NGINX Declarative API v5.5.0 (#95)

* 5.4.2 dev

* API Gateway parameters enforcement

* 5.4.2 dev

* API Gateway parameters enforcement

* API Gateway parameters enforcement

* API Gateway parameters enforcement

* Added OpenAPI schema query string parameters check enforcement

* Added OpenAPI schema query string parameters check enforcement

* Default policy added

* HTTP location statistics added

* API Gateway location statistics added

* Template fixes

* Bugfixes

* v5.5 initial commit

* README updated

* NGINX Declarative API v5.5.0

* USAGE-v5.5.md updated

Author: fabriziofiorucci

.gitignore

@@ -20,7 +20,7 @@ Thumbs.db
 =======
 /.idea/
 /src/__pycache__/
-/src/v5_3/__pycache__/
 /src/v5_4/__pycache__/
+/src/v5_5/__pycache__/
 /contrib/devportal/redocly/src/__pycache__/
 /venv/

FEATURES.md

@@ -44,7 +44,7 @@ A **blog article** to automate NGINX API Gateway management from OpenAPI schemas
 
 ## 🚀 Supported releases
 
-- [F5 NGINX Instance Manager 2.14+](https://docs.nginx.com/nginx-instance-manager/)
+- [F5 NGINX Instance Manager 2.20+](https://docs.nginx.com/nginx-instance-manager/)
 - [F5 NGINX One Console](https://docs.nginx.com/nginx-one/)
 - [F5 NGINX Plus R33+](https://docs.nginx.com/nginx/)
 - [F5 WAF for NGINX](https://docs.nginx.com/waf/)
@@ -203,8 +203,8 @@ end
 
 ## 🧾 Output formats
 
-- [X] Output to F5 NGINX Instance Manager 2.14+ imperative REST API (instance group)
-- [X] Output to F5 NGINX One Console REST API (config sync group)
+- [X] Output to [F5 NGINX Instance Manager](https://docs.nginx.com/nginx-instance-manager/) 2.20+ imperative REST API (instance group)
+- [X] Output to [F5 NGINX One Console](https://docs.nginx.com/nginx-one-console/) REST API (config sync group)
 
 ## 🌟 Supported features
 
@@ -214,8 +214,8 @@ See the [features list](/FEATURES.md)
 
 Usage details and JSON schema are available here:
 
-- [API v5.4](/USAGE-v5.4.md) - latest
-- [API v5.3](/USAGE-v5.3.md) - stable
+- [API v5.5](/USAGE-v5.5.md) - latest
+- [API v5.4](/USAGE-v5.4.md) - stable
 
 A sample Postman collection and usage instructions can be found [here](/contrib/postman)
 

README.md

@@ -1,19 +1,22 @@
-# Usage for NGINX Declarative API v5.3
+# Usage for NGINX Declarative API v5.5
 
-Version 5.3 supports:
+Version 5.5 supports:
 
-- [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) 2.14+. Version 2.18+ is required for NGINX R33 and above
-- [NGINX One Console](https://docs.nginx.com/nginx-one/)
-- [NGINX Plus](https://docs.nginx.com/nginx/) R31+
-- [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) v4 or v5 with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
+- [NGINX Instance Manager](https://docs.nginx.com/nginx-instance-manager/ 2.20+
+- [NGINX One Console](https://docs.nginx.com/nginx-one-console/)
+- [NGINX Plus](https://docs.nginx.com/nginx/) R33+
+- [F5 WAF for NGINX](https://docs.nginx.com/waf/) with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
 
 The JSON schema is self explanatory. See also the [sample Postman collection](/contrib/postman) for usage examples
 
