Skip to content

Commit 5a15d17

Browse files
fabriziofioruccifabriziofiorucci
authored
5.2.0 (#72)
* 20240930-01 initial branch commit * 20240930-02 dev * 20241001-01 renamed NGINX One Cloud Console into NGINX One Console * 20241001-01 renamed NGINX One Cloud Console into NGINX One Console * 20241001-01 renamed NGINX One Cloud Console into NGINX One Console * 20241024 * 20241121-01 - NGINX Plus R33 support added * 20241121-02 - NGINX Plus R33 support added * 20241121-03 - NGINX Plus R33 support added * 20241122-01 - NGINX Plus R33 support added
1 parent f2d7a69 commit 5a15d17

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+8420
-5484
lines changed

.gitignore

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,9 @@ Thumbs.db
2020
=======
2121
/.idea/
2222
/src/__pycache__/
23-
/src/v4_2/__pycache__/
2423
/src/v5_0/__pycache__/
2524
/src/v5_1/__pycache__/
25+
/src/v5_2/__pycache__/
2626
/contrib/devportal/redocly/src/__pycache__/
2727
/contrib/app-protect/src/__pycache__/
2828
/venv/

FEATURES.md

+40-40
Large diffs are not rendered by default.

README.md

+14-12
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22

33
[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
44

5-
This project provides a set of declarative REST API for [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) and [NGINX One Cloud Console](https://docs.nginx.com/nginx-one/)
5+
This project provides a set of declarative REST API for [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) and [NGINX One Console](https://docs.nginx.com/nginx-one/)
66

77
It can be used to manage NGINX Plus configuration lifecycle and to create NGINX Plus configurations using JSON service definitions.
88

99
GitOps integration is supported: source of truth is checked for updates (NGINX App Protect policies, TLS certificates, keys and chains/bundles, Swagger/OpenAPI definitions, snippets) and NGINX configurations are automatically kept in sync.
1010

1111
Use cases include:
1212

13-
- Integration with NGINX Instance Manager (instance group) and NGINX One Cloud Console (config sync group)
13+
- Integration with NGINX Instance Manager (instance group) and NGINX One Console (config sync group)
1414
- NGINX App Protect DevSecOps integration (NGINX Instance Manager only)
1515
- API Gateway deployments with automated Swagger / OpenAPI schema import
1616
- API Developer portals zero-touch deployment (redocly and backstage supported)
@@ -28,10 +28,12 @@ A **blog article** to automate NGINX API Gateway management from OpenAPI schemas
2828

2929
## Supported releases
3030

31-
- NGINX Instance Manager 2.14+
32-
- NGINX One Cloud Console
33-
- NGINX Plus R30+
34-
- NGINX App Protect WAF 4 and 5
31+
- [NGINX Instance Manager 2.14+](https://docs.nginx.com/nginx-management-suite/nim/)
32+
- [NGINX One Console](https://docs.nginx.com/nginx-one/)
33+
- [NGINX Plus R30+](https://docs.nginx.com/nginx/)
34+
- NGINX App Protect WAF [4](https://docs.nginx.com/nginx-app-protect-waf/v4/) and [5](https://docs.nginx.com/nginx-app-protect-waf/v5/)
35+
36+
**Note**: NGINX Plus R33 and above [require a valid license](https://docs.nginx.com/solutions/about-subscription-licenses/) and the `.output.license` section in the declarative JSON is required. See the [usage notes](/USAGE-v5.2.md) for further details. [Postman collection](/contrib/postman) examples are provided for R33.
3537

3638
## Architecture
3739

@@ -44,7 +46,7 @@ stateDiagram-v2
4446
Client: REST Client
4547
Pipeline: CI/CD Pipeline
4648
NIM: NGINX Instance Manager
47-
N1: NGINX One Cloud Console
49+
N1: NGINX One Console
4850
AGENT1: NGINX Agent
4951
NGINX1: NGINX
5052
AGENT2: NGINX Agent
@@ -90,7 +92,7 @@ participant Source of Truth
9092
participant NGINX Declarative API Core
9193
participant Redis
9294
participant Developer Portal Service
93-
participant NGINX Instance Manager / NGINX One
95+
participant NGINX Instance Manager / NGINX One Console
9496
participant NGINX
9597
9698
box NGINX Declarative API
@@ -135,7 +137,7 @@ end
135137
## Output formats
136138

137139
- [X] Output to NGINX Instance Manager 2.14+ imperative REST API (instance group)
138-
- [X] Output to NGINX One Cloud Console REST API (config sync group)
140+
- [X] Output to NGINX One Console REST API (config sync group)
139141

140142
## Supported features
141143

@@ -145,9 +147,9 @@ See the [features list](/FEATURES.md)
145147

146148
Usage details and JSON schema are available here:
147149

148-
- [API v5.1](/USAGE-v5.1.md) - latest
149-
- [API v5.0](/USAGE-v5.0.md)
150-
- [API v4.2](/USAGE-v4.2.md) - deprecated
150+
- [API v5.2](/USAGE-v5.2.md) - latest - required for NGINX Plus R33+
151+
- [API v5.1](/USAGE-v5.1.md)
152+
- [API v5.0](/USAGE-v5.0.md) - deprecated
151153

152154
A sample Postman collection and usage instructions can be found [here](/contrib/postman)
153155

USAGE-v4.2.md

-200
This file was deleted.

