, + "not_ready": 0 + }, + "statuses": { + "offline": 0, + "online": 3, + "unavailable": 0 + } } }, - "NginxAppProtectDetails": { - "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", + "MetricQueryResultEx": { "type": "object", "required": [ - "engine_version", - "deployments" + "query_metadata", + "metrics" ], "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" + "query_metadata": { + "$ref": "#/components/schemas/MetricQueryMetadata" }, - "deployments": { + "metrics": { + "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", "type": "array", "items": { - "$ref": "#/components/schemas/NapInstanceAssociation" + "$ref": "#/components/schemas/MetricEx" } } } }, - "LogProfileDetails": { - "description": "Information regarding deployed log profiles for F5 WAF.\n", + "DimensionsQueryResultEx": { "type": "object", "required": [ - "nap_release", - "deployments" + "dimensions", + "query_metadata" ], "properties": { - "nap_release": { - "type": "string", - "description": "The release version of the compiler used for log profiles." + "query_metadata": { + "$ref": "#/components/schemas/DimensionsQueryMetadata" }, - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/LogProfileAssociation" + "dimensions": { + "description": "A map of dimension names to an array of their corresponding values.\n", + "type": "object", + "additionalProperties": { + "description": "An array of dimension values.\n", + "type": "array", + "items": { + "type": "string" + } } } } }, - "InstanceDetails": { + "MetricQueryMetadata": { + "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", "type": "object", - "description": "Detailed information about an NGINX instance.", - "allOf": [ - { - "$ref": "#/components/schemas/Instance" + "properties": { + "start_time": { + "description": "The beginning of the time period for the metrics query (inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - { - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystem" - }, - "config_sync_group": { - "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectDetails" - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - "log_profile": { - "$ref": "#/components/schemas/LogProfileDetails" - } - } + "end_time": { + "description": "The end point for the time period for the metrics query (non-inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "resolution": { + "description": "The level of granularity for the time series data.", + "type": "string", + "example": "30m" } - ], - "example": { - "agent_version": "v2.30.3", - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ], - "hostname": "4d116619f106", - "key": "key_wN3IhLCmR3qmwybG_6ptEg", - "control_plane": { - "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z" + } + }, + "DimensionsQueryMetadata": { + "description": "This object includes details about the time period used in the dimensions query.\n", + "type": "object", + "properties": { + "start_time": { + "description": "The beginning of the time period for the dimensions query (inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" + "end_time": { + "description": "The end point for the time period for the dimensions query (non-inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + } + } + }, + "MetricEx": { + "type": "object", + "required": [ + "metric", + "series" + ], + "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", + "properties": { + "metric": { + "$ref": "#/components/schemas/MetricName" }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "os": { - "codename": "jammy", - "id": "ubuntu", - "name": "Ubuntu", - "version": "22.04.3 LTS (Jammy Jellyfish)", - "version_id": "22.04" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" }, - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "has_container_host": false + "series": { + "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/SeriesEx" + }, + "example": [ + { + "dimensions": { + "nginx_id": "some-instance-obj-1", + "parent_hostname": "hostname-for-instance-1" + }, + "data": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] + }, + { + "dimensions": { + "nginx_id": "some-instance-obj-2", + "parent_hostname": "hostname-for-instance-2" + }, + "data": [ + { + "timestamp": "2019-08-07T09:58:30Z", + "value": 5 + } + ] + } + ] + } } }, - "NginxSecurityAdvisory": { + "SeriesEx": { + "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", "type": "object", - "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", "required": [ - "id", - "severity", - "advisory", - "info" + "dimensions", + "data" ], "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "advisory": { - "description": "The URL to detailed information about the security advisory.", - "type": "string" + "dimensions": { + "description": "This object represents a set of data points aligned along one or more dimensions.\n", + "type": "object", + "additionalProperties": { + "description": "The name(s) of the dimensions used in the metrics query.\n", + "type": "string" + }, + "example": { + "nginx_id": "some-instance-object-id", + "parent_hostname": "hostname-for-instance" + } }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "data": { + "description": "Array of data points for a metric.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] } } }, - "CertificateSummaryItem": { - "description": "summary information for certificate with certain status.", + "MetricData": { "type": "object", "required": [ - "status", - "count", - "affected_instances" + "timestamp", + "value" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "count": { - "description": "The total number of SSL certificates for each status category.", - "type": "integer" + "timestamp": { + "type": "string", + "description": "A date-time string that represent when the data point in the series was recorded.\n", + "format": "date-time" }, - "affected_instances": { - "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", - "type": "integer" + "value": { + "type": "number", + "format": "double", + "nullable": true, + "description": "A value for the data, where `null` indicates a gap.\n" } } }, - "OperatingSystemVersionSummary": { - "description": "An array of operating systems and their versions on the NGINX data plane.", + "StartTime": { + "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "EndTime": { + "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n * accum_rate\n", + "enum": [ + "min", + "max", + "sum", + "avg", + "rate", + "accum_rate" + ], + "x-enum-varnames": [ + "metric_aggregation_min", + "metric_aggregation_max", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_rate", + "metric_aggregation_accum_rate" + ] + }, + "MetricDimensions": { "type": "array", + "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" + "$ref": "#/components/schemas/MetricDimension" } }, - "NGINXVersionSummary": { - "description": "An array of NGINX versions installed across the NGINX data plane.", + "GroupByDimensions": { "type": "array", + "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" + "$ref": "#/components/schemas/MetricDimension" } }, - "CveSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "TopXMetricDimensions": { + "type": "array", + "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" + } + }, + "MetricDimension": { + "type": "string", + "default": "display_name", + "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n * `upstream_zone` - upstream zone for the metric data.\n * `upstream_name` - upstream name for the metric data.\n * `peer_state` - Variant value for metric peer state for the metric `nginx.http.upstream.peer.count`.\n * `peer_health_check` - Variant value for metric peer health check for the metric `nginx.http.upstream.peer.health_checks`.\n * `peer_address` - peer address for metric data.\n * `peer_name` - peer name for metric data.\n * `ecp_object_id` - Unique ID of the External Control Plane registered with NGINX One Console.\n", + "enum": [ + "display_name", + "file_path", + "parent_hostname", + "instance_object_id", + "location_zone", + "mount_point", + "namespace", + "network_interface", + "nginx_id", + "server_zone", + "system_id", + "tenant", + "csg_object_id", + "mode", + "state", + "io_direction", + "status_range", + "logical_number", + "outcome", + "upstream_zone", + "upstream_name", + "peer_state", + "peer_health_check", + "peer_address", + "peer_name", + "ecp_object_id" + ], + "x-enum-varnames": [ + "metric_dimension_display_name", + "metric_dimension_file_path", + "metric_dimension_hostname", + "metric_dimension_instance_object_id", + "metric_dimension_location_zone", + "metric_dimension_mount_point", + "metric_dimension_namespace", + "metric_dimension_network_interface", + "metric_dimension_nginx_id", + "metric_dimension_server_zone", + "metric_dimension_system_id", + "metric_dimension_tenant", + "metric_dimension_csg_object_id", + "metric_dimension_mode", + "metric_dimension_state", + "metric_dimension_io_direction", + "metric_dimension_status_range", + "metric_dimension_logical_number", + "metric_dimension_outcome", + "metric_dimension_upstream_zone", + "metric_dimension_upstream_name", + "metric_dimension_peer_state", + "metric_dimension_peer_health_check", + "metric_dimension_peer_address", + "metric_dimension_peer_name", + "metric_dimension_ecp_object_id" + ] + }, + "BaseMetricQueryRequest": { "type": "object", "required": [ - "severity", - "count", - "affected_instances" + "metrics", + "start_time", + "resolution" ], "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" + "metrics": { + "$ref": "#/components/schemas/MetricNames" }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "affected_instances": { - "description": "The number of NGINX instances affected by each CVE.", - "type": "integer" + "start_time": { + "$ref": "#/components/schemas/StartTime" + }, + "end_time": { + "$ref": "#/components/schemas/EndTime" + }, + "resolution": { + "type": "string", + "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", + "example": "30s" } } }, - "IssueSummary": { - "description": "A summary of issue details from the configuration analysis report.", + "MetricQueryRequest": { "type": "object", - "required": [ - "type", - "count", - "affected_instances" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The number of times this recommendation appears in the configuration analysis report.", - "type": "integer" + "allOf": [ + { + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, - "affected_instances": { - "description": "The number of instances affected by this issue.", - "type": "integer" + { + "type": "object", + "properties": { + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" + }, + "group_by": { + "$ref": "#/components/schemas/GroupByDimensions" + }, + "order_by": { + "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/OrderBy" + } + } + } } - } + ] }, - "InstanceSummary": { - "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", + "MetricTopXQueryRequest": { "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's status across all NGINX instances.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateSummaryItem" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystemVersionSummary" - }, - "nginx_versions": { - "$ref": "#/components/schemas/NGINXVersionSummary" - }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" - }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveSummary" - } + "allOf": [ + { + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, - "recommendations": { - "description": "An array summarizing the suggestions from the configuration analysis report.", - "type": "array", - "items": { - "$ref": "#/components/schemas/IssueSummary" + { + "type": "object", + "required": [ + "series_limit", + "group_series_by" + ], + "properties": { + "dimensions": { + "$ref": "#/components/schemas/TopXMetricDimensions" + }, + "series_limit": { + "type": "integer", + "example": 25, + "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" + }, + "group_series_by": { + "$ref": "#/components/schemas/MetricDimension" + }, + "order_series_by": { + "$ref": "#/components/schemas/OrderSeriesBy" + } } } - } - }, - "FilterStagedConfigs": { - "type": "string", - "description": "Keywords for staged configs filters.\n", - "enum": [ - "name", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_staged_config_name", - "filter_name_staged_config_object_id" ] }, - "StagedConfigObjectID": { - "description": "A globally unique identifier for the NGINX staged config.", - "type": "string", - "format": "object_id", - "pattern": "^sc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "StagedConfigCertificateSummary": { + "DimensionsQueryRequest": { "type": "object", - "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_found", - "not_ready" + "start_time", + "dimensions", + "filter" ], "properties": { - "total": { - "description": "Total count of certificates used as `payloads` in NGINX config.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" + "start_time": { + "$ref": "#/components/schemas/StartTime" }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "end_time": { + "$ref": "#/components/schemas/EndTime" }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" }, - "not_found": { - "description": "The number of certificates that are not found on NGINX One Console.", - "type": "integer" + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "order_direction": { + "$ref": "#/components/schemas/OrderDirection" } } }, - "StagedConfigMeta": { + "MetricNames": { + "type": "array", + "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "items": { + "$ref": "#/components/schemas/MetricQuery" + }, + "example": [ + { + "name": "system.cpu.utilization", + "aggregate": "avg", + "filter": [ + { + "filterSet": [ + { + "dimension": "mode", + "operator": "=", + "values": [ + "system" + ] + } + ] + } + ] + } + ] + }, + "MetricQuery": { "type": "object", - "description": "Summary information of the NGINX staged config.", "required": [ - "object_id", - "name", - "created_at", - "modified_at" + "name" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" - }, "name": { - "description": "Name of the NGINX staged config", - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "$ref": "#/components/schemas/MetricName" }, - "cert_summary": { - "$ref": "#/components/schemas/StagedConfigCertificateSummary" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" } } }, - "StagedConfigListResponse": { - "allOf": [ + "MetricFilterPredicate": { + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-enum-varnames": [ + "metric_filter_predicate_and", + "metric_filter_predicate_or" + ] + }, + "MetricFilters": { + "type": "array", + "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", + "items": { + "$ref": "#/components/schemas/MetricFilterSet" + }, + "example": [ { - "$ref": "#/components/schemas/PaginationResponse" + "filterSet": [ + { + "dimension": "server_zone", + "operator": "!=", + "values": [ + "server_zone_1" + ] + }, + { + "predicate": "OR", + "dimension": "server_zone", + "operator": "=", + "values": [ + "server_zone_2" + ] + } + ] }, { - "type": "object", - "description": "List of NGINX staged configs.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Staged Config objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigMeta" - } + "predicate": "AND", + "filterSet": [ + { + "dimension": "nginx_id", + "operator": "in", + "values": [ + "id1", + "id2" + ] } - } + ] } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", - "name": "my-nginx-staged-config", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z" + ] + }, + "MetricFilterSet": { + "type": "object", + "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", + "required": [ + "filterSet" + ], + "properties": { + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" + }, + "filterSet": { + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricFilter" } - ] + } } }, - "StagedConfigName": { - "type": "string", - "description": "A name to identify the NGINX staged config.", - "minLength": 1, - "maxLength": 256, - "pattern": "^[^\\s]+$" - }, - "StagedConfigCreateRequest": { - "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", + "MetricFilter": { + "type": "object", "required": [ - "name" + "dimension", + "operator", + "values" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } + "operator": { + "type": "string", + "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", + "enum": [ + "=", + "!=", + "in", + "not" + ], + "x-enum-varnames": [ + "metric_filter_equal", + "metric_filter_not_equal", + "metric_filter_in", + "metric_filter_not" ] + }, + "values": { + "type": "array", + "description": "Single value used for all operators except `in` and `not`.", + "items": { + "type": "string" + } + }, + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" } } }, - "StagedConfigCreateResponse": { - "description": "Response to a create NGINX staged config request.", + "OrderDirection": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "x-enum-varnames": [ + "order_by_asc", + "order_by_desc" + ], + "default": "desc" + }, + "OrderBy": { + "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "object_id", - "name" + "direction", + "dimension" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "name": { - "description": "Name of the NGINX staged config.", - "type": "string" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" } - }, - "example": { - "name": "my-nginx-staged-config", - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "StagedConfigBulkRequestData": { + "OrderSeriesBy": { "type": "object", - "description": "Part of bulk operation on a staged config, only `delete` is supported.", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "action", - "object_id" + "direction", + "aggregate" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" } - }, - "example": { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "StagedConfigBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.request.count", + "oneOf": [ { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/MetricSystemCpuUtilization" }, { - "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" + }, + { + "$ref": "#/components/schemas/MetricSystemMemoryUsage" + }, + { + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" + }, + { + "$ref": "#/components/schemas/MetricSystemNetworkIo" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnections" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerHealthChecks" + }, + { + "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerHealthChecks" + }, + { + "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpRequestIo" } ] }, - "StagedConfigBulkResponse": { - "description": "The staged config bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } + "MetricSystemCpuUtilization": { + "type": "string", + "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "enum": [ + "system.cpu.utilization" + ] + }, + "MetricSystemFilesystemUsage": { + "type": "string", + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricNginxHttpConnectionCount": { + "type": "string", + "description": "Number of connections grouped by outcome ('ACTIVE', 'IDLE', 'READING', 'WRITING', 'WAITING').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connection.count" + ] + }, + "MetricNginxHttpConnections": { + "type": "string", + "description": "Total connections grouped by outcome ('ACCEPTED', 'HANDLED', 'DROPPED').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connections" + ] + }, + "MetricNginxHttpUpstreamPeerCount": { + "type": "string", + "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "enum": [ + "nginx.http.upstream.peer.count" + ] + }, + "MetricNginxStreamUpstreamPeerCount": { + "type": "string", + "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "enum": [ + "nginx.stream.upstream.peer.count" + ] + }, + "MetricNginxHttpUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a HTTP upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.http.upstream.peer.health_checks" + ] + }, + "MetricNginxStreamUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a stream upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.stream.upstream.peer.health_checks" + ] + }, + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" + ] + }, + "MetricNginxHttpRequestCount": { + "type": "string", + "description": "The current number of client requests received from clients.\n\nReplacement for deprecated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.count" + ] }, - "StagedConfigResponse": { - "description": "Get an NGINX staged config.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the NGINX staged config." - }, - "config": { - "$ref": "#/components/schemas/NginxConfig" - } - } + "MetricNginxHttpResponseCount": { + "type": "string", + "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.count" + ] }, - "StagedConfigUpdateRequest": { - "description": "Body to update a NGINX staged config name and config contents.", + "MetricNginxHttpRequestIo": { + "type": "string", + "description": "The total number of bytes sent or received. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.request.bytes_rcvd\n * nginx.http.request.