 - `.output.license` defines the JWT license to use for NGINX Plus R33+
-  - `.output.license.endpoint` the usage reporting endpoint (defaults to `product.connect.nginx.com`). NGINX Instance Manager address can be used here
+  - `.output.license.endpoint` the usage reporting endpoint (defaults to `product.connect.nginx.com`). NGINX Instance Manager address or FQDN can be used here
   - `.output.license.token` the JWT license token. If this field is omitted, it is assumed that a `/etc/nginx/license.jwt` token already exists on the instance and it won't be replaced
   - `.output.license.ssl_verify` set to `false` to trust all SSL certificates (not recommended). Useful for reporting to NGINX Instance Manager without a local PKI.
   - `.output.license.grace_period` Set to 'true' to begin the 180-day reporting enforcement grace period. Reporting must begin or resume before the end of the grace period to ensure continued operation
+  - `.output.license.proxy` The optional explicit forward proxy `IP_address:port` or `FQDN:port` for usage reporting
+  - `.output.license.proxy_username` The optional explicit forward proxy authentication username for usage reporting
+  - `.output.license.proxy_password` The optional explicit forward proxy authentication password for usage reporting
 - `.output.type` defines how NGINX configuration will be returned:
   - *nms* - NGINX configuration is published as a Staged Config to NGINX Instance Manager
     - `.output.nms.url` the NGINX Instance Manager URL
@@ -48,29 +51,20 @@ The JSON schema is self explanatory. See also the [sample Postman collection](/c
       - `.output.nginxone.certificates[].type` the item type ('certificate', 'key', 'chain')
       - `.output.nginxone.certificates[].name` the certificate/key/chain name with no path/extension (ie. 'test-application')
       - `.output.nginxone.certificates[].contents` the content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
-    - `.output.nginxone.policies[]` an optional array of NGINX App Protect security policies
-      - `.output.nginxone.policies[].type` the policy type ('app_protect')
-      - `.output.nginxone.policies[].name` the policy name (ie. 'prod-policy')
-      - `.output.nginxone.policies[].active_tag` the policy tag to enable among all available versions (ie. 'v1')
-      - `.output.nginxone.policies[].versions[]` array with all available policy versions
-      - `.output.nginxone.policies[].versions[].tag` the policy version's tag name
-      - `.output.nginxone.policies[].versions[].displayName` the policy version's display name
-      - `.output.nginxone.policies[].versions[].description` the policy version's description
-      - `.output.nginxone.policies[].versions[].contents` this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
 - `.declaration` describes the NGINX configuration to be created
   - `.declaration.http[]` NGINX HTTP definitions
   - `.declaration.layer4[]` NGINX TCP/UDP definitions
   - `.declaration.resolvers[]` DNS resolvers definitions
 
 ### API endpoints
 
-- `POST /v5.3/config/` - Publish a new declaration
-- `PATCH /v5.3/config/{config_uid}` - Update an existing declaration
+- `POST /v5.5/config/` - Publish a new declaration
+- `PATCH /v5.5/config/{config_uid}` - Update an existing declaration
   - Per-HTTP server CRUD
   - Per-HTTP upstream CRUD
   - Per-Stream server CRUD
   - Per-Stream upstream CRUD
   - Per-NGINX App Protect WAF policy CRUD
-- `GET /v5.3/config/{configUid}/submission/{submissionUid}` - Retrieve a submission (asynchronous `PATCH` request) status
-- `GET /v5.3/config/{config_uid}` - Retrieve an existing declaration
-- `DELETE /v5.3/config/{config_uid}` - Delete an existing declaration
+- `GET /v5.5/config/{configUid}/submission/{submissionUid}` - Retrieve a submission (asynchronous `PATCH` request) status
+- `GET /v5.5/config/{config_uid}` - Retrieve an existing declaration
+- `DELETE /v5.5/config/{config_uid}` - Delete an existing declaration

USAGE-v5.3.md USAGE-v5.5.mdUSAGE-v5.3.md renamed to USAGE-v5.5.md

@@ -1,5 +1,3 @@
-version: "3.9"
-
 volumes:
   redis_data:
 

contrib/docker-compose/docker-compose.yaml

@@ -50,7 +50,7 @@ COMPOSE_HTTP_TIMEOUT=240 docker-compose -p $PROJECT_NAME -f $DOCKER_COMPOSE_YAML
 }
 
 #
-# NGINX Declarative API removal
+# NGINX Declarative API image build
 #
 nginx_dapi_build() {
 

contrib/docker-compose/nginx-dapi.sh

@@ -0,0 +1,8 @@
+{
+    "policy": {
+        "name": "nms_app_protect_default_policy",
+        "template": {
+            "name": "POLICY_TEMPLATE_NGINX_BASE"
+        }
+    }
+}