USAGE-v5.1.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Version 5.1 supports:
44

55
- [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) 2.14+
66
- [NGINX One Cloud Console](https://docs.nginx.com/nginx-one/)
7-
- [NGINX Plus](https://docs.nginx.com/nginx/) R30+
7+
- [NGINX Plus](https://docs.nginx.com/nginx/) R30, R31, R32
88
- [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) 4 with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
99

1010
The JSON schema is self explanatory. See also the [sample Postman collection](/contrib/postman) for usage examples

USAGE-v5.2.md

+64
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
# Usage for NGINX Declarative API v5.2
2+
3+
Version 5.2 supports:
4+
5+
- [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) 2.14+. Version 2.18+ is required for NGINX R33 and above
6+
- [NGINX One Console](https://docs.nginx.com/nginx-one/)
7+
- [NGINX Plus](https://docs.nginx.com/nginx/) R31, R32, R33+
8+
- [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) 4 with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
9+
10+
The JSON schema is self explanatory. See also the [sample Postman collection](/contrib/postman) for usage examples
11+
12+
- `.output.license` defines the JWT license to use for NGINX Plus R33+
13+
- `.output.license.endpoint` the usage reporting endpoint (defaults to `product.connect.nginx.com`). NGINX Instance Manager address can be used here
14+
- `.output.license.token` the JWT license token
15+
- `.output.license.ssl_verify` set to `false` to trust all SSL certificates (not recommended). Useful for reporting to NGINX Instance Manager without a local PKI.
16+
- `.output.license.grace_period` Set to 'true' to begin the 180-day reporting enforcement grace period. Reporting must begin or resume before the end of the grace period to ensure continued operation
17+
- `.output.type` defines how NGINX configuration will be returned:
18+
- *nms* - NGINX configuration is published as a Staged Config to NGINX Instance Manager
19+
- `.output.nms.url` the NGINX Instance Manager URL
20+
- `.output.nms.username` the NGINX Instance Manager authentication username
21+
- `.output.nms.password` the NGINX Instance Manager authentication password
22+
- `.output.nms.instancegroup` the NGINX Instance Manager instance group to publish the configuration to
23+
- `.output.nms.synctime` **optional**, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked every `synctime` seconds and if external contents have changed, the updated configuration will automatically be published to NGINX Instance Manager
24+
- `.output.nms.modules` an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module')
25+
- `.output.nms.certificates` an optional array of TLS certificates/keys/chains to be published
26+
- `.output.nms.certificates[].type` the item type ('certificate', 'key', 'chain')
27+
- `.output.nms.certificates[].name` the certificate/key/chain name with no path/extension (ie. 'test-application')
28+
- `.output.nms.certificates[].contents` the content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
29+
- `.output.nms.policies[]` an optional array of NGINX App Protect security policies
30+
- `.output.nms.policies[].type` the policy type ('app_protect')
31+
- `.output.nms.policies[].name` the policy name (ie. 'prod-policy')
32+
- `.output.nms.policies[].active_tag` the policy tag to enable among all available versions (ie. 'v1')
33+
- `.output.nms.policies[].versions[]` array with all available policy versions
34+
- `.output.nms.policies[].versions[].tag` the policy version's tag name
35+
- `.output.nms.policies[].versions[].displayName` the policy version's display name
36+
- `.output.nms.policies[].versions[].description` the policy version's description
37+
- `.output.nms.policies[].versions[].contents` this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
38+
- *nginxone* - NGINX configuration is published to a NGINX One Console config sync group
39+
- `.output.nginxone.url` the NGINX One Console URL
40+
- `.output.nginxone.namespace` the NGINX One Console namespace
41+
- `.output.nginxone.token` the authentication token
42+
- `.output.nginxone.configsyncgroup` the NGINX One Console config sync group name
43+
- `.output.nginxone.synctime` **optional**, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked every `synctime` seconds and if external contents have changed, the updated configuration will automatically be published to NGINX One Cloud Console
44+
- `.output.nginxone.modules` an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module')
45+
- `.output.nginxone.certificates` an optional array of TLS certificates/keys/chains to be published
46+
- `.output.nginxone.certificates[].type` the item type ('certificate', 'key', 'chain')
47+
- `.output.nginxone.certificates[].name` the certificate/key/chain name with no path/extension (ie. 'test-application')
48+
- `.output.nginxone.certificates[].contents` the content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
49+
- `.declaration` describes the NGINX configuration to be created
50+
- `.declaration.http[]` NGINX HTTP definitions
51+
- `.declaration.layer4[]` NGINX TCP/UDP definitions
52+
- `.declaration.resolvers[]` DNS resolvers definitions
53+
54+
### API endpoints
55+
56+
- `POST /v5.2/config/` - Publish a new declaration
57+
- `PATCH /v5.2/config/{config_uid}` - Update an existing declaration
58+
- Per-HTTP server CRUD
59+
- Per-HTTP upstream CRUD
60+
- Per-Stream server CRUD
61+
- Per-Stream upstream CRUD
62+
- Per-NGINX App Protect WAF policy CRUD
63+
- `GET /v5.2/config/{config_uid}` - Retrieve an existing declaration
64+
- `DELETE /v5.2/config/{config_uid}` - Delete an existing declaration

0 commit comments

Comments
 (0)