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.io" + ] + }, + "SettingsInstanceCleanup": { + "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "name", - "config" + "age_out_duration" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" - }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } - } - }, - "StagedConfigChangeRequest": { - "description": "Update an NGINX staged config.", - "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" - }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 } }, "example": { - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } + "age_out_duration": 3 } }, - "StagedConfigImportRequest": { + "SettingsACMEIntegration": { "type": "object", - "description": "Body to import a NGINX staged config", + "description": "ACME Integration to provision SSL certificates", "required": [ - "name", - "file", - "conf_path" + "tos_accepted" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "tos_accepted": { + "type": "boolean", + "description": "Accept or deny terms of service for ACME server \n* true - Registers ACME account with the associated server\n* false - Deletes registered ACME account with the associated server\n", + "default": false }, - "file": { + "server": { "type": "string", - "format": "binary", - "example": "my-staged-config.tar.gz", - "maxLength": 5242880 - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "description": "Name of ACME server to get SSL certificates from\n* `LE` - Let's Encrypt\n", + "enum": [ + "LE" + ], + "x-enum-varnames": [ + "acme_integration_server_lets_encrypt" + ] } - }, - "example": { - "name": "my-nginx-config", - "file": "my-staged-config.tar.gz", - "conf_path": "/etc/nginx/nginx.conf", - "parse_only": true } }, - "MetricQueryResultEx": { + "NginxUsageDeployment": { "type": "object", "required": [ - "query_metadata", - "metrics" + "integration" ], "properties": { - "query_metadata": { - "$ref": "#/components/schemas/MetricQueryMetadata" - }, - "metrics": { - "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricEx" - } - } - } - }, - "MetricQueryMetadata": { - "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", - "type": "object", - "properties": { - "start_time": { - "description": "The beginning of the time period for the metrics query (inclusive).", + "integration": { "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "description": "Type of integration for NGINX Instance", + "enum": [ + "nic", + "ngf" + ], + "x-enum-varnames": [ + "integration_type_nic", + "integration_type_ngf" + ] }, - "end_time": { - "description": "The end point for the time period for the metrics query (non-inclusive).", + "cluster_id": { + "description": "UUID of the Kubernetes cluster where NGINX Instance is deployed", "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "format": "uuid" }, - "resolution": { - "description": "The level of granularity for the time series data.", + "cluster_node_count": { + "type": "integer", + "description": "Number of nodes in the cluster where NGINX Instance is deployed", + "minimum": 0 + }, + "installation_id": { "type": "string", - "example": "30m" + "description": "UUID of the individual NIC/NGF deployment relationship", + "format": "uuid" } } }, - "MetricEx": { + "HttpUsage": { "type": "object", - "required": [ - "metric", - "series" - ], - "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "metric": { - "$ref": "#/components/schemas/MetricName" - }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" - }, - "series": { - "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/SeriesEx" - }, - "example": [ + "client": { + "allOf": [ { - "dimensions": { - "nginx_id": "some-instance-obj-1", - "parent_hostname": "hostname-for-instance-1" - }, - "data": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] + "$ref": "#/components/schemas/UsageMetrics" }, { - "dimensions": { - "nginx_id": "some-instance-obj-2", - "parent_hostname": "hostname-for-instance-2" - }, - "data": [ - { - "timestamp": "2019-08-07T09:58:30Z", - "value": 5 - } - ] - } - ] - } - } - }, - "SeriesEx": { - "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", - "type": "object", - "required": [ - "dimensions", - "data" - ], - "properties": { - "dimensions": { - "description": "This object represents a set of data points aligned along one or more dimensions.\n", - "type": "object", - "additionalProperties": { - "description": "The name(s) of the dimensions used in the metrics query.\n", - "type": "string" - }, - "example": { - "nginx_id": "some-instance-object-id", - "parent_hostname": "hostname-for-instance" - } - }, - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 + } + } } ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } } }, - "MetricData": { + "StreamUsage": { "type": "object", - "required": [ - "timestamp", - "value" - ], "properties": { - "timestamp": { - "type": "string", - "description": "A date-time string that represent when the data point in the series was recorded.\n", - "format": "date-time" + "client": { + "$ref": "#/components/schemas/UsageMetrics" }, - "value": { - "type": "number", - "format": "double", - "nullable": true, - "description": "A value for the data, where `null` indicates a gap.\n" + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } } }, - "StartTime": { - "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "EndTime": { - "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n * accum_rate\n", - "enum": [ - "min", - "max", - "sum", - "avg", - "rate", - "accum_rate" - ], - "x-enum-varnames": [ - "metric_aggregation_min", - "metric_aggregation_max", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_rate", - "metric_aggregation_accum_rate" - ] - }, - "MetricDimensions": { - "type": "array", - "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "GroupByDimensions": { - "type": "array", - "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" + "UsageMetrics": { + "type": "object", + "properties": { + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 + }, + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 + }, + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 + } } }, - "TopXMetricDimensions": { - "type": "array", - "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" }, - "MetricDimension": { - "type": "string", - "default": "display_name", - "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n * `upstream_zone` - upstream zone for the metric data.\n * `upstream_name` - upstream name for the metric data.\n * `peer_state` - Variant value for metric peer state for the metric `nginx.http.upstream.peer.count`.\n * `peer_health_check` - Variant value for metric peer health check for the metric `nginx.http.upstream.peer.health_checks`.\n * `peer_address` - peer address for metric data.\n * `peer_name` - peer name for metric data.\n * `ecp_object_id` - Unique ID of the External Control Plane registered with NGINX One Console.\n", - "enum": [ - "display_name", - "file_path", - "parent_hostname", - "instance_object_id", - "location_zone", - "mount_point", - "namespace", - "network_interface", - "nginx_id", - "server_zone", - "system_id", - "tenant", - "csg_object_id", - "mode", - "state", - "io_direction", - "status_range", - "logical_number", - "outcome", - "upstream_zone", - "upstream_name", - "peer_state", - "peer_health_check", - "peer_address", - "peer_name", - "ecp_object_id" - ], - "x-enum-varnames": [ - "metric_dimension_display_name", - "metric_dimension_file_path", - "metric_dimension_hostname", - "metric_dimension_instance_object_id", - "metric_dimension_location_zone", - "metric_dimension_mount_point", - "metric_dimension_namespace", - "metric_dimension_network_interface", - "metric_dimension_nginx_id", - "metric_dimension_server_zone", - "metric_dimension_system_id", - "metric_dimension_tenant", - "metric_dimension_csg_object_id", - "metric_dimension_mode", - "metric_dimension_state", - "metric_dimension_io_direction", - "metric_dimension_status_range", - "metric_dimension_logical_number", - "metric_dimension_outcome", - "metric_dimension_upstream_zone", - "metric_dimension_upstream_name", - "metric_dimension_peer_state", - "metric_dimension_peer_health_check", - "metric_dimension_peer_address", - "metric_dimension_peer_name", - "metric_dimension_ecp_object_id" - ] + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" }, - "BaseMetricQueryRequest": { + "NginxUsageTrackingRequest": { "type": "object", + "description": "Request structure for sending usage information.", "required": [ - "metrics", + "version", + "uuid", + "nap", "start_time", - "resolution" + "end_time" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/MetricNames" + "version": { + "type": "string", + "description": "Version of the NGINX instance.", + "minLength": 2, + "maxLength": 100 }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" + "hostname": { + "type": "string", + "description": "Hostname of the NGINX instance.", + "minLength": 3, + "maxLength": 255 + }, + "uuid": { + "type": "string", + "description": "UID of the NGINX instance, can be in hyphenated or non-hyphenated format.", + "maxLength": 38 + }, + "nap": { + "type": "string", + "description": "NAP status of the NGINX instance.", + "enum": [ + "inactive", + "active" + ], + "x-enum-varnames": [ + "nap_status_inactive", + "nap_status_active" + ] + }, + "http": { + "$ref": "#/components/schemas/NginxUsageHttp" + }, + "stream": { + "$ref": "#/components/schemas/NginxUsageStream" + }, + "deployment": { + "$ref": "#/components/schemas/NginxUsageDeployment" }, "start_time": { - "$ref": "#/components/schemas/StartTime" + "type": "integer", + "description": "Usage collection start time (Unix epoch).", + "minimum": 0 }, "end_time": { - "$ref": "#/components/schemas/EndTime" + "type": "integer", + "description": "Usage collection end time (Unix epoch).", + "minimum": 0 }, - "resolution": { - "type": "string", - "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", - "example": "30s" - } - } - }, - "MetricQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "workers": { + "type": "integer", + "description": "Number of workers running on the NGINX Instance", + "minimum": 0 }, - { - "type": "object", - "properties": { - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "group_by": { - "$ref": "#/components/schemas/GroupByDimensions" - }, - "order_by": { - "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/OrderBy" - } - } - } - } - ] - }, - "MetricTopXQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "uptime": { + "type": "integer", + "description": "Number of seconds the NGINX Instance has been continuously running", + "minimum": 0 }, - { - "type": "object", - "required": [ - "series_limit", - "group_series_by" - ], - "properties": { - "dimensions": { - "$ref": "#/components/schemas/TopXMetricDimensions" - }, - "series_limit": { - "type": "integer", - "example": 25, - "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" - }, - "group_series_by": { - "$ref": "#/components/schemas/MetricDimension" - }, - "order_series_by": { - "$ref": "#/components/schemas/OrderSeriesBy" - } - } + "reloads": { + "type": "integer", + "description": "Number of times the instance was reloaded during uptime", + "minimum": 0 } - ] + } }, - "MetricNames": { + "NginxUsageTrackingBatchRequest": { "type": "array", - "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "description": "Request structure for sending usage information in batch.", "items": { - "$ref": "#/components/schemas/MetricQuery" + "$ref": "#/components/schemas/NginxUsageTrackingRequest" }, - "example": [ - { - "name": "system.cpu.utilization", - "aggregate": "avg", - "filter": [ - { - "filterSet": [ - { - "dimension": "mode", - "operator": "=", - "values": [ - "system" - ] - } - ] - } + "minItems": 1, + "maxItems": 500 + }, + "ChatbotMessage": { + "type": "object", + "description": "A singular message representing the actual content to be sent to AI Gateway.", + "properties": { + "role": { + "description": "The persona sending the prompt. Can be 'user' or 'assistant'.", + "type": "string", + "enum": [ + "user", + "assistant" + ], + "x-enum-varnames": [ + "chatbot_role_user", + "chatbot_role_assistant" ] + }, + "content": { + "description": "The prompt to be sent.", + "type": "string", + "maxLength": 7000 } + }, + "required": [ + "role", + "content" ] }, - "MetricQuery": { + "ChatbotRequest": { "type": "object", + "description": "Request structure for sending a prompt to the AI Gateway LLM.", + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ChatbotMessage" + } + } + }, "required": [ - "name" + "messages" + ] + }, + "ChatbotResponseChoice": { + "type": "object", + "description": "An individual completion option in response to the prompt.", + "properties": { + "index": { + "description": "The index of the value in the array of completions.", + "type": "integer", + "format": "int16" + }, + "text": { + "description": "The text of completion.", + "type": "string" + } + } + }, + "ChatbotResponse": { + "type": "object", + "description": "Response structure containing details of the LLM's response to the prompt.", + "required": [ + "id", + "created", + "choices", + "object" ], "properties": { - "name": { - "$ref": "#/components/schemas/MetricName" + "id": { + "description": "The identifier for the response generated by the AI Gateway.", + "type": "string" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "created": { + "description": "The time when the response was created.", + "type": "string", + "format": "date-time" + }, + "choices": { + "description": "An array of possible completions in response to the prompt given by the 'user' persona.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ChatbotResponseChoice" + } + }, + "object": { + "description": "The type of the object that the JSON is describing - will be 'text_completion'", + "type": "string" } } }, - "MetricFilterPredicate": { - "type": "string", - "enum": [ - "AND", - "OR" + "ChatbotFeedbackTags": { + "type": "object", + "description": "Tags representing chatbot feedback (i.e. \"Inaccurate Data\", \"Unhelpful Answer\")\n", + "required": [ + "inaccurate", + "unhelpful", + "formatting", + "time", + "other" ], - "x-enum-varnames": [ - "metric_filter_predicate_and", - "metric_filter_predicate_or" - ] + "properties": { + "inaccurate": { + "description": "Boolean representing whether the user thought the response from the LLM was inaccurate.", + "type": "boolean" + }, + "unhelpful": { + "description": "Boolean representing whether the user thought the response from the LLM was unhelpful.", + "type": "boolean" + }, + "formatting": { + "description": "Boolean representing whether the user thought the response from the LLM was poorly formatted.", + "type": "boolean" + }, + "time": { + "description": "Boolean representing whether the user thought the response time was too lengthy.", + "type": "boolean" + }, + "other": { + "description": "Boolean representing whether the user wishes to provide any other feedback.", + "type": "boolean" + } + } }, - "MetricFilters": { - "type": "array", - "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", - "items": { - "$ref": "#/components/schemas/MetricFilterSet" - }, - "example": [ - { - "filterSet": [ - { - "dimension": "server_zone", - "operator": "!=", - "values": [ - "server_zone_1" - ] - }, - { - "predicate": "OR", - "dimension": "server_zone", - "operator": "=", - "values": [ - "server_zone_2" - ] - } - ] + "ChatbotFeedback": { + "type": "object", + "description": "Response structure containing user provided feedback for a specific response from the LLM", + "required": [ + "response_id", + "is_positive" + ], + "properties": { + "response_id": { + "description": "The identifier for the response which the user is providing feedback on. It can be found in the response headers \"X-Request-ID\" property in a request to the AI Assistant", + "type": "string" }, - { - "predicate": "AND", - "filterSet": [ - { - "dimension": "nginx_id", - "operator": "in", - "values": [ - "id1", - "id2" - ] - } - ] + "is_positive": { + "description": "A boolean property representing whether the user found the AI Assistant's response helpful", + "type": "boolean" + }, + "message": { + "description": "Freeform feedback from the user regarding a specific response from the LLM", + "type": "string", + "maxLength": 512 + }, + "tags": { + "$ref": "#/components/schemas/ChatbotFeedbackTags" } - ] + } }, - "MetricFilterSet": { + "InventoryResponse": { "type": "object", - "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "filterSet" + "query_metadata", + "metrics" ], "properties": { - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" + "query_metadata": { + "$ref": "#/components/schemas/InventoryMetricQueryMetadata" }, - "filterSet": { + "metrics": { + "description": "An array of collected metrics, which includes the name of the resource, aggregate function, and series details.", "type": "array", "items": { - "$ref": "#/components/schemas/MetricFilter" + "$ref": "#/components/schemas/Metric" } } } }, - "MetricFilter": { + "InventoryMetricQueryMetadata": { + "description": "Includes details about the time period and resolution of the metrics query.\n", + "type": "object", + "properties": { + "start_time": { + "description": "The start time of your metrics query.", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "end_time": { + "description": "The end time of your metrics query.", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "resolution": { + "description": "The level of granularity for the time series data.", + "type": "string", + "example": "1h" + } + } + }, + "Metric": { "type": "object", "required": [ - "dimension", - "operator", - "values" + "metric", + "series" ], + "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "metric": { + "$ref": "#/components/schemas/InventoryMetricName" }, - "operator": { - "type": "string", - "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", - "enum": [ - "=", - "!=", - "in", - "not" - ], - "x-enum-varnames": [ - "metric_filter_equal", - "metric_filter_not_equal", - "metric_filter_in", - "metric_filter_not" - ] + "aggregate": { + "$ref": "#/components/schemas/InventoryMetricAggregation" }, - "values": { + "series": { + "description": "An array of data points.\n", "type": "array", - "description": "Single value used for all operators except `in` and `not`.", "items": { - "type": "string" - } - }, - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" + "$ref": "#/components/schemas/Series" + }, + "example": [ + { + "data": [ + { + "timestamp": "2019-08-07T09:00:00Z", + "value": 10 + } + ] + }, + { + "data": [ + { + "timestamp": "2019-08-07T10:00:00Z", + "value": 5 + } + ] + } + ] } } }, - "OrderDirection": { + "Series": { + "description": "This object represents a set of data points.", + "type": "object", + "required": [ + "data" + ], + "properties": { + "data": { + "description": "Array of data points for a metric.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:00:00Z", + "value": 10 + } + ] + } + } + }, + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "InventoryMetricAggregation": { "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "asc", - "desc" + "count", + "sum", + "avg", + "min", + "max" ], "x-enum-varnames": [ - "order_by_asc", - "order_by_desc" - ], - "default": "desc" + "metric_aggregation_count", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_min", + "metric_aggregation_max" + ] }, - "OrderBy": { + "BaseInventoryQueryRequest": { "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "direction", - "dimension" + "metrics" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "metrics": { + "$ref": "#/components/schemas/InventoryMetricNames" }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "start_time": { + "$ref": "#/components/schemas/MetricStartTime" + }, + "end_time": { + "$ref": "#/components/schemas/MetricEndTime" } } }, - "OrderSeriesBy": { + "InventoryMetricQueryRequest": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/BaseInventoryQueryRequest" + } + ] + }, + "InventoryMetricNames": { + "type": "array", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", + "items": { + "$ref": "#/components/schemas/InventoryMetricQuery" + }, + "example": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count" + ] + } + ] + }, + "InventoryMetricQuery": { "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "name" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "name": { + "$ref": "#/components/schemas/InventoryMetricName" }, "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" + } } } }, - "MetricName": { + "InventoryMetricName": { "type": "string", "description": "Metric names available for querying.\n", - "example": "nginx.http.request.count", + "example": "nginx.plus.instances", "oneOf": [ { - "$ref": "#/components/schemas/MetricSystemCpuUtilization" - }, - { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" - }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpRequestCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpResponseCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpConnections" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerHealthChecks" - }, - { - "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerHealthChecks" - }, - { - "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerCount" + "$ref": "#/components/schemas/MetricNginxInstancesPlus" }, { - "$ref": "#/components/schemas/MetricNginxHttpRequestIo" + "$ref": "#/components/schemas/MetricK8sClusterNodes" } ] }, - "MetricSystemCpuUtilization": { - "type": "string", - "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", - "enum": [ - "system.cpu.utilization" - ] - }, - "MetricSystemFilesystemUsage": { - "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", - "enum": [ - "system.filesystem.usage" - ] - }, - "MetricSystemMemoryUsage": { - "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for deprecated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.memory.usage" - ] - }, - "MetricSystemCpuLogicalCount": { - "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.logical.count" - ] - }, - "MetricNginxHttpConnectionCount": { - "type": "string", - "description": "Number of connections grouped by outcome ('ACTIVE', 'IDLE', 'READING', 'WRITING', 'WAITING').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connection.count" - ] - }, - "MetricNginxHttpConnections": { - "type": "string", - "description": "Total connections grouped by outcome ('ACCEPTED', 'HANDLED', 'DROPPED').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connections" - ] - }, - "MetricNginxHttpUpstreamPeerCount": { - "type": "string", - "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", - "enum": [ - "nginx.http.upstream.peer.count" - ] - }, - "MetricNginxStreamUpstreamPeerCount": { + "MetricNginxInstancesPlus": { "type": "string", - "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "nginx.stream.upstream.peer.count" + "nginx.plus.instances" ] }, - "MetricNginxHttpUpstreamPeerHealthChecks": { + "MetricK8sClusterNodes": { "type": "string", - "description": "The total number of health check requests made to a HTTP upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "nginx.http.upstream.peer.health_checks" + "k8s.cluster.nodes" ] }, - "MetricNginxStreamUpstreamPeerHealthChecks": { + "FilterNameNapSignatures": { "type": "string", - "description": "The total number of health check requests made to a stream upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", "enum": [ - "nginx.stream.upstream.peer.health_checks" + "accuracy", + "risk", + "signature_type" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_accuracy", + "filter_name_nap_signature_risk", + "filter_name_nap_signature_signature_type" ] }, - "MetricSystemNetworkIo": { + "FilterNameNapSignatureSets": { "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", "enum": [ - "system.network.io" + "type", + "name" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_set_type", + "filter_name_nap_signature_set_name" ] }, - "MetricNginxHttpRequestCount": { - "type": "string", - "description": "The current number of client requests received from clients.\n\nReplacement for deprecated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.count" - ] + "NapSignatureID": { + "description": "An unique identifier for the NGINX App Protect signature.", + "type": "integer", + "pattern": "^\\d{9}" }, - "MetricNginxHttpResponseCount": { + "NapSignatureSetObjectID": { + "description": "A globally unique identifier for the NGINX App Protect signature set.", "type": "string", - "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.response.count" - ] + "format": "object_id", + "pattern": "^sigset_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "MetricNginxHttpRequestIo": { - "type": "string", - "description": "The total number of bytes sent or received. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for deprecated variant(s):\n * nginx.http.request.bytes_rcvd\n * nginx.http.request.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * accum_rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * ecp_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.io" - ] + "NapCompileStatus": { + "description": "Provide the status of the NGINX App Protect compilation request.", + "required": [ + "status", + "nap_release", + "created_at", + "modified_at" + ], + "properties": { + "nap_release": { + "description": "The NGINX App Protect release version the NGINX App Protect log profile compilation was requested for.", + "type": "string" + }, + "status": { + "description": "Status of the NGINX App Protect compilation request. * `pending` - The compilation request has been accepted and is currently processing. * `failed` - The compilation attempt failed. * `succeeded` - The compilation was successful.", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded" + ], + "x-enum-varnames": [ + "nap_compile_status_pending", + "nap_compile_status_failed", + "nap_compile_status_succeeded" + ] + }, + "failure_reason": { + "type": "string", + "description": "The failure reason populated when status is 'failed'." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the compile request was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the compile request was last modified." + }, + "size": { + "type": "integer", + "description": "The size of the compiled bundle, only set when status is `succeeded`." + }, + "hash": { + "type": "string", + "description": "The sha256 hash value of the compiled bundle, only set when status is `succeeded`." + } + }, + "example": { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" + } }, - "SettingsInstanceCleanup": { + "VersionsList": { "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "age_out_duration" + "items" ], "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 + "items": { + "description": "An array of versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureVersion" + } } - }, - "example": { - "age_out_duration": 3 } }, - "HttpUsage": { + "NapVersion": { + "description": "A collection of NGINX App Protect release and associated engine versions.", "type": "object", + "required": [ + "release", + "engine" + ], "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" - }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } - } - } - ] + "release": { + "description": "The version of the NGINX App Protect release.", + "type": "string" }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "engine": { + "description": "The version of the NGINX App Protect engine.", + "type": "string" } } }, - "StreamUsage": { + "ThreatCampaignVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "NapVersionsListResponse": { + "description": "List of NGINX App Protect versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapVersion" + } + }, + "NapPolicy": { + "description": "The base64-encoded contents of the NGINX App Protect policy.", "type": "object", + "required": [ + "policy" + ], "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" - }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "policy": { + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "UsageMetrics": { + "NapPolicyObject": { + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicyDeployments" + } + ] + }, + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", "type": "object", + "required": [ + "object_id", + "name", + "latest" + ], "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + "name": { + "description": "The name of the NGINX App Protect policy.", + "type": "string" }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." + }, + "latest": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" } } }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "InventoryMetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "count", - "sum", - "avg", - "min", - "max" - ], - "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" + "NapPolicyListResponse": { + "description": "List of all NGINX App Protect policies.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "description": "List of NGINX App Protect policies.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect policy objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyObject" + } + } + }, + "example": { + "items": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "description": "test policy", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "latest": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "version": "2023-12-06 22:37:24", + "created_at": "2023-12-06T22:37:24.120114Z", + "deployment_status": "deployed", + "enforcement_mode": "blocking" + } + } + ] + } + } ] }, - "BaseInventoryQueryRequest": { + "NapPolicyVersionDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" + } + } + } + }, + "NapDeploymentAssociation": { "type": "object", "required": [ - "metrics" + "associated_type", + "associated_object_id", + "associated_name" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" + "associated_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" + "associated_object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" + "associated_name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" } } }, - "InventoryMetricQueryRequest": { - "type": "object", + "NapDeployment": { "allOf": [ { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" + "$ref": "#/components/schemas/NapDeploymentAssociation" + }, + { + "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", + "required": [ + "publication_object_id", + "status", + "deployed_on" + ], + "properties": { + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" + } + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } } ] }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ + "NapPolicyVersionDeployment": { + "allOf": [ { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] + "$ref": "#/components/schemas/NapDeploymentAssociation" + }, + { + "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", + "required": [ + "publication_object_id", + "status", + "deployed_on" + ], + "properties": { + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" + } + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } } ] }, - "InventoryMetricQuery": { + "NapPolicyDeployments": { "type": "object", "required": [ - "name" + "deployments" ], "properties": { - "name": { - "$ref": "#/components/schemas/InventoryMetricName" - }, - "aggregate": { + "deployments": { "type": "array", "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" + "$ref": "#/components/schemas/NapPolicyDeployment" } } } }, - "InventoryMetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ + "NapLogProfileDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileDeployment" + } + } + } + }, + "NapLogProfileDeployment": { + "description": "Detailed information about a NGINX App Protect log-profile deployment.", + "type": "object", + "allOf": [ { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" + "$ref": "#/components/schemas/NapDeployment" }, { - "$ref": "#/components/schemas/MetricK8sClusterNodes" + "type": "object", + "required": [ + "nap_release", + "publication_object_id", + "associated_name", + "associated_type", + "associated_object_id", + "status", + "deployed_on" + ], + "properties": { + "nap_release": { + "description": "The compiler version of NGINX App Protect the log profile was deployed with.", + "type": "string" + }, + "latest_deployed": { + "$ref": "#/components/schemas/NapLatestDeployed" + } + } } - ] - }, - "MetricNginxInstancesPlus": { - "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "nginx.plus.instances" - ] - }, - "MetricK8sClusterNodes": { - "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" - ] - }, - "FilterNameNapSignatures": { - "type": "string", - "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", - "enum": [ - "accuracy", - "risk", - "signature_type" - ], - "x-enum-varnames": [ - "filter_name_nap_signature_accuracy", - "filter_name_nap_signature_risk", - "filter_name_nap_signature_signature_type" - ] - }, - "FilterNameNapSignatureSets": { - "type": "string", - "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", - "enum": [ - "type", - "name" ], - "x-enum-varnames": [ - "filter_name_nap_signature_set_type", - "filter_name_nap_signature_set_name" - ] - }, - "NapSignatureID": { - "description": "An unique identifier for the NGINX App Protect signature.", - "type": "integer", - "pattern": "^\\d{9}" - }, - "NapSignatureSetObjectID": { - "description": "A globally unique identifier for the NGINX App Protect signature set.", - "type": "string", - "format": "object_id", - "pattern": "^sigset_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "example": { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" } }, - "NapCompileStatus": { - "description": "Provide the status of the NGINX App Protect compilation request.", + "NapPolicyDeployment": { + "description": "Detailed information about a NGINX App Protect policy deployment.", + "type": "object", "required": [ + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", "status", - "nap_release", - "created_at", - "modified_at" + "policy_version", + "policy_version_object_id", + "deployed_on" ], - "properties": { - "nap_release": { - "description": "The NGINX App Protect release version the NGINX App Protect log profile compilation was requested for.", - "type": "string" + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" }, - "status": { - "description": "Status of the NGINX App Protect compilation request. * `pending` - The compilation request has been accepted and is currently processing. * `failed` - The compilation attempt failed. * `succeeded` - The compilation was successful.", - "type": "string", - "enum": [ - "pending", - "failed", - "succeeded" + { + "type": "object", + "required": [ + "enforcement_mode", + "policy_version", + "policy_version_object_id" ], - "x-enum-varnames": [ - "nap_compile_status_pending", - "nap_compile_status_failed", - "nap_compile_status_succeeded" - ] - }, - "failure_reason": { - "type": "string", - "description": "The failure reason populated when status is 'failed'." - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the compile request was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the compile request was last modified." - }, - "size": { - "type": "integer", - "description": "The size of the compiled bundle, only set when status is `succeeded`." - }, - "hash": { - "type": "string", - "description": "The sha256 hash value of the compiled bundle, only set when status is `succeeded`." + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "policy_version": { + "description": "The version associated with the NGINX App Protect policy.", + "type": "string" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + } + } } - }, + ], "example": { - "nap_release": "5.10.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "VersionsList": { + "NapPolicyDeploymentDetails": { "type": "object", "required": [ - "items" + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], - "properties": { - "items": { - "description": "An array of versions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureVersion" + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyDeployment" + }, + { + "type": "object", + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } } } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" } }, - "ThreatCampaignVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "AttackSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "BotSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "NapPolicy": { - "description": "The base64-encoded contents of the NGINX App Protect policy.", - "type": "object", - "required": [ - "policy" - ], - "properties": { - "policy": { - "type": "string", - "format": "base64", - "maxLength": 3145728 + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeploymentDetails" + } + } + }, + "example": { + "items": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + ] + } } - } + ] }, - "NapPolicyObject": { + "NapLogProfileDeploymentsListResponse": { + "description": "List of all NGINX App Protect log profile deployments.", "allOf": [ { - "$ref": "#/components/schemas/NapPolicyMetadata" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/NapPolicyDeployments" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profile deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileDeployment" + } + } + }, + "example": { + "items": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ] + } } ] }, - "NapPolicyMetadata": { - "description": "Summary information about NGINX App Protect policy.", + "NapPolicyVersionMetadata": { "type": "object", + "description": "Summary information about the specific NGINX App Protect policy version.", "required": [ "object_id", - "name", - "latest" + "version", + "enforcement_mode", + "created_at" ], "properties": { "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "name": { - "description": "The name of the NGINX App Protect policy.", - "type": "string" + "version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "created_at": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" + } + } + }, + "NapPolicyVersionDetails": { + "description": "Detailed information about NGINX App Protect policy version.", + "type": "object", + "required": [ + "policy", + "object_id", + "version", + "enforcement_mode", + "created_at", + "bundles" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicy" + }, + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" + }, + { + "type": "object", + "required": [ + "bundles" + ], + "properties": { + "bundles": { + "description": "Compiled NGINX App Protect policy version bundles for this specific policy version.\nLists compilation status of the policy version contents across different NAP release versions.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + } + ], + "example": { + "object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "version": "2023-12-06 22:37:24", + "enforcement_mode": "blocking", + "created_at": "2023-12-06T22:37:24.120114Z", + "policy": "eyJwb2xpY3kiOiB7Im5hbWUiOiAiZGVmYXVsdCJ9fQ==", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "bundles": [ + { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2023-12-06T22:37:24.120114Z", + "modified_at": "2023-12-06T22:38:01.264956Z" + }, + { + "nap_release": "5.9.0", + "status": "succeeded", + "created_at": "2023-12-06T22:37:24.120114Z", + "modified_at": "2023-12-06T22:38:01.264956Z" + } + ] + } + }, + "NapPolicyVersionObject": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" }, - "description": { - "type": "string", - "description": "Some detail on the NGINX App Protect policy." + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" }, - "latest": { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + { + "type": "object", + "required": [ + "latest" + ], + "properties": { + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } + } } - } + ] }, - "NapPolicyListResponse": { - "description": "List of all NGINX App Protect policies.", + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { - "description": "List of NGINX App Protect policies.", "type": "object", "required": [ "items" ], "properties": { "items": { - "description": "An array of NGINX App Protect policy objects.", + "description": "An array of NGINX App Protect version objects.", "type": "array", "items": { - "$ref": "#/components/schemas/NapPolicyObject" + "$ref": "#/components/schemas/NapPolicyVersionObject" } } }, "example": { "items": [ { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-policy", - "description": "test policy", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "latest": { - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "created_at": "2023-12-06T22:37:24.120114Z", - "deployment_status": "deployed", - "enforcement_mode": "blocking" - } + "version": "2023-12-06 22:37:24", + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_at": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "latest": false } ] } } ] }, - "NapPolicyVersionDeployments": { - "type": "object", - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "NapLogProfileListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profiles.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileObject" + } + } + } + } + ] + }, + "NapLogProfileObjectDetails": { + "allOf": [ + { + "$ref": "#/components/schemas/NapLogProfileObject" + }, + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string" + } + } + }, + { + "type": "object", + "required": [ + "bundles" + ], + "properties": { + "bundles": { + "description": "Compiled NGINX APP Protect log profile bundles for this specific log profile. \nShows compilation status of the latest log profile contents across different NAP release versions.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapCompileStatus" + } + } + } + } + ], + "example": { + "created_at": "2026-01-16T21:12:51.843434Z", + "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", + "modified_at": "2026-01-16T21:12:51.843434Z", + "name": "test-log-profiles", + "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", + "is_f5_default": false, + "config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=", + "deployments": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ], + "bundles": [ + { + "nap_release": "5.10.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" + }, + { + "nap_release": "5.9.0", + "status": "succeeded", + "created_at": "2026-01-13T18:54:19.140336Z", + "modified_at": "2026-01-13T18:56:31.264956Z" } + ] + } + }, + "NapLogProfileObject": { + "allOf": [ + { + "$ref": "#/components/schemas/NapLogProfileDeployments" + }, + { + "$ref": "#/components/schemas/NapLogProfileMetadata" } + ], + "example": { + "created_at": "2026-01-16T21:12:51.843434Z", + "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", + "modified_at": "2026-01-16T21:12:51.843434Z", + "name": "test-log-profiles", + "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", + "is_f5_default": false, + "deployments": [ + { + "nap_release": "5.10.0", + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "latest_deployed": "yes" + } + ] } }, - "NapDeploymentAssociation": { + "NapLogProfileMetadata": { "type": "object", "required": [ - "associated_type", - "associated_object_id", - "associated_name" + "name", + "object_id", + "hash", + "is_f5_default", + "modified_at", + "created_at" ], "properties": { - "associated_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" + "name": { + "type": "string", + "description": "The name of the NGINX App Protect log profile." }, - "associated_object_id": { - "$ref": "#/components/schemas/ObjectID" + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "associated_name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "hash": { + "type": "string", + "description": "The hash value of the NGINX App Protect log profile configs." + }, + "is_f5_default": { + "$ref": "#/components/schemas/IsF5Default" + }, + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the log profile was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the log profile was last modified." } } }, - "NapDeployment": { + "NapGlobalSettingsListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], - "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect global settings.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" } } ] }, - "NapPolicyVersionDeployment": { + "NapGlobalSettingGetResponse": { "allOf": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "$ref": "#/components/schemas/NapGlobalSettingMetadata" }, { "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", "required": [ - "publication_object_id", - "status", - "deployed_on" + "config" ], "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string" } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" } } ] }, - "NapPolicyDeployments": { + "NapGlobalSettingMetadata": { "type": "object", "required": [ - "deployments" + "name", + "object_id" ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeployment" - } + "name": { + "type": "string", + "description": "The name of the NGINX App Protect global setting object." + }, + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" } } }, - "NapLogProfileDeployments": { + "NapGlobalSettingCreateRequest": { + "description": "Create NGINX App Protect global setting object.", "type": "object", + "required": [ + "name", + "config" + ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileDeployment" - } + "name": { + "description": "The name of the NGINX App Protect global setting object.", + "type": "string", + "minLength": 3, + "maxLength": 32 + }, + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "NapLogProfileDeployment": { - "description": "Detailed information about a NGINX App Protect log-profile deployment.", + "NapGlobalSettingUpdateRequest": { + "description": "Update NGINX App Protect global setting object.", "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/NapDeployment" + "required": [ + "config" + ], + "properties": { + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - { - "type": "object", - "required": [ - "nap_release", - "publication_object_id", - "associated_name", - "associated_type", - "associated_object_id", - "status", - "deployed_on" - ], - "properties": { - "nap_release": { - "description": "The compiler version of NGINX App Protect the log profile was deployed with.", - "type": "string" - }, - "latest_deployed": { - "$ref": "#/components/schemas/NapLatestDeployed" - } - } + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } - ], - "example": { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" } }, - "NapPolicyDeployment": { - "description": "Detailed information about a NGINX App Protect policy deployment.", + "NapLogProfileCreateRequest": { + "description": "Create NGINX App Protect log profile.", "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on" + "name", + "config" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "properties": { + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 1, + "maxLength": 128 }, - { - "type": "object", - "required": [ - "enforcement_mode", - "policy_version", - "policy_version_object_id" - ], - "properties": { - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "policy_version": { - "description": "The version associated with the NGINX App Protect policy.", - "type": "string" - }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - } - } + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "NapPolicyDeploymentDetails": { + "NapLogProfileUpdateRequest": { + "description": "Update NGINX App Protect log profile.", "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" + "config" ], - "allOf": [ + "properties": { + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "description": { + "description": "Optional field to describe describing the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "minLength": 5, + "maxLength": 3145728 + } + } + }, + "NapPolicyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/NapPolicyDeployment" + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "type": "object", - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } + "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } + ] + }, + "NapPolicyBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", + "required": [ + "action", + "object_id" ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "NapPolicyDeploymentsListResponse": { - "description": "List of all NGINX App Protect deployments.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "NapBulkResponse": { + "description": "The Nap policy bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "NapSignatureMeta": { + "required": [ + "signature_id", + "name", + "attack_type" + ], + "properties": { + "name": { + "type": "string" }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect deployments.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeploymentDetails" - } - } - }, - "example": { - "items": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - ] - } + "signature_id": { + "type": "integer" + }, + "attack_type": { + "type": "string" } - ] + } }, - "NapLogProfileDeploymentsListResponse": { - "description": "List of all NGINX App Protect log profile deployments.", + "NapSignature": { + "description": "Detail information for NGINX App Protect signatures. Note: `description` is omitted for list operation.\n", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NapSignatureMeta" }, { "type": "object", "required": [ - "items" + "signature_type", + "risk", + "accuracy", + "has_cve", + "modified_at", + "systems" ], "properties": { - "items": { - "description": "An array of NGINX App Protect log profile deployments.", - "type": "array", + "accuracy": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_accuracy_high", + "nap_signature_accuracy_low", + "nap_signature_accuracy_medium" + ], + "type": "string" + }, + "description": { + "type": "string" + }, + "has_cve": { + "default": false, + "type": "boolean" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature was last modified." + }, + "references": { "items": { - "$ref": "#/components/schemas/NapLogProfileDeployment" - } + "required": [ + "type", + "value" + ], + "properties": { + "type": { + "default": "nessus", + "enum": [ + "bugtraq", + "cve", + "nessus", + "url" + ], + "x-enum-varnames": [ + "nap_signature_references_type_bugtrag", + "nap_signature_references_type_cve", + "nap_signature_references_type_nessus", + "nap_signature_references_type_url" + ], + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "risk": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_risk_high", + "nap_signature_risk_low", + "nap_signature_risk_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "request", + "response" + ], + "type": "string", + "x-enum-varnames": [ + "nap_signature_signature_type_request", + "nap_signature_signature_type_response" + ] + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" } - }, - "example": { - "items": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ] } } - ] - }, - "NapPolicyVersionMetadata": { - "type": "object", - "description": "Summary information about the specific NGINX App Protect policy version.", - "required": [ - "object_id", - "version", - "enforcement_mode", - "created_at" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "created_at": { - "description": "The date and time when the NGINX App Protect policy version was created.", - "type": "string", - "format": "date-time" - } + "example": { + "signature_id": 123456789, + "name": "Example Signature", + "description": "This is an example signature.", + "signature_type": "request", + "attack_type": "SQL Injection", + "risk": "high", + "accuracy": "medium", + "has_cve": true, + "modified_at": "2023-10-01T12:00:00Z", + "references": [ + { + "type": "cve", + "value": "CVE-2023-12345" + } + ], + "systems": [ + "System A" + ] } }, - "NapPolicyVersionDetails": { - "description": "Detailed information about NGINX App Protect policy version.", + "NapSignatureSet": { "type": "object", "required": [ - "policy", "object_id", - "version", - "enforcement_mode", - "created_at" + "name", + "type", + "category", + "signature_count", + "accuracy", + "default_alarm", + "default_block", + "default_learn", + "systems", + "modified_at" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" }, - { - "$ref": "#/components/schemas/NapPolicy" + "name": { + "type": "string" }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" - } - ] - }, - "NapPolicyVersionObject": { - "description": "Summary information about NGINX App Protect policy version.", - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "accuracy": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "low", + "medium", + "high" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_low", + "nap_signature_set_accuracy_medium", + "nap_signature_set_accuracy_high" + ] + } }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "signature_count": { + "type": "integer" }, - { - "type": "object", - "required": [ - "latest" + "category": { + "enum": [ + "User-defined", + "Basic", + "Attack Type Specific" + ], + "x-enum-varnames": [ + "nap_signature_set_category_user_defined", + "nap_signature_set_category_basic", + "nap_signature_set_category_attack_type_specific" ], + "type": "string" + }, + "default_alarm": { + "default": true, + "type": "boolean" + }, + "default_block": { + "default": true, + "type": "boolean" + }, + "default_learn": { + "default": true, + "type": "boolean" + }, + "filter": { "properties": { - "latest": { - "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", - "type": "boolean", - "default": false + "accuracy_filter": { + "default": "ge", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_filter_all", + "nap_signature_set_filter_accuracy_filter_eq", + "nap_signature_set_filter_accuracy_filter_ge", + "nap_signature_set_filter_accuracy_filter_le" + ], + "type": "string" + }, + "accuracy_value": { + "default": "all", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_value_all", + "nap_signature_set_filter_accuracy_value_high", + "nap_signature_set_filter_accuracy_value_low", + "nap_signature_set_filter_accuracy_value_medium" + ], + "type": "string" + }, + "attack_type": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "has_cve": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_have_cve_all", + "nap_signature_set_filter_have_cve_no", + "nap_signature_set_filter_have_cve_yes" + ], + "type": "string" + }, + "modified_at_filter": { + "default": "all", + "enum": [ + "after", + "all", + "before" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_modified_at_filter_after", + "nap_signature_set_filter_modified_at_filter_all", + "nap_signature_set_filter_modified_at_filter_before" + ], + "type": "string" + }, + "modified_at_value": { + "default": "1970-01-01", + "type": "string" + }, + "risk_filter": { + "default": "eq", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_filter_all", + "nap_signature_set_filter_risk_filter_eq", + "nap_signature_set_filter_risk_filter_ge", + "nap_signature_set_filter_risk_filter_le" + ], + "type": "string" + }, + "risk_value": { + "default": "low", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_value_all", + "nap_signature_set_filter_risk_value_high", + "nap_signature_set_filter_risk_value_low", + "nap_signature_set_filter_risk_value_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "all", + "request", + "response" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_signature_type_all", + "nap_signature_set_filter_signature_type_request", + "nap_signature_set_filter_signature_type_response" + ], + "type": "string" + }, + "user_defined_filter": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_user_defined_filter_all", + "nap_signature_set_filter_user_defined_filter_no", + "nap_signature_set_filter_user_defined_filter_yes" + ], + "type": "string" } - } + }, + "type": "object" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature-set was last modified." + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "default": "filter-based", + "enum": [ + "filter-based", + "manual" + ], + "x-enum-varnames": [ + "nap_signature_set_type_filter_based", + "nap_signature_set_type_manual" + ], + "type": "string" } - ] + }, + "example": { + "default_block": true, + "default_learn": true, + "signature_count": 0, + "filter": { + "accuracy_value": "all", + "accuracy_filter": "all", + "attack_type": { + "name": "XML External Entities (XXE)" + }, + "risk_filter": "all", + "has_cve": "all", + "user_defined_filter": "all", + "risk_value": "all", + "modified_at_filter": "all", + "signature_type": "request" + }, + "assign_to_policy_by_default": false, + "default_alarm": true, + "accuracy": [], + "type": "filter-based", + "name": "XML External Entities (XXE) Signatures", + "object_id": "sigset_-ZMshmi83MBL97dr5d0a9w", + "category": "User-defined", + "modified_at": "2023-08-10T16:59:15Z", + "systems": [] + } }, - "NapPolicyVersionsListResponse": { - "description": "List of all NGINX App Protect versions.", + "NapSignatureListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -14534,28 +19176,17 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect version objects.", + "description": "An array of NGINX App Protect signatures.", "type": "array", "items": { - "$ref": "#/components/schemas/NapPolicyVersionObject" + "$ref": "#/components/schemas/NapSignature" } } - }, - "example": { - "items": [ - { - "version": "2023-12-06 22:37:24", - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "created_at": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "latest": false - } - ] } } ] }, - "NapLogProfileListResponse": { + "NapSignatureSetListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -14567,870 +19198,1203 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect log profiles.", + "description": "An array of NGINX App Protect signature sets.", "type": "array", "items": { - "$ref": "#/components/schemas/NapLogProfileObject" + "$ref": "#/components/schemas/NapSignatureSet" } } } } ] }, - "NapLogProfileObjectDetails": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileObject" + "FilterNameNapPolicy": { + "type": "string", + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", + "enum": [ + "name", + "enforcement_mode", + "object_id", + "deployment_enforcement_mode", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id", + "filter_name_nap_policy_deployment_enforcement_mode", + "filter_name_nap_policy_deployment_status" + ] + }, + "FilterNameNapPolicyVersion": { + "type": "string", + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", + "enum": [ + "deployment_status", + "enforcement_mode", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" + ] + }, + "FilterNameNapPolicyDeployment": { + "type": "string", + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] + }, + "FilterNameNapLogProfile": { + "type": "string", + "description": "Keywords for NGINX App Protect log profile filters.\n", + "enum": [ + "name", + "object_id", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_nap_log_profile_name", + "filter_name_nap_log_profile_object_id", + "filter_name_nap_log_profile_deployment_status" + ] + }, + "IsF5Default": { + "type": "boolean", + "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)." + }, + "FilterNameNapLogProfileDeployment": { + "type": "string", + "description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] + }, + "FilterNameNapGlobalSettings": { + "type": "string", + "description": "Keywords for NGINX App Protect global settings filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_global_setting_name", + "filter_name_nap_global_setting_object_id" + ] + }, + "NapGlobalSettingObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", + "type": "string", + "format": "object_id", + "pattern": "^gs_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "DeploymentName": { + "type": "string", + "description": "Name of an NGINXaaS resource.", + "minLength": 3, + "maxLength": 30, + "pattern": "^[a-z][a-z0-9-]*[a-z0-9]$", + "example": "mydeployment" + }, + "DeploymentCloudName": { + "type": "string", + "description": "Name of the cloud where deployment resources are provisioned.", + "enum": [ + "google", + "aws" + ] + }, + "DeploymentCloudProperties": { + "type": "object", + "description": "Cloud-specific deployment properties.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "google": { + "$ref": "#/components/schemas/GoogleDeploymentProperties" }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string" - } - } + "aws": { + "$ref": "#/components/schemas/AWSDeploymentProperties" + } + } + }, + "DeploymentScale": { + "type": "object", + "description": "NaaS deployment scale info.", + "required": [ + "capacity" + ], + "properties": { + "capacity": { + "type": "integer", + "description": "The number of desired NCUs for a NaaS deployment. Must be >= 10, <= 500.\n", + "minimum": 10, + "maximum": 500 + } + } + }, + "CreateDeploymentCloudProperties": { + "type": "object", + "description": "Cloud-specific create properties.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "google": { + "$ref": "#/components/schemas/CreateGoogleDeploymentProperties" + }, + "aws": { + "$ref": "#/components/schemas/CreateAWSDeploymentProperties" + } + } + }, + "UpdateDeploymentCloudProperties": { + "type": "object", + "description": "Cloud-specific update properties.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "google": { + "$ref": "#/components/schemas/UpdateGoogleDeploymentProperties" + }, + "aws": { + "$ref": "#/components/schemas/UpdateAWSDeploymentProperties" + } + } + }, + "GoogleFrontendInfo": { + "type": "object", + "description": "Google frontend info returned in a deployment response.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/GooglePrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/ManagedPublicEndpoint" + } + } + }, + "CreateGoogleFrontendInfo": { + "type": "object", + "description": "Google frontend info used in a create request.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/UpdateGooglePrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/CreateManagedPublicEndpoint" + } + } + }, + "UpdateGoogleFrontendInfo": { + "type": "object", + "description": "Google frontend info used in an update request.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/UpdateGooglePrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/UpdateManagedPublicEndpoint" + } + } + }, + "GooglePrivateEndpoint": { + "type": "object", + "description": "Google private endpoint info returned in a deployment response.", + "properties": { + "service_attachment": { + "$ref": "#/components/schemas/GoogleServiceAttachment" + }, + "service_attachment_accept_list": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptList" + } + } + }, + "UpdateGooglePrivateEndpoint": { + "type": "object", + "description": "Google private endpoint info used in a create or update request.", + "properties": { + "service_attachment_accept_list": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptList" + } + } + }, + "ManagedPublicEndpoint": { + "type": "object", + "description": "Managed public endpoint info returned in a deployment response.", + "required": [ + "acl" + ], + "properties": { + "acl": { + "$ref": "#/components/schemas/ManagedPublicEndpointACL" }, + "service_endpoint": { + "type": "string", + "description": "The public DNS name for the managed public endpoint.", + "readOnly": true + } + } + }, + "CreateManagedPublicEndpoint": { + "type": "object", + "description": "Managed public endpoint info used in a create request.", + "required": [ + "acl" + ], + "properties": { + "acl": { + "$ref": "#/components/schemas/ManagedPublicEndpointACL" + } + } + }, + "UpdateManagedPublicEndpoint": { + "type": "object", + "description": "Managed public endpoint info used in an update request.", + "properties": { + "acl": { + "$ref": "#/components/schemas/ManagedPublicEndpointACL" + } + } + }, + "ManagedPublicEndpointACL": { + "type": "array", + "description": "Access control list for the managed public endpoint. Maximum of 40 rules.", + "maxItems": 40, + "items": { + "$ref": "#/components/schemas/ManagedPublicEndpointACLRule" + } + }, + "ManagedPublicEndpointACLRule": { + "type": "object", + "description": "A single ACL rule for the managed public endpoint.", + "required": [ + "source_prefixes" + ], + "oneOf": [ { - "type": "object", "required": [ - "bundles" - ], - "properties": { - "bundles": { - "description": "Compiled NGINX APP Protect log profile bundles for this specific log profile. \nShows compilation status of the latest log profile contents across different NAP release versions.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapCompileStatus" + "protocol", + "port_range" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "protocol" + ] + }, + { + "required": [ + "port_range" + ] } - } + ] } } ], - "example": { - "created_at": "2026-01-16T21:12:51.843434Z", - "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", - "modified_at": "2026-01-16T21:12:51.843434Z", - "name": "test-log-profiles", - "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", - "is_f5_default": false, - "config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=", - "deployments": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ], - "bundles": [ - { - "nap_release": "5.10.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" - }, - { - "nap_release": "5.9.0", - "status": "succeeded", - "created_at": "2026-01-13T18:54:19.140336Z", - "modified_at": "2026-01-13T18:56:31.264956Z" + "properties": { + "description": { + "type": "string", + "description": "Optional description for the ACL rule.", + "maxLength": 256 + }, + "source_prefixes": { + "type": "array", + "description": "List of CIDR blocks.", + "minItems": 1, + "maxItems": 60, + "uniqueItems": true, + "items": { + "type": "string", + "format": "cidr" } - ] + }, + "protocol": { + "type": "string", + "description": "Network protocol for the rule. Must be specified if port_range is specified.", + "enum": [ + "tcp", + "udp" + ] + }, + "port_range": { + "type": "string", + "description": "Port range as either a single integer or a range separated by dash, inclusive. Must be specified if protocol is specified.", + "format": "port-range" + } } }, - "NapLogProfileObject": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileDeployments" + "GoogleDeploymentProperties": { + "type": "object", + "description": "Google deployment properties.", + "required": [ + "region", + "project_id", + "network_attachment", + "frontend" + ], + "properties": { + "region": { + "$ref": "#/components/schemas/GoogleRegion" }, - { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "project_id": { + "description": "The Google Cloud project ID where this deployment resides. This project_id can be used for the network attachment allowlist.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "network_attachment": { + "$ref": "#/components/schemas/GoogleNetworkAttachment" + }, + "frontend": { + "$ref": "#/components/schemas/GoogleFrontendInfo" + }, + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported.", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported.", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "identity": { + "$ref": "#/components/schemas/GoogleIdentity" } - ], - "example": { - "created_at": "2026-01-16T21:12:51.843434Z", - "hash": "oxiWKPqR/soi4MQCgVnW8KHt8Jk68AqCeQcQ1sed4Dk=", - "modified_at": "2026-01-16T21:12:51.843434Z", - "name": "test-log-profiles", - "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", - "is_f5_default": false, - "deployments": [ - { - "nap_release": "5.10.0", - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "latest_deployed": "yes" - } - ] } }, - "NapLogProfileMetadata": { + "CreateGoogleDeploymentProperties": { "type": "object", + "description": "Google deployment properties used in a create request.", "required": [ - "name", - "object_id", - "hash", - "is_f5_default", - "modified_at", - "created_at" + "region", + "network_attachment", + "frontend" ], "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect log profile." - }, - "object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" + "region": { + "$ref": "#/components/schemas/GoogleRegion" }, - "hash": { - "type": "string", - "description": "The hash value of the NGINX App Protect log profile configs." + "network_attachment": { + "$ref": "#/components/schemas/GoogleNetworkAttachment" }, - "is_f5_default": { - "$ref": "#/components/schemas/IsF5Default" + "frontend": { + "$ref": "#/components/schemas/CreateGoogleFrontendInfo" }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported. Omit the field to disable log exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the log profile was created." + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Omit the field to disable metric exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the log profile was last modified." + "identity": { + "$ref": "#/components/schemas/CreateGoogleIdentity" } } }, - "NapGlobalSettingsListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "UpdateGoogleDeploymentProperties": { + "type": "object", + "description": "Google deployment properties used in an update request.", + "properties": { + "frontend": { + "$ref": "#/components/schemas/UpdateGoogleFrontendInfo" }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect global settings.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported. Set to an empty string to disable log exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/EmptyStringOrGoogleProjectID" } - } + ] + }, + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Set to an empty string to disable metric exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/EmptyStringOrGoogleProjectID" + } + ] + }, + "identity": { + "$ref": "#/components/schemas/UpdateGoogleIdentity" } - ] + } }, - "NapGlobalSettingGetResponse": { - "allOf": [ + "GoogleResourceName": { + "type": "string", + "minLength": 1, + "maxLength": 63, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleRegion": { + "description": "Google region.", + "$ref": "#/components/schemas/GoogleResourceName" + }, + "GoogleNetworkAttachment": { + "type": "string", + "description": "Google network attachment.", + "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/networkAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleServiceAttachment": { + "type": "string", + "description": "Google service attachment.", + "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/serviceAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleServiceAttachmentAcceptListItem": { + "type": "string", + "oneOf": [ { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptNetworkItem" }, { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string" - } - } + "$ref": "#/components/schemas/GoogleProjectID" } ] }, - "NapGlobalSettingMetadata": { + "GoogleServiceAttachmentAcceptList": { + "type": "array", + "description": "List of google networkURls or project ids that should connect to the service attachment. The list must contain either all network urls or all project ids but not both simultaneously. An empty list indicates all connections to the service attachment should be accepted.\n", + "items": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" + } + }, + "GoogleServiceAttachmentAcceptNetworkItem": { + "type": "string", + "pattern": "^(.*/networks/.*)" + }, + "GoogleProjectID": { + "type": "string", + "pattern": "^[a-z][a-z0-9\\-]{4,28}[a-z0-9]$" + }, + "EmptyStringOrGoogleProjectID": { + "type": "string", + "pattern": "^(?:|[a-z][a-z0-9\\-]{4,28}[a-z0-9])$" + }, + "GoogleWorkloadIdentityPoolProviderName": { + "type": "string", + "description": "The resource name of the Google workload identity pool provider", + "pattern": "^projects/(?:[a-z][a-z0-9\\-]{4,28}[a-z0-9]|[0-9]{4,30})/locations/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/workloadIdentityPools/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/providers/[a-z][a-z0-9\\-]{2,30}[a-z0-9]$" + }, + "EmptyStringOrGoogleWorkloadIdentityPoolProviderName": { + "type": "string", + "description": "The resource name of the Google workload identity pool provider", + "pattern": "^(?:|projects/(?:[a-z][a-z0-9\\-]{4,28}[a-z0-9]|[0-9]{4,30})/locations/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/workloadIdentityPools/[a-z][a-z0-9\\-]{2,30}[a-z0-9]/providers/[a-z][a-z0-9\\-]{2,30}[a-z0-9])$" + }, + "GoogleServiceAccountUniqueID": { + "type": "string", + "description": "The unique numeric ID of the Google service account", + "pattern": "^[0-9]+$" + }, + "GoogleIdentity": { "type": "object", - "required": [ - "name", - "object_id" - ], + "description": "Identity info for a Google-based deployment", "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect global setting object." - }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "workload_identity_pool_provider_name": { + "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" }, - "object_id": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" + "nginxaas_service_account_unique_id": { + "description": "The unique numeric ID of the Google service account created by NGINXaaS", + "readOnly": true, + "allOf": [ + { + "$ref": "#/components/schemas/GoogleServiceAccountUniqueID" + } + ] + } + } + }, + "CreateGoogleIdentity": { + "type": "object", + "description": "Identity info for a Google-based deployment used in a create or update request", + "properties": { + "workload_identity_pool_provider_name": { + "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" + } + } + }, + "UpdateGoogleIdentity": { + "type": "object", + "description": "Identity info for a Google-based deployment used in a create or update request", + "properties": { + "workload_identity_pool_provider_name": { + "$ref": "#/components/schemas/EmptyStringOrGoogleWorkloadIdentityPoolProviderName" } } }, - "NapLogProfileCreateRequest": { - "description": "Create NGINX App Protect log profile.", + "Deployment": { "type": "object", + "description": "Deployment specification.", "required": [ + "id", + "organization_id", "name", - "config" + "description", + "cloud", + "cloud_properties", + "nginx_config_id", + "nginx_config_version_id", + "status", + "created_at", + "modified_at", + "scale" ], "properties": { + "id": { + "$ref": "#/components/schemas/DeploymentObjectID" + }, + "organization_id": { + "$ref": "#/components/schemas/NginxaasOrganizationID" + }, "name": { - "description": "The name of the NGINX App Protect log profile.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "$ref": "#/components/schemas/DeploymentName" }, "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", + "$ref": "#/components/schemas/NginxaasDescription" + }, + "cloud": { + "$ref": "#/components/schemas/DeploymentCloudName" + }, + "cloud_properties": { + "$ref": "#/components/schemas/DeploymentCloudProperties" + }, + "status": { + "$ref": "#/components/schemas/DeploymentStatus" + }, + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + }, + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + }, + "created_at": { "type": "string", - "minLength": 5, - "maxLength": 256 + "description": "Datetime when request to create deployment was received.", + "format": "date-time" }, - "config": { - "description": "The NGINX App Protect log profile configuration.", + "modified_at": { "type": "string", - "format": "base64", - "maxLength": 3145728 + "description": "Datetime when deployment was last modified.", + "format": "date-time" + }, + "deleted_at": { + "type": "string", + "description": "Datetime when request to delete deployment was received.", + "format": "date-time" + }, + "waf_enabled": { + "$ref": "#/components/schemas/WafEnabled" + }, + "scale": { + "$ref": "#/components/schemas/DeploymentScale" } } }, - "NapLogProfileUpdateRequest": { - "description": "Update NGINX App Protect log profile.", + "DeploymentStatus": { "type": "object", + "description": "Deployment status info.", "required": [ - "config" + "nginx_target_version", + "provisioning_state", + "config_state" ], "properties": { - "name": { - "description": "The name of the NGINX App Protect log profile.", + "nginx_target_version": { "type": "string", - "minLength": 1, - "maxLength": 128 + "description": "Target nginx version in deployment" }, - "description": { - "description": "Optional field to describe describing the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "provisioning_state": { + "$ref": "#/components/schemas/DeploymentProvisioningState" }, - "config": { - "description": "The NGINX App Protect log profile configuration.", + "config_state": { + "$ref": "#/components/schemas/DeploymentConfigState" + }, + "waf_version": { "type": "string", - "format": "base64", - "minLength": 5, - "maxLength": 3145728 + "description": "The WAF version currently active on the deployment. Only populated if WAF is enabled" } } }, - "NapPolicyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] - }, - "NapPolicyBulkRequestData": { + "DeploymentState": { "type": "object", - "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", + "description": "Deployment state info", "required": [ - "action", - "object_id" + "state", + "modified_at" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "state": { + "type": "string", + "description": "State name/value.", + "enum": [ + "deleting", + "failed", + "pending", + "ready", + "suspended" + ] }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "details": { + "type": "string", + "description": "State details.", + "maxLength": 256 + }, + "modified_at": { + "type": "string", + "description": "Datetime of last state change.", + "format": "date-time" } - }, - "example": { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "NapBulkResponse": { - "description": "The Nap policy bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } + "DeploymentProvisioningState": { + "$ref": "#/components/schemas/DeploymentState" }, - "NapSignatureMeta": { + "DeploymentConfigState": { + "$ref": "#/components/schemas/DeploymentState" + }, + "DeploymentListResponse": { + "type": "object", + "description": "List of deployments.", "required": [ - "signature_id", - "name", - "attack_type" + "count", + "items" ], "properties": { - "name": { - "type": "string" - }, - "signature_id": { + "count": { + "description": "The total number of deployments returned.", "type": "integer" }, - "attack_type": { - "type": "string" - } - } - }, - "NapSignature": { - "description": "Detail information for NGINX App Protect signatures. Note: `description` is omitted for list operation.\n", - "allOf": [ - { - "$ref": "#/components/schemas/NapSignatureMeta" - }, - { - "type": "object", - "required": [ - "signature_type", - "risk", - "accuracy", - "has_cve", - "modified_at", - "systems" - ], - "properties": { - "accuracy": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_accuracy_high", - "nap_signature_accuracy_low", - "nap_signature_accuracy_medium" - ], - "type": "string" - }, - "description": { - "type": "string" - }, - "has_cve": { - "default": false, - "type": "boolean" - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature was last modified." - }, - "references": { - "items": { - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "default": "nessus", - "enum": [ - "bugtraq", - "cve", - "nessus", - "url" - ], - "x-enum-varnames": [ - "nap_signature_references_type_bugtrag", - "nap_signature_references_type_cve", - "nap_signature_references_type_nessus", - "nap_signature_references_type_url" - ], - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "risk": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_risk_high", - "nap_signature_risk_low", - "nap_signature_risk_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "request", - "response" - ], - "type": "string", - "x-enum-varnames": [ - "nap_signature_signature_type_request", - "nap_signature_signature_type_response" - ] - }, - "systems": { - "items": { - "type": "string" - }, - "type": "array" - } - } - } - ], - "example": { - "signature_id": 123456789, - "name": "Example Signature", - "description": "This is an example signature.", - "signature_type": "request", - "attack_type": "SQL Injection", - "risk": "high", - "accuracy": "medium", - "has_cve": true, - "modified_at": "2023-10-01T12:00:00Z", - "references": [ - { - "type": "cve", - "value": "CVE-2023-12345" - } - ], - "systems": [ - "System A" - ] + "items": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Deployment" + } + } } }, - "NapSignatureSet": { + "DeploymentCreateRequest": { "type": "object", + "description": "Request spec for creating a deployment.", "required": [ - "object_id", "name", - "type", - "category", - "signature_count", - "accuracy", - "default_alarm", - "default_block", - "default_learn", - "systems", - "modified_at" + "cloud_properties", + "nginx_config_id", + "nginx_config_version_id", + "scale" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapSignatureSetObjectID" - }, "name": { - "type": "string" + "$ref": "#/components/schemas/DeploymentName" }, - "accuracy": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "low", - "medium", - "high" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_low", - "nap_signature_set_accuracy_medium", - "nap_signature_set_accuracy_high" - ] - } + "description": { + "$ref": "#/components/schemas/NginxaasDescription" }, - "signature_count": { - "type": "integer" + "cloud_properties": { + "$ref": "#/components/schemas/CreateDeploymentCloudProperties" }, - "category": { - "enum": [ - "User-defined", - "Basic", - "Attack Type Specific" - ], - "x-enum-varnames": [ - "nap_signature_set_category_user_defined", - "nap_signature_set_category_basic", - "nap_signature_set_category_attack_type_specific" - ], - "type": "string" + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" }, - "default_alarm": { - "default": true, - "type": "boolean" + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" }, - "default_block": { - "default": true, - "type": "boolean" + "scale": { + "$ref": "#/components/schemas/DeploymentScale" }, - "default_learn": { - "default": true, - "type": "boolean" + "waf_enabled": { + "$ref": "#/components/schemas/WafEnabled" + } + } + }, + "DeploymentUpdateRequest": { + "type": "object", + "description": "Request spec for updating a deployment.", + "properties": { + "description": { + "$ref": "#/components/schemas/NginxaasDescription" }, - "filter": { - "properties": { - "accuracy_filter": { - "default": "ge", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_accuracy_filter_all", - "nap_signature_set_filter_accuracy_filter_eq", - "nap_signature_set_filter_accuracy_filter_ge", - "nap_signature_set_filter_accuracy_filter_le" - ], - "type": "string" - }, - "accuracy_value": { - "default": "all", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_accuracy_value_all", - "nap_signature_set_filter_accuracy_value_high", - "nap_signature_set_filter_accuracy_value_low", - "nap_signature_set_filter_accuracy_value_medium" - ], - "type": "string" - }, - "attack_type": { - "properties": { - "name": { - "type": "string" - } - }, - "type": "object" - }, - "has_cve": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_have_cve_all", - "nap_signature_set_filter_have_cve_no", - "nap_signature_set_filter_have_cve_yes" - ], - "type": "string" - }, - "modified_at_filter": { - "default": "all", - "enum": [ - "after", - "all", - "before" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_modified_at_filter_after", - "nap_signature_set_filter_modified_at_filter_all", - "nap_signature_set_filter_modified_at_filter_before" - ], - "type": "string" - }, - "modified_at_value": { - "default": "1970-01-01", - "type": "string" - }, - "risk_filter": { - "default": "eq", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_filter_all", - "nap_signature_set_filter_risk_filter_eq", - "nap_signature_set_filter_risk_filter_ge", - "nap_signature_set_filter_risk_filter_le" - ], - "type": "string" - }, - "risk_value": { - "default": "low", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_value_all", - "nap_signature_set_filter_risk_value_high", - "nap_signature_set_filter_risk_value_low", - "nap_signature_set_filter_risk_value_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "all", - "request", - "response" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_signature_type_all", - "nap_signature_set_filter_signature_type_request", - "nap_signature_set_filter_signature_type_response" - ], - "type": "string" - }, - "user_defined_filter": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_user_defined_filter_all", - "nap_signature_set_filter_user_defined_filter_no", - "nap_signature_set_filter_user_defined_filter_yes" - ], - "type": "string" - } - }, - "type": "object" + "cloud_properties": { + "$ref": "#/components/schemas/UpdateDeploymentCloudProperties" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature-set was last modified." + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" }, - "systems": { - "items": { - "type": "string" - }, - "type": "array" + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" }, - "type": { - "default": "filter-based", - "enum": [ - "filter-based", - "manual" - ], - "x-enum-varnames": [ - "nap_signature_set_type_filter_based", - "nap_signature_set_type_manual" - ], - "type": "string" - } - }, - "example": { - "default_block": true, - "default_learn": true, - "signature_count": 0, - "filter": { - "accuracy_value": "all", - "accuracy_filter": "all", - "attack_type": { - "name": "XML External Entities (XXE)" - }, - "risk_filter": "all", - "has_cve": "all", - "user_defined_filter": "all", - "risk_value": "all", - "modified_at_filter": "all", - "signature_type": "request" + "scale": { + "$ref": "#/components/schemas/DeploymentScale" }, - "assign_to_policy_by_default": false, - "default_alarm": true, - "accuracy": [], - "type": "filter-based", - "name": "XML External Entities (XXE) Signatures", - "object_id": "sigset_-ZMshmi83MBL97dr5d0a9w", - "category": "User-defined", - "modified_at": "2023-08-10T16:59:15Z", - "systems": [] + "waf_enabled": { + "$ref": "#/components/schemas/WafEnabled" + } + } + }, + "WafEnabled": { + "type": "boolean", + "description": "Whether WAF is enabled for the deployment." + }, + "AWSAccountID": { + "type": "string", + "description": "AWS Account ID.", + "pattern": "^[0-9]{12}$" + }, + "AWSVpcID": { + "type": "string", + "description": "AWS VPC ID.", + "pattern": "^vpc-[a-z0-9]{8,17}$" + }, + "AWSVpcEndpointID": { + "type": "string", + "description": "AWS VPC Endpoint ID.", + "pattern": "^vpce-[a-z0-9]{8,17}$" + }, + "AWSIPv4CIDRBlock": { + "type": "string", + "description": "IPv4 CIDR block for the deployment VPC. Must be /22 - /18 in size and cannot be within any of these ranges: 0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 224.0.0.0/4, 172.17.0.0/16\n", + "format": "ipv4-cidr" + }, + "AWSIPv6CIDRBlock": { + "type": "string", + "description": "IPv6 CIDR block for the deployment VPC.", + "format": "cidr" + }, + "AWSVpcPeeringConnectionID": { + "type": "string", + "description": "AWS VPC peering connection ID.", + "pattern": "^pcx-[a-z0-9]{8,17}$" + }, + "AWSPrivateLinkServiceEndpointName": { + "type": "string", + "description": "The name of the AWS PrivateLink service endpoint for the deployment." + }, + "AWSRegion": { + "type": "string", + "description": "AWS region", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-z][-a-z0-9]*?$", + "example": "us-west-2" + }, + "AWSRoleARN": { + "type": "string", + "description": "Amazon Resource Name (ARN) for an IAM role", + "maxLength": 255, + "pattern": "^arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role(?:/[-a-zA-Z0-9+=,.@_]+)+$", + "example": "arn:aws:iam::123456789012:role/NGINXaaS" + }, + "EmptyStringOrAWSRoleARN": { + "type": "string", + "description": "Amazon Resource Name (ARN) for an IAM role, allowing empty strings", + "maxLength": 255, + "pattern": "^(?:|arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role(?:/[-a-zA-Z0-9+=,.@_]+)+)$" + }, + "AWSIdentity": { + "type": "object", + "description": "Identity info for an AWS-based deployment", + "properties": { + "customer_role_arn": { + "description": "The ARN of the IAM role created by the customer for NGINXaaS to assume.\n", + "allOf": [ + { + "$ref": "#/components/schemas/AWSRoleARN" + } + ] + } } }, - "NapSignatureListResponse": { + "CreateAWSIdentity": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/AWSIdentity" }, { - "type": "object", "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect signatures.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignature" - } - } - } + "customer_role_arn" + ] } ] }, - "NapSignatureSetListResponse": { - "allOf": [ + "UpdateAWSIdentity": { + "type": "object", + "description": "Identity info for an AWS-based deployment", + "properties": { + "customer_role_arn": { + "description": "The ARN of the IAM role created by the customer for NGINXaaS to assume, or empty string to remove an existing role.\n", + "allOf": [ + { + "$ref": "#/components/schemas/EmptyStringOrAWSRoleARN" + } + ] + } + } + }, + "AWSFrontendInfo": { + "type": "object", + "description": "AWS frontend info returned in a deployment response.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/AWSPrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/ManagedPublicEndpoint" + } + } + }, + "CreateAWSFrontendInfo": { + "type": "object", + "description": "AWS frontend info used in a create request.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/AWSPrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/CreateManagedPublicEndpoint" + } + } + }, + "UpdateAWSFrontendInfo": { + "type": "object", + "description": "AWS frontend info used in an update request.", + "minProperties": 1, + "maxProperties": 1, + "additionalProperties": false, + "properties": { + "private_endpoint": { + "$ref": "#/components/schemas/AWSPrivateEndpoint" + }, + "managed_public_endpoint": { + "$ref": "#/components/schemas/UpdateManagedPublicEndpoint" + } + } + }, + "AWSPrivateEndpoint": { + "type": "object", + "description": "AWS private endpoint info returned in a deployment response.", + "properties": { + "private_link_service_endpoint_name": { + "$ref": "#/components/schemas/AWSPrivateLinkServiceEndpointName", + "readOnly": true + }, + "private_link_connection_allow_list": { + "$ref": "#/components/schemas/AWSPrivateLinkConnectionAllowList" + } + } + }, + "AWSPrivateLinkConnectionAllowListItem": { + "type": "string", + "description": "An item in the allow list for AWS PrivateLink connections.", + "oneOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/AWSAccountID" }, { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect signature sets.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureSet" - } - } - } + "$ref": "#/components/schemas/AWSVpcEndpointID" } ] }, - "FilterNameNapLogProfile": { - "type": "string", - "description": "Keywords for NGINX App Protect log profile filters.\n", - "enum": [ - "name", - "object_id", - "deployment_status" + "AWSPrivateLinkConnectionAllowList": { + "type": "array", + "description": "List of AWS Account IDs or VPC Endpoint IDs that are allowed to connect. The list must contain either all account IDs or all VPC endpoint IDs (cannot mix). An empty list indicates no connections should be allowed.\n", + "items": { + "$ref": "#/components/schemas/AWSPrivateLinkConnectionAllowListItem" + }, + "minItems": 0, + "maxItems": 20 + }, + "AWSVpcPeeringConnections": { + "type": "array", + "description": "List of AWS VPC peering connections between the deployment VPC and upstream network VPCs.", + "items": { + "$ref": "#/components/schemas/AWSVpcPeeringConnectionID" + }, + "minItems": 0, + "maxItems": 20 + }, + "AWSDeploymentProperties": { + "type": "object", + "description": "AWS deployment properties.", + "required": [ + "region", + "ipv4_cidr_block", + "frontend", + "account_id", + "vpc_id", + "ipv6_cidr_block", + "vpc_peering_connections" ], - "x-enum-varnames": [ - "filter_name_nap_log_profile_name", - "filter_name_nap_log_profile_object_id", - "filter_name_nap_log_profile_deployment_status" - ] + "properties": { + "region": { + "$ref": "#/components/schemas/AWSRegion" + }, + "ipv4_cidr_block": { + "$ref": "#/components/schemas/AWSIPv4CIDRBlock" + }, + "frontend": { + "$ref": "#/components/schemas/AWSFrontendInfo" + }, + "identity": { + "$ref": "#/components/schemas/AWSIdentity" + }, + "vpc_peering_connections": { + "$ref": "#/components/schemas/AWSVpcPeeringConnections" + }, + "account_id": { + "$ref": "#/components/schemas/AWSAccountID", + "readOnly": true + }, + "vpc_id": { + "$ref": "#/components/schemas/AWSVpcID", + "readOnly": true + }, + "ipv6_cidr_block": { + "$ref": "#/components/schemas/AWSIPv6CIDRBlock", + "readOnly": true + } + } }, - "IsF5Default": { - "type": "boolean", - "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)." + "CreateAWSDeploymentProperties": { + "type": "object", + "description": "AWS deployment properties used in a create request.", + "required": [ + "region", + "ipv4_cidr_block", + "frontend" + ], + "properties": { + "region": { + "$ref": "#/components/schemas/AWSRegion" + }, + "ipv4_cidr_block": { + "$ref": "#/components/schemas/AWSIPv4CIDRBlock" + }, + "frontend": { + "$ref": "#/components/schemas/CreateAWSFrontendInfo" + }, + "identity": { + "$ref": "#/components/schemas/CreateAWSIdentity" + } + } }, - "FilterNameNapLogProfileDeployment": { + "UpdateAWSDeploymentProperties": { + "type": "object", + "description": "AWS deployment properties used in an update request.", + "properties": { + "frontend": { + "$ref": "#/components/schemas/UpdateAWSFrontendInfo" + }, + "identity": { + "$ref": "#/components/schemas/UpdateAWSIdentity" + }, + "vpc_peering_connections": { + "$ref": "#/components/schemas/AWSVpcPeeringConnections" + } + } + }, + "DeploymentObjectID": { "type": "string", - "description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] + "description": "A globally unique identifier for the deployment.", + "format": "object_id", + "pattern": "^depl_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "FilterNameNapPolicy": { + "NginxaasOrganizationID": { "type": "string", - "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", - "enum": [ - "name", - "enforcement_mode", - "object_id", - "deployment_enforcement_mode", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_name", - "filter_name_nap_policy_enforcement_mode", - "filter_name_nap_policy_object_id", - "filter_name_nap_policy_deployment_enforcement_mode", - "filter_name_nap_policy_deployment_status" - ] + "description": "NGINXaaS organization id", + "format": "object_id", + "pattern": "^org_.*", + "example": "org_FsFgfeDtScOjGbQJDaVNiQ", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "FilterNameNapPolicyDeployment": { + "NginxaasDescription": { "type": "string", - "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "policy_version", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_policy_version", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] + "description": "Description of a resource.", + "maxLength": 256, + "example": "My example description" }, - "FilterNameNapPolicyVersion": { + "NginxaasNginxConfigObjectID": { "type": "string", - "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", - "enum": [ - "deployment_status", - "enforcement_mode", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_version_deployment_status", - "filter_name_nap_policy_version_enforcement_mode", - "filter_name_nap_policy_version_object_id" - ] + "description": "A globally unique identifier for the NGINX config.", + "format": "object_id", + "pattern": "^cfg_.*", + "example": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "NapGlobalSettingObjectID": { - "description": "A globally unique identifier for the App Protect global settings object.", + "NginxaasNginxConfigVersionObjectID": { "type": "string", + "description": "NGINX config version object id", "format": "object_id", - "pattern": "^gs_.*", + "pattern": "^cv_.*", + "example": "cv_DrRnpntTRpGOxaroQ6aOFg", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, + "ObservabilityMetricsRequest": { + "type": "object", + "required": [ + "metrics" + ], + "properties": { + "metrics": { + "description": "Array of observed metrics.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/ObservedMetric" + } + } + } + }, + "ObservedMetric": { + "description": "Details for a single observed metric.", + "type": "object", + "required": [ + "name", + "timestamp", + "unit", + "value" + ], + "properties": { + "name": { + "type": "string", + "example": "cpuUsage" + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "unit": { + "type": "string", + "example": "%" + }, + "value": { + "type": "number", + "example": 80 + } + }, + "example": { + "name": "cpuUsage", + "timestamp": "2019-08-07T09:57:30Z", + "unit": "%", + "value": 80 + } + }, + "ModelConfigurationResponse": { + "description": "Model configuration details.", + "type": "object", + "required": [ + "loadModelUID", + "numberOfInstances", + "systemIDs" + ], + "properties": { + "loadModelUID": { + "type": "string", + "format": "uuid", + "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" + }, + "numberOfInstances": { + "type": "integer", + "example": 5 + }, + "systemIDs": { + "description": "Array of system IDs associated with the load model.", + "type": "array", + "items": { + "type": "string", + "format": "uuid" + }, + "minItems": 1, + "uniqueItems": true + } + } + }, "TemplateName": { "type": "string", - "description": "The name of the template.\nMust be suitable for use as a file name and as an NGINX configuration include.\nOnly alphanumeric characters, underscores, dashes, and dots are allowed.\nNo spaces, slashes, or special characters.\n", + "description": "The name of the template.\nMust be suitable for use as a file name and as an NGINX configuration include.\nOnly alphanumeric characters, underscores (single not double), dashes, and dots are allowed.\nNo spaces, slashes, or special characters.\n", "minLength": 1, "maxLength": 255, - "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9.\\-]|_[a-zA-Z0-9.\\-])*_?$", "example": "reverse-proxy" }, "TemplateDescription": { @@ -15439,6 +20403,64 @@ "maxLength": 2048, "example": "A base template for setting up a reverse proxy" }, + "TemplateMetadataUpdateRequest": { + "type": "object", + "description": "Request body for updating template metadata.\n", + "required": [ + "name" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/TemplateName" + }, + "description": { + "$ref": "#/components/schemas/TemplateDescription" + }, + "state": { + "$ref": "#/components/schemas/TemplateVersionState" + } + }, + "example": { + "name": "updated-template-name", + "description": "Updated description for the template", + "state": "final" + } + }, + "TemplateMetadataPatchRequest": { + "type": "object", + "description": "Request body for partially updating template metadata. Only provided fields will be updated; omitted fields will retain their existing values.\n", + "properties": { + "name": { + "$ref": "#/components/schemas/TemplateName" + }, + "description": { + "$ref": "#/components/schemas/TemplateDescription" + }, + "state": { + "$ref": "#/components/schemas/TemplateVersionState" + } + }, + "example": { + "description": "Updated description only", + "state": "final" + } + }, + "TemplateCopyRequest": { + "type": "object", + "description": "Request body for copying an existing template. If a field is omitted then \nthat field will use the existing value from the copied config template \nfor the newly generated one. All other properties (files, type, contexts) are\ninherited from the source template.\n", + "properties": { + "name": { + "$ref": "#/components/schemas/TemplateName" + }, + "description": { + "$ref": "#/components/schemas/TemplateDescription" + } + }, + "example": { + "name": "reverse-proxy-copy", + "description": "Copy of the reverse proxy template" + } + }, "TemplateObjectID": { "description": "A globally unique identifier for template.", "type": "string", @@ -15503,7 +20525,7 @@ }, "TemplateImportRequest": { "type": "object", - "description": "A request to import a template into the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points\nfor augment templates using custom Go template functions.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", + "description": "A request to import a template into the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", "required": [ "name", "file", @@ -15639,6 +20661,50 @@ } ] }, + "TemplateVersionsListResponse": { + "description": "List of all versions for a specific template.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "description": "List of config template versions.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of template versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/TemplateVersionSummary" + } + } + } + } + ] + }, + "TemplateVersionSummary": { + "description": "A summary of a template object including all its metadata, allowed contexts, augment includes and submissions count.\n", + "allOf": [ + { + "$ref": "#/components/schemas/TemplateSummary" + }, + { + "type": "object", + "required": [ + "submissions_count" + ], + "properties": { + "submissions_count": { + "type": "integer", + "description": "The total number of template submissions associated with the template version." + } + } + } + ] + }, "TemplateVersionState": { "type": "string", "description": "The state of a template version.\n- `draft`: Version is editable and not yet finalized.\n- `final`: Version is immutable and finalized. Version can't be transitioned back to draft.\n", @@ -15711,6 +20777,10 @@ "description": { "$ref": "#/components/schemas/TemplateDescription" }, + "is_f5_default": { + "$ref": "#/components/schemas/IsF5Default", + "readOnly": true + }, "allowed_in_contexts": { "type": "array", "description": "Specifies the full hierarchical context path(s) within the NGINX configuration where this template output can be placed.\n\nFor base templates, this list is empty. Instead, refer to `augment_includes` to see where augment output can be injected within the base template.\n", @@ -15746,6 +20816,7 @@ "name": "reverse-proxy", "description": "A base template for setting up a reverse proxy", "type": "base", + "is_f5_default": false, "allowed_in_contexts": [], "augment_includes": [ "http", @@ -15785,14 +20856,16 @@ }, "file_type": { "type": "string", - "description": "The contents type of the file.\n* template: The file contains a Go template.\n* schema: The file contains a JSON or YAML schema for validating input data for the template. Optional if the template does not require input variables.\n", + "description": "The contents type of the file.\n* template: The file contains a Go template.\n* schema: The file contains a JSON or YAML schema for validating input data for the template. Optional if the template does not require input variables.\n* include: A static file used as a reference for an `include` directive by the template (e.g., additional configuration snippets, documentation, etc.).\n", "enum": [ "template", - "schema" + "schema", + "include" ], "x-enum-varnames": [ "template_file_type_template", - "template_file_type_schema" + "template_file_type_schema", + "template_file_type_include" ] }, "file_format": { @@ -15837,7 +20910,7 @@ } }, "TemplateCreationRequest": { - "description": "A request payload used to create a new template, including its metadata and associated file contents.", + "description": "A request to create a template in the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points for augment templates\nusing the `augment_includes` custom Go template function. This function accepts two parameters:\n1. **context** (required, string): The target NGINX context path where augment content will be inserted (e.g. `\"http\"`, `\"http/server\"`, `\"stream/server\"`).\n2. **label** (optional, string): A target label (e.g. `\"primary\"`) used for deterministic placement of an augment template's content within the specified context during NGINX configuration generation.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`. These can also make use of\nhook points to other augment templates.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", "type": "object", "allOf": [ { @@ -15889,7 +20962,7 @@ } }, "TemplateDetailsResponse": { - "description": "Full detailed response about an existing template object including summary and file contents.", + "description": "Full detailed response about an existing template object including summary, file contents and submissions count.", "type": "object", "allOf": [ { @@ -15901,7 +20974,8 @@ { "type": "object", "required": [ - "items" + "items", + "submissions_count" ], "properties": { "items": { @@ -15910,6 +20984,10 @@ "items": { "$ref": "#/components/schemas/TemplateFileData" } + }, + "submissions_count": { + "type": "integer", + "description": "The total number of template submissions associated with the template version." } } } @@ -15922,8 +21000,10 @@ "version": 1, "latest_version": 1, "state": "final", + "submissions_count": 0, "name": "reverse-proxy", "type": "base", + "is_f5_default": false, "allowed_in_contexts": [], "augment_includes": [ "http" @@ -15955,6 +21035,32 @@ "description": "Key-value pairs for template rendering.", "additionalProperties": true }, + "TemplateSnippetRenderRequest": { + "type": "object", + "description": "Defines a request to render a snippet of NGINX configuration for a specific template as standalone, without the need for a base template.\n\n### Validations and Constraints:\n- The template must specify its `target_context`.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template's Schema.\n\n### Processing:\n- The system validates that the template is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Template Function Reference](https://yourdocs.com/templates/functions)\n - [Template Authoring Guide](https://yourdocs.com/templates/guide)\n", + "required": [ + "values", + "target_context" + ], + "properties": { + "values": { + "$ref": "#/components/schemas/TemplateValuesRequest" + }, + "target_context": { + "$ref": "#/components/schemas/TemplateContextPath" + } + }, + "example": { + "target_context": "http/upstream", + "values": { + "upstream_servers": [ + "10.0.0.1:8080", + "10.0.0.2:8080" + ], + "server_name": "example.com" + } + } + }, "TemplateSubmissionRequest": { "type": "object", "description": "Defines a request to render an NGINX configuration by combining a single base template \nwith zero or more augment templates.\n\n### Validations and Constraints:\n- All templates referenced by Object ID must be available in the system before submission.\n- Only one base template can be submitted.\n- The base template must explicitly use custom Go function `augment_includes (\"\", .)` to apply `augments`.\n- Its not required to include all augments in the request that base template supports.\n- The order of augments in the list determines the order in which they are rendered and applied.\n- Each augment must specify its `target_context`, indicating where it should be applied in \n the base template.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template’s Schema.\n- The `payloads` for auxiliary files only accepts types of `managed_certificate` and `managed_key`.\n\n### Processing:\n- The `base_template` defines the starting point of the NGINX configuration rendering.\n- `conf_path` determines where the rendered configuration from base and augments should be placed within the NGINX directory structure.\n- Each `augment` template is applied in the order provided, inserted at the appropriate target context\n using the `augment_includes (\"\", .)` function declared in the base template.\n- The system validates that each augment is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Template Function Reference](https://yourdocs.com/templates/functions)\n - [Template Authoring Guide](https://yourdocs.com/templates/guide)\n", @@ -16055,6 +21161,41 @@ ] } }, + "UpdateTemplateSubmissionRequest": { + "type": "object", + "description": "Defines a request to update the input values and payloads of an existing template submission.\nThe `conf_path` is preserved from the original submission and cannot be changed.\n", + "required": [ + "base_template", + "augments" + ], + "properties": { + "base_template": { + "$ref": "#/components/schemas/BaseTemplateSubmissionRequest" + }, + "augments": { + "type": "array", + "description": "Ordered list of augment templates to apply to the base template.\nAugments are rendered in the order provided.\n", + "items": { + "$ref": "#/components/schemas/AugmentTemplateSubmissionRequest" + } + }, + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } + }, + "UpdateSingleTemplateSubmissionRequest": { + "type": "object", + "description": "Request body to update input values for a single template within an existing submission.\nOnly `values` for the matched template are replaced; all other templates retain their stored values.\nPayloads, target objects, and `conf_path` are preserved from the existing submission.\n", + "required": [ + "values" + ], + "properties": { + "values": { + "$ref": "#/components/schemas/TemplateValuesRequest" + } + } + }, "BaseTemplateSubmissionRequest": { "type": "object", "required": [ @@ -16096,6 +21237,12 @@ "target_context": { "$ref": "#/components/schemas/TemplateContextPath" }, + "target_label": { + "type": "string", + "description": "Optional label that identifies a specific section in the base template hierarchy (e.g., \"primary\").\n\nIf provided, the value must match the label parameter used by the base template’s `augment_includes` functions; otherwise, the augment will not be applied.\n", + "minLength": 1, + "maxLength": 25 + }, "child_augments": { "type": "array", "description": "Ordered list of nested augment templates to apply as children of this template.\n", @@ -16142,6 +21289,29 @@ } } }, + "TemplateSnippetRenderResponse": { + "type": "object", + "description": "The rendered snippet of NGINX configuration, along with any errors encountered during rendering.\n", + "required": [ + "files" + ], + "properties": { + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileData" + } + }, + "errors": { + "type": "array", + "description": "List of NGINX config parse errors encountered during rendering.", + "items": { + "$ref": "#/components/schemas/NginxConfigParseError" + } + } + } + }, "TemplateSubmissionResponse": { "description": "Details of a template submission and all target(s) status results.", "required": [ @@ -16348,6 +21518,10 @@ "type": { "$ref": "#/components/schemas/TemplateType" }, + "is_f5_default": { + "$ref": "#/components/schemas/IsF5Default", + "readOnly": true + }, "state": { "$ref": "#/components/schemas/TemplateVersionState" }, @@ -16407,6 +21581,74 @@ "modified_at": "2023-09-15T14:30:00Z" } }, + "TemplateSubmissionDetailResponse": { + "description": "Details of a template submission, including all templates and input values.", + "type": "object", + "required": [ + "object_id", + "target_object_ids", + "created_at", + "modified_at", + "templates" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/TemplateSubmissionObjectID" + }, + "description": { + "type": "string", + "description": "Description of the submission." + }, + "target_object_ids": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ObjectID" + } + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The creation timestamp of the submission." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The last modification timestamp of the submission." + }, + "templates": { + "type": "array", + "description": "The templates and input values associated with this submission (base + augments).", + "items": { + "$ref": "#/components/schemas/TemplateSubmissionDetailTemplate" + } + } + } + }, + "TemplateSubmissionDetailTemplate": { + "description": "A template entry within a submission, including the specific version and input values used.\n", + "allOf": [ + { + "$ref": "#/components/schemas/TemplateSubmissionTemplateSummary" + }, + { + "type": "object", + "required": [ + "values" + ], + "properties": { + "values": { + "$ref": "#/components/schemas/TemplateValuesRequest" + }, + "target_context": { + "$ref": "#/components/schemas/TemplateContextPath" + }, + "target_label": { + "type": "string" + } + } + } + ] + }, "FilterNameTemplates": { "type": "string", "description": "Keywords for config templates filters.\n", @@ -16414,13 +21656,37 @@ "name", "type", "object_id", - "allowed_in_contexts" + "allowed_in_contexts", + "state", + "is_f5_default" + ], + "x-enum-varnames": [ + "filter_name_templates_name", + "filter_name_templates_type", + "filter_name_templates_object_id", + "filter_name_templates_allowed_in_contexts", + "filter_name_templates_state", + "filter_name_templates_is_f5_default" + ] + }, + "FilterNameSubmissions": { + "type": "string", + "description": "Keywords for config template submissions filters.\n", + "enum": [ + "object_id" + ], + "x-enum-varnames": [ + "filter_name_submissions_object_id" + ] + }, + "FilterNameTemplateVersions": { + "type": "string", + "description": "Keywords for config template versions filters.\n", + "enum": [ + "object_id" ], "x-enum-varnames": [ - "filter_name_templates_name", - "filter_name_templates_type", - "filter_name_templates_object_id", - "filter_name_templates_allowed_in_contexts" + "filter_name_template_versions_object_id" ] }, "StagedConfigSubmission": { @@ -16465,6 +21731,24 @@ "request_outcome_rejected" ] }, + "EventLevel": { + "type": "string", + "description": "Log level classification for the security event.\nFollows standard logging convention for severity.\n", + "enum": [ + "DEBUG", + "INFO", + "WARNING", + "ERROR", + "CRITICAL" + ], + "x-enum-varnames": [ + "event_level_debug", + "event_level_info", + "event_level_warning", + "event_level_error", + "event_level_critical" + ] + }, "SignatureAccuracy": { "type": "string", "description": "Confidence level that the signature accurately identifies the attack.", @@ -16495,6 +21779,28 @@ "signature_risk_critical" ] }, + "HttpMethod": { + "type": "string", + "description": "HTTP request method.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE", + "PATCH", + "HEAD", + "OPTIONS" + ], + "x-enum-varnames": [ + "http_method_get", + "http_method_post", + "http_method_put", + "http_method_delete", + "http_method_patch", + "http_method_head", + "http_method_options" + ] + }, "RequestStatus": { "type": "string", "description": "WAF enforcement decision for the request.", @@ -16594,6 +21900,42 @@ "filter_operator_not" ] }, + "Filter": { + "type": "array", + "description": "Pre-aggregation filter conditions.\nAll filters are combined with AND logic.\nUse the `in` operator to achieve `OR` within a single dimension.\n", + "items": { + "$ref": "#/components/schemas/AttacksFilter" + }, + "default": [] + }, + "AttacksFilter": { + "type": "object", + "description": "A single filter condition on a dimension.\n", + "required": [ + "field", + "operator", + "values" + ], + "properties": { + "field": { + "$ref": "#/components/schemas/AttacksDimensionField" + }, + "operator": { + "$ref": "#/components/schemas/FilterOperator" + }, + "values": { + "type": "array", + "description": "Values to filter by.\n- For `=` and `!=`: only the first value is used\n- For `in` and `not`: all values are used\n\nNote: IP filtering uses exact match only; CIDR notation is not supported.\n", + "items": { + "type": "string" + }, + "minItems": 1, + "example": [ + "blocked" + ] + } + } + }, "SortOrderDirection": { "type": "string", "description": "Sort direction for query results.", @@ -16745,6 +22087,18 @@ } } }, + "BaseAnalyticsResponse": { + "type": "object", + "description": "Base response wrapper for analytics queries.\nContains query metadata and is extended by specific response types.\n", + "required": [ + "query_metadata" + ], + "properties": { + "query_metadata": { + "$ref": "#/components/schemas/QueryMetadata" + } + } + }, "AttacksQueryRequest": { "allOf": [ { @@ -18656,6 +24010,539 @@ ] } }, + "NginxUsageTrackingRequest": { + "value": { + "version": "1.25.3", + "hostname": "nginx-plus-r30", + "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", + "nap": "inactive", + "http": { + "client": { + "received": 0, + "sent": 0, + "connections": 0, + "requests": 0 + }, + "upstream": { + "received": 0, + "sent": 0, + "connections": 0 + } + }, + "stream": { + "client": { + "received": 0, + "sent": 0, + "connections": 0 + }, + "upstream": { + "received": 0, + "sent": 0, + "connections": 0 + } + }, + "deployment": { + "integration": "nic", + "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", + "cluster_node_count": 5, + "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" + }, + "workers": 2, + "uptime": 120, + "reloads": 0, + "start_time": 0, + "end_time": 0 + } + }, + "NginxUsageTrackingBatchRequest": { + "value": [ + { + "version": "1.25.3", + "hostname": "nginx-plus-r30-1", + "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", + "nap": "inactive", + "http": { + "client": { + "received": 1000, + "sent": 2000, + "connections": 10, + "requests": 50 + }, + "upstream": { + "received": 1500, + "sent": 1000, + "connections": 5 + } + }, + "stream": { + "client": { + "received": 0, + "sent": 0, + "connections": 0 + }, + "upstream": { + "received": 0, + "sent": 0, + "connections": 0 + } + }, + "deployment": { + "integration": "nic", + "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", + "cluster_node_count": 5, + "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" + }, + "workers": 2, + "uptime": 3600, + "reloads": 1, + "start_time": 1704067200, + "end_time": 1704070800 + }, + { + "version": "1.25.4", + "hostname": "nginx-plus-r30-2", + "uuid": "a1b2c3d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6", + "nap": "active", + "http": { + "client": { + "received": 5000, + "sent": 10000, + "connections": 50, + "requests": 250 + }, + "upstream": { + "received": 7500, + "sent": 5000, + "connections": 25 + } + }, + "stream": { + "client": { + "received": 100, + "sent": 200, + "connections": 2 + }, + "upstream": { + "received": 150, + "sent": 100, + "connections": 1 + } + }, + "deployment": { + "integration": "nic", + "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", + "cluster_node_count": 5, + "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" + }, + "workers": 4, + "uptime": 7200, + "reloads": 2, + "start_time": 1704067200, + "end_time": 1704070800 + } + ] + }, + "ChatbotRequest": { + "value": { + "messages": [ + { + "role": "user", + "content": "What is a dog and a cat?" + } + ] + } + }, + "ChatbotResponse": { + "value": { + "id": "cmpl-8a17ba557d904b2287bbf4e1ae22433b", + "object": "text_completion", + "created": "2023-10-01T00:00:00Z", + "choices": [ + { + "index": 0, + "text": "\n\nA dog is a domesticated mammal, a member of the species Canis lupus familiaris. Dogs are often referred to as \"man's best friend\" due to their long history of companionship with humans. They are highly social animals and thrive on interaction with their human families and other dogs. Dogs come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nA cat is a domesticated mammal, a member of the Felidae family. Cats are often independent and self-sufficient animals, but they also enjoy companionship with their human families and other cats. They are agile and graceful animals, known for their ability to jump high and climb trees. Cats come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nBoth dogs and cats have been domesticated for thousands of years and have become beloved companions for many people around the world. They each have their unique personalities and needs, and choosing between a dog and a cat ultimately comes down to personal preference and lifestyle." + } + ] + } + }, + "ChatbotFeedback": { + "value": { + "response_id": "chatcmpl-123", + "is_positive": false, + "message": "freeform evaluation", + "tags": { + "inaccurate": false, + "unhelpful": true, + "formatting": false, + "time": true, + "other": false + } + } + }, + "DeploymentListResponse": { + "value": { + "count": 3, + "items": [ + { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-6zyc64jkr0uxnoeclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + }, + { + "id": "depl_DrRnpntTRpGOxaroQ6aOFg", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-bar", + "description": "test w/ network attachment from project bar", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "eu-west-1", + "project_id": "depl-drrnpnttrpgoxaroq6aofg", + "network_attachment": "projects/bar/regions/us-east1/networkAttachments/bar", + "frontend": { + "private_endpoint": { + "service_attachment_accept_list": [ + "project-id1", + "project-id2" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 20 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "failed", + "details": "network attachment 'bar' not found", + "modified_at": "2025-03-31T11:03:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T11:00:00Z", + "modified_at": "2025-03-31T11:03:00Z" + }, + { + "id": "depl_4zYc35JKR0uxnoBcLH1gGA", + "organization_id": "org_AxFgfeDtScOjGbQJDaRHiQ", + "name": "tst-max", + "description": "", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-4zyc35jkr0uxnobclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-1/networks/vpc-net1", + "projects/project-2/networks/vpc-net2" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 100 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + ] + } + }, + "DeploymentCreateRequest": { + "value": { + "name": "tst-foo", + "description": "", + "cloud_properties": { + "google": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment_accept_list": [ + "project-foo", + "project-bar" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + } + } + }, + "DeploymentCreateResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-6zyc64jkr0uxnoeclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment_accept_list": [ + "project-foo", + "project-bar" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "status": { + "nginx_target_version": "", + "provisioning_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "scale": { + "capacity": 10 + }, + "created_at": "2025-03-31T10:05:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentGetResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-6zyc64jkr0uxnoeclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-foo/networks/vpc-foo", + "projects/project-bar/networks/vpc-bar" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentUpdateRequest": { + "value": { + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud_properties": { + "google": { + "frontend": { + "private_endpoint": { + "service_attachment_accept_list": [] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA" + } + }, + "DeploymentUpdateResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-6zyc64jkr0uxnoeclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentDeleteResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "organization_id": "org_FsFgfeDtScOjGbQJDaVNiQ", + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud": "google", + "cloud_properties": { + "google": { + "region": "us-east1", + "project_id": "depl-6zyc64jkr0uxnoeclh1gga", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "frontend": { + "private_endpoint": { + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-foo/networks/vpc-foo", + "projects/project-bar/networks/vpc-bar" + ] + } + } + } + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "nginx_target_version": "nginx-plus-r35", + "provisioning_state": { + "state": "deleting", + "details": "", + "modified_at": "2025-03-31T10:15:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z", + "deleted_at": "2025-03-31T10:15:00Z" + } + }, + "ModelConfiguration": { + "value": { + "loadModelUID": "f038dca0-b55c-410a-95a6-b9f876792ce8", + "numberOfInstances": 5, + "systemIDs": [ + "4c6941c2-013c-4fd3-a6d2-f9a0cd3f9171", + "8a5520d7-9bfb-44ee-b441-1deb6ddf6247", + "3e106049-fbfa-4004-a049-cf90cc420b0e", + "bbd4c6a0-d7ed-432a-a6e2-eb0d2b602aaf", + "d7bc43f5-d31b-4a3a-b0c7-e1ca4e3d33da" + ] + } + }, "SubmissionWithPreviewOnly": { "value": { "conf_path": "/etc/nginx/nginx.conf", @@ -18826,6 +24713,56 @@ "http" ] } + }, + "BillingUsageEventsByTokenIdResponse": { + "summary": "List of billing usage events for a JWT token ID", + "value": { + "total": 1, + "count": 1, + "start_index": 0, + "items_per_page": 100, + "items": [ + { + "nginx_uid": "b84b6b2a-721b-46ce-87a4-449fcbc62bae", + "nginx_version": "1.29.3", + "nap_status": "NAP_STATUS_ACTIVE", + "start_time": "2026-03-20T23:53:51.000Z", + "end_time": "2026-03-23T19:33:19.000Z", + "http_client_received": 11, + "http_client_sent": 12, + "http_client_connections": 13, + "http_client_requests": 14, + "http_upstream_received": 21, + "http_upstream_sent": 22, + "http_upstream_connections": 23, + "stream_client_received": 31, + "stream_client_sent": 32, + "stream_client_connections": 33, + "stream_upstream_received": 41, + "stream_upstream_sent": 42, + "stream_upstream_connections": 43, + "stream_connections": 0, + "user_agent": "nginx/r36", + "workers": 51, + "uptime": 52, + "reloads": 53, + "deployment_cluster_id": "d24cdb86-9788-4bb5-8d3d-b95d914a618c", + "deployment_cluster_node_count": 5, + "deployment_installation_id": "c548592a-5afb-4e23-84f0-8a5b197dcf96", + "deployment_product_type": "PRODUCT_TYPE_NIC", + "sub": "TST-ff13edf7-f912-42c0-ba2e-39c513bb3882", + "jti": "18a10260-0ec4-11f1-bbca-5d8e192a1888", + "f5_sat": 1772323200, + "f5_order_type": "paid", + "aud": "urn:f5:teem", + "iss": "F5 Inc.", + "iat": 1771637081, + "source_type": "SOURCE_TYPE_NGINX_ONE", + "dedup_version": "2026-03-23T19:33:32.284Z", + "event_id": "4nNhnUFf23Zf4PExDYtcYZUkfHlyW48JouApQkxFqzo=" + } + ] + } } }, "responses": { @@ -18868,6 +24805,26 @@ } } } + }, + "Forbidden": { + "description": "The requested operation is forbidden.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "Conflict": { + "description": "Requested operation cannot be performed at this time.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } }, "securitySchemes": { @@ -18889,6 +24846,7 @@ "name": "Manage NGINX Instances", "tags": [ "Instances", + "Feature Flags", "Config Sync Groups", "Certificates", "CVEs", @@ -18909,6 +24867,24 @@ "Settings" ] }, + { + "name": "NGINX Usage API", + "tags": [ + "Usage" + ] + }, + { + "name": "Chatbot API", + "tags": [ + "Chatbot" + ] + }, + { + "name": "NGINX Plus Usage Inventory", + "tags": [ + "Inventory" + ] + }, { "name": "F5 WAF for NGINX", "tags": [ @@ -18916,6 +24892,18 @@ "WAF Log Profiles" ] }, + { + "name": "Manage NAAS deployments", + "tags": [ + "Deployments" + ] + }, + { + "name": "Load Test API", + "tags": [ + "Load Test" + ] + }, { "name": "NGINX One Templates", "tags": [ @@ -18927,6 +24915,18 @@ "tags": [ "NGINX One App Protect" ] + }, + { + "name": "NGINX One Billing Usage Events API", + "tags": [ + "NGINX One Billing Usage Events" + ] + }, + { + "name": "NGINX Usage Ingest API", + "tags": [ + "UsageIngest" + ] } ] } \ No newline at end of file From 80d7a536685908e0654c594de147291b85de6775 Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Fri, 22 May 2026 14:44:02 -0700 Subject: [PATCH 6/8] Bold Submissions UI element --- .../nginx-configs/config-templates/template-submissions-view.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md index 026de51bf..3be1c6b3d 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md @@ -53,7 +53,7 @@ Select **Refresh** at the top right of the **Details** tab to reload both the te ## API reference -The Submissions section uses the following API operations: +The **Submissions** section uses the following API operations: - [List Template Submissions for Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/listTemplateSubmissionsForTemplate" >}}) — retrieves all submissions scoped to a specific template. - [Delete a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateSubmission" >}}) — permanently removes a submission by its `submissionObjectID`. From f623c0cbbb196342a347d3b86a110049d58b5bb9 Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Mon, 25 May 2026 15:09:33 +0100 Subject: [PATCH 7/8] feat: doc improvements --- .../config-templates/template-detail-view.md | 46 ++++++++++++++---- .../template-submissions-view.md | 48 ++++++++++++++----- .../config-templates/template-versions.md | 44 +++++++++++++---- 3 files changed, 108 insertions(+), 30 deletions(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md index fa45c809d..1c24e0859 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md @@ -3,37 +3,51 @@ f5-content-type: how-to f5-docs: DOCS-000 f5-product: NONECO title: View template details +description: "View metadata and version history for a config template on the Template Detail page in NGINX One Console." toc: true weight: 110 +f5-keywords: "template details, config templates, NGINX One Console, template metadata, template versions, Object ID, template state, F5 default template, tmpl, tmplv" +f5-summary: > + Use the Template Detail page in NGINX One Console to view metadata and version history for a config template. + The Details tab shows the template's type, state, object IDs, and all submissions created with it. The Versions tab lists every version with submission counts and timestamps. + This guide covers how to go to the Template Detail page, read each tab, and use the related API operation. +f5-audience: operator --- -# Overview +## Overview -This guide explains how to view detailed information about a template using the NGINX One Console. The Template Detail page provides key metadata about a template and its version history through two tabs: **Details** and **Versions**. +Use this page to view metadata and version history for a config template in NGINX One Console. The Template Detail page has two tabs: **Details** and **Versions**. -## Navigate to the Template Detail page +## Before you begin + +Before you begin, make sure you have: + +- **NGINX One Console access**: You need permission to view config templates. +- **An existing template**: At least one template must exist in **Manage > Config Templates**. + +## Go to the Template Detail page 1. In the NGINX One Console, go to **Manage > Config Templates**. -2. Select a template name from the list. Templates provided by F5 are identified by the F5 logo icon in the list. +2. Select a template name from the list. F5 templates show the F5 logo icon in the list. -The Template Detail page opens showing the **Details** tab by default. Select the **Versions** tab to view the full version history. +The **Details** tab opens by default. Select the **Versions** tab to view the full version history. ## Details tab -The **Details** tab contains a metadata summary card for the template and a [Submissions section]({{< ref "template-submissions-view.md" >}}) below it listing all submissions made using this template. +The **Details** tab contains a metadata summary card for the template and a [Submissions section]({{< ref "template-submissions-view.md" >}}) below it listing all submissions created with this template. The metadata summary card displays the following fields: {{}} | Field | Description | |-------|-------------| -| **Created** | The date and time the template was originally created. | +| **Created** | The date and time the template was created. | | **Type** | The template type: `base` or `augment`. See [Template types]({{< ref "author-templates.md#template-types" >}}) for details. | | **Is F5 Default** | Displayed for templates provided by F5. F5 default templates are immutable and cannot be modified or deleted. | -| **Object ID** | The unique identifier for the template (`tmpl_...`). Use the copy button to copy this value for template-level API operations such as [updating metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateMetadata" >}}) or [copying a template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/copyTemplate" >}}). | +| **Object ID** | The unique identifier for the template (`tmpl_...`). Use this value in API operations for the template, such as [updating metadata]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/updateTemplateMetadata" >}}) or [copying a template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/copyTemplate" >}}). Select the copy button to copy it. | | **State** | The state of the latest template version: `draft` (editable) or `final` (immutable, shown with a lock icon). | | **Latest Version** | The version number of the most recent template version. | -| **Description** | The human-readable description of the template, if one was provided. | +| **Description** | The human-readable description of the template, if the author provided one. | | **Latest Object ID** | The unique identifier for the latest template version (`tmplv_...`). Use the copy button to copy this value for version-level API operations, such as providing the `object_id` when [submitting templates]({{< ref "submit-templates.md" >}}). | {{}} @@ -56,7 +70,19 @@ Select **Refresh** at the top right of the page to reload the template details f The Template Detail page uses the [Retrieve a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/getTemplate" >}}) API operation, which returns the latest version details including metadata, file contents, and submission count. -## See also +## Troubleshooting + +### Template details don't load + +**Symptom**: The Template Detail page shows no data or an error. + +**Cause**: The template may have been deleted, or you may not have permission to view it. + +**Fix**: Go to **Manage > Config Templates** and confirm the template exists. If it does, ask your administrator to check your access permissions. + +## References + +For more information, see: - [View template versions]({{< ref "template-versions.md" >}}) - [View template submissions]({{< ref "template-submissions-view.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md index 3be1c6b3d..59a4b4bf1 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-submissions-view.md @@ -3,17 +3,31 @@ f5-content-type: how-to f5-docs: DOCS-000 f5-product: NONECO title: View template submissions +description: "View and manage template submissions for a config template in NGINX One Console." toc: true weight: 130 +f5-keywords: "template submissions, config templates, NGINX One Console, submission management, template detail, delete submission, Submit Templates API, submissionObjectID, staged config" +f5-summary: > + Use the Submissions section on the Template Detail page to view and manage all submissions created for a config template in NGINX One Console. + Each submission row shows which templates and targets were involved, when the submission was created, and when it was last updated. + This guide covers how to go to the Submissions section, read the data grid, delete a submission, and use the related API operations. +f5-audience: operator --- -# Overview +## Overview -This guide explains how to view and manage submissions associated with a template using the NGINX One Console. The **Submissions** section on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every submission made using that template. +Use this page to view and manage template submissions in NGINX One Console. The **Submissions** section on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every submission for that template. -Each row represents a persisted submission that was created by the [Submit Templates]({{< ref "submit-templates.md" >}}) API. From this view you can inspect which templates and targets are involved in each submission and delete submissions that are no longer needed. +Each row is a submission the [Submit Templates]({{< ref "submit-templates.md" >}}) API created. You can inspect which templates and targets are in each submission and delete submissions you no longer need. -## Navigate to the Submissions section +## Before you begin + +Before you begin, make sure you have: + +- **NGINX One Console access**: You need permission to view and manage config templates. +- **An existing template**: At least one template must exist in **Manage > Config Templates**. + +## Go to the Submissions section 1. In the NGINX One Console, go to **Manage > Config Templates**. 2. Select a template name from the list. @@ -26,25 +40,25 @@ The **Submissions** section displays the following columns: {{}} | Column | Description | |--------|-------------| -| **Created On** | The date and time the submission was originally created. | +| **Created On** | The date and time the submission was created. | | **Description** | The description provided when the submission was created, if one was set. | | **Templates** | Tag list of all templates included in the submission (base and augments). Hover over a tag to see the template name, type, version used, and latest available version. | | **Targets** | A count badge showing the number of staged config targets the submission published to. Hover over the badge to see each target's object ID. | | **Last Modified** | The date and time the submission was last updated. | {{}} -The list supports sorting by **Created On**, **Description**, and **Last Modified**, and text search across all visible columns. +You can sort the list by **Created On**, **Description**, and **Last Modified**. You can also search across all visible columns. {{< call-out "tip" >}} -The **Templates** column tooltip surfaces the version used at submission time alongside the latest available version. If these differ, a newer version of the template is available and the submission can be updated using [Update a submission]({{< ref "submit-templates.md#update-a-submission" >}}). +The **Templates** column tooltip shows the version used at submission time alongside the latest available version. If these differ, a newer version of the template is available. You can update the submission using [Update a submission]({{< ref "submit-templates.md#update-a-submission" >}}). {{< /call-out >}} ## Delete a submission -To delete a submission, select the **Delete** action on the submission row and confirm the dialog. +To delete a submission, select **Delete** on the submission row and confirm the pop-up window. {{< call-out "caution" >}} -Deleting a submission is **irreversible** and permanently removes all stored input values and payloads for that submission. The target staged config is not affected — only the submission record is deleted. +Deleting a submission is **irreversible** and permanently removes all stored input values and payloads for that submission. Deleting the submission record doesn't affect the target staged config. {{< /call-out >}} ## Refresh @@ -58,9 +72,21 @@ The **Submissions** section uses the following API operations: - [List Template Submissions for Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/listTemplateSubmissionsForTemplate" >}}) — retrieves all submissions scoped to a specific template. - [Delete a Template Submission]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateSubmission" >}}) — permanently removes a submission by its `submissionObjectID`. -For full submission management operations including retrieving, updating, and deleting submissions via the API, see [Manage template submissions]({{< ref "submit-templates.md#manage-template-submissions" >}}). +For full submission management including retrieving, updating, and deleting submissions through the API, see [Manage template submissions]({{< ref "submit-templates.md#manage-template-submissions" >}}). + +## Troubleshooting + +### Submissions list is empty + +**Symptom**: The **Submissions** section shows no rows. + +**Cause**: No submissions have been created for this template yet. + +**Fix**: Use the [Submit Templates]({{< ref "submit-templates.md" >}}) API to create a submission. + +## References -## See also +For more information, see: - [View template details]({{< ref "template-detail-view.md" >}}) - [Submit templates]({{< ref "submit-templates.md" >}}) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-versions.md b/content/nginx-one-console/nginx-configs/config-templates/template-versions.md index daf2b3687..3871ac3e0 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-versions.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-versions.md @@ -3,20 +3,34 @@ f5-content-type: how-to f5-docs: DOCS-000 f5-product: NONECO title: View template versions +description: "View and manage the version history of a config template on the Versions tab in NGINX One Console." toc: true weight: 120 +f5-keywords: "template versions, config templates, NGINX One Console, version history, draft, final, template state, delete version, templateVersionObjectID, version data grid" +f5-summary: > + Use the Versions tab on the Template Detail page to view and manage the version history for a config template in NGINX One Console. + Each row shows the version number, last modified date, description, and how many submissions reference that version. + This guide covers how to go to the Versions tab, read the data grid, and delete a version. +f5-audience: operator --- -# Overview +## Overview -This guide explains how to view and manage the version history of a template using the NGINX One Console. The **Versions** tab on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every version created for a template and shows how many active submissions reference each version. +Use this page to view and manage the version history for a config template in NGINX One Console. The **Versions** tab on the [Template Detail page]({{< ref "template-detail-view.md" >}}) lists every version for a template and shows how many submissions reference each version. -A new version is created each time the template content changes. Versions progress through two states: +A new version is created each time the template content changes. Versions have two states: - **`draft`** — editable; content can still be updated in place. - **`final`** — immutable; any further content changes create a new draft version. -## Navigate to the Versions tab +## Before you begin + +Before you begin, make sure you have: + +- **NGINX One Console access**: You need permission to view config templates. +- **An existing template**: At least one template must exist in **Manage > Config Templates**. + +## Go to the Versions tab 1. In the NGINX One Console, go to **Manage > Config Templates**. 2. Select a template name from the list. @@ -31,11 +45,11 @@ The **Versions** tab displays the following columns: |--------|-------------| | **Version** | The sequential version number. Version 1 is the initial version created at import. Each subsequent content change increments this number. | | **Modified** | The date and time the version was last modified. | -| **Description** | The description associated with the template version, if one was provided. | +| **Description** | The description associated with the template version, if the author provided one. | | **Submissions** | The total number of template submissions that reference this specific version. | {{}} -The list can be sorted by **Version**, **Modified**, or **Description**, and supports text search across all visible columns. +You can sort the list by **Version**, **Modified**, or **Description**. You can also search across all visible columns. {{< call-out "note" >}} The **Submissions** count reflects the number of submissions referencing a specific version, not the latest version overall. A version with a non-zero submission count cannot be deleted. @@ -43,13 +57,13 @@ The **Submissions** count reflects the number of submissions referencing a speci ## Delete a version -To delete a template version, select the delete action on the version row and confirm the dialog. +To delete a template version, select **Delete** on the version row and confirm the pop-up window. {{< call-out "important" >}} The following constraints apply when deleting a template version: - **The latest version cannot be deleted.** To remove the entire template including the latest version, use [Delete a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplate" >}}) instead. -- **A version with associated submissions cannot be deleted.** The **Submissions** column shows the count. Resolve or delete the associated submissions before attempting to remove the version. +- **A version with associated submissions cannot be deleted.** The **Submissions** column shows the count. Delete the associated submissions before deleting the version. {{< /call-out >}} ## Refresh @@ -63,7 +77,19 @@ The **Versions** tab uses the following API operations: - [List template versions]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/listTemplateVersions" >}}) — retrieves all versions for a template. - [Delete a template version]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplateVersion" >}}) — deletes a specific version by its `templateVersionObjectID`. Returns `409 Conflict` if the version has associated submissions. -## See also +## Troubleshooting + +### Version can't be deleted + +**Symptom**: The **Delete** action is unavailable or returns an error. + +**Cause**: The version has associated submissions, or it's the latest version. + +**Fix**: Check the **Submissions** column count. Delete any associated submissions before deleting the version. To remove the entire template including the latest version, use the [Delete a Template]({{< ref "/nginx-one-console/api/api-reference-guide/#operation/deleteTemplate" >}}) API operation. + +## References + +For more information, see: - [View template details]({{< ref "template-detail-view.md" >}}) - [Author templates]({{< ref "author-templates.md" >}}) From af3c1707695b95f7c55388f0bf40f9d5959c016d Mon Sep 17 00:00:00 2001 From: Patrick Pfrehm Date: Tue, 26 May 2026 07:35:44 -0700 Subject: [PATCH 8/8] Mention template submissions --- .../config-templates/template-detail-view.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md index 1c24e0859..068e046e2 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md +++ b/content/nginx-one-console/nginx-configs/config-templates/template-detail-view.md @@ -3,12 +3,12 @@ f5-content-type: how-to f5-docs: DOCS-000 f5-product: NONECO title: View template details -description: "View metadata and version history for a config template on the Template Detail page in NGINX One Console." +description: "View metadata, submissions and version history for a config template on the Template Detail page in NGINX One Console." toc: true weight: 110 -f5-keywords: "template details, config templates, NGINX One Console, template metadata, template versions, Object ID, template state, F5 default template, tmpl, tmplv" +f5-keywords: "template details, config templates, NGINX One Console, template metadata, template submissions, template versions, Object ID, template state, F5 default template, tmpl, tmplv" f5-summary: > - Use the Template Detail page in NGINX One Console to view metadata and version history for a config template. + Use the Template Detail page in NGINX One Console to view metadata, submissions and version history for a config template. The Details tab shows the template's type, state, object IDs, and all submissions created with it. The Versions tab lists every version with submission counts and timestamps. This guide covers how to go to the Template Detail page, read each tab, and use the related API operation. f5-audience: operator @@ -16,7 +16,7 @@ f5-audience: operator ## Overview -Use this page to view metadata and version history for a config template in NGINX One Console. The Template Detail page has two tabs: **Details** and **Versions**. +Use this page to view metadata, submissions and version history for a config template in NGINX One Console. The Template Detail page has two tabs: **Details** and **Versions**. ## Before you begin