From 6894f32f761981318bda8cbd4bbcb41f42a0296d Mon Sep 17 00:00:00 2001 From: sra Date: Tue, 3 Mar 2026 19:54:02 +0530 Subject: [PATCH 1/6] Adding security services and operations spec --- .../operations/config-operations-feb-v1.yaml | 867 ------------------ .../cloudngfw/operations/operations.yaml | 708 ++++++++++++++ .../security/security-services-march.yaml} | 138 ++- .../operations/config-operations-feb-v1.yaml | 867 ------------------ .../config/ngfw/operations/operations.yaml | 708 ++++++++++++++ .../security/security-services-march.yaml} | 138 ++- .../operations/config-operations-feb-v1.yaml | 867 ------------------ .../config/sase/operations/operations.yaml | 708 ++++++++++++++ .../security/security-services-march.yaml} | 138 ++- 9 files changed, 2529 insertions(+), 2610 deletions(-) delete mode 100644 openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml create mode 100644 openapi-specs/scm/config/cloudngfw/operations/operations.yaml rename openapi-specs/scm/config/{sase/security/security-services_v1.1_feb.yaml => cloudngfw/security/security-services-march.yaml} (98%) delete mode 100644 openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml create mode 100644 openapi-specs/scm/config/ngfw/operations/operations.yaml rename openapi-specs/scm/config/{cloudngfw/security/security-services_v1.1_feb.yaml => ngfw/security/security-services-march.yaml} (98%) delete mode 100644 openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml create mode 100644 openapi-specs/scm/config/sase/operations/operations.yaml rename openapi-specs/scm/config/{ngfw/security/security-services_v1.1_feb.yaml => sase/security/security-services-march.yaml} (98%) diff --git a/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml deleted file mode 100644 index 6cea9c4c6..000000000 --- a/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml +++ /dev/null @@ -1,867 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Config Operations - description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' - description: Current - - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' - description: Legacy -paths: - /jobs: - get: - tags: - - Jobs - summary: List jobs - description: | - Retrieve a list of configuration jobs. - operationId: ListJobs - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/jobs' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/jobs/{id}': - get: - tags: - - Jobs - summary: Get a job - description: | - Get an existing configuration job. - operationId: GetJobsByID - parameters: - - $ref: '#/components/parameters/jobid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/jobs-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/config-versions:load': - post: - tags: - - Config Versions - summary: Load config version - description: | - Load a specific configuration version into the candidate configuration. - operationId: LoadConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/load-config' - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/candidate:push': - post: - tags: - - Config Versions - summary: Push the candidate configuration - description: | - Push the candidate configuration. - operationId: PushCandidateConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - type: object - properties: - admin: - type: array - description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. - items: - type: string - description: - type: string - description: A description of the changes being pushed - allOf: - - type: object - title: folders - properties: - folder: - type: array - description: The target folders for the configuration push - uniqueItems: true - items: - type: string - pattern: ^[a-zA-Z\d-_\. ]+$ - maxLength: 64 - example: [Prisma Access, Mobile Users, Service Conncetions] - required: - - folders - - type: object - title: devices - properties: - devices: - type: array - description: The target devices for the configuration push - uniqueItems: true - items: - type: number - maxLength: 16 - example: [007951000388704, 007951000388707, 007051000239252] - required: - - folders - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /config-versions: - get: - tags: - - Config Versions - summary: List configuration versions - description: | - Retrieve a list of configuration versions. - operationId: ListConfigVersions - parameters: - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/config-version' - offset: - type: integer - limit: - type: integer - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/candidate: - delete: - tags: - - Config Versions - summary: Delete a candidate configuration - description: | - Delete a candidate configuration. Roll back to the running configuration. - operationId: DeleteCandidateConfigVersions - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/{version}': - get: - tags: - - Config Versions - summary: Get config by version - description: | - Get config by version. - operationId: GetConfigVersionsByID - parameters: - - $ref: '#/components/parameters/version' - responses: - '200': - description: OK - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/config-version' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/running: - get: - tags: - - Config Versions - summary: Get running configuration versions - description: | - Get the running configuration versions on each folder. - operationId: GetRunningConfigVersions - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/running-config-versions-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' -tags: - - name: Config Versions - description: Config Versions - - name: Jobs - description: Jobs -components: - parameters: - limit: - name: limit - in: query - description: The maximum number of results per page - required: false - schema: - type: integer - default: 200 - offset: - name: offset - in: query - description: The offset into the list of results returned - required: false - schema: - type: integer - default: 0 - jobid: - name: id - in: path - description: The ID of the job - required: true - schema: - type: string - version: - name: version - in: path - description: The configuration version number - required: true - schema: - type: integer - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: E016 - message: Not Authenticated - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: E016 - message: Invalid Credential - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: E016 - message: Key Too Long - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: E016 - message: Key Expired - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: E016 - message: The password needs to be changed. - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: E007 - message: Unauthorized - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: E012 - message: Version Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: E012 - message: Method Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: E003 - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: E003 - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: E003 - message: 'Missing Query Parameter: name' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: E003 - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: E003 - message: Missing Body - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: E012 - message: 'Action Not Supported: move' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: E013 - message: Bad XPath - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: E005 - message: Object Not Present - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: E016 - message: Object Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: E006 - message: Name Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: E009 - message: Reference Not Zero - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: E003 - message: Invalid Object - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: E003 - message: Invalid Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: E003 - message: Malformed Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - schemas: - jobs: - type: object - properties: - device_name: - type: string - description: The name of the device - end_ts: - type: string - description: The timestamp indicating when the job was finished - id: - type: string - description: The job ID - example: "115" - job_result: - type: string - description: The job result - example: "2" - job_status: - type: string - description: The current status of the job - example: "2" - job_type: - type: string - description: The job type - example: "53" - parent_id: - type: string - description: The parent job ID - example: "114" - percent: - type: string - description: Job completion percentage - result_str: - type: string - enum: - - OK - - FAIL - - PEND - - WAIT - - CANCELLED - - TIMEOUT - description: The result of the job - start_ts: - type: string - description: The timestamp indicating when the job was created - status_str: - type: string - enum: - - ACT - - FIN - - PEND - - PUSHSENT - - PUSHFAIL - - PUSHABORT - - PUSHTIMEOUT - description: The current status of the job - summary: - type: string - description: The completion summary of the job - type_str: - type: string - enum: - - CommitAll - - CommitAndPush - - NGFW-Bootstrap-Push - - Validate - description: The job type - example: CommitAndPush - uname: - type: string - description: The administrator or service account that created the job - format: email - description: - type: string - description: A description provided by the administrator or service account - example: Added a new security rule for marketing - details: - type: string - description: JSON string with detailed errors or info - example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" - required: - - device_name - - end_ts - - id - - job_result - - job_status - - job_type - - parent_id - - percent - - result_str - - start_ts - - status_str - - summary - - type_str - - uname - load-config: - type: object - properties: - version: - type: integer - config-version: - type: object - properties: - id: - type: integer - description: The configuration version - version: - type: string - description: The configuration version name - date: - type: string - format: date-time - admin: - type: string - description: The administrator or service account that pushed this configuration version - format: email - scope: - type: string - description: - type: string - swg_config: - type: string - updated: - type: number - created: - type: number - deleted: - type: number - ngfw_scope: - type: string - description: A comma separated list of firewall serial numbers - types: - type: string - impacted_devices: - type: string - edited_by: - type: string - required: - - id - - version - - date - - admin - - scope - - description - - updated - - created - - deleted - - types - - impacted_devices - - edited_by - running-versions: - type: object - properties: - device: - type: string - description: The folder name or firewall serial number - version: - type: integer - description: The configuration version number - date: - type: string - description: The timestamp of when the configuration version was pushed to the folder or firewall - format: date-time - required: - - device - - version - - date - jobs-response: - type: object - description: Response containing job data - properties: - data: - type: array - items: - $ref: '#/components/schemas/jobs' - running-config-versions-response: - type: object - description: Paginated response containing running configuration versions - properties: - data: - type: array - items: - $ref: '#/components/schemas/running-versions' - offset: - type: integer - limit: - type: integer - total: - type: integer - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - x-examples: {} - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - x-examples: {} - error_detail_cause_info: - type: object - title: Cause Info - properties: - code: - type: string - message: - type: string - details: - type: object - help: - type: string -security: - - scmToken: [] -x-internal: false diff --git a/openapi-specs/scm/config/cloudngfw/operations/operations.yaml b/openapi-specs/scm/config/cloudngfw/operations/operations.yaml new file mode 100644 index 000000000..c40f0607a --- /dev/null +++ b/openapi-specs/scm/config/cloudngfw/operations/operations.yaml @@ -0,0 +1,708 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Operations and Troubleshooting + description: | + These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/operations/v1' + description: Current +tags: + - name: Device Operations + description: Operations for device management and troubleshooting + - name: Jobs + description: Job status and result retrieval for asynchronous operations + +paths: + /route-table: + get: + summary: Retrieve route table from a device + description: | + Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestRouteTable + parameters: + - name: device + in: query + description: The serial number of the device from which to retrieve the route table. + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: "007951000123456" + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device + example: "550e8400-e29b-41d4-a716-446655440000" + examples: + success: + summary: Successful job creation + value: + job_id: "550e8400-e29b-41d4-a716-446655440000" + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + + /jobs/{id}: + get: + summary: Retrieve job status and results + description: | + Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. + tags: + - Jobs + operationId: getJobStatus + parameters: + - name: id + in: path + description: The unique identifier of the job to retrieve. + required: true + schema: + type: string + format: uuid + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + responses: + '200': + description: | + Success - Job details retrieved successfully. + The response includes job progress, state, request details, and results when available. + content: + application/json: + schema: + $ref: '#/components/schemas/job_status' + examples: + complete_routing_job: + summary: Completed routing table job + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 100 + state: "complete" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: + - device: "012345678901234" + state: "complete" + created_ts: "2026-03-02 19:00:04" + updated_ts: "2026-03-02 19:00:04" + details: + msg: "Command completed successfully." + result: + router_global: + "3.3.3.3/32": + - prefix: "3.3.3.3/32" + prefixLen: 32 + protocol: "connected" + distance: 0 + metric: 0 + installed: true + selected: true + destSelected: true + uptime: "06w0d07h" + nexthopGroupId: 6 + nexthops: + - interfaceName: "vlan.1" + interfaceIndex: 256 + active: true + fib: true + directlyConnected: true + flags: "A " + in_progress_job: + summary: Job in progress + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 50 + state: "in_progress" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: [] + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + +components: + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + parameters: + uuid: + name: id + in: path + required: true + schema: + type: string + description: The UUID of the resource + pagination-optional: + name: pagination + in: query + required: false + schema: + type: boolean + description: The parameter to mention if the response should be paginated. By default, its set to false + name-optional: + name: name + in: query + required: false + schema: + type: string + description: The name of the resource + limit-optional: + name: limit + in: query + required: false + schema: + type: integer + description: The maximum number of resources to return + offset-optional: + name: offset + in: query + required: false + schema: + type: integer + description: The offset into the list of resources returned + folder: + name: folder + in: query + required: false + schema: + type: string + description: | + The folder in which the resource is defined + snippet: + name: snippet + in: query + required: false + schema: + type: string + description: | + The snippet in which the resource is defined + device: + name: device + in: query + required: false + schema: + type: string + description: | + The device in which the resource is defined + trusted-tenant-type: + name: type + in: query + required: true + schema: + type: string + enum: + - subscriber + - publisher + description: | + Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. + trust-ids: + name: trustids + in: query + required: true + schema: + type: string + description: | + Comma-separated list of trust IDs + snippet-id: + name: snippet-id + in: query + required: true + schema: + type: string + description: | + The ID of the snippet + recipient-tsgs: + name: tsgs + in: query + required: true + schema: + type: string + description: | + Comma-separated list of recipient TSG IDs + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: "E016" + message: Not Authenticated + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: "E016" + message: Invalid Credential + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: "E016" + message: Key Too Long + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: "E016" + message: Key Expired + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: "E016" + message: The password needs to be changed. + details: {} + _request_id: "abcd-1234" + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: "E007" + message: Unauthorized + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: "E012" + message: Version Not Supported + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: "E012" + message: Method Not Supported + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: "E003" + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: "E003" + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: "E003" + message: 'Missing Query Parameter: name' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: "E003" + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: "E003" + message: Missing Body + details: {} + _request_id: "abcd-1234" + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: "E012" + message: 'Action Not Supported: move' + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: "E013" + message: Bad XPath + details: {} + _request_id: "abcd-1234" + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: "E005" + message: Object Not Present + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: "E016" + message: Object Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: "E006" + message: Name Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: "E009" + message: Reference Not Zero + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: "E003" + message: Invalid Object + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: "E003" + message: Invalid Command + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: "E003" + message: Malformed Command + details: {} + _request_id: "abcd-1234" + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: "abcd-1234" + schemas: + job_status: + type: object + required: + - jobId + - progress + - state + - request + - results + properties: + jobId: + type: string + format: uuid + description: Unique identifier for the job. + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: + type: integer + minimum: 0 + maximum: 100 + description: Job completion percentage. + example: 100 + state: + type: string + description: Current state of the job. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + request: + type: object + description: The original request that initiated the job. + required: + - command + - devices + properties: + command: + type: string + description: The command that was executed. + example: "show-advanced-routing-route" + devices: + type: array + description: List of device serial numbers for which the command was executed. + items: + type: string + pattern: '^[0-9]{14,15}$' + example: + - "012345678901234" + results: + type: array + description: Array of results from each device. The structure of the result data varies based on the job type. + items: + $ref: '#/components/schemas/job_result' + job_result: + type: object + required: + - device + - state + - created_ts + - updated_ts + - details + properties: + device: + type: string + pattern: '^[0-9]{14,15}$' + description: The serial number of the device. + example: "012345678901234" + state: + type: string + description: The state of the job for this specific device. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + created_ts: + type: string + description: Timestamp when the job was created. + example: "2026-03-02 19:00:04" + updated_ts: + type: string + description: Timestamp when the job was last updated. + example: "2026-03-02 19:00:04" + details: + type: object + description: Detailed results from the command execution. The structure varies based on the command type. + required: + - msg + - result + properties: + msg: + type: string + description: Status message from the command execution. + example: "Command completed successfully." + result: + type: object + description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. + additionalProperties: true + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + error_detail_cause_info: + title: Cause Info + type: object + properties: + 'code': + type: string + message: + type: string + details: + oneOf: + - type: string + - type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/sase/security/security-services_v1.1_feb.yaml b/openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml similarity index 98% rename from openapi-specs/scm/config/sase/security/security-services_v1.1_feb.yaml rename to openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml index ed3c7cd98..7dc8927cd 100644 --- a/openapi-specs/scm/config/sase/security/security-services_v1.1_feb.yaml +++ b/openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml @@ -701,7 +701,7 @@ paths: description: GET DataObjects operationId: getDataObjects parameters: - - $ref: '#/components/parameters/name' + - $ref: '#/componepts/parameters/name' - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' @@ -1344,7 +1344,20 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -1390,13 +1403,19 @@ paths: summary: PUT Ssl Decryption Settings description: PUT Ssl Decryption Settings operationId: putSslDecryptionSettings + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' responses: '200': description: OK content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + $ref: '#/components/schemas/ssl-decryption-settings-get-put' '400': $ref: '#/components/responses/bad_request_errors_basic_with_body' '401': @@ -6680,6 +6699,119 @@ components: type: array items: type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + ssl-decryption-settings-get-put: + type: object + required: + - ssl_decrypt + properties: + ssl_decrypt: + type: object + properties: + disabled_ssl_exclude_cert_from_predefined: + type: array + items: + type: object + forward_trust_certificate: + type: object + properties: + ecdsa: + type: string + rsa: + type: string + forward_untrust_certificate: + type: object + properties: + rsa: + type: string + ecdsa: + type: string + root_ca_exclude_list: + type: array + items: + type: object + ssl_exclude_cert: + type: array + items: + type: object + properties: + description: + type: string + exclude: + type: boolean + name: + type: string + trusted_root_CA: + type: array + items: + type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device url-access-profiles: type: object properties: diff --git a/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml deleted file mode 100644 index 6cea9c4c6..000000000 --- a/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml +++ /dev/null @@ -1,867 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Config Operations - description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' - description: Current - - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' - description: Legacy -paths: - /jobs: - get: - tags: - - Jobs - summary: List jobs - description: | - Retrieve a list of configuration jobs. - operationId: ListJobs - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/jobs' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/jobs/{id}': - get: - tags: - - Jobs - summary: Get a job - description: | - Get an existing configuration job. - operationId: GetJobsByID - parameters: - - $ref: '#/components/parameters/jobid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/jobs-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/config-versions:load': - post: - tags: - - Config Versions - summary: Load config version - description: | - Load a specific configuration version into the candidate configuration. - operationId: LoadConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/load-config' - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/candidate:push': - post: - tags: - - Config Versions - summary: Push the candidate configuration - description: | - Push the candidate configuration. - operationId: PushCandidateConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - type: object - properties: - admin: - type: array - description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. - items: - type: string - description: - type: string - description: A description of the changes being pushed - allOf: - - type: object - title: folders - properties: - folder: - type: array - description: The target folders for the configuration push - uniqueItems: true - items: - type: string - pattern: ^[a-zA-Z\d-_\. ]+$ - maxLength: 64 - example: [Prisma Access, Mobile Users, Service Conncetions] - required: - - folders - - type: object - title: devices - properties: - devices: - type: array - description: The target devices for the configuration push - uniqueItems: true - items: - type: number - maxLength: 16 - example: [007951000388704, 007951000388707, 007051000239252] - required: - - folders - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /config-versions: - get: - tags: - - Config Versions - summary: List configuration versions - description: | - Retrieve a list of configuration versions. - operationId: ListConfigVersions - parameters: - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/config-version' - offset: - type: integer - limit: - type: integer - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/candidate: - delete: - tags: - - Config Versions - summary: Delete a candidate configuration - description: | - Delete a candidate configuration. Roll back to the running configuration. - operationId: DeleteCandidateConfigVersions - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/{version}': - get: - tags: - - Config Versions - summary: Get config by version - description: | - Get config by version. - operationId: GetConfigVersionsByID - parameters: - - $ref: '#/components/parameters/version' - responses: - '200': - description: OK - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/config-version' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/running: - get: - tags: - - Config Versions - summary: Get running configuration versions - description: | - Get the running configuration versions on each folder. - operationId: GetRunningConfigVersions - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/running-config-versions-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' -tags: - - name: Config Versions - description: Config Versions - - name: Jobs - description: Jobs -components: - parameters: - limit: - name: limit - in: query - description: The maximum number of results per page - required: false - schema: - type: integer - default: 200 - offset: - name: offset - in: query - description: The offset into the list of results returned - required: false - schema: - type: integer - default: 0 - jobid: - name: id - in: path - description: The ID of the job - required: true - schema: - type: string - version: - name: version - in: path - description: The configuration version number - required: true - schema: - type: integer - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: E016 - message: Not Authenticated - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: E016 - message: Invalid Credential - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: E016 - message: Key Too Long - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: E016 - message: Key Expired - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: E016 - message: The password needs to be changed. - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: E007 - message: Unauthorized - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: E012 - message: Version Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: E012 - message: Method Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: E003 - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: E003 - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: E003 - message: 'Missing Query Parameter: name' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: E003 - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: E003 - message: Missing Body - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: E012 - message: 'Action Not Supported: move' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: E013 - message: Bad XPath - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: E005 - message: Object Not Present - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: E016 - message: Object Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: E006 - message: Name Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: E009 - message: Reference Not Zero - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: E003 - message: Invalid Object - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: E003 - message: Invalid Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: E003 - message: Malformed Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - schemas: - jobs: - type: object - properties: - device_name: - type: string - description: The name of the device - end_ts: - type: string - description: The timestamp indicating when the job was finished - id: - type: string - description: The job ID - example: "115" - job_result: - type: string - description: The job result - example: "2" - job_status: - type: string - description: The current status of the job - example: "2" - job_type: - type: string - description: The job type - example: "53" - parent_id: - type: string - description: The parent job ID - example: "114" - percent: - type: string - description: Job completion percentage - result_str: - type: string - enum: - - OK - - FAIL - - PEND - - WAIT - - CANCELLED - - TIMEOUT - description: The result of the job - start_ts: - type: string - description: The timestamp indicating when the job was created - status_str: - type: string - enum: - - ACT - - FIN - - PEND - - PUSHSENT - - PUSHFAIL - - PUSHABORT - - PUSHTIMEOUT - description: The current status of the job - summary: - type: string - description: The completion summary of the job - type_str: - type: string - enum: - - CommitAll - - CommitAndPush - - NGFW-Bootstrap-Push - - Validate - description: The job type - example: CommitAndPush - uname: - type: string - description: The administrator or service account that created the job - format: email - description: - type: string - description: A description provided by the administrator or service account - example: Added a new security rule for marketing - details: - type: string - description: JSON string with detailed errors or info - example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" - required: - - device_name - - end_ts - - id - - job_result - - job_status - - job_type - - parent_id - - percent - - result_str - - start_ts - - status_str - - summary - - type_str - - uname - load-config: - type: object - properties: - version: - type: integer - config-version: - type: object - properties: - id: - type: integer - description: The configuration version - version: - type: string - description: The configuration version name - date: - type: string - format: date-time - admin: - type: string - description: The administrator or service account that pushed this configuration version - format: email - scope: - type: string - description: - type: string - swg_config: - type: string - updated: - type: number - created: - type: number - deleted: - type: number - ngfw_scope: - type: string - description: A comma separated list of firewall serial numbers - types: - type: string - impacted_devices: - type: string - edited_by: - type: string - required: - - id - - version - - date - - admin - - scope - - description - - updated - - created - - deleted - - types - - impacted_devices - - edited_by - running-versions: - type: object - properties: - device: - type: string - description: The folder name or firewall serial number - version: - type: integer - description: The configuration version number - date: - type: string - description: The timestamp of when the configuration version was pushed to the folder or firewall - format: date-time - required: - - device - - version - - date - jobs-response: - type: object - description: Response containing job data - properties: - data: - type: array - items: - $ref: '#/components/schemas/jobs' - running-config-versions-response: - type: object - description: Paginated response containing running configuration versions - properties: - data: - type: array - items: - $ref: '#/components/schemas/running-versions' - offset: - type: integer - limit: - type: integer - total: - type: integer - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - x-examples: {} - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - x-examples: {} - error_detail_cause_info: - type: object - title: Cause Info - properties: - code: - type: string - message: - type: string - details: - type: object - help: - type: string -security: - - scmToken: [] -x-internal: false diff --git a/openapi-specs/scm/config/ngfw/operations/operations.yaml b/openapi-specs/scm/config/ngfw/operations/operations.yaml new file mode 100644 index 000000000..c40f0607a --- /dev/null +++ b/openapi-specs/scm/config/ngfw/operations/operations.yaml @@ -0,0 +1,708 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Operations and Troubleshooting + description: | + These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/operations/v1' + description: Current +tags: + - name: Device Operations + description: Operations for device management and troubleshooting + - name: Jobs + description: Job status and result retrieval for asynchronous operations + +paths: + /route-table: + get: + summary: Retrieve route table from a device + description: | + Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestRouteTable + parameters: + - name: device + in: query + description: The serial number of the device from which to retrieve the route table. + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: "007951000123456" + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device + example: "550e8400-e29b-41d4-a716-446655440000" + examples: + success: + summary: Successful job creation + value: + job_id: "550e8400-e29b-41d4-a716-446655440000" + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + + /jobs/{id}: + get: + summary: Retrieve job status and results + description: | + Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. + tags: + - Jobs + operationId: getJobStatus + parameters: + - name: id + in: path + description: The unique identifier of the job to retrieve. + required: true + schema: + type: string + format: uuid + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + responses: + '200': + description: | + Success - Job details retrieved successfully. + The response includes job progress, state, request details, and results when available. + content: + application/json: + schema: + $ref: '#/components/schemas/job_status' + examples: + complete_routing_job: + summary: Completed routing table job + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 100 + state: "complete" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: + - device: "012345678901234" + state: "complete" + created_ts: "2026-03-02 19:00:04" + updated_ts: "2026-03-02 19:00:04" + details: + msg: "Command completed successfully." + result: + router_global: + "3.3.3.3/32": + - prefix: "3.3.3.3/32" + prefixLen: 32 + protocol: "connected" + distance: 0 + metric: 0 + installed: true + selected: true + destSelected: true + uptime: "06w0d07h" + nexthopGroupId: 6 + nexthops: + - interfaceName: "vlan.1" + interfaceIndex: 256 + active: true + fib: true + directlyConnected: true + flags: "A " + in_progress_job: + summary: Job in progress + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 50 + state: "in_progress" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: [] + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + +components: + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + parameters: + uuid: + name: id + in: path + required: true + schema: + type: string + description: The UUID of the resource + pagination-optional: + name: pagination + in: query + required: false + schema: + type: boolean + description: The parameter to mention if the response should be paginated. By default, its set to false + name-optional: + name: name + in: query + required: false + schema: + type: string + description: The name of the resource + limit-optional: + name: limit + in: query + required: false + schema: + type: integer + description: The maximum number of resources to return + offset-optional: + name: offset + in: query + required: false + schema: + type: integer + description: The offset into the list of resources returned + folder: + name: folder + in: query + required: false + schema: + type: string + description: | + The folder in which the resource is defined + snippet: + name: snippet + in: query + required: false + schema: + type: string + description: | + The snippet in which the resource is defined + device: + name: device + in: query + required: false + schema: + type: string + description: | + The device in which the resource is defined + trusted-tenant-type: + name: type + in: query + required: true + schema: + type: string + enum: + - subscriber + - publisher + description: | + Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. + trust-ids: + name: trustids + in: query + required: true + schema: + type: string + description: | + Comma-separated list of trust IDs + snippet-id: + name: snippet-id + in: query + required: true + schema: + type: string + description: | + The ID of the snippet + recipient-tsgs: + name: tsgs + in: query + required: true + schema: + type: string + description: | + Comma-separated list of recipient TSG IDs + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: "E016" + message: Not Authenticated + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: "E016" + message: Invalid Credential + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: "E016" + message: Key Too Long + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: "E016" + message: Key Expired + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: "E016" + message: The password needs to be changed. + details: {} + _request_id: "abcd-1234" + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: "E007" + message: Unauthorized + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: "E012" + message: Version Not Supported + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: "E012" + message: Method Not Supported + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: "E003" + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: "E003" + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: "E003" + message: 'Missing Query Parameter: name' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: "E003" + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: "E003" + message: Missing Body + details: {} + _request_id: "abcd-1234" + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: "E012" + message: 'Action Not Supported: move' + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: "E013" + message: Bad XPath + details: {} + _request_id: "abcd-1234" + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: "E005" + message: Object Not Present + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: "E016" + message: Object Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: "E006" + message: Name Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: "E009" + message: Reference Not Zero + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: "E003" + message: Invalid Object + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: "E003" + message: Invalid Command + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: "E003" + message: Malformed Command + details: {} + _request_id: "abcd-1234" + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: "abcd-1234" + schemas: + job_status: + type: object + required: + - jobId + - progress + - state + - request + - results + properties: + jobId: + type: string + format: uuid + description: Unique identifier for the job. + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: + type: integer + minimum: 0 + maximum: 100 + description: Job completion percentage. + example: 100 + state: + type: string + description: Current state of the job. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + request: + type: object + description: The original request that initiated the job. + required: + - command + - devices + properties: + command: + type: string + description: The command that was executed. + example: "show-advanced-routing-route" + devices: + type: array + description: List of device serial numbers for which the command was executed. + items: + type: string + pattern: '^[0-9]{14,15}$' + example: + - "012345678901234" + results: + type: array + description: Array of results from each device. The structure of the result data varies based on the job type. + items: + $ref: '#/components/schemas/job_result' + job_result: + type: object + required: + - device + - state + - created_ts + - updated_ts + - details + properties: + device: + type: string + pattern: '^[0-9]{14,15}$' + description: The serial number of the device. + example: "012345678901234" + state: + type: string + description: The state of the job for this specific device. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + created_ts: + type: string + description: Timestamp when the job was created. + example: "2026-03-02 19:00:04" + updated_ts: + type: string + description: Timestamp when the job was last updated. + example: "2026-03-02 19:00:04" + details: + type: object + description: Detailed results from the command execution. The structure varies based on the command type. + required: + - msg + - result + properties: + msg: + type: string + description: Status message from the command execution. + example: "Command completed successfully." + result: + type: object + description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. + additionalProperties: true + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + error_detail_cause_info: + title: Cause Info + type: object + properties: + 'code': + type: string + message: + type: string + details: + oneOf: + - type: string + - type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/cloudngfw/security/security-services_v1.1_feb.yaml b/openapi-specs/scm/config/ngfw/security/security-services-march.yaml similarity index 98% rename from openapi-specs/scm/config/cloudngfw/security/security-services_v1.1_feb.yaml rename to openapi-specs/scm/config/ngfw/security/security-services-march.yaml index ed3c7cd98..7dc8927cd 100644 --- a/openapi-specs/scm/config/cloudngfw/security/security-services_v1.1_feb.yaml +++ b/openapi-specs/scm/config/ngfw/security/security-services-march.yaml @@ -701,7 +701,7 @@ paths: description: GET DataObjects operationId: getDataObjects parameters: - - $ref: '#/components/parameters/name' + - $ref: '#/componepts/parameters/name' - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' @@ -1344,7 +1344,20 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -1390,13 +1403,19 @@ paths: summary: PUT Ssl Decryption Settings description: PUT Ssl Decryption Settings operationId: putSslDecryptionSettings + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' responses: '200': description: OK content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + $ref: '#/components/schemas/ssl-decryption-settings-get-put' '400': $ref: '#/components/responses/bad_request_errors_basic_with_body' '401': @@ -6680,6 +6699,119 @@ components: type: array items: type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + ssl-decryption-settings-get-put: + type: object + required: + - ssl_decrypt + properties: + ssl_decrypt: + type: object + properties: + disabled_ssl_exclude_cert_from_predefined: + type: array + items: + type: object + forward_trust_certificate: + type: object + properties: + ecdsa: + type: string + rsa: + type: string + forward_untrust_certificate: + type: object + properties: + rsa: + type: string + ecdsa: + type: string + root_ca_exclude_list: + type: array + items: + type: object + ssl_exclude_cert: + type: array + items: + type: object + properties: + description: + type: string + exclude: + type: boolean + name: + type: string + trusted_root_CA: + type: array + items: + type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device url-access-profiles: type: object properties: diff --git a/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml deleted file mode 100644 index 6cea9c4c6..000000000 --- a/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml +++ /dev/null @@ -1,867 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Config Operations - description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' - description: Current - - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' - description: Legacy -paths: - /jobs: - get: - tags: - - Jobs - summary: List jobs - description: | - Retrieve a list of configuration jobs. - operationId: ListJobs - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/jobs' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/jobs/{id}': - get: - tags: - - Jobs - summary: Get a job - description: | - Get an existing configuration job. - operationId: GetJobsByID - parameters: - - $ref: '#/components/parameters/jobid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/jobs-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - '/config-versions:load': - post: - tags: - - Config Versions - summary: Load config version - description: | - Load a specific configuration version into the candidate configuration. - operationId: LoadConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/load-config' - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/candidate:push': - post: - tags: - - Config Versions - summary: Push the candidate configuration - description: | - Push the candidate configuration. - operationId: PushCandidateConfigVersions - requestBody: - description: Created - content: - application/json: - schema: - type: object - properties: - admin: - type: array - description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. - items: - type: string - description: - type: string - description: A description of the changes being pushed - allOf: - - type: object - title: folders - properties: - folder: - type: array - description: The target folders for the configuration push - uniqueItems: true - items: - type: string - pattern: ^[a-zA-Z\d-_\. ]+$ - maxLength: 64 - example: [Prisma Access, Mobile Users, Service Conncetions] - required: - - folders - - type: object - title: devices - properties: - devices: - type: array - description: The target devices for the configuration push - uniqueItems: true - items: - type: number - maxLength: 16 - example: [007951000388704, 007951000388707, 007051000239252] - required: - - folders - responses: - '201': - $ref: '#/components/responses/http_created' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /config-versions: - get: - tags: - - Config Versions - summary: List configuration versions - description: | - Retrieve a list of configuration versions. - operationId: ListConfigVersions - parameters: - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/config-version' - offset: - type: integer - limit: - type: integer - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/candidate: - delete: - tags: - - Config Versions - summary: Delete a candidate configuration - description: | - Delete a candidate configuration. Roll back to the running configuration. - operationId: DeleteCandidateConfigVersions - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/config-versions/{version}': - get: - tags: - - Config Versions - summary: Get config by version - description: | - Get config by version. - operationId: GetConfigVersionsByID - parameters: - - $ref: '#/components/parameters/version' - responses: - '200': - description: OK - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/config-version' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /config-versions/running: - get: - tags: - - Config Versions - summary: Get running configuration versions - description: | - Get the running configuration versions on each folder. - operationId: GetRunningConfigVersions - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/running-config-versions-response' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' -tags: - - name: Config Versions - description: Config Versions - - name: Jobs - description: Jobs -components: - parameters: - limit: - name: limit - in: query - description: The maximum number of results per page - required: false - schema: - type: integer - default: 200 - offset: - name: offset - in: query - description: The offset into the list of results returned - required: false - schema: - type: integer - default: 0 - jobid: - name: id - in: path - description: The ID of the job - required: true - schema: - type: string - version: - name: version - in: path - description: The configuration version number - required: true - schema: - type: integer - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: E016 - message: Not Authenticated - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: E016 - message: Invalid Credential - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: E016 - message: Key Too Long - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: E016 - message: Key Expired - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: E016 - message: The password needs to be changed. - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: E007 - message: Unauthorized - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: E012 - message: Version Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: E012 - message: Method Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: E003 - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: E003 - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: E003 - message: 'Missing Query Parameter: name' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: E003 - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: E003 - message: Missing Body - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: E012 - message: 'Action Not Supported: move' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: E013 - message: Bad XPath - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: E005 - message: Object Not Present - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: E016 - message: Object Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: E006 - message: Name Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: E009 - message: Reference Not Zero - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: E003 - message: Invalid Object - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: E003 - message: Invalid Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: E003 - message: Malformed Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - schemas: - jobs: - type: object - properties: - device_name: - type: string - description: The name of the device - end_ts: - type: string - description: The timestamp indicating when the job was finished - id: - type: string - description: The job ID - example: "115" - job_result: - type: string - description: The job result - example: "2" - job_status: - type: string - description: The current status of the job - example: "2" - job_type: - type: string - description: The job type - example: "53" - parent_id: - type: string - description: The parent job ID - example: "114" - percent: - type: string - description: Job completion percentage - result_str: - type: string - enum: - - OK - - FAIL - - PEND - - WAIT - - CANCELLED - - TIMEOUT - description: The result of the job - start_ts: - type: string - description: The timestamp indicating when the job was created - status_str: - type: string - enum: - - ACT - - FIN - - PEND - - PUSHSENT - - PUSHFAIL - - PUSHABORT - - PUSHTIMEOUT - description: The current status of the job - summary: - type: string - description: The completion summary of the job - type_str: - type: string - enum: - - CommitAll - - CommitAndPush - - NGFW-Bootstrap-Push - - Validate - description: The job type - example: CommitAndPush - uname: - type: string - description: The administrator or service account that created the job - format: email - description: - type: string - description: A description provided by the administrator or service account - example: Added a new security rule for marketing - details: - type: string - description: JSON string with detailed errors or info - example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" - required: - - device_name - - end_ts - - id - - job_result - - job_status - - job_type - - parent_id - - percent - - result_str - - start_ts - - status_str - - summary - - type_str - - uname - load-config: - type: object - properties: - version: - type: integer - config-version: - type: object - properties: - id: - type: integer - description: The configuration version - version: - type: string - description: The configuration version name - date: - type: string - format: date-time - admin: - type: string - description: The administrator or service account that pushed this configuration version - format: email - scope: - type: string - description: - type: string - swg_config: - type: string - updated: - type: number - created: - type: number - deleted: - type: number - ngfw_scope: - type: string - description: A comma separated list of firewall serial numbers - types: - type: string - impacted_devices: - type: string - edited_by: - type: string - required: - - id - - version - - date - - admin - - scope - - description - - updated - - created - - deleted - - types - - impacted_devices - - edited_by - running-versions: - type: object - properties: - device: - type: string - description: The folder name or firewall serial number - version: - type: integer - description: The configuration version number - date: - type: string - description: The timestamp of when the configuration version was pushed to the folder or firewall - format: date-time - required: - - device - - version - - date - jobs-response: - type: object - description: Response containing job data - properties: - data: - type: array - items: - $ref: '#/components/schemas/jobs' - running-config-versions-response: - type: object - description: Paginated response containing running configuration versions - properties: - data: - type: array - items: - $ref: '#/components/schemas/running-versions' - offset: - type: integer - limit: - type: integer - total: - type: integer - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - x-examples: {} - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - x-examples: {} - error_detail_cause_info: - type: object - title: Cause Info - properties: - code: - type: string - message: - type: string - details: - type: object - help: - type: string -security: - - scmToken: [] -x-internal: false diff --git a/openapi-specs/scm/config/sase/operations/operations.yaml b/openapi-specs/scm/config/sase/operations/operations.yaml new file mode 100644 index 000000000..c40f0607a --- /dev/null +++ b/openapi-specs/scm/config/sase/operations/operations.yaml @@ -0,0 +1,708 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Operations and Troubleshooting + description: | + These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/operations/v1' + description: Current +tags: + - name: Device Operations + description: Operations for device management and troubleshooting + - name: Jobs + description: Job status and result retrieval for asynchronous operations + +paths: + /route-table: + get: + summary: Retrieve route table from a device + description: | + Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestRouteTable + parameters: + - name: device + in: query + description: The serial number of the device from which to retrieve the route table. + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: "007951000123456" + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device + example: "550e8400-e29b-41d4-a716-446655440000" + examples: + success: + summary: Successful job creation + value: + job_id: "550e8400-e29b-41d4-a716-446655440000" + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + + /jobs/{id}: + get: + summary: Retrieve job status and results + description: | + Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. + tags: + - Jobs + operationId: getJobStatus + parameters: + - name: id + in: path + description: The unique identifier of the job to retrieve. + required: true + schema: + type: string + format: uuid + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + responses: + '200': + description: | + Success - Job details retrieved successfully. + The response includes job progress, state, request details, and results when available. + content: + application/json: + schema: + $ref: '#/components/schemas/job_status' + examples: + complete_routing_job: + summary: Completed routing table job + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 100 + state: "complete" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: + - device: "012345678901234" + state: "complete" + created_ts: "2026-03-02 19:00:04" + updated_ts: "2026-03-02 19:00:04" + details: + msg: "Command completed successfully." + result: + router_global: + "3.3.3.3/32": + - prefix: "3.3.3.3/32" + prefixLen: 32 + protocol: "connected" + distance: 0 + metric: 0 + installed: true + selected: true + destSelected: true + uptime: "06w0d07h" + nexthopGroupId: 6 + nexthops: + - interfaceName: "vlan.1" + interfaceIndex: 256 + active: true + fib: true + directlyConnected: true + flags: "A " + in_progress_job: + summary: Job in progress + value: + jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: 50 + state: "in_progress" + request: + command: "show-advanced-routing-route" + devices: + - "012345678901234" + results: [] + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + +components: + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + parameters: + uuid: + name: id + in: path + required: true + schema: + type: string + description: The UUID of the resource + pagination-optional: + name: pagination + in: query + required: false + schema: + type: boolean + description: The parameter to mention if the response should be paginated. By default, its set to false + name-optional: + name: name + in: query + required: false + schema: + type: string + description: The name of the resource + limit-optional: + name: limit + in: query + required: false + schema: + type: integer + description: The maximum number of resources to return + offset-optional: + name: offset + in: query + required: false + schema: + type: integer + description: The offset into the list of resources returned + folder: + name: folder + in: query + required: false + schema: + type: string + description: | + The folder in which the resource is defined + snippet: + name: snippet + in: query + required: false + schema: + type: string + description: | + The snippet in which the resource is defined + device: + name: device + in: query + required: false + schema: + type: string + description: | + The device in which the resource is defined + trusted-tenant-type: + name: type + in: query + required: true + schema: + type: string + enum: + - subscriber + - publisher + description: | + Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. + trust-ids: + name: trustids + in: query + required: true + schema: + type: string + description: | + Comma-separated list of trust IDs + snippet-id: + name: snippet-id + in: query + required: true + schema: + type: string + description: | + The ID of the snippet + recipient-tsgs: + name: tsgs + in: query + required: true + schema: + type: string + description: | + Comma-separated list of recipient TSG IDs + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: "E016" + message: Not Authenticated + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: "E016" + message: Invalid Credential + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: "E016" + message: Key Too Long + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: "E016" + message: Key Expired + details: {} + _request_id: "abcd-1234" + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: "E016" + message: The password needs to be changed. + details: {} + _request_id: "abcd-1234" + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: "E007" + message: Unauthorized + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: "E012" + message: Version Not Supported + details: {} + _request_id: "abcd-1234" + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: "E012" + message: Method Not Supported + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: "E003" + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: "E003" + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: "E003" + message: 'Missing Query Parameter: name' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: "E003" + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: "abcd-1234" + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: "E003" + message: Missing Body + details: {} + _request_id: "abcd-1234" + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: "E012" + message: 'Action Not Supported: move' + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: "E013" + message: Bad XPath + details: {} + _request_id: "abcd-1234" + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: "E005" + message: Object Not Present + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: "E016" + message: Object Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: "E006" + message: Name Not Unique + details: {} + _request_id: "abcd-1234" + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: "E009" + message: Reference Not Zero + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: "E003" + message: Invalid Object + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: "E003" + message: Invalid Command + details: {} + _request_id: "abcd-1234" + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: "E003" + message: Malformed Command + details: {} + _request_id: "abcd-1234" + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: "abcd-1234" + schemas: + job_status: + type: object + required: + - jobId + - progress + - state + - request + - results + properties: + jobId: + type: string + format: uuid + description: Unique identifier for the job. + example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + progress: + type: integer + minimum: 0 + maximum: 100 + description: Job completion percentage. + example: 100 + state: + type: string + description: Current state of the job. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + request: + type: object + description: The original request that initiated the job. + required: + - command + - devices + properties: + command: + type: string + description: The command that was executed. + example: "show-advanced-routing-route" + devices: + type: array + description: List of device serial numbers for which the command was executed. + items: + type: string + pattern: '^[0-9]{14,15}$' + example: + - "012345678901234" + results: + type: array + description: Array of results from each device. The structure of the result data varies based on the job type. + items: + $ref: '#/components/schemas/job_result' + job_result: + type: object + required: + - device + - state + - created_ts + - updated_ts + - details + properties: + device: + type: string + pattern: '^[0-9]{14,15}$' + description: The serial number of the device. + example: "012345678901234" + state: + type: string + description: The state of the job for this specific device. + enum: + - pending + - in_progress + - complete + - failed + example: "complete" + created_ts: + type: string + description: Timestamp when the job was created. + example: "2026-03-02 19:00:04" + updated_ts: + type: string + description: Timestamp when the job was last updated. + example: "2026-03-02 19:00:04" + details: + type: object + description: Detailed results from the command execution. The structure varies based on the command type. + required: + - msg + - result + properties: + msg: + type: string + description: Status message from the command execution. + example: "Command completed successfully." + result: + type: object + description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. + additionalProperties: true + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + error_detail_cause_info: + title: Cause Info + type: object + properties: + 'code': + type: string + message: + type: string + details: + oneOf: + - type: string + - type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/ngfw/security/security-services_v1.1_feb.yaml b/openapi-specs/scm/config/sase/security/security-services-march.yaml similarity index 98% rename from openapi-specs/scm/config/ngfw/security/security-services_v1.1_feb.yaml rename to openapi-specs/scm/config/sase/security/security-services-march.yaml index ed3c7cd98..7dc8927cd 100644 --- a/openapi-specs/scm/config/ngfw/security/security-services_v1.1_feb.yaml +++ b/openapi-specs/scm/config/sase/security/security-services-march.yaml @@ -701,7 +701,7 @@ paths: description: GET DataObjects operationId: getDataObjects parameters: - - $ref: '#/components/parameters/name' + - $ref: '#/componepts/parameters/name' - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' @@ -1344,7 +1344,20 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -1390,13 +1403,19 @@ paths: summary: PUT Ssl Decryption Settings description: PUT Ssl Decryption Settings operationId: putSslDecryptionSettings + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' responses: '200': description: OK content: application/json: schema: - $ref: '#/components/schemas/ssl-decryption-settings' + $ref: '#/components/schemas/ssl-decryption-settings-get-put' '400': $ref: '#/components/responses/bad_request_errors_basic_with_body' '401': @@ -6680,6 +6699,119 @@ components: type: array items: type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + ssl-decryption-settings-get-put: + type: object + required: + - ssl_decrypt + properties: + ssl_decrypt: + type: object + properties: + disabled_ssl_exclude_cert_from_predefined: + type: array + items: + type: object + forward_trust_certificate: + type: object + properties: + ecdsa: + type: string + rsa: + type: string + forward_untrust_certificate: + type: object + properties: + rsa: + type: string + ecdsa: + type: string + root_ca_exclude_list: + type: array + items: + type: object + ssl_exclude_cert: + type: array + items: + type: object + properties: + description: + type: string + exclude: + type: boolean + name: + type: string + trusted_root_CA: + type: array + items: + type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device url-access-profiles: type: object properties: From ec854538a1648caea96d53cd9cd02375839698b6 Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 5 Mar 2026 12:15:28 +0530 Subject: [PATCH 2/6] Updated the latest changes in the spec file for security services and config operations --- ...{operations.yaml => operations _v1.1.yaml} | 443 +- ...yaml => security-services-march-v1.1.yaml} | 6 +- .../operations/operations _v1.1.yaml} | 443 +- ...yaml => security-services-march-v1.1.yaml} | 6 +- .../operations/operations _v1.1.yaml} | 443 +- .../security-services-march-v1.1.yaml | 7741 +++++++++++++++++ 6 files changed, 8839 insertions(+), 243 deletions(-) rename openapi-specs/scm/config/cloudngfw/operations/{operations.yaml => operations _v1.1.yaml} (61%) rename openapi-specs/scm/config/cloudngfw/security/{security-services-march.yaml => security-services-march-v1.1.yaml} (99%) rename openapi-specs/scm/config/{sase/operations/operations.yaml => ngfw/operations/operations _v1.1.yaml} (61%) rename openapi-specs/scm/config/ngfw/security/{security-services-march.yaml => security-services-march-v1.1.yaml} (99%) rename openapi-specs/scm/config/{ngfw/operations/operations.yaml => sase/operations/operations _v1.1.yaml} (61%) create mode 100644 openapi-specs/scm/config/sase/security/security-services-march-v1.1.yaml diff --git a/openapi-specs/scm/config/cloudngfw/operations/operations.yaml b/openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml similarity index 61% rename from openapi-specs/scm/config/cloudngfw/operations/operations.yaml rename to openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml index c40f0607a..a771cf975 100644 --- a/openapi-specs/scm/config/cloudngfw/operations/operations.yaml +++ b/openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml @@ -3,7 +3,7 @@ info: version: 2.0.0 title: Operations and Troubleshooting description: | - These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' contact: email: support@paloaltonetworks.com @@ -22,6 +22,235 @@ tags: description: Job status and result retrieval for asynchronous operations paths: + /local-config/versions: + get: + tags: + - Device Operations + summary: List local configuration versions for a device + description: | + Retrieves the version history of local configurations for a specified device. + + **Purpose:** + - Track configuration changes pushed to devices + - View version history with timestamps + - Identify current and previous configuration versions + + operationId: getLocalConfigVersions + parameters: + - name: device + in: query + description: | + The serial number of the device for which to retrieve configuration versions. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + + responses: + '200': + description: | + Success - Returns array of local configuration versions. + + **Notes:** + - Empty array `[]` is returned if no versions exist + - Empty array `[]` is returned if device doesn't exist + - Versions typically ordered by timestamp + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/local_config_version' + examples: + with_versions: + summary: Device with configuration versions + value: + - id: 1 + serial: '007951000123456' + local_version: '1.0.0' + timestamp: '2025-01-15T10:30:00Z' + xfmed_version: '1.0.0-transformed' + - id: 2 + serial: '007951000123456' + local_version: '0.9.0' + timestamp: '2025-01-14T09:20:00Z' + xfmed_version: '0.9.0-transformed' + no_versions: + summary: Device with no versions (or non-existent device) + value: [] + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /local-config/download: + get: + tags: + - Device Operations + summary: Download local configuration file + description: | + Downloads a specific local configuration file for a device. + + **Purpose:** + - Retrieve the actual XML configuration file pushed to a device + - Download configuration for backup or review purposes + - Access specific configuration versions from history + + **Process:** + - Queries the database for the specified device and version + - Retrieves the base64-encoded configuration + - Decodes and returns it as an XML file download + - File is downloaded with name: `local-config-{device}-{version}.xml` + + operationId: downloadLocalConfig + parameters: + - name: device + in: query + description: | + The serial number of the device for which to download the configuration. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + - name: version + in: query + description: | + The configuration version ID to download. + + **Source:** Use the `id` field from `/local-config/versions` response + + **Example:** `1` + + **Required:** Yes + required: true + schema: + type: string + example: '1' + + responses: + '200': + description: | + Success - Configuration file downloaded successfully. + + **Response Type:** Binary file download (XML) + **Content-Type:** `application/octet-stream` + **Filename:** `local-config-{device}-{version}.xml` + headers: + Content-Disposition: + description: Attachment header specifying the downloaded filename + schema: + type: string + example: 'attachment; filename=local-config-007951000123456-1.xml' + Content-Type: + description: MIME type of the downloaded file + schema: + type: string + example: 'application/octet-stream' + content: + application/octet-stream: + schema: + type: string + format: binary + description: | + XML configuration file content. + + The file contains the device's local configuration in XML format, + retrieved from the database and decoded from base64 encoding. + '400': + description: | + Bad Request - Missing required query parameters. + + **Common Causes:** + - Missing `device` parameter + - Missing `version` parameter + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + missing_device: + summary: Missing device parameter + value: + error: 'device query parameter is required' + missing_version: + summary: Missing version parameter + value: + error: 'version query parameter is required' + '404': + description: | + Not Found - Configuration not found for the specified device and version. + + **Common Causes:** + - Invalid version ID for the device + - Device configuration has been deleted + - Database record doesn't exist + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: + error: 'configuration not found' + '500': + description: | + Internal Server Error - Database query error, parsing error, or decoding error. + + **Common Causes:** + - Database connectivity issues + - Invalid JSON response from database service + - Missing `local_cfg` field in database response + - Invalid base64 encoding in stored configuration + - Failed to decode base64 content + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + database_error: + summary: Database query error + value: + error: 'database query error' + parse_error: + summary: Failed to parse database response + value: + error: 'failed to parse response' + missing_field: + summary: Missing local_cfg field + value: + error: 'local_cfg field not found in response' + decode_error: + summary: Failed to decode configuration + value: + error: 'failed to decode configuration' + default: + $ref: '#/components/responses/default_errors' /route-table: get: summary: Retrieve route table from a device @@ -38,7 +267,7 @@ paths: schema: type: string pattern: '^[0-9]{14,15}$' - example: "007951000123456" + example: '007951000123456' responses: '200': description: | @@ -61,12 +290,12 @@ paths: - Use this ID with `GET /jobs/{job_id}` to poll for job completion - Job typically completes within 5-30 seconds - Job results will contain the routing table data from the device - example: "550e8400-e29b-41d4-a716-446655440000" + example: '550e8400-e29b-41d4-a716-446655440000' examples: success: summary: Successful job creation value: - job_id: "550e8400-e29b-41d4-a716-446655440000" + job_id: '550e8400-e29b-41d4-a716-446655440000' '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -94,7 +323,7 @@ paths: schema: type: string format: uuid - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' responses: '200': description: | @@ -108,50 +337,50 @@ paths: complete_routing_job: summary: Completed routing table job value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 100 - state: "complete" + state: 'complete' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: - - device: "012345678901234" - state: "complete" - created_ts: "2026-03-02 19:00:04" - updated_ts: "2026-03-02 19:00:04" + - device: '012345678901234' + state: 'complete' + created_ts: '2026-03-02 19:00:04' + updated_ts: '2026-03-02 19:00:04' details: - msg: "Command completed successfully." + msg: 'Command completed successfully.' result: router_global: - "3.3.3.3/32": - - prefix: "3.3.3.3/32" + '3.3.3.3/32': + - prefix: '3.3.3.3/32' prefixLen: 32 - protocol: "connected" + protocol: 'connected' distance: 0 metric: 0 installed: true selected: true destSelected: true - uptime: "06w0d07h" + uptime: '06w0d07h' nexthopGroupId: 6 nexthops: - - interfaceName: "vlan.1" + - interfaceName: 'vlan.1' interfaceIndex: 256 active: true fib: true directlyConnected: true - flags: "A " + flags: 'A ' in_progress_job: summary: Job in progress value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 50 - state: "in_progress" + state: 'in_progress' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: [] '401': $ref: '#/components/responses/auth_errors' @@ -174,7 +403,7 @@ components: Tenant Service Group (TSG) ID. The resulting JWT access token should be attached to all API calls as a `Bearer` token in the `Authorization` header (ex. `Authorization: Bearer tokenstring`). - flows: + flows: clientCredentials: tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token scopes: {} @@ -398,178 +627,178 @@ components: summary: Not Authenticated value: _errors: - - code: "E016" + - code: 'E016' message: Not Authenticated details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_invalid_credential: summary: Invalid Credential value: _errors: - - code: "E016" + - code: 'E016' message: Invalid Credential details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_too_long: summary: Key Too Long value: _errors: - - code: "E016" + - code: 'E016' message: Key Too Long details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_expired: summary: Key Expired value: _errors: - - code: "E016" + - code: 'E016' message: Key Expired details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_need_password_change: summary: Need Password Change value: _errors: - - code: "E016" + - code: 'E016' message: The password needs to be changed. details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_403_panui_auth_unauthorized: summary: Unauthorized value: _errors: - - code: "E007" + - code: 'E007' message: Unauthorized details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_version_not_supported: summary: Version Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Version Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_method_not_supported: summary: Method Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Method Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_input_format_mismatch: summary: Input Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Input Format Mismatch: input-format=json' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_output_format_mismatch: summary: Output Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Output Format Mismatch: output-format=json Accept=xml' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_query_parameter: summary: Missing Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Missing Query Parameter: name' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_invalid_query_parameter: summary: Invalid Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Invalid Query Parameter: location=invalid' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_body: summary: Missing Body value: _errors: - - code: "E003" + - code: 'E003' message: Missing Body details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_405_panui_restapi_action_not_supported: summary: Action Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: 'Action Not Supported: move' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_bad_xpath: summary: Bad XPath value: _errors: - - code: "E013" + - code: 'E013' message: Bad XPath details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_404_panui_mgmt_object_not_present: summary: Object Not Present value: _errors: - - code: "E005" + - code: 'E005' message: Object Not Present details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_object_not_unique: summary: Object Not Unique value: _errors: - - code: "E016" + - code: 'E016' message: Object Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_name_not_unique: summary: Name Not Unique value: _errors: - - code: "E006" + - code: 'E006' message: Name Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_reference_not_zero: summary: Reference Not Zero value: _errors: - - code: "E009" + - code: 'E009' message: Reference Not Zero details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_object: summary: Invalid Object value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Object details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_command: summary: Invalid Command value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_malformed_command: summary: Malformed Command value: _errors: - - code: "E003" + - code: 'E003' message: Malformed Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_504_panui_mgmt_session_timeout: summary: Session Timeout value: @@ -577,7 +806,7 @@ components: - code: '4' message: Session Timeout details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' schemas: job_status: type: object @@ -592,7 +821,7 @@ components: type: string format: uuid description: Unique identifier for the job. - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: type: integer minimum: 0 @@ -607,7 +836,7 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' request: type: object description: The original request that initiated the job. @@ -618,7 +847,7 @@ components: command: type: string description: The command that was executed. - example: "show-advanced-routing-route" + example: 'show-advanced-routing-route' devices: type: array description: List of device serial numbers for which the command was executed. @@ -626,7 +855,7 @@ components: type: string pattern: '^[0-9]{14,15}$' example: - - "012345678901234" + - '012345678901234' results: type: array description: Array of results from each device. The structure of the result data varies based on the job type. @@ -645,7 +874,7 @@ components: type: string pattern: '^[0-9]{14,15}$' description: The serial number of the device. - example: "012345678901234" + example: '012345678901234' state: type: string description: The state of the job for this specific device. @@ -654,15 +883,15 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' created_ts: type: string description: Timestamp when the job was created. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' updated_ts: type: string description: Timestamp when the job was last updated. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' details: type: object description: Detailed results from the command execution. The structure varies based on the command type. @@ -673,7 +902,7 @@ components: msg: type: string description: Status message from the command execution. - example: "Command completed successfully." + example: 'Command completed successfully.' result: type: object description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. @@ -703,6 +932,62 @@ components: - type: object help: type: string + local_config_version: + type: object + required: + - id + - serial + - local_version + - timestamp + - xfmed_version + properties: + id: + type: integer + description: | + Unique identifier for this configuration version entry in the database. + example: 1 + serial: + type: string + description: | + Device serial number (14-15 digits). + + Identifies which device this configuration version belongs to. + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + local_version: + type: string + description: | + Local configuration version identifier. + + **Format:** Version string (typically semantic versioning) + **Purpose:** Identifies the original configuration version + example: '1.0.0' + timestamp: + type: string + format: date-time + description: | + When this configuration version was created or pushed to the device. + + **Format:** ISO 8601 date-time (UTC) + **Source:** Database `ts` field + example: '2025-01-15T10:30:00Z' + xfmed_version: + type: string + description: | + Transformed configuration version identifier. + + **Purpose:** Version identifier after transformation/processing + **Use Case:** Tracking configuration pipeline transformations + example: '1.0.0-transformed' + md5: + type: string + description: | + MD5 hash of the configuration (optional). + + **Note:** Currently not populated in responses + **Purpose:** Configuration integrity verification + example: 'abc123def456' + security: - scmToken: [] x-internal: false diff --git a/openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml b/openapi-specs/scm/config/cloudngfw/security/security-services-march-v1.1.yaml similarity index 99% rename from openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml rename to openapi-specs/scm/config/cloudngfw/security/security-services-march-v1.1.yaml index 7dc8927cd..a5dda92c7 100644 --- a/openapi-specs/scm/config/cloudngfw/security/security-services-march.yaml +++ b/openapi-specs/scm/config/cloudngfw/security/security-services-march-v1.1.yaml @@ -61,6 +61,8 @@ tags: description: WildFire Anti-Virus Profiles - name: Saas Tenant Restrictions description: Saas Tenant Restrictions + - name: Ssl Decryption Settings + description: Ssl Decrypt paths: /anti-spyware-profiles: get: @@ -701,7 +703,7 @@ paths: description: GET DataObjects operationId: getDataObjects parameters: - - $ref: '#/componepts/parameters/name' + - $ref: '#/components/parameters/name' - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' @@ -4196,7 +4198,6 @@ components: anti-spyware-signatures: type: object required: - - id - threat_id - threatname properties: @@ -4714,7 +4715,6 @@ components: decryption-exclusions: type: object required: - - id - name properties: id: diff --git a/openapi-specs/scm/config/sase/operations/operations.yaml b/openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml similarity index 61% rename from openapi-specs/scm/config/sase/operations/operations.yaml rename to openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml index c40f0607a..a771cf975 100644 --- a/openapi-specs/scm/config/sase/operations/operations.yaml +++ b/openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml @@ -3,7 +3,7 @@ info: version: 2.0.0 title: Operations and Troubleshooting description: | - These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' contact: email: support@paloaltonetworks.com @@ -22,6 +22,235 @@ tags: description: Job status and result retrieval for asynchronous operations paths: + /local-config/versions: + get: + tags: + - Device Operations + summary: List local configuration versions for a device + description: | + Retrieves the version history of local configurations for a specified device. + + **Purpose:** + - Track configuration changes pushed to devices + - View version history with timestamps + - Identify current and previous configuration versions + + operationId: getLocalConfigVersions + parameters: + - name: device + in: query + description: | + The serial number of the device for which to retrieve configuration versions. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + + responses: + '200': + description: | + Success - Returns array of local configuration versions. + + **Notes:** + - Empty array `[]` is returned if no versions exist + - Empty array `[]` is returned if device doesn't exist + - Versions typically ordered by timestamp + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/local_config_version' + examples: + with_versions: + summary: Device with configuration versions + value: + - id: 1 + serial: '007951000123456' + local_version: '1.0.0' + timestamp: '2025-01-15T10:30:00Z' + xfmed_version: '1.0.0-transformed' + - id: 2 + serial: '007951000123456' + local_version: '0.9.0' + timestamp: '2025-01-14T09:20:00Z' + xfmed_version: '0.9.0-transformed' + no_versions: + summary: Device with no versions (or non-existent device) + value: [] + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /local-config/download: + get: + tags: + - Device Operations + summary: Download local configuration file + description: | + Downloads a specific local configuration file for a device. + + **Purpose:** + - Retrieve the actual XML configuration file pushed to a device + - Download configuration for backup or review purposes + - Access specific configuration versions from history + + **Process:** + - Queries the database for the specified device and version + - Retrieves the base64-encoded configuration + - Decodes and returns it as an XML file download + - File is downloaded with name: `local-config-{device}-{version}.xml` + + operationId: downloadLocalConfig + parameters: + - name: device + in: query + description: | + The serial number of the device for which to download the configuration. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + - name: version + in: query + description: | + The configuration version ID to download. + + **Source:** Use the `id` field from `/local-config/versions` response + + **Example:** `1` + + **Required:** Yes + required: true + schema: + type: string + example: '1' + + responses: + '200': + description: | + Success - Configuration file downloaded successfully. + + **Response Type:** Binary file download (XML) + **Content-Type:** `application/octet-stream` + **Filename:** `local-config-{device}-{version}.xml` + headers: + Content-Disposition: + description: Attachment header specifying the downloaded filename + schema: + type: string + example: 'attachment; filename=local-config-007951000123456-1.xml' + Content-Type: + description: MIME type of the downloaded file + schema: + type: string + example: 'application/octet-stream' + content: + application/octet-stream: + schema: + type: string + format: binary + description: | + XML configuration file content. + + The file contains the device's local configuration in XML format, + retrieved from the database and decoded from base64 encoding. + '400': + description: | + Bad Request - Missing required query parameters. + + **Common Causes:** + - Missing `device` parameter + - Missing `version` parameter + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + missing_device: + summary: Missing device parameter + value: + error: 'device query parameter is required' + missing_version: + summary: Missing version parameter + value: + error: 'version query parameter is required' + '404': + description: | + Not Found - Configuration not found for the specified device and version. + + **Common Causes:** + - Invalid version ID for the device + - Device configuration has been deleted + - Database record doesn't exist + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: + error: 'configuration not found' + '500': + description: | + Internal Server Error - Database query error, parsing error, or decoding error. + + **Common Causes:** + - Database connectivity issues + - Invalid JSON response from database service + - Missing `local_cfg` field in database response + - Invalid base64 encoding in stored configuration + - Failed to decode base64 content + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + database_error: + summary: Database query error + value: + error: 'database query error' + parse_error: + summary: Failed to parse database response + value: + error: 'failed to parse response' + missing_field: + summary: Missing local_cfg field + value: + error: 'local_cfg field not found in response' + decode_error: + summary: Failed to decode configuration + value: + error: 'failed to decode configuration' + default: + $ref: '#/components/responses/default_errors' /route-table: get: summary: Retrieve route table from a device @@ -38,7 +267,7 @@ paths: schema: type: string pattern: '^[0-9]{14,15}$' - example: "007951000123456" + example: '007951000123456' responses: '200': description: | @@ -61,12 +290,12 @@ paths: - Use this ID with `GET /jobs/{job_id}` to poll for job completion - Job typically completes within 5-30 seconds - Job results will contain the routing table data from the device - example: "550e8400-e29b-41d4-a716-446655440000" + example: '550e8400-e29b-41d4-a716-446655440000' examples: success: summary: Successful job creation value: - job_id: "550e8400-e29b-41d4-a716-446655440000" + job_id: '550e8400-e29b-41d4-a716-446655440000' '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -94,7 +323,7 @@ paths: schema: type: string format: uuid - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' responses: '200': description: | @@ -108,50 +337,50 @@ paths: complete_routing_job: summary: Completed routing table job value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 100 - state: "complete" + state: 'complete' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: - - device: "012345678901234" - state: "complete" - created_ts: "2026-03-02 19:00:04" - updated_ts: "2026-03-02 19:00:04" + - device: '012345678901234' + state: 'complete' + created_ts: '2026-03-02 19:00:04' + updated_ts: '2026-03-02 19:00:04' details: - msg: "Command completed successfully." + msg: 'Command completed successfully.' result: router_global: - "3.3.3.3/32": - - prefix: "3.3.3.3/32" + '3.3.3.3/32': + - prefix: '3.3.3.3/32' prefixLen: 32 - protocol: "connected" + protocol: 'connected' distance: 0 metric: 0 installed: true selected: true destSelected: true - uptime: "06w0d07h" + uptime: '06w0d07h' nexthopGroupId: 6 nexthops: - - interfaceName: "vlan.1" + - interfaceName: 'vlan.1' interfaceIndex: 256 active: true fib: true directlyConnected: true - flags: "A " + flags: 'A ' in_progress_job: summary: Job in progress value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 50 - state: "in_progress" + state: 'in_progress' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: [] '401': $ref: '#/components/responses/auth_errors' @@ -174,7 +403,7 @@ components: Tenant Service Group (TSG) ID. The resulting JWT access token should be attached to all API calls as a `Bearer` token in the `Authorization` header (ex. `Authorization: Bearer tokenstring`). - flows: + flows: clientCredentials: tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token scopes: {} @@ -398,178 +627,178 @@ components: summary: Not Authenticated value: _errors: - - code: "E016" + - code: 'E016' message: Not Authenticated details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_invalid_credential: summary: Invalid Credential value: _errors: - - code: "E016" + - code: 'E016' message: Invalid Credential details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_too_long: summary: Key Too Long value: _errors: - - code: "E016" + - code: 'E016' message: Key Too Long details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_expired: summary: Key Expired value: _errors: - - code: "E016" + - code: 'E016' message: Key Expired details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_need_password_change: summary: Need Password Change value: _errors: - - code: "E016" + - code: 'E016' message: The password needs to be changed. details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_403_panui_auth_unauthorized: summary: Unauthorized value: _errors: - - code: "E007" + - code: 'E007' message: Unauthorized details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_version_not_supported: summary: Version Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Version Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_method_not_supported: summary: Method Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Method Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_input_format_mismatch: summary: Input Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Input Format Mismatch: input-format=json' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_output_format_mismatch: summary: Output Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Output Format Mismatch: output-format=json Accept=xml' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_query_parameter: summary: Missing Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Missing Query Parameter: name' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_invalid_query_parameter: summary: Invalid Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Invalid Query Parameter: location=invalid' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_body: summary: Missing Body value: _errors: - - code: "E003" + - code: 'E003' message: Missing Body details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_405_panui_restapi_action_not_supported: summary: Action Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: 'Action Not Supported: move' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_bad_xpath: summary: Bad XPath value: _errors: - - code: "E013" + - code: 'E013' message: Bad XPath details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_404_panui_mgmt_object_not_present: summary: Object Not Present value: _errors: - - code: "E005" + - code: 'E005' message: Object Not Present details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_object_not_unique: summary: Object Not Unique value: _errors: - - code: "E016" + - code: 'E016' message: Object Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_name_not_unique: summary: Name Not Unique value: _errors: - - code: "E006" + - code: 'E006' message: Name Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_reference_not_zero: summary: Reference Not Zero value: _errors: - - code: "E009" + - code: 'E009' message: Reference Not Zero details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_object: summary: Invalid Object value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Object details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_command: summary: Invalid Command value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_malformed_command: summary: Malformed Command value: _errors: - - code: "E003" + - code: 'E003' message: Malformed Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_504_panui_mgmt_session_timeout: summary: Session Timeout value: @@ -577,7 +806,7 @@ components: - code: '4' message: Session Timeout details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' schemas: job_status: type: object @@ -592,7 +821,7 @@ components: type: string format: uuid description: Unique identifier for the job. - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: type: integer minimum: 0 @@ -607,7 +836,7 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' request: type: object description: The original request that initiated the job. @@ -618,7 +847,7 @@ components: command: type: string description: The command that was executed. - example: "show-advanced-routing-route" + example: 'show-advanced-routing-route' devices: type: array description: List of device serial numbers for which the command was executed. @@ -626,7 +855,7 @@ components: type: string pattern: '^[0-9]{14,15}$' example: - - "012345678901234" + - '012345678901234' results: type: array description: Array of results from each device. The structure of the result data varies based on the job type. @@ -645,7 +874,7 @@ components: type: string pattern: '^[0-9]{14,15}$' description: The serial number of the device. - example: "012345678901234" + example: '012345678901234' state: type: string description: The state of the job for this specific device. @@ -654,15 +883,15 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' created_ts: type: string description: Timestamp when the job was created. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' updated_ts: type: string description: Timestamp when the job was last updated. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' details: type: object description: Detailed results from the command execution. The structure varies based on the command type. @@ -673,7 +902,7 @@ components: msg: type: string description: Status message from the command execution. - example: "Command completed successfully." + example: 'Command completed successfully.' result: type: object description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. @@ -703,6 +932,62 @@ components: - type: object help: type: string + local_config_version: + type: object + required: + - id + - serial + - local_version + - timestamp + - xfmed_version + properties: + id: + type: integer + description: | + Unique identifier for this configuration version entry in the database. + example: 1 + serial: + type: string + description: | + Device serial number (14-15 digits). + + Identifies which device this configuration version belongs to. + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + local_version: + type: string + description: | + Local configuration version identifier. + + **Format:** Version string (typically semantic versioning) + **Purpose:** Identifies the original configuration version + example: '1.0.0' + timestamp: + type: string + format: date-time + description: | + When this configuration version was created or pushed to the device. + + **Format:** ISO 8601 date-time (UTC) + **Source:** Database `ts` field + example: '2025-01-15T10:30:00Z' + xfmed_version: + type: string + description: | + Transformed configuration version identifier. + + **Purpose:** Version identifier after transformation/processing + **Use Case:** Tracking configuration pipeline transformations + example: '1.0.0-transformed' + md5: + type: string + description: | + MD5 hash of the configuration (optional). + + **Note:** Currently not populated in responses + **Purpose:** Configuration integrity verification + example: 'abc123def456' + security: - scmToken: [] x-internal: false diff --git a/openapi-specs/scm/config/ngfw/security/security-services-march.yaml b/openapi-specs/scm/config/ngfw/security/security-services-march-v1.1.yaml similarity index 99% rename from openapi-specs/scm/config/ngfw/security/security-services-march.yaml rename to openapi-specs/scm/config/ngfw/security/security-services-march-v1.1.yaml index 7dc8927cd..a5dda92c7 100644 --- a/openapi-specs/scm/config/ngfw/security/security-services-march.yaml +++ b/openapi-specs/scm/config/ngfw/security/security-services-march-v1.1.yaml @@ -61,6 +61,8 @@ tags: description: WildFire Anti-Virus Profiles - name: Saas Tenant Restrictions description: Saas Tenant Restrictions + - name: Ssl Decryption Settings + description: Ssl Decrypt paths: /anti-spyware-profiles: get: @@ -701,7 +703,7 @@ paths: description: GET DataObjects operationId: getDataObjects parameters: - - $ref: '#/componepts/parameters/name' + - $ref: '#/components/parameters/name' - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' @@ -4196,7 +4198,6 @@ components: anti-spyware-signatures: type: object required: - - id - threat_id - threatname properties: @@ -4714,7 +4715,6 @@ components: decryption-exclusions: type: object required: - - id - name properties: id: diff --git a/openapi-specs/scm/config/ngfw/operations/operations.yaml b/openapi-specs/scm/config/sase/operations/operations _v1.1.yaml similarity index 61% rename from openapi-specs/scm/config/ngfw/operations/operations.yaml rename to openapi-specs/scm/config/sase/operations/operations _v1.1.yaml index c40f0607a..a771cf975 100644 --- a/openapi-specs/scm/config/ngfw/operations/operations.yaml +++ b/openapi-specs/scm/config/sase/operations/operations _v1.1.yaml @@ -3,7 +3,7 @@ info: version: 2.0.0 title: Operations and Troubleshooting description: | - These APIs can be used to retrieve operational data on your devices, for troubleshooting purposes. + These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' contact: email: support@paloaltonetworks.com @@ -22,6 +22,235 @@ tags: description: Job status and result retrieval for asynchronous operations paths: + /local-config/versions: + get: + tags: + - Device Operations + summary: List local configuration versions for a device + description: | + Retrieves the version history of local configurations for a specified device. + + **Purpose:** + - Track configuration changes pushed to devices + - View version history with timestamps + - Identify current and previous configuration versions + + operationId: getLocalConfigVersions + parameters: + - name: device + in: query + description: | + The serial number of the device for which to retrieve configuration versions. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + + responses: + '200': + description: | + Success - Returns array of local configuration versions. + + **Notes:** + - Empty array `[]` is returned if no versions exist + - Empty array `[]` is returned if device doesn't exist + - Versions typically ordered by timestamp + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/local_config_version' + examples: + with_versions: + summary: Device with configuration versions + value: + - id: 1 + serial: '007951000123456' + local_version: '1.0.0' + timestamp: '2025-01-15T10:30:00Z' + xfmed_version: '1.0.0-transformed' + - id: 2 + serial: '007951000123456' + local_version: '0.9.0' + timestamp: '2025-01-14T09:20:00Z' + xfmed_version: '0.9.0-transformed' + no_versions: + summary: Device with no versions (or non-existent device) + value: [] + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /local-config/download: + get: + tags: + - Device Operations + summary: Download local configuration file + description: | + Downloads a specific local configuration file for a device. + + **Purpose:** + - Retrieve the actual XML configuration file pushed to a device + - Download configuration for backup or review purposes + - Access specific configuration versions from history + + **Process:** + - Queries the database for the specified device and version + - Retrieves the base64-encoded configuration + - Decodes and returns it as an XML file download + - File is downloaded with name: `local-config-{device}-{version}.xml` + + operationId: downloadLocalConfig + parameters: + - name: device + in: query + description: | + The serial number of the device for which to download the configuration. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + - name: version + in: query + description: | + The configuration version ID to download. + + **Source:** Use the `id` field from `/local-config/versions` response + + **Example:** `1` + + **Required:** Yes + required: true + schema: + type: string + example: '1' + + responses: + '200': + description: | + Success - Configuration file downloaded successfully. + + **Response Type:** Binary file download (XML) + **Content-Type:** `application/octet-stream` + **Filename:** `local-config-{device}-{version}.xml` + headers: + Content-Disposition: + description: Attachment header specifying the downloaded filename + schema: + type: string + example: 'attachment; filename=local-config-007951000123456-1.xml' + Content-Type: + description: MIME type of the downloaded file + schema: + type: string + example: 'application/octet-stream' + content: + application/octet-stream: + schema: + type: string + format: binary + description: | + XML configuration file content. + + The file contains the device's local configuration in XML format, + retrieved from the database and decoded from base64 encoding. + '400': + description: | + Bad Request - Missing required query parameters. + + **Common Causes:** + - Missing `device` parameter + - Missing `version` parameter + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + missing_device: + summary: Missing device parameter + value: + error: 'device query parameter is required' + missing_version: + summary: Missing version parameter + value: + error: 'version query parameter is required' + '404': + description: | + Not Found - Configuration not found for the specified device and version. + + **Common Causes:** + - Invalid version ID for the device + - Device configuration has been deleted + - Database record doesn't exist + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: + error: 'configuration not found' + '500': + description: | + Internal Server Error - Database query error, parsing error, or decoding error. + + **Common Causes:** + - Database connectivity issues + - Invalid JSON response from database service + - Missing `local_cfg` field in database response + - Invalid base64 encoding in stored configuration + - Failed to decode base64 content + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + database_error: + summary: Database query error + value: + error: 'database query error' + parse_error: + summary: Failed to parse database response + value: + error: 'failed to parse response' + missing_field: + summary: Missing local_cfg field + value: + error: 'local_cfg field not found in response' + decode_error: + summary: Failed to decode configuration + value: + error: 'failed to decode configuration' + default: + $ref: '#/components/responses/default_errors' /route-table: get: summary: Retrieve route table from a device @@ -38,7 +267,7 @@ paths: schema: type: string pattern: '^[0-9]{14,15}$' - example: "007951000123456" + example: '007951000123456' responses: '200': description: | @@ -61,12 +290,12 @@ paths: - Use this ID with `GET /jobs/{job_id}` to poll for job completion - Job typically completes within 5-30 seconds - Job results will contain the routing table data from the device - example: "550e8400-e29b-41d4-a716-446655440000" + example: '550e8400-e29b-41d4-a716-446655440000' examples: success: summary: Successful job creation value: - job_id: "550e8400-e29b-41d4-a716-446655440000" + job_id: '550e8400-e29b-41d4-a716-446655440000' '400': $ref: '#/components/responses/bad_request_errors_basic' '401': @@ -94,7 +323,7 @@ paths: schema: type: string format: uuid - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' responses: '200': description: | @@ -108,50 +337,50 @@ paths: complete_routing_job: summary: Completed routing table job value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 100 - state: "complete" + state: 'complete' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: - - device: "012345678901234" - state: "complete" - created_ts: "2026-03-02 19:00:04" - updated_ts: "2026-03-02 19:00:04" + - device: '012345678901234' + state: 'complete' + created_ts: '2026-03-02 19:00:04' + updated_ts: '2026-03-02 19:00:04' details: - msg: "Command completed successfully." + msg: 'Command completed successfully.' result: router_global: - "3.3.3.3/32": - - prefix: "3.3.3.3/32" + '3.3.3.3/32': + - prefix: '3.3.3.3/32' prefixLen: 32 - protocol: "connected" + protocol: 'connected' distance: 0 metric: 0 installed: true selected: true destSelected: true - uptime: "06w0d07h" + uptime: '06w0d07h' nexthopGroupId: 6 nexthops: - - interfaceName: "vlan.1" + - interfaceName: 'vlan.1' interfaceIndex: 256 active: true fib: true directlyConnected: true - flags: "A " + flags: 'A ' in_progress_job: summary: Job in progress value: - jobId: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: 50 - state: "in_progress" + state: 'in_progress' request: - command: "show-advanced-routing-route" + command: 'show-advanced-routing-route' devices: - - "012345678901234" + - '012345678901234' results: [] '401': $ref: '#/components/responses/auth_errors' @@ -174,7 +403,7 @@ components: Tenant Service Group (TSG) ID. The resulting JWT access token should be attached to all API calls as a `Bearer` token in the `Authorization` header (ex. `Authorization: Bearer tokenstring`). - flows: + flows: clientCredentials: tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token scopes: {} @@ -398,178 +627,178 @@ components: summary: Not Authenticated value: _errors: - - code: "E016" + - code: 'E016' message: Not Authenticated details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_invalid_credential: summary: Invalid Credential value: _errors: - - code: "E016" + - code: 'E016' message: Invalid Credential details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_too_long: summary: Key Too Long value: _errors: - - code: "E016" + - code: 'E016' message: Key Too Long details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_key_expired: summary: Key Expired value: _errors: - - code: "E016" + - code: 'E016' message: Key Expired details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_401_panui_auth_need_password_change: summary: Need Password Change value: _errors: - - code: "E016" + - code: 'E016' message: The password needs to be changed. details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_403_panui_auth_unauthorized: summary: Unauthorized value: _errors: - - code: "E007" + - code: 'E007' message: Unauthorized details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_version_not_supported: summary: Version Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Version Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_501_panui_restapi_method_not_supported: summary: Method Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: Method Not Supported details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_input_format_mismatch: summary: Input Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Input Format Mismatch: input-format=json' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_output_format_mismatch: summary: Output Format Mismatch value: _errors: - - code: "E003" + - code: 'E003' message: 'Output Format Mismatch: output-format=json Accept=xml' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_query_parameter: summary: Missing Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Missing Query Parameter: name' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_invalid_query_parameter: summary: Invalid Query Parameter value: _errors: - - code: "E003" + - code: 'E003' message: 'Invalid Query Parameter: location=invalid' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_restapi_missing_body: summary: Missing Body value: _errors: - - code: "E003" + - code: 'E003' message: Missing Body details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_405_panui_restapi_action_not_supported: summary: Action Not Supported value: _errors: - - code: "E012" + - code: 'E012' message: 'Action Not Supported: move' details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_bad_xpath: summary: Bad XPath value: _errors: - - code: "E013" + - code: 'E013' message: Bad XPath details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_404_panui_mgmt_object_not_present: summary: Object Not Present value: _errors: - - code: "E005" + - code: 'E005' message: Object Not Present details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_object_not_unique: summary: Object Not Unique value: _errors: - - code: "E016" + - code: 'E016' message: Object Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_name_not_unique: summary: Name Not Unique value: _errors: - - code: "E006" + - code: 'E006' message: Name Not Unique details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_409_panui_mgmt_reference_not_zero: summary: Reference Not Zero value: _errors: - - code: "E009" + - code: 'E009' message: Reference Not Zero details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_object: summary: Invalid Object value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Object details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_invalid_command: summary: Invalid Command value: _errors: - - code: "E003" + - code: 'E003' message: Invalid Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_400_panui_mgmt_malformed_command: summary: Malformed Command value: _errors: - - code: "E003" + - code: 'E003' message: Malformed Command details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' json_504_panui_mgmt_session_timeout: summary: Session Timeout value: @@ -577,7 +806,7 @@ components: - code: '4' message: Session Timeout details: {} - _request_id: "abcd-1234" + _request_id: 'abcd-1234' schemas: job_status: type: object @@ -592,7 +821,7 @@ components: type: string format: uuid description: Unique identifier for the job. - example: "ce727d2e-f22b-4c0b-824f-37aa2a4ca360" + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' progress: type: integer minimum: 0 @@ -607,7 +836,7 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' request: type: object description: The original request that initiated the job. @@ -618,7 +847,7 @@ components: command: type: string description: The command that was executed. - example: "show-advanced-routing-route" + example: 'show-advanced-routing-route' devices: type: array description: List of device serial numbers for which the command was executed. @@ -626,7 +855,7 @@ components: type: string pattern: '^[0-9]{14,15}$' example: - - "012345678901234" + - '012345678901234' results: type: array description: Array of results from each device. The structure of the result data varies based on the job type. @@ -645,7 +874,7 @@ components: type: string pattern: '^[0-9]{14,15}$' description: The serial number of the device. - example: "012345678901234" + example: '012345678901234' state: type: string description: The state of the job for this specific device. @@ -654,15 +883,15 @@ components: - in_progress - complete - failed - example: "complete" + example: 'complete' created_ts: type: string description: Timestamp when the job was created. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' updated_ts: type: string description: Timestamp when the job was last updated. - example: "2026-03-02 19:00:04" + example: '2026-03-02 19:00:04' details: type: object description: Detailed results from the command execution. The structure varies based on the command type. @@ -673,7 +902,7 @@ components: msg: type: string description: Status message from the command execution. - example: "Command completed successfully." + example: 'Command completed successfully.' result: type: object description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. @@ -703,6 +932,62 @@ components: - type: object help: type: string + local_config_version: + type: object + required: + - id + - serial + - local_version + - timestamp + - xfmed_version + properties: + id: + type: integer + description: | + Unique identifier for this configuration version entry in the database. + example: 1 + serial: + type: string + description: | + Device serial number (14-15 digits). + + Identifies which device this configuration version belongs to. + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + local_version: + type: string + description: | + Local configuration version identifier. + + **Format:** Version string (typically semantic versioning) + **Purpose:** Identifies the original configuration version + example: '1.0.0' + timestamp: + type: string + format: date-time + description: | + When this configuration version was created or pushed to the device. + + **Format:** ISO 8601 date-time (UTC) + **Source:** Database `ts` field + example: '2025-01-15T10:30:00Z' + xfmed_version: + type: string + description: | + Transformed configuration version identifier. + + **Purpose:** Version identifier after transformation/processing + **Use Case:** Tracking configuration pipeline transformations + example: '1.0.0-transformed' + md5: + type: string + description: | + MD5 hash of the configuration (optional). + + **Note:** Currently not populated in responses + **Purpose:** Configuration integrity verification + example: 'abc123def456' + security: - scmToken: [] x-internal: false diff --git a/openapi-specs/scm/config/sase/security/security-services-march-v1.1.yaml b/openapi-specs/scm/config/sase/security/security-services-march-v1.1.yaml new file mode 100644 index 000000000..a5dda92c7 --- /dev/null +++ b/openapi-specs/scm/config/sase/security/security-services-march-v1.1.yaml @@ -0,0 +1,7741 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Security Services + description: These APIs are used for defining and managing security services configurations within Strata Cloud Manager. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/config/security/v1' + description: Current + - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' + description: Legacy +tags: + - name: Anti-Spyware Profiles + description: Anti-Spyware Profiles + - name: Anti-Spyware Signatures + description: Anti-Spyware Signatures + - name: Application Override Rules + description: Application Override Rules + - name: DataFiltering + description: DataFiltering + - name: DataObjects + description: DataObjects + - name: Decryption Exclusions + description: Decryption Exclusions + - name: Decryption Profiles + description: Decryption Profiles + - name: Decryption Rules + description: Decryption Rules + - name: DNS Security Profiles + description: DNS Security Profiles + - name: DoS Protection Profiles + description: DoS Protection Profiles + - name: DoS Protection Rules + description: DoS Protection Rules + - name: File Blocking Profiles + description: File Blocking Profiles + - name: HTTP Header Profiles + description: HTTP Header Profiles + - name: Profile Groups + description: Profile Groups + - name: Security Rules + description: Security Rules + - name: URL Access Profiles + description: URL Access Profiles + - name: URL Categories + description: URL Categories + - name: URL Filtering Categories + description: Predefined URL categories + - name: Vulnerability Protection Profiles + description: Vulnerability Protection Profiles + - name: Vulnerability Protection Signatures + description: Vulnerability Protection Signatures + - name: WildFire Anti-Virus Profiles + description: WildFire Anti-Virus Profiles + - name: Saas Tenant Restrictions + description: Saas Tenant Restrictions + - name: Ssl Decryption Settings + description: Ssl Decrypt +paths: + /anti-spyware-profiles: + get: + tags: + - Anti-Spyware Profiles + summary: List anti-spyware profiles + description: | + Retrieve a list of anti-spyware profiles. + operationId: ListAntiSpywareProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/anti-spyware-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Anti-Spyware Profiles + summary: Create an anti-spyware profile + description: | + Create a new anti-spyware profile. + operationId: CreateAntiSpywareProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/anti-spyware-profiles/{id}': + get: + tags: + - Anti-Spyware Profiles + summary: Get an anti-spyware profile + description: | + Get an existing anti-spyware profile. + operationId: GetAntiSpywareProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Anti-Spyware Profiles + summary: Update an anti-spyware profile + description: | + Update an existing anti-spyware profile. + operationId: UpdateAntiSpywareProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Anti-Spyware Profiles + summary: Delete an anti-spyware profile + description: | + Delete an anti-spyware profile. + operationId: DeleteAntiSpywareProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /anti-spyware-signatures: + get: + tags: + - Anti-Spyware Signatures + summary: List anti-spyware signatures + description: | + Retrieve a list of anti-spyware signatures. + operationId: ListAntiSpywareSignatures + parameters: + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/anti-spyware-signatures' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Anti-Spyware Signatures + summary: Create an anti-spyware signature + description: | + Create a new anti-spyware signature. + operationId: CreateAntiSpywareSignatures + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-signatures' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/anti-spyware-signatures/{id}': + get: + tags: + - Anti-Spyware Signatures + summary: Get an anti-spyware signature + description: | + Get an existing anti-spyware signature. + operationId: GetAntiSpywareSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Anti-Spyware Signatures + summary: Update an anti-spyware signature + description: | + Update an existing anti-spyware signature. + operationId: UpdateAntiSpywareSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-signatures' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/anti-spyware-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Anti-Spyware Signatures + summary: Delete an anti-spyware signature + description: | + Delete an anti-spyware signature. + operationId: DeleteAntiSpywareSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /app-override-rules: + get: + tags: + - Application Override Rules + summary: List application override rules + description: | + Retrieve a list of application override rules. + operationId: ListApplicationOverrideRules + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/position' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/app-override-rules' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Application Override Rules + summary: Create an application override rule + description: | + Create a new application override rule. + operationId: CreateApplicationOverrideRules + parameters: + - $ref: '#/components/parameters/position' + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/app-override-rules' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/app-override-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/app-override-rules/{id}': + get: + tags: + - Application Override Rules + summary: Get an application override rule + description: | + Get an existing application override rule. + operationId: GetApplicationOverrideRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/app-override-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Application Override Rules + summary: Update an application override rule + description: | + Update an existing application override rule. + operationId: UpdateApplicationOverrideRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/app-override-rules' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/app-override-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Application Override Rules + summary: Delete an application override rule + description: | + Delete an application override rule. + operationId: DeleteApplicationOverrideRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/app-override-rules/{id}:move': + post: + tags: + - Application Override Rules + summary: Move an application override rule + description: | + Move an existing application override rule. + operationId: MoveApplicationOverrideRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: The app override rule you want to move + content: + application/json: + schema: + $ref: '#/components/schemas/rule-based-move' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /data-filtering-profiles: + get: + tags: + - DataFiltering + summary: GET DataFiltering + description: GET DataFiltering + operationId: getDataFiltering + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + post: + tags: + - DataFiltering + summary: POST DataFiltering + description: POST DataFiltering + operationId: postDataFiltering + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + put: + tags: + - DataFiltering + summary: PUT DataFiltering + description: PUT DataFiltering + operationId: putDataFiltering + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + '/data-filtering-profiles/{id}': + get: + tags: + - DataFiltering + summary: GET DataFiltering by ID + description: GET DataFiltering by ID + operationId: getDataFilteringById + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + put: + tags: + - DataFiltering + summary: PUT DataFiltering by ID + description: PUT DataFiltering by ID + operationId: putDataFilteringById + parameters: + - name: id + in: path + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + delete: + tags: + - DataFiltering + summary: DELETE DataFiltering by ID + description: DELETE DataFiltering by ID + operationId: deleteDataFilteringById + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-filtering' + /data-objects: + get: + tags: + - DataObjects + summary: GET DataObjects + description: GET DataObjects + operationId: getDataObjects + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + post: + tags: + - DataObjects + summary: POST DataObjects + description: POST DataObjects + operationId: postDataObjects + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + put: + tags: + - DataObjects + summary: PUT DataObjects + description: PUT DataObjects + operationId: putDataObjects + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + '/data-objects/{id}': + get: + tags: + - DataObjects + summary: GET DataObjects by ID + description: GET DataObjects by ID + operationId: getDataObjectsById + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + put: + tags: + - DataObjects + summary: PUT DataObjects by ID + description: PUT DataObjects by ID + operationId: putDataObjectsById + parameters: + - name: id + in: path + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + delete: + tags: + - DataObjects + summary: DELETE DataObjects by ID + description: DELETE DataObjects by ID + operationId: deleteDataObjectsById + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/data-objects' + /decryption-exclusions: + get: + tags: + - Decryption Exclusions + summary: List decryption exclusions + description: | + Retrieve a list of decryption exclusions. + operationId: ListDecryptionExclusions + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/decryption-exclusions' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Decryption Exclusions + summary: Create a decryption exclusion + description: | + Create a new decryption exclusion. + operationId: CreateDecryptionExclusions + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-exclusions' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-exclusions' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/decryption-exclusions/{id}': + get: + tags: + - Decryption Exclusions + summary: Get a decryption exclusion + description: | + Get an existing decryption exclusion. + operationId: GetDecryptionExclusionsByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-exclusions' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Decryption Exclusions + summary: Update a decryption exclusion + description: | + Update an existing decryption exclusion. + operationId: UpdateDecryptionExclusionsByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-exclusions' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-exclusions' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Decryption Exclusions + summary: Delete a decryption exclusion + description: | + Delete a decryption exclusion. + operationId: DeleteDecryptionExclusionsByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /decryption-profiles: + get: + tags: + - Decryption Profiles + summary: List decryption profiles + description: | + Retrieve a list of decryption profiles. + operationId: ListDecryptionProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/decryption-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Decryption Profiles + summary: Create a decryption profile + description: | + Create a new decryption profile. + operationId: CreateDecryptionProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/decryption-profiles/{id}': + get: + tags: + - Decryption Profiles + summary: Get a decryption profile + description: | + Get an existing decryption profile. + operationId: GetDecryptionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Decryption Profiles + summary: Update a decryption profile + description: | + Update an existing decryption profile. + operationId: UpdateDecryptionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Decryption Profiles + summary: Delete a decryption profile + description: | + Delete a decryption profile. + operationId: DeleteDecryptionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /decryption-rules: + get: + tags: + - Decryption Rules + summary: List decryption rules + description: | + Retrieve a list of decryption rules. + operationId: ListDecryptionRules + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/position' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/decryption-rules' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Decryption Rules + summary: Create a decryption rule + description: | + Create a new decryption rule. + operationId: CreateDecryptionRules + parameters: + - $ref: '#/components/parameters/position' + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-rules' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/decryption-rules/{id}': + get: + tags: + - Decryption Rules + summary: Get a decryption rule + description: | + Get an existing decryption rule. + operationId: GetDecryptionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Decryption Rules + summary: Update a decryption rule + description: | + Update an existing decryption rule. + operationId: UpdateDecryptionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-rules' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/decryption-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Decryption Rules + summary: Delete a decryption rule + description: | + Delete a decryption rule. + operationId: DeleteDecryptionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/decryption-rules/{id}:move': + post: + tags: + - Decryption Rules + summary: Move a decryption rule + description: | + Move an existing decryption rule. + operationId: MoveDecryptionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/rule-based-move' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /ssl-decryption-settings: + get: + tags: + - Ssl Decryption Settings + summary: GET Ssl Decryption Settings + description: GET Ssl Decryption Settings + operationId: getSslDecryptionSettings + parameters: + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Ssl Decryption Settings + summary: POST Ssl Decryption Settings + description: POST Ssl Decryption Settings + operationId: postSslDecryptionSettings + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Ssl Decryption Settings + summary: PUT Ssl Decryption Settings + description: PUT Ssl Decryption Settings + operationId: putSslDecryptionSettings + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings-get-put' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Ssl Decryption Settings + summary: DELETE Ssl Decryption Settings + description: DELETE Ssl Decryption Settings + operationId: deleteSslDecryptionSettings + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/ssl-decryption-settings' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /dns-security-profiles: + get: + tags: + - DNS Security Profiles + summary: List DNS security profiles + description: | + Retrieve a list of DNS security profiles. + operationId: ListDNSSecurityProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/dns-security-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - DNS Security Profiles + summary: Create a DNS security profile + description: | + Create a new DNS security profile. + operationId: CreateDNSSecurityProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/dns-security-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dns-security-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/dns-security-profiles/{id}': + get: + tags: + - DNS Security Profiles + summary: Get a DNS security profile + description: | + Get an existing DNS security profile. + operationId: GetDNSSecurityProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dns-security-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - DNS Security Profiles + summary: Update a DNS security profile + description: | + Update an existing DNS security profile. + operationId: UpdateDNSSecurityProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dns-security-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dns-security-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - DNS Security Profiles + summary: Delete a DNS security profile + description: | + Delete a DNS security profile. + operationId: DeleteDNSSecurityProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /dos-protection-profiles: + get: + tags: + - DoS Protection Profiles + summary: List DoS protection profiles + description: | + Retrieve a list of DoS protection profiles. + operationId: ListDoSProtectionProfiles + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/dos-protection-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - DoS Protection Profiles + summary: Create a DoS protection profile + description: | + Create a new DoS protection profile. + operationId: CreateDoSProtectionProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/dos-protection-profiles/{id}': + get: + tags: + - DoS Protection Profiles + summary: Get a DoS protection profile + description: | + Get an existing DoS protection profile. + operationId: GetDoSProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - DoS Protection Profiles + summary: Update a DoS protection profile + description: | + Update an existing DoS protection profile. + operationId: UpdateDoSProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - DoS Protection Profiles + summary: Delete a DoS protection profile + description: | + Delete a DoS protection profile. + operationId: DeleteDoSProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /dos-protection-rules: + get: + tags: + - DoS Protection Rules + summary: List DoS protection rules + description: | + Retrieve a list of DoS protection rules. + operationId: ListDoSProtectionRules + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/dos-protection-rules' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - DoS Protection Rules + summary: Create a DoS protection rule + description: | + Create a new DoS protection rule. + operationId: CreateDoSProtectionRules + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-rules' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/dos-protection-rules/{id}': + get: + tags: + - DoS Protection Rules + summary: Get a DoS protection rule + description: | + Get an existing DoS protection rule. + operationId: GetDoSProtectionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - DoS Protection Rules + summary: Update a DoS protection rule + description: | + Update an existing DoS protection rule. + operationId: UpdateDoSProtectionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-rules' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/dos-protection-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - DoS Protection Rules + summary: Delete a DoS protection rule + description: | + Delete a DoS protection rule. + operationId: DeleteDoSProtectionRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /file-blocking-profiles: + get: + tags: + - File Blocking Profiles + summary: List file blocking profiles + description: | + Retrieve a list of file blocking profiles. + operationId: ListFileBlockingProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/file-blocking-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - File Blocking Profiles + summary: Create a file blocking profiles + description: | + Create a new file blocking profile. + operationId: CreateFileBlockingProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/file-blocking-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/file-blocking-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/file-blocking-profiles/{id}': + get: + tags: + - File Blocking Profiles + summary: Get a file blocking profile + description: | + Get an existing file blocking profile. + operationId: GetFileBlockingProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/file-blocking-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - File Blocking Profiles + summary: Update a file blocking profile + description: | + Update a file blocking profile. + operationId: UpdateFileBlockingProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/file-blocking-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/file-blocking-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - File Blocking Profiles + summary: Delete a file blocking profile + description: | + Delete a file blocking profile. + operationId: DeleteFileBlockingProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /http-header-profiles: + get: + tags: + - HTTP Header Profiles + summary: List HTTP header profiles + description: | + Retrieve a list of HTTP header profiles. + operationId: ListHTTPHeaderProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/http-header-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - HTTP Header Profiles + summary: Create an HTTP header profile + description: | + Create a new HTTP header profiles. + operationId: CreateHTTPHeaderProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/http-header-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/http-header-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/http-header-profiles/{id}': + get: + tags: + - HTTP Header Profiles + summary: Get an HTTP header profile + description: | + Get an existing HTTP header profile. + operationId: GetHTTPHeaderProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/http-header-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - HTTP Header Profiles + summary: Update an HTTP header profile + description: | + Update an existing HTTP header profile. + operationId: UpdateHTTPHeaderProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/http-header-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/http-header-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - HTTP Header Profiles + summary: Delete an HTTP header profile + description: | + Delete an HTTP header profile. + operationId: DeleteHTTPHeaderProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /profile-groups: + get: + tags: + - Profile Groups + summary: List profile groups + description: | + Retrieve a list of profile groups. + operationId: ListProfileGroups + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/profile-groups' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Profile Groups + summary: Create a profile group + description: | + Create a new profile group. + operationId: CreateProfileGroups + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/profile-groups' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/profile-groups' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/profile-groups/{id}': + get: + tags: + - Profile Groups + summary: Get a profile group + description: | + Get an existing profile group. + operationId: GetProfileGroupsByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/profile-groups' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Profile Groups + summary: Update a profile group + description: | + Update an existing profile group. + operationId: UpdateProfileGroupsByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/profile-groups' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/profile-groups' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Profile Groups + summary: Delete a profile group + description: | + Delete a profile group. + operationId: DeleteProfileGroupsByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /security-rules: + get: + tags: + - Security Rules + summary: List security rules + description: | + Retrieve a list of security rules. + operationId: ListRules + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/position' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityRuleListResponse' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Security Rules + summary: Create a security rule + description: | + Create a new security rule. + operationId: CreateSecurityRules + parameters: + - $ref: '#/components/parameters/position' + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/security-rules' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/security-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/security-rules/{id}': + get: + tags: + - Security Rules + summary: Get a security rule + description: | + Get an existing security rule. + operationId: GetSecurityRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/security-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Security Rules + summary: Update a security rule + description: | + Update an existing security rule. + operationId: UpdateSecurityRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/security-rules' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/security-rules' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Security Rules + summary: Delete a security rule + description: | + Delete a security rule. + operationId: DeleteSecurityRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/security-rules/{id}:move': + post: + tags: + - Security Rules + summary: Move a security rule + description: | + Move an existing security rule. + operationId: MoveSecurityRulesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/rule-based-move' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /url-access-profiles: + get: + tags: + - URL Access Profiles + summary: List URL access profiles + description: | + Retrieve a list of URL access profiles. + operationId: ListURLAccessProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/url-access-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - URL Access Profiles + summary: Create a URL access profile + description: | + Create a new URL access profile. + operationId: CreateURLAccessProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/url-access-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-access-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/url-access-profiles/{id}': + get: + tags: + - URL Access Profiles + summary: Get a URL access profile + description: | + Get an existing URL access profile. + operationId: GetURLAccessProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-access-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - URL Access Profiles + summary: Update a URL access Profile + description: | + Update an existing URL access Profile. + operationId: UpdateURLAccessProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-access-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-access-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - URL Access Profiles + summary: Delete a URL access profile + description: | + Delete a URL access profile. + operationId: DeleteURLAccessProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /url-categories: + get: + tags: + - URL Categories + summary: List custom URL categories + description: | + Retrieve a list of custom URL categories. + operationId: ListURLCategories + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/url-categories' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - URL Categories + summary: Create a custom URL category + description: | + Create a new custom URL category. + operationId: CreateURLCategories + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/url-categories' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-categories' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/url-categories/{id}': + get: + tags: + - URL Categories + summary: Get a custom URL category + description: | + Get an existing custom URL category. + operationId: GetURLCategoriesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-categories' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - URL Categories + summary: Update a custom URL category + description: | + Update an existing custom URL category. + operationId: UpdateURLCategoriesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-categories' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/url-categories' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - URL Categories + summary: Delete a custom URL Category + description: | + Delete a custom URL Category. + operationId: DeleteURLCategoriesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /url-filtering-categories: + get: + tags: + - URL Filtering Categories + summary: List custom URL categories + description: | + Retrieve a list of custom URL categories. + operationId: ListURLFilteringCategories + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/url-filtering-categories' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /vulnerability-protection-profiles: + get: + tags: + - Vulnerability Protection Profiles + summary: List vulnerability protection profiles + description: | + Retrieve a list of vulnerability protection profiles. + operationId: ListVulnerabilityProtectionProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/vulnerability-protection-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Vulnerability Protection Profiles + summary: Create a vulnerability protection profile + description: | + Create a new vulnerability protection profile. + operationId: CreateVulnerabilityProtectionProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/vulnerability-protection-profiles/{id}': + get: + tags: + - Vulnerability Protection Profiles + summary: Get a vulnerability protection profile + description: | + Get an existing vulnerability protection profile. + operationId: GetVulnerabilityProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Vulnerability Protection Profiles + summary: Update an vulnerability protection profile + description: | + Update an existing vulnerability protection profile. + operationId: UpdateVulnerabilityProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Vulnerability Protection Profiles + summary: Delete a vulnerability protection profile + description: | + Delete a vulnerability protection profile. + operationId: DeleteVulnerabilityProtectionProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /vulnerability-protection-signatures: + get: + tags: + - Vulnerability Protection Signatures + summary: List vulnerability protection signatures + description: | + Retrieve a list of vulnerability protection signatures. + operationId: ListVulnerabilityProtectionSignatures + parameters: + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/vulnerability-protection-signatures' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - Vulnerability Protection Signatures + summary: Create a vulnerability protection signature + description: | + Create a new vulnerability protection signature. + operationId: CreateVulnerabilityProtectionSignatures + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-signatures' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/vulnerability-protection-signatures/{id}': + get: + tags: + - Vulnerability Protection Signatures + summary: Get a vulnerability protection signature + description: | + Get an existing vulnerability protection signature. + operationId: GetVulnerabilityProtectionSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Vulnerability Protection Signatures + summary: Update a vulnerability protection signature + description: | + Update an existing vulnerability protection signature. + operationId: UpdateVulnerabilityProtectionSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-signatures' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/vulnerability-protection-signatures' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - Vulnerability Protection Signatures + summary: Delete a vulnerability protection signature + description: | + Delete a vulnerability protection signature. + operationId: DeleteVulnerabilityProtectionSignaturesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /wildfire-anti-virus-profiles: + get: + tags: + - WildFire Anti-Virus Profiles + summary: List Wildfire and anti-virus profiles + description: | + Retrieve a list of WildFire and anti-virus profiles. + operationId: ListWildFireAntiVirusProfiles + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + post: + tags: + - WildFire Anti-Virus Profiles + summary: Create a WildFire and anti-virus profile + description: | + Create a new WildFire and anti-virus profile. + operationId: CreateWildFireAntiVirusProfiles + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + responses: + '201': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/wildfire-anti-virus-profiles/{id}': + get: + tags: + - WildFire Anti-Virus Profiles + summary: Get a WildFire and anti-virus profile + description: | + Get an existing WildFire and anti-virus profile. + operationId: GetWildFireAntiVirusProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - WildFire Anti-Virus Profiles + summary: Update a wildfire and antivirus profile + description: | + Update an existing WildFire and anti-virus profile. + operationId: UpdateWildFireAntiVirusProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/wildfire-anti-virus-profiles' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + delete: + tags: + - WildFire Anti-Virus Profiles + summary: Delete a WildFire and anti-virus profile + description: | + Delete a WildFire and anti-virus profile. + operationId: DeleteWildFireAntiVirusProfilesByID + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /saas-tenant-restrictions: + get: + tags: + - Saas Tenant Restrictions + summary: Get Saas Tenant Restrictions + description: Get Saas Tenant Restrictions + operationId: GetSaasTenantRestrictions + parameters: + - $ref: '#/components/parameters/name' + - $ref: '#/components/parameters/folder' + - $ref: '#/components/parameters/snippet' + - $ref: '#/components/parameters/device' + - $ref: '#/components/parameters/offset' + - $ref: '#/components/parameters/limit' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/saas-tenant-restrictions' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + put: + tags: + - Saas Tenant Restrictions + summary: Update Saas Tenant Restrictions + description: Update Saas Tenant Restrictions + operationId: UpdateSaasTenantRestrictions + parameters: + - $ref: '#/components/parameters/snippet' + requestBody: + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/saas-tenant-restrictions' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/saas-tenant-restrictions' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' +components: + parameters: + name: + name: name + in: query + description: The name of the configuration resource + required: false + schema: + type: string + limit: + name: limit + in: query + description: The maximum number of results per page + required: false + schema: + type: integer + default: 200 + offset: + name: offset + in: query + description: The offset into the list of results returned + required: false + schema: + type: integer + default: 0 + folder: + name: folder + in: query + description: | + The folder in which the resource is defined + required: false + schema: + type: string + snippet: + name: snippet + in: query + description: | + The snippet in which the resource is defined + required: false + schema: + type: string + device: + name: device + in: query + description: | + The device in which the resource is defined + required: false + schema: + type: string + position: + name: position + in: query + description: | + The position of a security rule + required: true + schema: + enum: + - pre + - post + default: pre + uuid: + name: id + in: path + description: The UUID of the configuration resource + required: true + schema: + type: string + format: uuid + example: 123e4567-e89b-12d3-a456-426655440000 + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: E016 + message: Not Authenticated + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: E016 + message: Invalid Credential + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: E016 + message: Key Too Long + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: E016 + message: Key Expired + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: E016 + message: The password needs to be changed. + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: E007 + message: Unauthorized + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: E012 + message: Version Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: E012 + message: Method Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: E003 + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: E003 + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: E003 + message: 'Missing Query Parameter: name' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: E003 + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: E003 + message: Missing Body + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: E012 + message: 'Action Not Supported: move' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: E013 + message: Bad XPath + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: E005 + message: Object Not Present + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: E016 + message: Object Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: E006 + message: Name Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: E009 + message: Reference Not Zero + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: E003 + message: Invalid Object + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: E003 + message: Invalid Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: E003 + message: Malformed Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + schemas: + anti-spyware-profiles: + type: object + required: + - id + - name + properties: + id: + type: string + description: The UUID of the anti-spyware profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the anti-spyware profile + description: + type: string + cloud_inline_analysis: + type: boolean + default: false + inline_exception_edl_url: + type: array + items: + type: string + inline_exception_ip_address: + type: array + items: + type: string + mica_engine_spyware_enabled: + type: array + items: + type: object + properties: + name: + type: string + inline_policy_action: + enum: + - alert + - allow + - drop + - reset-both + - reset-client + - reset-server + default: alert + rules: + type: array + items: + type: object + properties: + name: + type: string + action: + type: object + description: anti spyware profiles rules default action + oneOf: + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + description: Antispyware profiles rules action block ip parent + properties: + block_ip: + type: object + description: anti spyware profiles rules action block ip + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + packet_capture: + enum: + - disable + - single-packet + - extended-capture + severity: + type: array + items: + type: string + category: + enum: + - adns-adtracking + - adns-benign + - adns-c2 + - adns-ddns + - adns-dnsmisconfig + - adns-grayware + - adns-hijacking + - adns-malware + - adns-new-domain + - adns-parked + - adns-phishing + - adns-proxy + - adware + - any + - autogen + - backdoor + - botnet + - browser-hijack + - command-and-control + - cryptominer + - data-theft + - dns + - dns-adtracking + - dns-benign + - dns-c2 + - dns-ddns + - dns-grayware + - dns-malware + - dns-new-domain + - dns-parked + - dns-phishing + - dns-proxy + - dns-security + - dns-wildfire + - domain-edl + - downloader + - fraud + - hacktool + - inline-cloud-c2 + - keylogger + - net-worm + - p2p-communication + - phishing-kit + - post-exploitation + - spyware + - tls-fingerprint + - webshell + threat_name: + type: string + minLength: 3 + default: any + threat_exception: + type: array + items: + type: object + properties: + name: + type: string + action: + type: object + description: anti spyware profiles threat exception default action + oneOf: + - type: object + title: default + properties: + default: + type: object + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + description: anti spyware profiles threat exception action block ip parent + properties: + block_ip: + type: object + description: anti spyware profiles threat exception action block ip + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + packet_capture: + enum: + - disable + - single-packet + - extended-capture + exempt_ip: + type: array + items: + type: object + description: anti spyware protection IP address to be exempted from threat exception + properties: + name: + type: string + required: + - name + notes: + type: string + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + anti-spyware-signatures: + type: object + required: + - threat_id + - threatname + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + threat_id: + type: string + description: threat id range <15000-18000> and <6900001-7000000> + bugtraq: + type: array + items: + type: string + comment: + type: string + maxLength: 256 + cve: + type: array + items: + type: string + default_action: + type: object + description: anti spyware signature default action + oneOf: + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + description: anti spyware signature default action + properties: + block_ip: + type: object + description: anti spyware signature block ip + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + direction: + enum: + - client2server + - server2client + - both + reference: + type: array + items: + type: string + severity: + enum: + - critical + - low + - high + - medium + - informational + signature: + type: object + description: anti spyware signature + oneOf: + - type: object + title: combination + properties: + combination: + type: object + description: anti spyware signature combination + properties: + and_condition: + type: array + items: + type: object + properties: + name: + type: string + or_condition: + type: array + items: + type: object + properties: + name: + type: string + threat_id: + type: string + order_free: + type: boolean + default: false + time_attribute: + type: object + description: anti spyware time attribute + properties: + interval: + type: integer + minimum: 1 + maximum: 3600 + threshold: + type: integer + minimum: 1 + maximum: 255 + track_by: + enum: + - source-and-destination + - source + - destination + - type: object + title: standard + properties: + standard: + type: array + items: + type: object + properties: + name: + type: string + and_condition: + type: array + items: + type: object + properties: + name: + type: string + or_condition: + type: array + items: + type: object + properties: + name: + type: string + operator: + type: object + properties: + equal_to: + type: object + properties: + context: + type: string + negate: + type: boolean + default: false + qualifier: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + greater_than: + type: object + properties: + context: + type: string + qualifier: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + less_than: + type: object + properties: + context: + type: string + qualifier: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + pattern_match: + type: object + properties: + context: + type: string + negate: + type: boolean + default: false + pattern: + type: string + qualifier: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + comment: + type: string + maxLength: 256 + order_free: + type: boolean + default: false + scope: + enum: + - protocol-data-unit + - session + required: + - name + threatname: + type: string + maxLength: 1024 + vendor: + type: array + items: + type: string + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + app-override-rules: + type: object + required: + - name + - application + - destination + - from + - port + - protocol + - source + - to + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + pattern: '^[a-zA-Z0-9._-]+$' + maxLength: 63 + application: + type: string + description: + type: string + maxLength: 1024 + destination: + type: array + default: + - any + items: + type: string + disabled: + type: boolean + default: false + from: + type: array + default: + - any + items: + type: string + group_tag: + type: string + negate_destination: + type: boolean + default: false + negate_source: + type: boolean + default: false + port: + type: string + minimum: 0 + maximum: 65535 + protocol: + enum: + - tcp + - udp + source: + type: array + default: + - any + items: + type: string + tag: + type: array + items: + type: string + to: + type: array + default: + - any + items: + type: string + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + rule-based-move: + type: object + title: rule-based-move + properties: + destination: + enum: + - top + - bottom + - before + - after + description: 'A destination of the rule. Valid destination values are top, bottom, before and after.' + rulebase: + enum: + - pre + - post + description: A base of a rule. Valid rulebase values are pre and post. + destination_rule: + type: string + description: A destination_rule attribute is required only if the destination value is before or after. Valid destination_rule values are existing rule UUIDs within the same container. + required: + - destination + - rulebase + data-filtering: + type: object + properties: + description: + type: string + disable_override: + type: string + name: + type: string + rules: + type: array + items: + type: object + properties: + alert_threshold: + type: integer + application: + type: array + items: + type: object + block_threshold: + type: integer + data_object: + type: string + direction: + type: string + file_type: + type: array + items: + type: object + log_severity: + type: string + name: + type: string + data_capture: + type: boolean + data-objects: + type: object + properties: + description: + type: string + disable_override: + type: string + name: + type: string + pattern_type: + type: object + properties: + regex: + type: object + properties: + pattern: + type: array + items: + type: object + properties: + regex: + type: string + file_type: + type: array + items: + type: object + name: + type: string + file_properties: + type: object + properties: + pattern: + type: array + items: + type: object + properties: + file_property: + type: string + file_type: + type: string + name: + type: string + property_value: + type: string + predefined: + type: object + properties: + pattern: + type: array + items: + type: object + properties: + name: + type: string + file_type: + type: array + items: + type: object + decryption-exclusions: + type: object + required: + - name + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: + type: string + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + decryption-profiles: + type: object + required: + - name + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: 'Must start with alphanumeric char and should contain only alphanemeric, underscore, hyphen, dot or space' + pattern: '^[A-Za-z0-9]{1}[A-Za-z0-9_\-\.\s]{0,}$' + ssl_forward_proxy: + type: object + properties: + auto_include_altname: + type: boolean + default: false + block_client_cert: + type: boolean + default: false + block_expired_certificate: + type: boolean + default: false + block_timeout_cert: + type: boolean + default: false + block_tls13_downgrade_no_resource: + type: boolean + default: false + block_unknown_cert: + type: boolean + default: false + block_unsupported_cipher: + type: boolean + default: false + block_unsupported_version: + type: boolean + default: false + block_untrusted_issuer: + type: boolean + default: false + restrict_cert_exts: + type: boolean + default: false + strip_alpn: + type: boolean + default: false + ssl_inbound_proxy: + type: object + properties: + block_if_hsm_unavailable: + type: boolean + default: false + block_if_no_resource: + type: boolean + default: false + block_unsupported_cipher: + type: boolean + default: false + block_unsupported_version: + type: boolean + default: false + ssl_no_proxy: + type: object + properties: + block_expired_certificate: + type: boolean + default: false + block_untrusted_issuer: + type: boolean + default: false + ssl_protocol_settings: + type: object + properties: + auth_algo_md5: + type: boolean + default: true + auth_algo_sha1: + type: boolean + default: true + auth_algo_sha256: + type: boolean + default: true + auth_algo_sha384: + type: boolean + default: true + enc_algo_3des: + type: boolean + default: true + enc_algo_aes_128_cbc: + type: boolean + default: true + enc_algo_aes_128_gcm: + type: boolean + default: true + enc_algo_aes_256_cbc: + type: boolean + default: true + enc_algo_aes_256_gcm: + type: boolean + default: true + enc_algo_chacha20_poly1305: + type: boolean + default: true + enc_algo_rc4: + type: boolean + default: true + keyxchg_algo_dhe: + type: boolean + default: true + keyxchg_algo_ecdhe: + type: boolean + default: true + keyxchg_algo_rsa: + type: boolean + default: true + max_version: + enum: + - sslv3 + - tls1-0 + - tls1-1 + - tls1-2 + - tls1-3 + - max + default: tls1-2 + min_version: + enum: + - sslv3 + - tls1-0 + - tls1-1 + - tls1-2 + - tls1-3 + default: tls1-0 + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + decryption-rules: + type: object + required: + - name + - action + - category + - destination + - service + - source + - source_user + - from + - to + properties: + id: + type: string + description: The UUID of the decryption rule + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the decryption rule + action: + type: string + enum: + - decrypt + - no-decrypt + description: The action to be taken + description: + type: string + description: The description of the decryption rule + category: + type: array + items: + type: string + description: The destination URL category + destination: + type: array + items: + type: string + description: The destination addresses + destination_hip: + type: array + items: + type: string + description: The Host Integrity Profile of the destination host + profile: + type: string + description: The decryption profile associated with the decryption rule + service: + type: array + items: + type: string + description: The destination services and/or service groups + source: + type: array + items: + type: string + description: The source addresses + source_hip: + type: array + items: + type: string + description: The Host Integrity Profile of the source host + source_user: + type: array + items: + type: string + description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. + tag: + type: array + items: + type: string + description: The tags associated with the decryption rule + from: + type: array + items: + type: string + description: The source security zone + to: + type: array + items: + type: string + description: The destination security zone + disabled: + type: boolean + description: Is the rule disabled? + negate_source: + type: boolean + description: Negate the source addresses? + negate_destination: + type: boolean + description: Negate the destination addresses? + log_setting: + type: string + description: The log settings of the decryption rule + log_fail: + type: boolean + description: Log failed decryption events? + log_success: + type: boolean + description: Log successful decryption events? + type: + type: object + oneOf: + - type: object + title: ssl_forward_proxy + properties: + ssl_forward_proxy: + type: object + - type: object + title: ssl_inbound_inspection + properties: + ssl_inbound_inspection: + type: object + description: add the certificate name for SSL inbound inspection + properties: + certificates: + type: array + items: + type: string + description: List of certificate names for SSL inbound inspection + example: ["Authentication Cookie CA", "Forward-Trust-CA"] + required: + - ssl_inbound_inspection + description: The type of decryption + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + dns-security-profiles: + type: object + properties: + id: + type: string + description: The UUID of the DNS security profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the DNS security profile + description: + type: string + description: The description of the DNS security profile + botnet_domains: + type: object + description: Botnet domains + properties: + dns_security_categories: + type: array + description: DNS categories + items: + type: object + properties: + name: + type: string + action: + enum: + - default + - allow + - block + - sinkhole + default: default + log_level: + enum: + - default + - none + - low + - informational + - medium + - high + - critical + default: default + packet_capture: + enum: + - disable + - single-packet + - extended-capture + lists: + type: array + description: Dynamic lists of DNS domains + items: + type: object + properties: + name: + type: string + action: + type: object + oneOf: + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: block + properties: + block: + type: object + - type: object + title: sinkhole + properties: + sinkhole: + type: object + packet_capture: + enum: + - disable + - single-packet + - extended-capture + required: + - name + sinkhole: + type: object + description: DNS sinkhole settings + properties: + ipv4_address: + enum: + - 127.0.0.1 + - pan-sinkhole-default-ip + ipv6_address: + enum: + - '::1' + whitelist: + type: array + description: DNS security overrides + items: + type: object + properties: + name: + type: string + description: DNS domain or FQDN to be whitelisted + description: + type: string + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + dos-protection-profiles: + type: object + required: + - name + - type + properties: + id: + type: string + description: The UUID of the DNS security profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + description: Profile name + type: string + maxLength: 31 + type: + description: Type + type: string + enum: + - aggregate + - classified + description: + description: Description + type: string + minLength: 0 + maxLength: 255 + flood: + type: object + properties: + tcp-syn: + type: object + required: + - enable + properties: + enable: + type: boolean + default: false + oneOf: + - title: red + properties: + red: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to start RED + default: 10000 + type: integer + minimum: 1 + maximum: 2000000 + maximal-rate: + description: Maximal connection rate (cps) allowed + default: 40000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + - title: syn-cookies + required: + - syn-cookies + properties: + syn-cookies: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to activate SYN cookies proxy + default: 0 + type: integer + minimum: 0 + maximum: 2000000 + maximal-rate: + description: Maximum connection rate (cps) allowed + default: 1000000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + xml: + name: block + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + udp: + type: object + properties: + enable: + type: boolean + default: false + red: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to start RED + default: 10000 + type: integer + minimum: 1 + maximum: 2000000 + maximal-rate: + description: Maximal connection rate (cps) allowed + default: 40000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + icmp: + type: object + properties: + enable: + type: boolean + default: false + red: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to start RED + default: 10000 + type: integer + minimum: 1 + maximum: 2000000 + maximal-rate: + description: Maximal connection rate (cps) allowed + default: 40000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + icmpv6: + type: object + properties: + enable: + type: boolean + default: false + red: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to start RED + default: 10000 + type: integer + minimum: 1 + maximum: 2000000 + maximal-rate: + description: Maximal connection rate (cps) allowed + default: 40000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + other-ip: + type: object + properties: + enable: + type: boolean + default: false + red: + type: object + required: + - alarm-rate + - activate-rate + - maximal-rate + properties: + alarm-rate: + description: Connection rate (cps) to generate alarm + default: 10000 + type: integer + minimum: 0 + maximum: 2000000 + activate-rate: + description: Connection rate (cps) to start RED + default: 10000 + type: integer + minimum: 1 + maximum: 2000000 + maximal-rate: + description: Maximal connection rate (cps) allowed + default: 40000 + type: integer + minimum: 1 + maximum: 2000000 + block: + type: object + properties: + duration: + default: 300 + type: integer + minimum: 1 + maximum: 21600 + resource: + type: object + properties: + sessions: + type: object + properties: + enabled: + type: boolean + default: false + max-concurrent-limit: + default: 32768 + type: integer + minimum: 1 + maximum: 4194304 + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + dos-protection-rules: + type: object + required: + - name + - type + properties: + id: + type: string + description: The UUID of the DNS security profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + description: Rule name + type: string + maxLength: 31 + description: + description: Description + type: string + minLength: 0 + maxLength: 255 + disabled: + description: Rule disabled? + type: boolean + default: false + position: + description: Position relative to local device rules + type: string + enum: + - pre + - post + default: pre + schedule: + description: Schedule on which to enforce the rule + type: string + tag: + description: List of tags + type: array + items: + type: string + from: + description: List of source zones + type: array + items: + type: string + example: any + to: + description: List of destination zones + type: array + items: + type: string + example: any + source: + description: List of source addresses + type: array + items: + type: string + example: any + source_user: + description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. + type: array + items: + type: string + example: any + destination: + description: List of destination addresses + type: array + items: + type: string + example: any + service: + description: List of services + type: array + items: + type: string + example: any + action: + description: The action to take on rule match + type: object + oneOf: + - title: deny + type: object + required: + - deny + properties: + deny: + type: object + default: {} + - title: allow + type: object + required: + - allow + properties: + allow: + type: object + default: {} + - title: protect + type: object + required: + - protect + properties: + protect: + type: object + default: {} + protection: + type: object + oneOf: + - title: aggregate + required: + - aggregate + type: object + properties: + aggregate: + type: object + required: + - profile + properties: + profile: + description: Aggregate DoS protection profile + type: string + - title: classified + required: + - classified + type: object + properties: + classified: + type: object + required: + - classification-criteria + - profile + properties: + classification-criteria: + type: object + required: + - address + properties: + address: + description: Classification method + type: string + enum: + - source-ip-only + - destination-ip-only + - src-dest-ip-both + profile: + description: Classified DoS protection profile + type: string + log_setting: + description: Log forwarding profile name + type: string + default: Cortex Data Lake + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + file-blocking-profiles: + type: object + required: + - name + properties: + id: + type: string + description: The UUID of the file blocking profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the file blocking profile + description: + type: string + rules: + type: array + description: A list of file blocking rules + items: + type: object + properties: + name: + type: string + description: The name of the file blocking rule + action: + enum: + - alert + - block + - continue + default: alert + description: The action to take when the rule match criteria is met + application: + type: array + description: The application transferring the files (App-ID naming) + minItems: 1 + default: + - any + items: + type: string + # these are a few examples of applications to choose from + enum: + - any + - axifile + - dl-free + - facebook-mail + - file.io + - giphy-base + - glassdoor-uploading + - http-proxy + - redbooth + - send-anywhere + - zoho-mail + direction: + description: The direction of the file transfer + enum: + - download + - upload + - both + default: both + file_type: + type: array + description: The file type + minItems: 1 + default: + - any + items: + type: string + # Complete list of file types supported by Palo Alto Networks File Blocking + # Reference: https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-file-type-support/advanced-wildfire-file-type-support-complete + enum: + - 7z + - Multi-Level-Encoding + - PE + - access-shortcut + - ace + - ade + - adp + - ai + - aip-encrypted-docx + - aip-encrypted-pptx + - aip-encrypted-xlsx + - any + - apk + - arj + - asp + - avi + - avi-divx + - avi-xvid + - bas + - bat + - bmp + - bmp-upload + - bzip2 + - cab + - catpart + - cdr + - chm + - cin + - class + - cmd + - com + - cpl + - csv + - deflate64-zip + - der + - dll + - dmg + - doc + - docm + - docx + - dpx + - dsn + - dwf + - dwg + - dxf + - edif + - elf + - emf + - encrypted-7z + - encrypted-doc + - encrypted-docx + - encrypted-office2007 + - encrypted-pdf + - encrypted-ppt + - encrypted-pptx + - encrypted-rar + - encrypted-xls + - encrypted-xlsx + - encrypted-zip + - eps + - exe + - exr + - flash + - flv + - gds + - gif + - gif-upload + - gzip + - hlp + - hta + - hwp + - hwpx + - ichitaro + - iff + - inf + - ins + - iqy + - iso + - its + - iwork-keynote + - iwork-numbers + - iwork-pages + - jar + - jpeg + - jpeg-upload + - js + - jse + - lnk + - lzh + - ma + - macapp + - mach-o + - mb + - mda + - mdb + - mdi + - mdt + - mdw + - mdz + - mht + - microsoft-shell + - mif + - mkv + - mov + - mp3 + - mp4 + - mpeg + - mpeg-ts + - mpkg + - msc + - msi + - msoffice + - msp + - ocx + - pbix + - pbm + - pcl + - pdf + - pem + - pgp + - pif + - pkg + - pl + - png + - png-upload + - powershell + - ppt + - pptx + - prg + - psd + - py + - rar + - reg + - renamed-zip + - rla + - rm + - rpf + - rtf + - scf + - scr + - sgi + - sh + - shk + - shs + - slk + - softimg + - split-cab + - split-rar + - stp + - svg + - sys + - tar + - tdb + - tif + - tiff + - tmp + - torrent + - url + - vb + - vbe + - vbs + - vxd + - webm + - wmf + - wmv + - wri + - wsf + - wsh + - xll + - xls + - xlsx + - xpm + - zcompressed + - zip + required: + - name + - action + - application + - direction + - file_type + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + http-header-profiles: + type: object + required: + - name + properties: + id: + type: string + description: The UUID of the HTTP header profile + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the HTTP header profile + description: + type: string + description: The description of the HTTP header profile + http_header_insertion: + type: array + description: A list of HTTP header profile rules + items: + type: object + properties: + name: + type: string + description: The name of the HTTP header insertion rule + type: + type: array + description: A list of HTTP header insertion definitions + items: + type: object + properties: + name: + type: string + description: The HTTP header insertion type + enum: + - Custom + - Dropbox Network Control + - Dynamic Fields + - Google Apps Access Control + - Microsoft Office365 Tenant Restrictions + - Youtube Safe Search + domains: + type: array + description: A list of DNS domains + items: + type: string + example: + - '*.google.com' + - 'gmail.com' + headers: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the HTTP header + header: + type: string + description: The HTTP header string + example: X-MyCustomHeader + value: + type: string + description: The value associated with the HTTP header + example: somevalue + log: + type: boolean + default: false + description: Log the use of this HTTP header insertion? + required: + - name + - header + - value + required: + - name + - domains + - headers + required: + - name + - type + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + profile-groups: + type: object + properties: + id: + type: string + description: The UUID of the profile group + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the profile group + dns_security: + type: array + items: + type: string + description: The name of a DNS security profile + file_blocking: + type: array + items: + type: string + description: The name of a file blocking profile + spyware: + type: array + items: + type: string + description: The name of an anti-spyware profile + url_filtering: + type: array + items: + type: string + description: The name of a URL filtering profile + virus_and_wildfire_analysis: + type: array + items: + type: string + description: The name of a anti-virus and Wildfire analysis profile + vulnerability: + type: array + items: + type: string + description: The name of a vulnerability protection profile + saas_security: + type: array + items: + type: string + description: The name of an HTTP header insertion profile + ai_security: + type: array + items: + type: string + description: The name of an AI Security profile + data_filtering: + type: array + items: + type: string + description: The name of DLP profile + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + # 1. THE UNIFIED, DISCRIMINATED SCHEMA + # This is the primary schema that all paths now reference. + security-rules: + type: object + description: |- + Represents a Security or Internet security rule. + A rule must be one of the policy types AND exist in one scope (folder, snippet, or device). + # Use allOf to combine multiple, independent constraints. + allOf: + # Constraint 1: The object must conform to one of the policy types. + - oneOf: + - $ref: '#/components/schemas/security-rule-type' + - $ref: '#/components/schemas/internet-rule-type' + discriminator: + propertyName: policy_type + mapping: + Security: '#/components/schemas/security-rule-type' + Internet: '#/components/schemas/internet-rule-type' + + # Constraint 2: The object must exist in exactly one scope. + - oneOf: + - type: object + title: folder + required: [folder] + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + - type: object + title: snippet + required: [snippet] + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + - type: object + title: device + required: [device] + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + + # 2. A BASE SCHEMA FOR COMMON PROPERTIES + # This reduces duplication and clearly defines what is shared between rule types. + base-rule-properties: + type: object + required: + - name + properties: + id: + type: string + description: The UUID of the security rule + format: uuid + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: The name of the security rule + policy_type: + type: string + default: 'Security' + disabled: + type: boolean + description: Is the security rule disabled? + default: false + description: + type: string + description: The description of the security rule + tag: + type: array + description: The tags associated with the security rule + uniqueItems: true + items: + type: string + from: + type: array + description: The source security zone(s) + uniqueItems: true + items: + type: string + default: any + to: + type: array + description: The destination security zone(s) + uniqueItems: true + items: + type: string + default: any + source: + type: array + description: The source addresses(es) + uniqueItems: true + items: + type: string + default: any + negate_source: + type: boolean + description: Negate the source address(es)? + default: false + source_user: + type: array + description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. + uniqueItems: true + items: + type: string + default: any + destination: + type: array + description: The destination address(es) + uniqueItems: true + items: + type: string + default: any + service: + type: array + description: The service(s) being accessed + uniqueItems: true + items: + type: string + default: any + schedule: + type: string + description: Schedule in which this rule will be applied + action: + enum: + - allow + - deny + - drop + - reset-client + - reset-server + - reset-both + description: The action to be taken when the rule is matched + + # 3. THE "SECURITY" RULE VARIANT + # Contains the base properties plus fields unique to 'Security' rules. + security-rule-type: + type: object + required: + - from + - to + - source + - source_user + - destination + - service + - action + description: A standard security rule for controlling traffic between zones. + allOf: + - $ref: '#/components/schemas/base-rule-properties' + - type: object + required: + - category + - application + properties: + negate_destination: + type: boolean + description: Negate the destination addresses(es)? + default: false + source_hip: + type: array + description: The source Host Integrity Profile(s) + items: + type: string + default: any + destination_hip: + type: array + description: The destination Host Integrity Profile(s) + uniqueItems: true + items: + type: string + default: any + application: + type: array + description: The application(s) being accessed + uniqueItems: true + items: + type: string + default: any + category: + type: array + description: The URL categories being accessed + uniqueItems: true + items: + type: string + default: any + action: + enum: + - allow + - deny + - drop + - reset-client + - reset-server + - reset-both + description: The action to be taken when the rule is matched + profile_setting: + type: object + description: The security profile object + properties: + group: + type: array + description: The security profile group + items: + type: string + default: best-practice + log_setting: + type: string + description: The external log forwarding profile + log_start: + type: boolean + description: Log at session start? + log_end: + type: boolean + description: Log at session end? + tenant_restrictions: + type: array + items: + type: string + default: any + + # 4. THE "INTERNET" RULE VARIANT + # Contains the base properties plus fields unique to 'Internet' rules. + internet-rule-type: + type: object + description: A simplified security rule for controlling internet access. + allOf: + - $ref: '#/components/schemas/base-rule-properties' + - type: object + properties: + negate_user: + type: boolean + default: false + devices: + type: array + items: + type: string + default: ['any'] + action: + enum: [allow, deny] + default: allow + log_settings: + type: object + properties: + log_sessions: + type: boolean + default: true + security_settings: + type: object + properties: + anti_spyware: + type: string + enum: [yes, no] + default: yes + vulnerability: + type: string + enum: [yes, no] + default: yes + virus_and_wildfire_analysis: + type: string + enum: [yes, no] + default: yes + block_web_application: + type: array + items: + type: string + block_url_category: + type: array + items: + type: string + allow_web_application: + type: array + items: + type: object + properties: + name: + type: string + type: + type: string + file_control: + type: object + properties: + upload: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + download: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + saas_enterprise_control: + type: object + properties: + consumer_access: + type: object + properties: + enable: + type: string + enum: [yes, no] + enterprise_access: + type: object + properties: + enable: + type: string + enum: [yes, no] + tenant_restrictions: + type: array + items: + type: string + application_function: + type: array + items: + type: string + dlp: + type: string + saas_tenant_list: + type: array + items: + type: string + saas_user_list: + type: array + items: + type: string + tenant_control: + type: object + properties: + tenants: + type: array + items: + type: string + allowed_activities: + type: array + items: + type: string + blocked_activities: + type: array + items: + type: string + parent_application: + type: string + allow_url_category: + type: array + items: + type: object + properties: + name: + type: string + decryption: + type: string + enum: [enabled, disabled] + default: enabled + credential_enforcement: + type: string + enum: [enabled, disabled] + default: enabled + additional_action: + type: string + enum: [none, continue, redirect, isolate] + default: none + isolation_profiles: + type: string + default: none + file_control: + type: object + properties: + upload: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + download: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + dlp: + type: string + default_profile_settings: + type: object + properties: + file_control: + type: object + properties: + upload: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + download: + type: string + enum: + [ + allow-all-file-types, + best-practice, + block-all-file-types, + ] + dlp: + type: string + + # 5. THE LIST RESPONSE SCHEMA + # This now points to the unified 'security-rules' schema. + SecurityRuleListResponse: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/security-rules' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + ssl-decryption-settings: + type: object + properties: + disabled_ssl_exclude_cert_from_predefined: + type: array + items: + type: object + forward_trust_certificate: + type: object + properties: + ecdsa: + type: string + rsa: + type: string + forward_untrust_certificate: + type: object + properties: + rsa: + type: string + ecdsa: + type: string + root_ca_exclude_list: + type: array + items: + type: object + ssl_exclude_cert: + type: array + items: + type: object + properties: + description: + type: string + exclude: + type: boolean + name: + type: string + trusted_root_CA: + type: array + items: + type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + ssl-decryption-settings-get-put: + type: object + required: + - ssl_decrypt + properties: + ssl_decrypt: + type: object + properties: + disabled_ssl_exclude_cert_from_predefined: + type: array + items: + type: object + forward_trust_certificate: + type: object + properties: + ecdsa: + type: string + rsa: + type: string + forward_untrust_certificate: + type: object + properties: + rsa: + type: string + ecdsa: + type: string + root_ca_exclude_list: + type: array + items: + type: object + ssl_exclude_cert: + type: array + items: + type: object + properties: + description: + type: string + exclude: + type: boolean + name: + type: string + trusted_root_CA: + type: array + items: + type: object + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + url-access-profiles: + type: object + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + alert: + type: array + items: + type: string + allow: + type: array + items: + type: string + block: + type: array + items: + type: string + continue: + type: array + items: + type: string + cloud_inline_cat: + type: boolean + credential_enforcement: + type: object + properties: + alert: + type: array + items: + type: string + allow: + type: array + items: + type: string + block: + type: array + items: + type: string + continue: + type: array + items: + type: string + log_severity: + type: string + default: medium + mode: + type: object + properties: + disabled: + type: object + domain_credentials: + type: object + ip_user: + type: object + group_mapping: + type: string + description: + type: string + maxLength: 255 + mlav_category_exception: + type: array + items: + type: string + local_inline_cat: + type: boolean + log_container_page_only: + type: boolean + default: true + log_http_hdr_referer: + type: boolean + default: false + log_http_hdr_user_agent: + type: boolean + default: false + log_http_hdr_xff: + type: boolean + default: false + safe_search_enforcement: + type: boolean + default: false + redirect: + type: array + items: + type: string + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + url-categories: + type: object + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + description: + type: string + list: + type: array + items: + type: string + type: + enum: + - URL List + - Category Match + default: URL List + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + url-filtering-categories: + type: object + properties: + type: + type: string + value: + type: string + vulnerability-protection-profiles: + type: object + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + pattern: '^[a-zA-Z0-9._-]+$' + rules: + type: array + items: + type: object + properties: + name: + type: string + action: + type: object + description: vulnerability profiles threat exception default action + oneOf: + - type: object + title: default + properties: + default: + type: object + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + properties: + block_ip: + type: object + description: vulnerability protection block ip + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + packet_capture: + enum: + - disable + - single-packet + - extended-capture + severity: + type: array + items: + type: string + category: + enum: + - any + - app-id-change + - brute-force + - code-execution + - code-obfuscation + - command-execution + - dos + - exploit-kit + - info-leak + - inline-cloud-exploit + - insecure-credentials + - overflow + - phishing + - protocol-anomaly + - scan + - sql-injection + cve: + type: array + items: + type: string + host: + type: string + vendor_id: + type: array + items: + type: string + threat_name: + type: string + threat_exception: + type: array + items: + type: object + properties: + name: + type: string + action: + type: object + description: vulnerability threat exception default action + oneOf: + - type: object + title: default + properties: + default: + type: object + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + properties: + block_ip: + type: object + description: vulnerability protection threat exception block ip + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + packet_capture: + enum: + - disable + - single-packet + - extended-capture + exempt_ip: + type: array + items: + type: object + description: Vulnerability protection IP address to be exempted from threat exception + properties: + name: + type: string + required: + - name + time_attribute: + type: object + description: vulnerability time attribute + properties: + interval: + type: integer + minimum: 1 + maximum: 3600 + threshold: + type: integer + minimum: 1 + maximum: 65535 + track_by: + enum: + - source + - destination + - source-and-destination + notes: + type: string + description: + type: string + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + vulnerability-protection-signatures: + type: object + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + threat_id: + type: string + description: threat id range <41000-45000> and <6800001-6900000> + affected_host: + type: object + oneOf: + - type: object + title: client + properties: + client: + type: boolean + - type: object + title: server + properties: + server: + type: boolean + bugtraq: + type: array + items: + type: string + comment: + type: string + maxLength: 256 + cve: + type: array + items: + type: string + default_action: + type: object + oneOf: + - type: object + title: allow + properties: + allow: + type: object + - type: object + title: alert + properties: + alert: + type: object + - type: object + title: drop + properties: + drop: + type: object + - type: object + title: reset_client + properties: + reset_client: + type: object + - type: object + title: reset_server + properties: + reset_server: + type: object + - type: object + title: reset_both + properties: + reset_both: + type: object + - type: object + title: block_ip + properties: + block_ip: + description: vulnerability protection bugtraq block ip + type: object + properties: + track_by: + enum: + - source-and-destination + - source + duration: + type: integer + minimum: 1 + maximum: 3600 + direction: + enum: + - client2server + - server2client + - both + reference: + type: array + items: + type: string + severity: + enum: + - critical + - low + - high + - medium + - informational + signature: + description: vulnerability protection signature + type: object + oneOf: + - type: object + title: combination + description: vulnerability protection signature combination + properties: + combination: + type: object + description: vulnerability protection signature combination object + properties: + and_condition: + type: array + description: vulnerability protection signature combination object and condition + items: + type: object + description: vulnerability protection signature combination object and condition object + properties: + name: + type: string + or_condition: + type: array + description: vulnerability protection signature combination object and condition object or condition + items: + type: object + description: vulnerability protection signature combination object and condition object or condition object + properties: + name: + type: string + threat_id: + type: string + order_free: + type: boolean + default: false + time_attribute: + type: object + properties: + interval: + type: integer + minimum: 1 + maximum: 3600 + threshold: + type: integer + minimum: 1 + maximum: 255 + track_by: + enum: + - source-and-destination + - source + - destination + - type: object + title: standard + description: vulnerability protection signature standard + properties: + standard: + type: array + description: vulnerability protection signature standard array + items: + type: object + description: vulnerability protection signature standard object + properties: + name: + type: string + and_condition: + type: array + description: vulnerability protection signature standard object and condition + items: + type: object + description: vulnerability protection signature standard object and condition object + properties: + name: + type: string + or_condition: + type: array + description: vulnerability protection signature standard object and condition object or condition + items: + type: object + description: vulnerability protection signature standard object and condition object or condition object + properties: + name: + type: string + operator: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators + properties: + equal_to: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators equal_to + properties: + context: + type: string + negate: + type: boolean + default: false + qualifier: + type: array + description: vulnerability protection signature standard object and condition object or condition object operators equal_to qualifier array + items: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators equal_to qualifier array object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + greater_than: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators greater_than + properties: + context: + type: string + qualifier: + type: array + description: vulnerability protection signature standard object and condition object or condition object operators greater_than qualifier + items: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators greater_than qualifier object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + less_than: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators less_than + properties: + context: + type: string + qualifier: + type: array + description: vulnerability protection signature standard object and condition object or condition object operators less_than array + items: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators less_than array object + properties: + name: + type: string + value: + type: string + value: + type: integer + minimum: 0 + maximum: 4294967295 + pattern_match: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators pattern match + properties: + context: + type: string + negate: + type: boolean + default: false + pattern: + type: string + qualifier: + type: array + description: vulnerability protection signature standard object and condition object or condition object operators pattern match qualifier + items: + type: object + description: vulnerability protection signature standard object and condition object or condition object operators pattern match qualifier object + properties: + name: + type: string + value: + type: string + comment: + type: string + maxLength: 256 + order_free: + type: boolean + default: false + scope: + enum: + - protocol-data-unit + - session + required: + - name + threatname: + type: string + maxLength: 1024 + vendor: + type: array + items: + type: string + required: + - threat_id + - threatname + - affected_host + - severity + - direction + - signature + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + wildfire-anti-virus-profiles: + type: object + properties: + id: + type: string + description: UUID of the resource + readOnly: true + example: 123e4567-e89b-12d3-a456-426655440000 + name: + type: string + pattern: '^[a-zA-Z0-9._-]+$' + description: + type: string + mlav_exception: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + filename: + type: string + packet_capture: + type: boolean + rules: + type: array + items: + type: object + properties: + name: + type: string + analysis: + enum: + - public-cloud + - private-cloud + application: + type: array + items: + type: string + direction: + enum: + - download + - upload + - both + file_type: + type: array + items: + type: string + threat_exception: + type: array + items: + type: object + properties: + name: + type: string + notes: + type: string + required: + - name + oneOf: + - type: object + title: folder + properties: + folder: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The folder in which the resource is defined + example: My Folder + required: + - folder + - type: object + title: snippet + properties: + snippet: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The snippet in which the resource is defined + example: My Snippet + required: + - snippet + - type: object + title: device + properties: + device: + type: string + pattern: ^[a-zA-Z\d\-_\. ]+$ + maxLength: 64 + description: The device in which the resource is defined + example: My Device + required: + - device + saas-tenant-restrictions: + type: object + properties: + description: + type: string + description: Description associated with the tenant restriction (example - Microsoft 365 SaaS Security Restrictions, Dropbox SaaS Security Restrictions, YouTube Safe Search Restrictions, Google Apps SaaS Security Restrictions) + domains: + type: array + description: List of domains associated with tenant restrictions + items: + type: string + description: Domain string associated with tenant restrictions (example - "microsoft.com", "office365") + headers: + type: array + description: List of headers associated with tenant restrictions + items: + type: object + properties: + header: + type: string + description: Header string associated with the tenant restriction (example - Restrict-Access-To-Tenants, Restrict-Access-Context, X-Dropbox-allowed-Team-Ids, YouTube-Restrict, X-GooGApps-Allowed-Domains) + name: + type: string + description: Header name associated with tenant restrictions (example - Permitted Tenant List, Tenant Directory ID) + value: + type: string + description: Header value associated with tenant restriction (example - tenant1,tenant2,strict etc.) + name: + type: string + description: Name of the tenant restriction (example - Microsoft 365, Dropbox, YouTube Safe Search, Google Apps) + saas_edl: + type: array + description: List of EDL associated with tenant restrictions + items: + type: string + description: EDL string associated with the tenant restriction + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + x-examples: {} + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + x-examples: {} + error_detail_cause_info: + type: object + title: Cause Info + properties: + code: + type: string + message: + type: string + details: + oneOf: + - type: string + - type: object + help: + type: string +security: + - scmToken: [] +x-internal: false From 47afe9e4e2876251de380b726166a5df6836c4bf Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 5 Mar 2026 12:15:35 +0530 Subject: [PATCH 3/6] updated spec files for config operations and security services --- .../security/security-services-march.yaml | 7741 ----------------- 1 file changed, 7741 deletions(-) delete mode 100644 openapi-specs/scm/config/sase/security/security-services-march.yaml diff --git a/openapi-specs/scm/config/sase/security/security-services-march.yaml b/openapi-specs/scm/config/sase/security/security-services-march.yaml deleted file mode 100644 index 7dc8927cd..000000000 --- a/openapi-specs/scm/config/sase/security/security-services-march.yaml +++ /dev/null @@ -1,7741 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Security Services - description: These APIs are used for defining and managing security services configurations within Strata Cloud Manager. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/config/security/v1' - description: Current - - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' - description: Legacy -tags: - - name: Anti-Spyware Profiles - description: Anti-Spyware Profiles - - name: Anti-Spyware Signatures - description: Anti-Spyware Signatures - - name: Application Override Rules - description: Application Override Rules - - name: DataFiltering - description: DataFiltering - - name: DataObjects - description: DataObjects - - name: Decryption Exclusions - description: Decryption Exclusions - - name: Decryption Profiles - description: Decryption Profiles - - name: Decryption Rules - description: Decryption Rules - - name: DNS Security Profiles - description: DNS Security Profiles - - name: DoS Protection Profiles - description: DoS Protection Profiles - - name: DoS Protection Rules - description: DoS Protection Rules - - name: File Blocking Profiles - description: File Blocking Profiles - - name: HTTP Header Profiles - description: HTTP Header Profiles - - name: Profile Groups - description: Profile Groups - - name: Security Rules - description: Security Rules - - name: URL Access Profiles - description: URL Access Profiles - - name: URL Categories - description: URL Categories - - name: URL Filtering Categories - description: Predefined URL categories - - name: Vulnerability Protection Profiles - description: Vulnerability Protection Profiles - - name: Vulnerability Protection Signatures - description: Vulnerability Protection Signatures - - name: WildFire Anti-Virus Profiles - description: WildFire Anti-Virus Profiles - - name: Saas Tenant Restrictions - description: Saas Tenant Restrictions -paths: - /anti-spyware-profiles: - get: - tags: - - Anti-Spyware Profiles - summary: List anti-spyware profiles - description: | - Retrieve a list of anti-spyware profiles. - operationId: ListAntiSpywareProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/anti-spyware-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Anti-Spyware Profiles - summary: Create an anti-spyware profile - description: | - Create a new anti-spyware profile. - operationId: CreateAntiSpywareProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/anti-spyware-profiles/{id}': - get: - tags: - - Anti-Spyware Profiles - summary: Get an anti-spyware profile - description: | - Get an existing anti-spyware profile. - operationId: GetAntiSpywareProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Anti-Spyware Profiles - summary: Update an anti-spyware profile - description: | - Update an existing anti-spyware profile. - operationId: UpdateAntiSpywareProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Anti-Spyware Profiles - summary: Delete an anti-spyware profile - description: | - Delete an anti-spyware profile. - operationId: DeleteAntiSpywareProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /anti-spyware-signatures: - get: - tags: - - Anti-Spyware Signatures - summary: List anti-spyware signatures - description: | - Retrieve a list of anti-spyware signatures. - operationId: ListAntiSpywareSignatures - parameters: - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/anti-spyware-signatures' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Anti-Spyware Signatures - summary: Create an anti-spyware signature - description: | - Create a new anti-spyware signature. - operationId: CreateAntiSpywareSignatures - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-signatures' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/anti-spyware-signatures/{id}': - get: - tags: - - Anti-Spyware Signatures - summary: Get an anti-spyware signature - description: | - Get an existing anti-spyware signature. - operationId: GetAntiSpywareSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Anti-Spyware Signatures - summary: Update an anti-spyware signature - description: | - Update an existing anti-spyware signature. - operationId: UpdateAntiSpywareSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-signatures' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/anti-spyware-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Anti-Spyware Signatures - summary: Delete an anti-spyware signature - description: | - Delete an anti-spyware signature. - operationId: DeleteAntiSpywareSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /app-override-rules: - get: - tags: - - Application Override Rules - summary: List application override rules - description: | - Retrieve a list of application override rules. - operationId: ListApplicationOverrideRules - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/position' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/app-override-rules' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Application Override Rules - summary: Create an application override rule - description: | - Create a new application override rule. - operationId: CreateApplicationOverrideRules - parameters: - - $ref: '#/components/parameters/position' - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/app-override-rules' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/app-override-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/app-override-rules/{id}': - get: - tags: - - Application Override Rules - summary: Get an application override rule - description: | - Get an existing application override rule. - operationId: GetApplicationOverrideRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/app-override-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Application Override Rules - summary: Update an application override rule - description: | - Update an existing application override rule. - operationId: UpdateApplicationOverrideRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/app-override-rules' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/app-override-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Application Override Rules - summary: Delete an application override rule - description: | - Delete an application override rule. - operationId: DeleteApplicationOverrideRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/app-override-rules/{id}:move': - post: - tags: - - Application Override Rules - summary: Move an application override rule - description: | - Move an existing application override rule. - operationId: MoveApplicationOverrideRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: The app override rule you want to move - content: - application/json: - schema: - $ref: '#/components/schemas/rule-based-move' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /data-filtering-profiles: - get: - tags: - - DataFiltering - summary: GET DataFiltering - description: GET DataFiltering - operationId: getDataFiltering - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - post: - tags: - - DataFiltering - summary: POST DataFiltering - description: POST DataFiltering - operationId: postDataFiltering - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - put: - tags: - - DataFiltering - summary: PUT DataFiltering - description: PUT DataFiltering - operationId: putDataFiltering - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - '/data-filtering-profiles/{id}': - get: - tags: - - DataFiltering - summary: GET DataFiltering by ID - description: GET DataFiltering by ID - operationId: getDataFilteringById - parameters: - - name: id - in: path - required: true - schema: - type: string - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - put: - tags: - - DataFiltering - summary: PUT DataFiltering by ID - description: PUT DataFiltering by ID - operationId: putDataFilteringById - parameters: - - name: id - in: path - required: true - schema: - type: string - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - delete: - tags: - - DataFiltering - summary: DELETE DataFiltering by ID - description: DELETE DataFiltering by ID - operationId: deleteDataFilteringById - parameters: - - name: id - in: path - required: true - schema: - type: string - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-filtering' - /data-objects: - get: - tags: - - DataObjects - summary: GET DataObjects - description: GET DataObjects - operationId: getDataObjects - parameters: - - $ref: '#/componepts/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - post: - tags: - - DataObjects - summary: POST DataObjects - description: POST DataObjects - operationId: postDataObjects - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - put: - tags: - - DataObjects - summary: PUT DataObjects - description: PUT DataObjects - operationId: putDataObjects - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - '/data-objects/{id}': - get: - tags: - - DataObjects - summary: GET DataObjects by ID - description: GET DataObjects by ID - operationId: getDataObjectsById - parameters: - - name: id - in: path - required: true - schema: - type: string - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - put: - tags: - - DataObjects - summary: PUT DataObjects by ID - description: PUT DataObjects by ID - operationId: putDataObjectsById - parameters: - - name: id - in: path - required: true - schema: - type: string - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - delete: - tags: - - DataObjects - summary: DELETE DataObjects by ID - description: DELETE DataObjects by ID - operationId: deleteDataObjectsById - parameters: - - name: id - in: path - required: true - schema: - type: string - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/data-objects' - /decryption-exclusions: - get: - tags: - - Decryption Exclusions - summary: List decryption exclusions - description: | - Retrieve a list of decryption exclusions. - operationId: ListDecryptionExclusions - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/decryption-exclusions' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Decryption Exclusions - summary: Create a decryption exclusion - description: | - Create a new decryption exclusion. - operationId: CreateDecryptionExclusions - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-exclusions' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-exclusions' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/decryption-exclusions/{id}': - get: - tags: - - Decryption Exclusions - summary: Get a decryption exclusion - description: | - Get an existing decryption exclusion. - operationId: GetDecryptionExclusionsByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-exclusions' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Decryption Exclusions - summary: Update a decryption exclusion - description: | - Update an existing decryption exclusion. - operationId: UpdateDecryptionExclusionsByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-exclusions' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-exclusions' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Decryption Exclusions - summary: Delete a decryption exclusion - description: | - Delete a decryption exclusion. - operationId: DeleteDecryptionExclusionsByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /decryption-profiles: - get: - tags: - - Decryption Profiles - summary: List decryption profiles - description: | - Retrieve a list of decryption profiles. - operationId: ListDecryptionProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/decryption-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Decryption Profiles - summary: Create a decryption profile - description: | - Create a new decryption profile. - operationId: CreateDecryptionProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/decryption-profiles/{id}': - get: - tags: - - Decryption Profiles - summary: Get a decryption profile - description: | - Get an existing decryption profile. - operationId: GetDecryptionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Decryption Profiles - summary: Update a decryption profile - description: | - Update an existing decryption profile. - operationId: UpdateDecryptionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Decryption Profiles - summary: Delete a decryption profile - description: | - Delete a decryption profile. - operationId: DeleteDecryptionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /decryption-rules: - get: - tags: - - Decryption Rules - summary: List decryption rules - description: | - Retrieve a list of decryption rules. - operationId: ListDecryptionRules - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/position' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/decryption-rules' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Decryption Rules - summary: Create a decryption rule - description: | - Create a new decryption rule. - operationId: CreateDecryptionRules - parameters: - - $ref: '#/components/parameters/position' - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-rules' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/decryption-rules/{id}': - get: - tags: - - Decryption Rules - summary: Get a decryption rule - description: | - Get an existing decryption rule. - operationId: GetDecryptionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Decryption Rules - summary: Update a decryption rule - description: | - Update an existing decryption rule. - operationId: UpdateDecryptionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-rules' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/decryption-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Decryption Rules - summary: Delete a decryption rule - description: | - Delete a decryption rule. - operationId: DeleteDecryptionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/decryption-rules/{id}:move': - post: - tags: - - Decryption Rules - summary: Move a decryption rule - description: | - Move an existing decryption rule. - operationId: MoveDecryptionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/rule-based-move' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /ssl-decryption-settings: - get: - tags: - - Ssl Decryption Settings - summary: GET Ssl Decryption Settings - description: GET Ssl Decryption Settings - operationId: getSslDecryptionSettings - parameters: - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/ssl-decryption-settings-get-put' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Ssl Decryption Settings - summary: POST Ssl Decryption Settings - description: POST Ssl Decryption Settings - operationId: postSslDecryptionSettings - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/ssl-decryption-settings' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ssl-decryption-settings' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Ssl Decryption Settings - summary: PUT Ssl Decryption Settings - description: PUT Ssl Decryption Settings - operationId: putSslDecryptionSettings - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/ssl-decryption-settings-get-put' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ssl-decryption-settings-get-put' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Ssl Decryption Settings - summary: DELETE Ssl Decryption Settings - description: DELETE Ssl Decryption Settings - operationId: deleteSslDecryptionSettings - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/ssl-decryption-settings' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /dns-security-profiles: - get: - tags: - - DNS Security Profiles - summary: List DNS security profiles - description: | - Retrieve a list of DNS security profiles. - operationId: ListDNSSecurityProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/dns-security-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - DNS Security Profiles - summary: Create a DNS security profile - description: | - Create a new DNS security profile. - operationId: CreateDNSSecurityProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/dns-security-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dns-security-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/dns-security-profiles/{id}': - get: - tags: - - DNS Security Profiles - summary: Get a DNS security profile - description: | - Get an existing DNS security profile. - operationId: GetDNSSecurityProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dns-security-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - DNS Security Profiles - summary: Update a DNS security profile - description: | - Update an existing DNS security profile. - operationId: UpdateDNSSecurityProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dns-security-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dns-security-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - DNS Security Profiles - summary: Delete a DNS security profile - description: | - Delete a DNS security profile. - operationId: DeleteDNSSecurityProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /dos-protection-profiles: - get: - tags: - - DoS Protection Profiles - summary: List DoS protection profiles - description: | - Retrieve a list of DoS protection profiles. - operationId: ListDoSProtectionProfiles - parameters: - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/dos-protection-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - DoS Protection Profiles - summary: Create a DoS protection profile - description: | - Create a new DoS protection profile. - operationId: CreateDoSProtectionProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/dos-protection-profiles/{id}': - get: - tags: - - DoS Protection Profiles - summary: Get a DoS protection profile - description: | - Get an existing DoS protection profile. - operationId: GetDoSProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - DoS Protection Profiles - summary: Update a DoS protection profile - description: | - Update an existing DoS protection profile. - operationId: UpdateDoSProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - DoS Protection Profiles - summary: Delete a DoS protection profile - description: | - Delete a DoS protection profile. - operationId: DeleteDoSProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /dos-protection-rules: - get: - tags: - - DoS Protection Rules - summary: List DoS protection rules - description: | - Retrieve a list of DoS protection rules. - operationId: ListDoSProtectionRules - parameters: - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/dos-protection-rules' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - DoS Protection Rules - summary: Create a DoS protection rule - description: | - Create a new DoS protection rule. - operationId: CreateDoSProtectionRules - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-rules' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/dos-protection-rules/{id}': - get: - tags: - - DoS Protection Rules - summary: Get a DoS protection rule - description: | - Get an existing DoS protection rule. - operationId: GetDoSProtectionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - DoS Protection Rules - summary: Update a DoS protection rule - description: | - Update an existing DoS protection rule. - operationId: UpdateDoSProtectionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-rules' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/dos-protection-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - DoS Protection Rules - summary: Delete a DoS protection rule - description: | - Delete a DoS protection rule. - operationId: DeleteDoSProtectionRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /file-blocking-profiles: - get: - tags: - - File Blocking Profiles - summary: List file blocking profiles - description: | - Retrieve a list of file blocking profiles. - operationId: ListFileBlockingProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/file-blocking-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - File Blocking Profiles - summary: Create a file blocking profiles - description: | - Create a new file blocking profile. - operationId: CreateFileBlockingProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/file-blocking-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/file-blocking-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/file-blocking-profiles/{id}': - get: - tags: - - File Blocking Profiles - summary: Get a file blocking profile - description: | - Get an existing file blocking profile. - operationId: GetFileBlockingProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/file-blocking-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - File Blocking Profiles - summary: Update a file blocking profile - description: | - Update a file blocking profile. - operationId: UpdateFileBlockingProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/file-blocking-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/file-blocking-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - File Blocking Profiles - summary: Delete a file blocking profile - description: | - Delete a file blocking profile. - operationId: DeleteFileBlockingProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /http-header-profiles: - get: - tags: - - HTTP Header Profiles - summary: List HTTP header profiles - description: | - Retrieve a list of HTTP header profiles. - operationId: ListHTTPHeaderProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/http-header-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - HTTP Header Profiles - summary: Create an HTTP header profile - description: | - Create a new HTTP header profiles. - operationId: CreateHTTPHeaderProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/http-header-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/http-header-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/http-header-profiles/{id}': - get: - tags: - - HTTP Header Profiles - summary: Get an HTTP header profile - description: | - Get an existing HTTP header profile. - operationId: GetHTTPHeaderProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/http-header-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - HTTP Header Profiles - summary: Update an HTTP header profile - description: | - Update an existing HTTP header profile. - operationId: UpdateHTTPHeaderProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/http-header-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/http-header-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - HTTP Header Profiles - summary: Delete an HTTP header profile - description: | - Delete an HTTP header profile. - operationId: DeleteHTTPHeaderProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /profile-groups: - get: - tags: - - Profile Groups - summary: List profile groups - description: | - Retrieve a list of profile groups. - operationId: ListProfileGroups - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/profile-groups' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Profile Groups - summary: Create a profile group - description: | - Create a new profile group. - operationId: CreateProfileGroups - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/profile-groups' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/profile-groups' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/profile-groups/{id}': - get: - tags: - - Profile Groups - summary: Get a profile group - description: | - Get an existing profile group. - operationId: GetProfileGroupsByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/profile-groups' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Profile Groups - summary: Update a profile group - description: | - Update an existing profile group. - operationId: UpdateProfileGroupsByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/profile-groups' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/profile-groups' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Profile Groups - summary: Delete a profile group - description: | - Delete a profile group. - operationId: DeleteProfileGroupsByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /security-rules: - get: - tags: - - Security Rules - summary: List security rules - description: | - Retrieve a list of security rules. - operationId: ListRules - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/position' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SecurityRuleListResponse' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Security Rules - summary: Create a security rule - description: | - Create a new security rule. - operationId: CreateSecurityRules - parameters: - - $ref: '#/components/parameters/position' - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/security-rules' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/security-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/security-rules/{id}': - get: - tags: - - Security Rules - summary: Get a security rule - description: | - Get an existing security rule. - operationId: GetSecurityRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/security-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Security Rules - summary: Update a security rule - description: | - Update an existing security rule. - operationId: UpdateSecurityRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/security-rules' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/security-rules' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Security Rules - summary: Delete a security rule - description: | - Delete a security rule. - operationId: DeleteSecurityRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/security-rules/{id}:move': - post: - tags: - - Security Rules - summary: Move a security rule - description: | - Move an existing security rule. - operationId: MoveSecurityRulesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/rule-based-move' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /url-access-profiles: - get: - tags: - - URL Access Profiles - summary: List URL access profiles - description: | - Retrieve a list of URL access profiles. - operationId: ListURLAccessProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/url-access-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - URL Access Profiles - summary: Create a URL access profile - description: | - Create a new URL access profile. - operationId: CreateURLAccessProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/url-access-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-access-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/url-access-profiles/{id}': - get: - tags: - - URL Access Profiles - summary: Get a URL access profile - description: | - Get an existing URL access profile. - operationId: GetURLAccessProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-access-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - URL Access Profiles - summary: Update a URL access Profile - description: | - Update an existing URL access Profile. - operationId: UpdateURLAccessProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-access-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-access-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - URL Access Profiles - summary: Delete a URL access profile - description: | - Delete a URL access profile. - operationId: DeleteURLAccessProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /url-categories: - get: - tags: - - URL Categories - summary: List custom URL categories - description: | - Retrieve a list of custom URL categories. - operationId: ListURLCategories - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/url-categories' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - URL Categories - summary: Create a custom URL category - description: | - Create a new custom URL category. - operationId: CreateURLCategories - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/url-categories' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-categories' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/url-categories/{id}': - get: - tags: - - URL Categories - summary: Get a custom URL category - description: | - Get an existing custom URL category. - operationId: GetURLCategoriesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-categories' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - URL Categories - summary: Update a custom URL category - description: | - Update an existing custom URL category. - operationId: UpdateURLCategoriesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-categories' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/url-categories' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - URL Categories - summary: Delete a custom URL Category - description: | - Delete a custom URL Category. - operationId: DeleteURLCategoriesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /url-filtering-categories: - get: - tags: - - URL Filtering Categories - summary: List custom URL categories - description: | - Retrieve a list of custom URL categories. - operationId: ListURLFilteringCategories - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/url-filtering-categories' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /vulnerability-protection-profiles: - get: - tags: - - Vulnerability Protection Profiles - summary: List vulnerability protection profiles - description: | - Retrieve a list of vulnerability protection profiles. - operationId: ListVulnerabilityProtectionProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/vulnerability-protection-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Vulnerability Protection Profiles - summary: Create a vulnerability protection profile - description: | - Create a new vulnerability protection profile. - operationId: CreateVulnerabilityProtectionProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/vulnerability-protection-profiles/{id}': - get: - tags: - - Vulnerability Protection Profiles - summary: Get a vulnerability protection profile - description: | - Get an existing vulnerability protection profile. - operationId: GetVulnerabilityProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Vulnerability Protection Profiles - summary: Update an vulnerability protection profile - description: | - Update an existing vulnerability protection profile. - operationId: UpdateVulnerabilityProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Vulnerability Protection Profiles - summary: Delete a vulnerability protection profile - description: | - Delete a vulnerability protection profile. - operationId: DeleteVulnerabilityProtectionProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /vulnerability-protection-signatures: - get: - tags: - - Vulnerability Protection Signatures - summary: List vulnerability protection signatures - description: | - Retrieve a list of vulnerability protection signatures. - operationId: ListVulnerabilityProtectionSignatures - parameters: - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/vulnerability-protection-signatures' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - Vulnerability Protection Signatures - summary: Create a vulnerability protection signature - description: | - Create a new vulnerability protection signature. - operationId: CreateVulnerabilityProtectionSignatures - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-signatures' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/vulnerability-protection-signatures/{id}': - get: - tags: - - Vulnerability Protection Signatures - summary: Get a vulnerability protection signature - description: | - Get an existing vulnerability protection signature. - operationId: GetVulnerabilityProtectionSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Vulnerability Protection Signatures - summary: Update a vulnerability protection signature - description: | - Update an existing vulnerability protection signature. - operationId: UpdateVulnerabilityProtectionSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-signatures' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/vulnerability-protection-signatures' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - Vulnerability Protection Signatures - summary: Delete a vulnerability protection signature - description: | - Delete a vulnerability protection signature. - operationId: DeleteVulnerabilityProtectionSignaturesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /wildfire-anti-virus-profiles: - get: - tags: - - WildFire Anti-Virus Profiles - summary: List Wildfire and anti-virus profiles - description: | - Retrieve a list of WildFire and anti-virus profiles. - operationId: ListWildFireAntiVirusProfiles - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - post: - tags: - - WildFire Anti-Virus Profiles - summary: Create a WildFire and anti-virus profile - description: | - Create a new WildFire and anti-virus profile. - operationId: CreateWildFireAntiVirusProfiles - requestBody: - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - '/wildfire-anti-virus-profiles/{id}': - get: - tags: - - WildFire Anti-Virus Profiles - summary: Get a WildFire and anti-virus profile - description: | - Get an existing WildFire and anti-virus profile. - operationId: GetWildFireAntiVirusProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - WildFire Anti-Virus Profiles - summary: Update a wildfire and antivirus profile - description: | - Update an existing WildFire and anti-virus profile. - operationId: UpdateWildFireAntiVirusProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/wildfire-anti-virus-profiles' - '400': - $ref: '#/components/responses/bad_request_errors_basic_with_body' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - delete: - tags: - - WildFire Anti-Virus Profiles - summary: Delete a WildFire and anti-virus profile - description: | - Delete a WildFire and anti-virus profile. - operationId: DeleteWildFireAntiVirusProfilesByID - parameters: - - $ref: '#/components/parameters/uuid' - responses: - '200': - $ref: '#/components/responses/http_ok' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - /saas-tenant-restrictions: - get: - tags: - - Saas Tenant Restrictions - summary: Get Saas Tenant Restrictions - description: Get Saas Tenant Restrictions - operationId: GetSaasTenantRestrictions - parameters: - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/folder' - - $ref: '#/components/parameters/snippet' - - $ref: '#/components/parameters/device' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - data: - allOf: - - type: array - items: - $ref: '#/components/schemas/saas-tenant-restrictions' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' - put: - tags: - - Saas Tenant Restrictions - summary: Update Saas Tenant Restrictions - description: Update Saas Tenant Restrictions - operationId: UpdateSaasTenantRestrictions - parameters: - - $ref: '#/components/parameters/snippet' - requestBody: - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/saas-tenant-restrictions' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/saas-tenant-restrictions' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - '409': - $ref: '#/components/responses/conflict_errors' - default: - $ref: '#/components/responses/default_errors' -components: - parameters: - name: - name: name - in: query - description: The name of the configuration resource - required: false - schema: - type: string - limit: - name: limit - in: query - description: The maximum number of results per page - required: false - schema: - type: integer - default: 200 - offset: - name: offset - in: query - description: The offset into the list of results returned - required: false - schema: - type: integer - default: 0 - folder: - name: folder - in: query - description: | - The folder in which the resource is defined - required: false - schema: - type: string - snippet: - name: snippet - in: query - description: | - The snippet in which the resource is defined - required: false - schema: - type: string - device: - name: device - in: query - description: | - The device in which the resource is defined - required: false - schema: - type: string - position: - name: position - in: query - description: | - The position of a security rule - required: true - schema: - enum: - - pre - - post - default: pre - uuid: - name: id - in: path - description: The UUID of the configuration resource - required: true - schema: - type: string - format: uuid - example: 123e4567-e89b-12d3-a456-426655440000 - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: E016 - message: Not Authenticated - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: E016 - message: Invalid Credential - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: E016 - message: Key Too Long - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: E016 - message: Key Expired - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: E016 - message: The password needs to be changed. - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: E007 - message: Unauthorized - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: E012 - message: Version Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: E012 - message: Method Not Supported - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: E003 - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: E003 - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: E003 - message: 'Missing Query Parameter: name' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: E003 - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: E003 - message: Missing Body - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: E012 - message: 'Action Not Supported: move' - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: E013 - message: Bad XPath - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: E005 - message: Object Not Present - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: E016 - message: Object Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: E006 - message: Name Not Unique - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: E009 - message: Reference Not Zero - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: E003 - message: Invalid Object - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: E003 - message: Invalid Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: E003 - message: Malformed Command - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 123e4567-e89b-12d3-a456-426655440000 - schemas: - anti-spyware-profiles: - type: object - required: - - id - - name - properties: - id: - type: string - description: The UUID of the anti-spyware profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the anti-spyware profile - description: - type: string - cloud_inline_analysis: - type: boolean - default: false - inline_exception_edl_url: - type: array - items: - type: string - inline_exception_ip_address: - type: array - items: - type: string - mica_engine_spyware_enabled: - type: array - items: - type: object - properties: - name: - type: string - inline_policy_action: - enum: - - alert - - allow - - drop - - reset-both - - reset-client - - reset-server - default: alert - rules: - type: array - items: - type: object - properties: - name: - type: string - action: - type: object - description: anti spyware profiles rules default action - oneOf: - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - description: Antispyware profiles rules action block ip parent - properties: - block_ip: - type: object - description: anti spyware profiles rules action block ip - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - packet_capture: - enum: - - disable - - single-packet - - extended-capture - severity: - type: array - items: - type: string - category: - enum: - - adns-adtracking - - adns-benign - - adns-c2 - - adns-ddns - - adns-dnsmisconfig - - adns-grayware - - adns-hijacking - - adns-malware - - adns-new-domain - - adns-parked - - adns-phishing - - adns-proxy - - adware - - any - - autogen - - backdoor - - botnet - - browser-hijack - - command-and-control - - cryptominer - - data-theft - - dns - - dns-adtracking - - dns-benign - - dns-c2 - - dns-ddns - - dns-grayware - - dns-malware - - dns-new-domain - - dns-parked - - dns-phishing - - dns-proxy - - dns-security - - dns-wildfire - - domain-edl - - downloader - - fraud - - hacktool - - inline-cloud-c2 - - keylogger - - net-worm - - p2p-communication - - phishing-kit - - post-exploitation - - spyware - - tls-fingerprint - - webshell - threat_name: - type: string - minLength: 3 - default: any - threat_exception: - type: array - items: - type: object - properties: - name: - type: string - action: - type: object - description: anti spyware profiles threat exception default action - oneOf: - - type: object - title: default - properties: - default: - type: object - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - description: anti spyware profiles threat exception action block ip parent - properties: - block_ip: - type: object - description: anti spyware profiles threat exception action block ip - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - packet_capture: - enum: - - disable - - single-packet - - extended-capture - exempt_ip: - type: array - items: - type: object - description: anti spyware protection IP address to be exempted from threat exception - properties: - name: - type: string - required: - - name - notes: - type: string - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - anti-spyware-signatures: - type: object - required: - - id - - threat_id - - threatname - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - threat_id: - type: string - description: threat id range <15000-18000> and <6900001-7000000> - bugtraq: - type: array - items: - type: string - comment: - type: string - maxLength: 256 - cve: - type: array - items: - type: string - default_action: - type: object - description: anti spyware signature default action - oneOf: - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - description: anti spyware signature default action - properties: - block_ip: - type: object - description: anti spyware signature block ip - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - direction: - enum: - - client2server - - server2client - - both - reference: - type: array - items: - type: string - severity: - enum: - - critical - - low - - high - - medium - - informational - signature: - type: object - description: anti spyware signature - oneOf: - - type: object - title: combination - properties: - combination: - type: object - description: anti spyware signature combination - properties: - and_condition: - type: array - items: - type: object - properties: - name: - type: string - or_condition: - type: array - items: - type: object - properties: - name: - type: string - threat_id: - type: string - order_free: - type: boolean - default: false - time_attribute: - type: object - description: anti spyware time attribute - properties: - interval: - type: integer - minimum: 1 - maximum: 3600 - threshold: - type: integer - minimum: 1 - maximum: 255 - track_by: - enum: - - source-and-destination - - source - - destination - - type: object - title: standard - properties: - standard: - type: array - items: - type: object - properties: - name: - type: string - and_condition: - type: array - items: - type: object - properties: - name: - type: string - or_condition: - type: array - items: - type: object - properties: - name: - type: string - operator: - type: object - properties: - equal_to: - type: object - properties: - context: - type: string - negate: - type: boolean - default: false - qualifier: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - greater_than: - type: object - properties: - context: - type: string - qualifier: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - less_than: - type: object - properties: - context: - type: string - qualifier: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - pattern_match: - type: object - properties: - context: - type: string - negate: - type: boolean - default: false - pattern: - type: string - qualifier: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - comment: - type: string - maxLength: 256 - order_free: - type: boolean - default: false - scope: - enum: - - protocol-data-unit - - session - required: - - name - threatname: - type: string - maxLength: 1024 - vendor: - type: array - items: - type: string - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - app-override-rules: - type: object - required: - - name - - application - - destination - - from - - port - - protocol - - source - - to - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - pattern: '^[a-zA-Z0-9._-]+$' - maxLength: 63 - application: - type: string - description: - type: string - maxLength: 1024 - destination: - type: array - default: - - any - items: - type: string - disabled: - type: boolean - default: false - from: - type: array - default: - - any - items: - type: string - group_tag: - type: string - negate_destination: - type: boolean - default: false - negate_source: - type: boolean - default: false - port: - type: string - minimum: 0 - maximum: 65535 - protocol: - enum: - - tcp - - udp - source: - type: array - default: - - any - items: - type: string - tag: - type: array - items: - type: string - to: - type: array - default: - - any - items: - type: string - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - rule-based-move: - type: object - title: rule-based-move - properties: - destination: - enum: - - top - - bottom - - before - - after - description: 'A destination of the rule. Valid destination values are top, bottom, before and after.' - rulebase: - enum: - - pre - - post - description: A base of a rule. Valid rulebase values are pre and post. - destination_rule: - type: string - description: A destination_rule attribute is required only if the destination value is before or after. Valid destination_rule values are existing rule UUIDs within the same container. - required: - - destination - - rulebase - data-filtering: - type: object - properties: - description: - type: string - disable_override: - type: string - name: - type: string - rules: - type: array - items: - type: object - properties: - alert_threshold: - type: integer - application: - type: array - items: - type: object - block_threshold: - type: integer - data_object: - type: string - direction: - type: string - file_type: - type: array - items: - type: object - log_severity: - type: string - name: - type: string - data_capture: - type: boolean - data-objects: - type: object - properties: - description: - type: string - disable_override: - type: string - name: - type: string - pattern_type: - type: object - properties: - regex: - type: object - properties: - pattern: - type: array - items: - type: object - properties: - regex: - type: string - file_type: - type: array - items: - type: object - name: - type: string - file_properties: - type: object - properties: - pattern: - type: array - items: - type: object - properties: - file_property: - type: string - file_type: - type: string - name: - type: string - property_value: - type: string - predefined: - type: object - properties: - pattern: - type: array - items: - type: object - properties: - name: - type: string - file_type: - type: array - items: - type: object - decryption-exclusions: - type: object - required: - - id - - name - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: - type: string - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - decryption-profiles: - type: object - required: - - name - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: 'Must start with alphanumeric char and should contain only alphanemeric, underscore, hyphen, dot or space' - pattern: '^[A-Za-z0-9]{1}[A-Za-z0-9_\-\.\s]{0,}$' - ssl_forward_proxy: - type: object - properties: - auto_include_altname: - type: boolean - default: false - block_client_cert: - type: boolean - default: false - block_expired_certificate: - type: boolean - default: false - block_timeout_cert: - type: boolean - default: false - block_tls13_downgrade_no_resource: - type: boolean - default: false - block_unknown_cert: - type: boolean - default: false - block_unsupported_cipher: - type: boolean - default: false - block_unsupported_version: - type: boolean - default: false - block_untrusted_issuer: - type: boolean - default: false - restrict_cert_exts: - type: boolean - default: false - strip_alpn: - type: boolean - default: false - ssl_inbound_proxy: - type: object - properties: - block_if_hsm_unavailable: - type: boolean - default: false - block_if_no_resource: - type: boolean - default: false - block_unsupported_cipher: - type: boolean - default: false - block_unsupported_version: - type: boolean - default: false - ssl_no_proxy: - type: object - properties: - block_expired_certificate: - type: boolean - default: false - block_untrusted_issuer: - type: boolean - default: false - ssl_protocol_settings: - type: object - properties: - auth_algo_md5: - type: boolean - default: true - auth_algo_sha1: - type: boolean - default: true - auth_algo_sha256: - type: boolean - default: true - auth_algo_sha384: - type: boolean - default: true - enc_algo_3des: - type: boolean - default: true - enc_algo_aes_128_cbc: - type: boolean - default: true - enc_algo_aes_128_gcm: - type: boolean - default: true - enc_algo_aes_256_cbc: - type: boolean - default: true - enc_algo_aes_256_gcm: - type: boolean - default: true - enc_algo_chacha20_poly1305: - type: boolean - default: true - enc_algo_rc4: - type: boolean - default: true - keyxchg_algo_dhe: - type: boolean - default: true - keyxchg_algo_ecdhe: - type: boolean - default: true - keyxchg_algo_rsa: - type: boolean - default: true - max_version: - enum: - - sslv3 - - tls1-0 - - tls1-1 - - tls1-2 - - tls1-3 - - max - default: tls1-2 - min_version: - enum: - - sslv3 - - tls1-0 - - tls1-1 - - tls1-2 - - tls1-3 - default: tls1-0 - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - decryption-rules: - type: object - required: - - name - - action - - category - - destination - - service - - source - - source_user - - from - - to - properties: - id: - type: string - description: The UUID of the decryption rule - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the decryption rule - action: - type: string - enum: - - decrypt - - no-decrypt - description: The action to be taken - description: - type: string - description: The description of the decryption rule - category: - type: array - items: - type: string - description: The destination URL category - destination: - type: array - items: - type: string - description: The destination addresses - destination_hip: - type: array - items: - type: string - description: The Host Integrity Profile of the destination host - profile: - type: string - description: The decryption profile associated with the decryption rule - service: - type: array - items: - type: string - description: The destination services and/or service groups - source: - type: array - items: - type: string - description: The source addresses - source_hip: - type: array - items: - type: string - description: The Host Integrity Profile of the source host - source_user: - type: array - items: - type: string - description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. - tag: - type: array - items: - type: string - description: The tags associated with the decryption rule - from: - type: array - items: - type: string - description: The source security zone - to: - type: array - items: - type: string - description: The destination security zone - disabled: - type: boolean - description: Is the rule disabled? - negate_source: - type: boolean - description: Negate the source addresses? - negate_destination: - type: boolean - description: Negate the destination addresses? - log_setting: - type: string - description: The log settings of the decryption rule - log_fail: - type: boolean - description: Log failed decryption events? - log_success: - type: boolean - description: Log successful decryption events? - type: - type: object - oneOf: - - type: object - title: ssl_forward_proxy - properties: - ssl_forward_proxy: - type: object - - type: object - title: ssl_inbound_inspection - properties: - ssl_inbound_inspection: - type: object - description: add the certificate name for SSL inbound inspection - properties: - certificates: - type: array - items: - type: string - description: List of certificate names for SSL inbound inspection - example: ["Authentication Cookie CA", "Forward-Trust-CA"] - required: - - ssl_inbound_inspection - description: The type of decryption - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - dns-security-profiles: - type: object - properties: - id: - type: string - description: The UUID of the DNS security profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the DNS security profile - description: - type: string - description: The description of the DNS security profile - botnet_domains: - type: object - description: Botnet domains - properties: - dns_security_categories: - type: array - description: DNS categories - items: - type: object - properties: - name: - type: string - action: - enum: - - default - - allow - - block - - sinkhole - default: default - log_level: - enum: - - default - - none - - low - - informational - - medium - - high - - critical - default: default - packet_capture: - enum: - - disable - - single-packet - - extended-capture - lists: - type: array - description: Dynamic lists of DNS domains - items: - type: object - properties: - name: - type: string - action: - type: object - oneOf: - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: block - properties: - block: - type: object - - type: object - title: sinkhole - properties: - sinkhole: - type: object - packet_capture: - enum: - - disable - - single-packet - - extended-capture - required: - - name - sinkhole: - type: object - description: DNS sinkhole settings - properties: - ipv4_address: - enum: - - 127.0.0.1 - - pan-sinkhole-default-ip - ipv6_address: - enum: - - '::1' - whitelist: - type: array - description: DNS security overrides - items: - type: object - properties: - name: - type: string - description: DNS domain or FQDN to be whitelisted - description: - type: string - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - dos-protection-profiles: - type: object - required: - - name - - type - properties: - id: - type: string - description: The UUID of the DNS security profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - description: Profile name - type: string - maxLength: 31 - type: - description: Type - type: string - enum: - - aggregate - - classified - description: - description: Description - type: string - minLength: 0 - maxLength: 255 - flood: - type: object - properties: - tcp-syn: - type: object - required: - - enable - properties: - enable: - type: boolean - default: false - oneOf: - - title: red - properties: - red: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to start RED - default: 10000 - type: integer - minimum: 1 - maximum: 2000000 - maximal-rate: - description: Maximal connection rate (cps) allowed - default: 40000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - - title: syn-cookies - required: - - syn-cookies - properties: - syn-cookies: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to activate SYN cookies proxy - default: 0 - type: integer - minimum: 0 - maximum: 2000000 - maximal-rate: - description: Maximum connection rate (cps) allowed - default: 1000000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - xml: - name: block - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - udp: - type: object - properties: - enable: - type: boolean - default: false - red: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to start RED - default: 10000 - type: integer - minimum: 1 - maximum: 2000000 - maximal-rate: - description: Maximal connection rate (cps) allowed - default: 40000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - icmp: - type: object - properties: - enable: - type: boolean - default: false - red: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to start RED - default: 10000 - type: integer - minimum: 1 - maximum: 2000000 - maximal-rate: - description: Maximal connection rate (cps) allowed - default: 40000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - icmpv6: - type: object - properties: - enable: - type: boolean - default: false - red: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to start RED - default: 10000 - type: integer - minimum: 1 - maximum: 2000000 - maximal-rate: - description: Maximal connection rate (cps) allowed - default: 40000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - other-ip: - type: object - properties: - enable: - type: boolean - default: false - red: - type: object - required: - - alarm-rate - - activate-rate - - maximal-rate - properties: - alarm-rate: - description: Connection rate (cps) to generate alarm - default: 10000 - type: integer - minimum: 0 - maximum: 2000000 - activate-rate: - description: Connection rate (cps) to start RED - default: 10000 - type: integer - minimum: 1 - maximum: 2000000 - maximal-rate: - description: Maximal connection rate (cps) allowed - default: 40000 - type: integer - minimum: 1 - maximum: 2000000 - block: - type: object - properties: - duration: - default: 300 - type: integer - minimum: 1 - maximum: 21600 - resource: - type: object - properties: - sessions: - type: object - properties: - enabled: - type: boolean - default: false - max-concurrent-limit: - default: 32768 - type: integer - minimum: 1 - maximum: 4194304 - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - dos-protection-rules: - type: object - required: - - name - - type - properties: - id: - type: string - description: The UUID of the DNS security profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - description: Rule name - type: string - maxLength: 31 - description: - description: Description - type: string - minLength: 0 - maxLength: 255 - disabled: - description: Rule disabled? - type: boolean - default: false - position: - description: Position relative to local device rules - type: string - enum: - - pre - - post - default: pre - schedule: - description: Schedule on which to enforce the rule - type: string - tag: - description: List of tags - type: array - items: - type: string - from: - description: List of source zones - type: array - items: - type: string - example: any - to: - description: List of destination zones - type: array - items: - type: string - example: any - source: - description: List of source addresses - type: array - items: - type: string - example: any - source_user: - description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. - type: array - items: - type: string - example: any - destination: - description: List of destination addresses - type: array - items: - type: string - example: any - service: - description: List of services - type: array - items: - type: string - example: any - action: - description: The action to take on rule match - type: object - oneOf: - - title: deny - type: object - required: - - deny - properties: - deny: - type: object - default: {} - - title: allow - type: object - required: - - allow - properties: - allow: - type: object - default: {} - - title: protect - type: object - required: - - protect - properties: - protect: - type: object - default: {} - protection: - type: object - oneOf: - - title: aggregate - required: - - aggregate - type: object - properties: - aggregate: - type: object - required: - - profile - properties: - profile: - description: Aggregate DoS protection profile - type: string - - title: classified - required: - - classified - type: object - properties: - classified: - type: object - required: - - classification-criteria - - profile - properties: - classification-criteria: - type: object - required: - - address - properties: - address: - description: Classification method - type: string - enum: - - source-ip-only - - destination-ip-only - - src-dest-ip-both - profile: - description: Classified DoS protection profile - type: string - log_setting: - description: Log forwarding profile name - type: string - default: Cortex Data Lake - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - file-blocking-profiles: - type: object - required: - - name - properties: - id: - type: string - description: The UUID of the file blocking profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the file blocking profile - description: - type: string - rules: - type: array - description: A list of file blocking rules - items: - type: object - properties: - name: - type: string - description: The name of the file blocking rule - action: - enum: - - alert - - block - - continue - default: alert - description: The action to take when the rule match criteria is met - application: - type: array - description: The application transferring the files (App-ID naming) - minItems: 1 - default: - - any - items: - type: string - # these are a few examples of applications to choose from - enum: - - any - - axifile - - dl-free - - facebook-mail - - file.io - - giphy-base - - glassdoor-uploading - - http-proxy - - redbooth - - send-anywhere - - zoho-mail - direction: - description: The direction of the file transfer - enum: - - download - - upload - - both - default: both - file_type: - type: array - description: The file type - minItems: 1 - default: - - any - items: - type: string - # Complete list of file types supported by Palo Alto Networks File Blocking - # Reference: https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-file-type-support/advanced-wildfire-file-type-support-complete - enum: - - 7z - - Multi-Level-Encoding - - PE - - access-shortcut - - ace - - ade - - adp - - ai - - aip-encrypted-docx - - aip-encrypted-pptx - - aip-encrypted-xlsx - - any - - apk - - arj - - asp - - avi - - avi-divx - - avi-xvid - - bas - - bat - - bmp - - bmp-upload - - bzip2 - - cab - - catpart - - cdr - - chm - - cin - - class - - cmd - - com - - cpl - - csv - - deflate64-zip - - der - - dll - - dmg - - doc - - docm - - docx - - dpx - - dsn - - dwf - - dwg - - dxf - - edif - - elf - - emf - - encrypted-7z - - encrypted-doc - - encrypted-docx - - encrypted-office2007 - - encrypted-pdf - - encrypted-ppt - - encrypted-pptx - - encrypted-rar - - encrypted-xls - - encrypted-xlsx - - encrypted-zip - - eps - - exe - - exr - - flash - - flv - - gds - - gif - - gif-upload - - gzip - - hlp - - hta - - hwp - - hwpx - - ichitaro - - iff - - inf - - ins - - iqy - - iso - - its - - iwork-keynote - - iwork-numbers - - iwork-pages - - jar - - jpeg - - jpeg-upload - - js - - jse - - lnk - - lzh - - ma - - macapp - - mach-o - - mb - - mda - - mdb - - mdi - - mdt - - mdw - - mdz - - mht - - microsoft-shell - - mif - - mkv - - mov - - mp3 - - mp4 - - mpeg - - mpeg-ts - - mpkg - - msc - - msi - - msoffice - - msp - - ocx - - pbix - - pbm - - pcl - - pdf - - pem - - pgp - - pif - - pkg - - pl - - png - - png-upload - - powershell - - ppt - - pptx - - prg - - psd - - py - - rar - - reg - - renamed-zip - - rla - - rm - - rpf - - rtf - - scf - - scr - - sgi - - sh - - shk - - shs - - slk - - softimg - - split-cab - - split-rar - - stp - - svg - - sys - - tar - - tdb - - tif - - tiff - - tmp - - torrent - - url - - vb - - vbe - - vbs - - vxd - - webm - - wmf - - wmv - - wri - - wsf - - wsh - - xll - - xls - - xlsx - - xpm - - zcompressed - - zip - required: - - name - - action - - application - - direction - - file_type - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - http-header-profiles: - type: object - required: - - name - properties: - id: - type: string - description: The UUID of the HTTP header profile - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the HTTP header profile - description: - type: string - description: The description of the HTTP header profile - http_header_insertion: - type: array - description: A list of HTTP header profile rules - items: - type: object - properties: - name: - type: string - description: The name of the HTTP header insertion rule - type: - type: array - description: A list of HTTP header insertion definitions - items: - type: object - properties: - name: - type: string - description: The HTTP header insertion type - enum: - - Custom - - Dropbox Network Control - - Dynamic Fields - - Google Apps Access Control - - Microsoft Office365 Tenant Restrictions - - Youtube Safe Search - domains: - type: array - description: A list of DNS domains - items: - type: string - example: - - '*.google.com' - - 'gmail.com' - headers: - type: array - items: - type: object - properties: - name: - type: string - description: The name of the HTTP header - header: - type: string - description: The HTTP header string - example: X-MyCustomHeader - value: - type: string - description: The value associated with the HTTP header - example: somevalue - log: - type: boolean - default: false - description: Log the use of this HTTP header insertion? - required: - - name - - header - - value - required: - - name - - domains - - headers - required: - - name - - type - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - profile-groups: - type: object - properties: - id: - type: string - description: The UUID of the profile group - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the profile group - dns_security: - type: array - items: - type: string - description: The name of a DNS security profile - file_blocking: - type: array - items: - type: string - description: The name of a file blocking profile - spyware: - type: array - items: - type: string - description: The name of an anti-spyware profile - url_filtering: - type: array - items: - type: string - description: The name of a URL filtering profile - virus_and_wildfire_analysis: - type: array - items: - type: string - description: The name of a anti-virus and Wildfire analysis profile - vulnerability: - type: array - items: - type: string - description: The name of a vulnerability protection profile - saas_security: - type: array - items: - type: string - description: The name of an HTTP header insertion profile - ai_security: - type: array - items: - type: string - description: The name of an AI Security profile - data_filtering: - type: array - items: - type: string - description: The name of DLP profile - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - # 1. THE UNIFIED, DISCRIMINATED SCHEMA - # This is the primary schema that all paths now reference. - security-rules: - type: object - description: |- - Represents a Security or Internet security rule. - A rule must be one of the policy types AND exist in one scope (folder, snippet, or device). - # Use allOf to combine multiple, independent constraints. - allOf: - # Constraint 1: The object must conform to one of the policy types. - - oneOf: - - $ref: '#/components/schemas/security-rule-type' - - $ref: '#/components/schemas/internet-rule-type' - discriminator: - propertyName: policy_type - mapping: - Security: '#/components/schemas/security-rule-type' - Internet: '#/components/schemas/internet-rule-type' - - # Constraint 2: The object must exist in exactly one scope. - - oneOf: - - type: object - title: folder - required: [folder] - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - - type: object - title: snippet - required: [snippet] - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - - type: object - title: device - required: [device] - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - - # 2. A BASE SCHEMA FOR COMMON PROPERTIES - # This reduces duplication and clearly defines what is shared between rule types. - base-rule-properties: - type: object - required: - - name - properties: - id: - type: string - description: The UUID of the security rule - format: uuid - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: The name of the security rule - policy_type: - type: string - default: 'Security' - disabled: - type: boolean - description: Is the security rule disabled? - default: false - description: - type: string - description: The description of the security rule - tag: - type: array - description: The tags associated with the security rule - uniqueItems: true - items: - type: string - from: - type: array - description: The source security zone(s) - uniqueItems: true - items: - type: string - default: any - to: - type: array - description: The destination security zone(s) - uniqueItems: true - items: - type: string - default: any - source: - type: array - description: The source addresses(es) - uniqueItems: true - items: - type: string - default: any - negate_source: - type: boolean - description: Negate the source address(es)? - default: false - source_user: - type: array - description: List of source users and/or groups. Reserved words include `any`, `pre-login`, `known-user`, and `unknown`. - uniqueItems: true - items: - type: string - default: any - destination: - type: array - description: The destination address(es) - uniqueItems: true - items: - type: string - default: any - service: - type: array - description: The service(s) being accessed - uniqueItems: true - items: - type: string - default: any - schedule: - type: string - description: Schedule in which this rule will be applied - action: - enum: - - allow - - deny - - drop - - reset-client - - reset-server - - reset-both - description: The action to be taken when the rule is matched - - # 3. THE "SECURITY" RULE VARIANT - # Contains the base properties plus fields unique to 'Security' rules. - security-rule-type: - type: object - required: - - from - - to - - source - - source_user - - destination - - service - - action - description: A standard security rule for controlling traffic between zones. - allOf: - - $ref: '#/components/schemas/base-rule-properties' - - type: object - required: - - category - - application - properties: - negate_destination: - type: boolean - description: Negate the destination addresses(es)? - default: false - source_hip: - type: array - description: The source Host Integrity Profile(s) - items: - type: string - default: any - destination_hip: - type: array - description: The destination Host Integrity Profile(s) - uniqueItems: true - items: - type: string - default: any - application: - type: array - description: The application(s) being accessed - uniqueItems: true - items: - type: string - default: any - category: - type: array - description: The URL categories being accessed - uniqueItems: true - items: - type: string - default: any - action: - enum: - - allow - - deny - - drop - - reset-client - - reset-server - - reset-both - description: The action to be taken when the rule is matched - profile_setting: - type: object - description: The security profile object - properties: - group: - type: array - description: The security profile group - items: - type: string - default: best-practice - log_setting: - type: string - description: The external log forwarding profile - log_start: - type: boolean - description: Log at session start? - log_end: - type: boolean - description: Log at session end? - tenant_restrictions: - type: array - items: - type: string - default: any - - # 4. THE "INTERNET" RULE VARIANT - # Contains the base properties plus fields unique to 'Internet' rules. - internet-rule-type: - type: object - description: A simplified security rule for controlling internet access. - allOf: - - $ref: '#/components/schemas/base-rule-properties' - - type: object - properties: - negate_user: - type: boolean - default: false - devices: - type: array - items: - type: string - default: ['any'] - action: - enum: [allow, deny] - default: allow - log_settings: - type: object - properties: - log_sessions: - type: boolean - default: true - security_settings: - type: object - properties: - anti_spyware: - type: string - enum: [yes, no] - default: yes - vulnerability: - type: string - enum: [yes, no] - default: yes - virus_and_wildfire_analysis: - type: string - enum: [yes, no] - default: yes - block_web_application: - type: array - items: - type: string - block_url_category: - type: array - items: - type: string - allow_web_application: - type: array - items: - type: object - properties: - name: - type: string - type: - type: string - file_control: - type: object - properties: - upload: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - download: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - saas_enterprise_control: - type: object - properties: - consumer_access: - type: object - properties: - enable: - type: string - enum: [yes, no] - enterprise_access: - type: object - properties: - enable: - type: string - enum: [yes, no] - tenant_restrictions: - type: array - items: - type: string - application_function: - type: array - items: - type: string - dlp: - type: string - saas_tenant_list: - type: array - items: - type: string - saas_user_list: - type: array - items: - type: string - tenant_control: - type: object - properties: - tenants: - type: array - items: - type: string - allowed_activities: - type: array - items: - type: string - blocked_activities: - type: array - items: - type: string - parent_application: - type: string - allow_url_category: - type: array - items: - type: object - properties: - name: - type: string - decryption: - type: string - enum: [enabled, disabled] - default: enabled - credential_enforcement: - type: string - enum: [enabled, disabled] - default: enabled - additional_action: - type: string - enum: [none, continue, redirect, isolate] - default: none - isolation_profiles: - type: string - default: none - file_control: - type: object - properties: - upload: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - download: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - dlp: - type: string - default_profile_settings: - type: object - properties: - file_control: - type: object - properties: - upload: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - download: - type: string - enum: - [ - allow-all-file-types, - best-practice, - block-all-file-types, - ] - dlp: - type: string - - # 5. THE LIST RESPONSE SCHEMA - # This now points to the unified 'security-rules' schema. - SecurityRuleListResponse: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/security-rules' - limit: - type: integer - default: 200 - offset: - type: integer - default: 0 - total: - type: integer - ssl-decryption-settings: - type: object - properties: - disabled_ssl_exclude_cert_from_predefined: - type: array - items: - type: object - forward_trust_certificate: - type: object - properties: - ecdsa: - type: string - rsa: - type: string - forward_untrust_certificate: - type: object - properties: - rsa: - type: string - ecdsa: - type: string - root_ca_exclude_list: - type: array - items: - type: object - ssl_exclude_cert: - type: array - items: - type: object - properties: - description: - type: string - exclude: - type: boolean - name: - type: string - trusted_root_CA: - type: array - items: - type: object - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - ssl-decryption-settings-get-put: - type: object - required: - - ssl_decrypt - properties: - ssl_decrypt: - type: object - properties: - disabled_ssl_exclude_cert_from_predefined: - type: array - items: - type: object - forward_trust_certificate: - type: object - properties: - ecdsa: - type: string - rsa: - type: string - forward_untrust_certificate: - type: object - properties: - rsa: - type: string - ecdsa: - type: string - root_ca_exclude_list: - type: array - items: - type: object - ssl_exclude_cert: - type: array - items: - type: object - properties: - description: - type: string - exclude: - type: boolean - name: - type: string - trusted_root_CA: - type: array - items: - type: object - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - url-access-profiles: - type: object - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - alert: - type: array - items: - type: string - allow: - type: array - items: - type: string - block: - type: array - items: - type: string - continue: - type: array - items: - type: string - cloud_inline_cat: - type: boolean - credential_enforcement: - type: object - properties: - alert: - type: array - items: - type: string - allow: - type: array - items: - type: string - block: - type: array - items: - type: string - continue: - type: array - items: - type: string - log_severity: - type: string - default: medium - mode: - type: object - properties: - disabled: - type: object - domain_credentials: - type: object - ip_user: - type: object - group_mapping: - type: string - description: - type: string - maxLength: 255 - mlav_category_exception: - type: array - items: - type: string - local_inline_cat: - type: boolean - log_container_page_only: - type: boolean - default: true - log_http_hdr_referer: - type: boolean - default: false - log_http_hdr_user_agent: - type: boolean - default: false - log_http_hdr_xff: - type: boolean - default: false - safe_search_enforcement: - type: boolean - default: false - redirect: - type: array - items: - type: string - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - url-categories: - type: object - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - description: - type: string - list: - type: array - items: - type: string - type: - enum: - - URL List - - Category Match - default: URL List - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - url-filtering-categories: - type: object - properties: - type: - type: string - value: - type: string - vulnerability-protection-profiles: - type: object - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - pattern: '^[a-zA-Z0-9._-]+$' - rules: - type: array - items: - type: object - properties: - name: - type: string - action: - type: object - description: vulnerability profiles threat exception default action - oneOf: - - type: object - title: default - properties: - default: - type: object - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - properties: - block_ip: - type: object - description: vulnerability protection block ip - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - packet_capture: - enum: - - disable - - single-packet - - extended-capture - severity: - type: array - items: - type: string - category: - enum: - - any - - app-id-change - - brute-force - - code-execution - - code-obfuscation - - command-execution - - dos - - exploit-kit - - info-leak - - inline-cloud-exploit - - insecure-credentials - - overflow - - phishing - - protocol-anomaly - - scan - - sql-injection - cve: - type: array - items: - type: string - host: - type: string - vendor_id: - type: array - items: - type: string - threat_name: - type: string - threat_exception: - type: array - items: - type: object - properties: - name: - type: string - action: - type: object - description: vulnerability threat exception default action - oneOf: - - type: object - title: default - properties: - default: - type: object - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - properties: - block_ip: - type: object - description: vulnerability protection threat exception block ip - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - packet_capture: - enum: - - disable - - single-packet - - extended-capture - exempt_ip: - type: array - items: - type: object - description: Vulnerability protection IP address to be exempted from threat exception - properties: - name: - type: string - required: - - name - time_attribute: - type: object - description: vulnerability time attribute - properties: - interval: - type: integer - minimum: 1 - maximum: 3600 - threshold: - type: integer - minimum: 1 - maximum: 65535 - track_by: - enum: - - source - - destination - - source-and-destination - notes: - type: string - description: - type: string - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - vulnerability-protection-signatures: - type: object - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - threat_id: - type: string - description: threat id range <41000-45000> and <6800001-6900000> - affected_host: - type: object - oneOf: - - type: object - title: client - properties: - client: - type: boolean - - type: object - title: server - properties: - server: - type: boolean - bugtraq: - type: array - items: - type: string - comment: - type: string - maxLength: 256 - cve: - type: array - items: - type: string - default_action: - type: object - oneOf: - - type: object - title: allow - properties: - allow: - type: object - - type: object - title: alert - properties: - alert: - type: object - - type: object - title: drop - properties: - drop: - type: object - - type: object - title: reset_client - properties: - reset_client: - type: object - - type: object - title: reset_server - properties: - reset_server: - type: object - - type: object - title: reset_both - properties: - reset_both: - type: object - - type: object - title: block_ip - properties: - block_ip: - description: vulnerability protection bugtraq block ip - type: object - properties: - track_by: - enum: - - source-and-destination - - source - duration: - type: integer - minimum: 1 - maximum: 3600 - direction: - enum: - - client2server - - server2client - - both - reference: - type: array - items: - type: string - severity: - enum: - - critical - - low - - high - - medium - - informational - signature: - description: vulnerability protection signature - type: object - oneOf: - - type: object - title: combination - description: vulnerability protection signature combination - properties: - combination: - type: object - description: vulnerability protection signature combination object - properties: - and_condition: - type: array - description: vulnerability protection signature combination object and condition - items: - type: object - description: vulnerability protection signature combination object and condition object - properties: - name: - type: string - or_condition: - type: array - description: vulnerability protection signature combination object and condition object or condition - items: - type: object - description: vulnerability protection signature combination object and condition object or condition object - properties: - name: - type: string - threat_id: - type: string - order_free: - type: boolean - default: false - time_attribute: - type: object - properties: - interval: - type: integer - minimum: 1 - maximum: 3600 - threshold: - type: integer - minimum: 1 - maximum: 255 - track_by: - enum: - - source-and-destination - - source - - destination - - type: object - title: standard - description: vulnerability protection signature standard - properties: - standard: - type: array - description: vulnerability protection signature standard array - items: - type: object - description: vulnerability protection signature standard object - properties: - name: - type: string - and_condition: - type: array - description: vulnerability protection signature standard object and condition - items: - type: object - description: vulnerability protection signature standard object and condition object - properties: - name: - type: string - or_condition: - type: array - description: vulnerability protection signature standard object and condition object or condition - items: - type: object - description: vulnerability protection signature standard object and condition object or condition object - properties: - name: - type: string - operator: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators - properties: - equal_to: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators equal_to - properties: - context: - type: string - negate: - type: boolean - default: false - qualifier: - type: array - description: vulnerability protection signature standard object and condition object or condition object operators equal_to qualifier array - items: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators equal_to qualifier array object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - greater_than: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators greater_than - properties: - context: - type: string - qualifier: - type: array - description: vulnerability protection signature standard object and condition object or condition object operators greater_than qualifier - items: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators greater_than qualifier object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - less_than: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators less_than - properties: - context: - type: string - qualifier: - type: array - description: vulnerability protection signature standard object and condition object or condition object operators less_than array - items: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators less_than array object - properties: - name: - type: string - value: - type: string - value: - type: integer - minimum: 0 - maximum: 4294967295 - pattern_match: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators pattern match - properties: - context: - type: string - negate: - type: boolean - default: false - pattern: - type: string - qualifier: - type: array - description: vulnerability protection signature standard object and condition object or condition object operators pattern match qualifier - items: - type: object - description: vulnerability protection signature standard object and condition object or condition object operators pattern match qualifier object - properties: - name: - type: string - value: - type: string - comment: - type: string - maxLength: 256 - order_free: - type: boolean - default: false - scope: - enum: - - protocol-data-unit - - session - required: - - name - threatname: - type: string - maxLength: 1024 - vendor: - type: array - items: - type: string - required: - - threat_id - - threatname - - affected_host - - severity - - direction - - signature - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - wildfire-anti-virus-profiles: - type: object - properties: - id: - type: string - description: UUID of the resource - readOnly: true - example: 123e4567-e89b-12d3-a456-426655440000 - name: - type: string - pattern: '^[a-zA-Z0-9._-]+$' - description: - type: string - mlav_exception: - type: array - items: - type: object - properties: - name: - type: string - description: - type: string - filename: - type: string - packet_capture: - type: boolean - rules: - type: array - items: - type: object - properties: - name: - type: string - analysis: - enum: - - public-cloud - - private-cloud - application: - type: array - items: - type: string - direction: - enum: - - download - - upload - - both - file_type: - type: array - items: - type: string - threat_exception: - type: array - items: - type: object - properties: - name: - type: string - notes: - type: string - required: - - name - oneOf: - - type: object - title: folder - properties: - folder: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The folder in which the resource is defined - example: My Folder - required: - - folder - - type: object - title: snippet - properties: - snippet: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The snippet in which the resource is defined - example: My Snippet - required: - - snippet - - type: object - title: device - properties: - device: - type: string - pattern: ^[a-zA-Z\d\-_\. ]+$ - maxLength: 64 - description: The device in which the resource is defined - example: My Device - required: - - device - saas-tenant-restrictions: - type: object - properties: - description: - type: string - description: Description associated with the tenant restriction (example - Microsoft 365 SaaS Security Restrictions, Dropbox SaaS Security Restrictions, YouTube Safe Search Restrictions, Google Apps SaaS Security Restrictions) - domains: - type: array - description: List of domains associated with tenant restrictions - items: - type: string - description: Domain string associated with tenant restrictions (example - "microsoft.com", "office365") - headers: - type: array - description: List of headers associated with tenant restrictions - items: - type: object - properties: - header: - type: string - description: Header string associated with the tenant restriction (example - Restrict-Access-To-Tenants, Restrict-Access-Context, X-Dropbox-allowed-Team-Ids, YouTube-Restrict, X-GooGApps-Allowed-Domains) - name: - type: string - description: Header name associated with tenant restrictions (example - Permitted Tenant List, Tenant Directory ID) - value: - type: string - description: Header value associated with tenant restriction (example - tenant1,tenant2,strict etc.) - name: - type: string - description: Name of the tenant restriction (example - Microsoft 365, Dropbox, YouTube Safe Search, Google Apps) - saas_edl: - type: array - description: List of EDL associated with tenant restrictions - items: - type: string - description: EDL string associated with the tenant restriction - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - x-examples: {} - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - x-examples: {} - error_detail_cause_info: - type: object - title: Cause Info - properties: - code: - type: string - message: - type: string - details: - oneOf: - - type: string - - type: object - help: - type: string -security: - - scmToken: [] -x-internal: false From 3c400254ee5c8f6fdcc21f39d21b9743b8aaaacb Mon Sep 17 00:00:00 2001 From: sra Date: Fri, 20 Mar 2026 09:02:48 +0530 Subject: [PATCH 4/6] Re-added the older feb release spec files for operations as the new MR will be for a new NGFW operations under SCM --- .../operations/config-operations-feb-v1.yaml | 867 +++++++++++++++ .../operations/operations _v1.1.yaml | 993 ------------------ .../operations/config-operations-feb-v1.yaml | 867 +++++++++++++++ .../ngfw/operations/operations _v1.1.yaml | 993 ------------------ .../operations/config-operations-feb-v1.yaml | 867 +++++++++++++++ .../sase/operations/operations _v1.1.yaml | 993 ------------------ 6 files changed, 2601 insertions(+), 2979 deletions(-) create mode 100644 openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml delete mode 100644 openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml create mode 100644 openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml delete mode 100644 openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml create mode 100644 openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml delete mode 100644 openapi-specs/scm/config/sase/operations/operations _v1.1.yaml diff --git a/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml new file mode 100644 index 000000000..6cea9c4c6 --- /dev/null +++ b/openapi-specs/scm/config/cloudngfw/operations/config-operations-feb-v1.yaml @@ -0,0 +1,867 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Config Operations + description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' + description: Current + - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' + description: Legacy +paths: + /jobs: + get: + tags: + - Jobs + summary: List jobs + description: | + Retrieve a list of configuration jobs. + operationId: ListJobs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/jobs' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/jobs/{id}': + get: + tags: + - Jobs + summary: Get a job + description: | + Get an existing configuration job. + operationId: GetJobsByID + parameters: + - $ref: '#/components/parameters/jobid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/jobs-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/config-versions:load': + post: + tags: + - Config Versions + summary: Load config version + description: | + Load a specific configuration version into the candidate configuration. + operationId: LoadConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/load-config' + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/candidate:push': + post: + tags: + - Config Versions + summary: Push the candidate configuration + description: | + Push the candidate configuration. + operationId: PushCandidateConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + type: object + properties: + admin: + type: array + description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. + items: + type: string + description: + type: string + description: A description of the changes being pushed + allOf: + - type: object + title: folders + properties: + folder: + type: array + description: The target folders for the configuration push + uniqueItems: true + items: + type: string + pattern: ^[a-zA-Z\d-_\. ]+$ + maxLength: 64 + example: [Prisma Access, Mobile Users, Service Conncetions] + required: + - folders + - type: object + title: devices + properties: + devices: + type: array + description: The target devices for the configuration push + uniqueItems: true + items: + type: number + maxLength: 16 + example: [007951000388704, 007951000388707, 007051000239252] + required: + - folders + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /config-versions: + get: + tags: + - Config Versions + summary: List configuration versions + description: | + Retrieve a list of configuration versions. + operationId: ListConfigVersions + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/config-version' + offset: + type: integer + limit: + type: integer + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/candidate: + delete: + tags: + - Config Versions + summary: Delete a candidate configuration + description: | + Delete a candidate configuration. Roll back to the running configuration. + operationId: DeleteCandidateConfigVersions + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/{version}': + get: + tags: + - Config Versions + summary: Get config by version + description: | + Get config by version. + operationId: GetConfigVersionsByID + parameters: + - $ref: '#/components/parameters/version' + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/config-version' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/running: + get: + tags: + - Config Versions + summary: Get running configuration versions + description: | + Get the running configuration versions on each folder. + operationId: GetRunningConfigVersions + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/running-config-versions-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' +tags: + - name: Config Versions + description: Config Versions + - name: Jobs + description: Jobs +components: + parameters: + limit: + name: limit + in: query + description: The maximum number of results per page + required: false + schema: + type: integer + default: 200 + offset: + name: offset + in: query + description: The offset into the list of results returned + required: false + schema: + type: integer + default: 0 + jobid: + name: id + in: path + description: The ID of the job + required: true + schema: + type: string + version: + name: version + in: path + description: The configuration version number + required: true + schema: + type: integer + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: E016 + message: Not Authenticated + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: E016 + message: Invalid Credential + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: E016 + message: Key Too Long + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: E016 + message: Key Expired + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: E016 + message: The password needs to be changed. + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: E007 + message: Unauthorized + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: E012 + message: Version Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: E012 + message: Method Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: E003 + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: E003 + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: E003 + message: 'Missing Query Parameter: name' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: E003 + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: E003 + message: Missing Body + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: E012 + message: 'Action Not Supported: move' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: E013 + message: Bad XPath + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: E005 + message: Object Not Present + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: E016 + message: Object Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: E006 + message: Name Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: E009 + message: Reference Not Zero + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: E003 + message: Invalid Object + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: E003 + message: Invalid Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: E003 + message: Malformed Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + schemas: + jobs: + type: object + properties: + device_name: + type: string + description: The name of the device + end_ts: + type: string + description: The timestamp indicating when the job was finished + id: + type: string + description: The job ID + example: "115" + job_result: + type: string + description: The job result + example: "2" + job_status: + type: string + description: The current status of the job + example: "2" + job_type: + type: string + description: The job type + example: "53" + parent_id: + type: string + description: The parent job ID + example: "114" + percent: + type: string + description: Job completion percentage + result_str: + type: string + enum: + - OK + - FAIL + - PEND + - WAIT + - CANCELLED + - TIMEOUT + description: The result of the job + start_ts: + type: string + description: The timestamp indicating when the job was created + status_str: + type: string + enum: + - ACT + - FIN + - PEND + - PUSHSENT + - PUSHFAIL + - PUSHABORT + - PUSHTIMEOUT + description: The current status of the job + summary: + type: string + description: The completion summary of the job + type_str: + type: string + enum: + - CommitAll + - CommitAndPush + - NGFW-Bootstrap-Push + - Validate + description: The job type + example: CommitAndPush + uname: + type: string + description: The administrator or service account that created the job + format: email + description: + type: string + description: A description provided by the administrator or service account + example: Added a new security rule for marketing + details: + type: string + description: JSON string with detailed errors or info + example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" + required: + - device_name + - end_ts + - id + - job_result + - job_status + - job_type + - parent_id + - percent + - result_str + - start_ts + - status_str + - summary + - type_str + - uname + load-config: + type: object + properties: + version: + type: integer + config-version: + type: object + properties: + id: + type: integer + description: The configuration version + version: + type: string + description: The configuration version name + date: + type: string + format: date-time + admin: + type: string + description: The administrator or service account that pushed this configuration version + format: email + scope: + type: string + description: + type: string + swg_config: + type: string + updated: + type: number + created: + type: number + deleted: + type: number + ngfw_scope: + type: string + description: A comma separated list of firewall serial numbers + types: + type: string + impacted_devices: + type: string + edited_by: + type: string + required: + - id + - version + - date + - admin + - scope + - description + - updated + - created + - deleted + - types + - impacted_devices + - edited_by + running-versions: + type: object + properties: + device: + type: string + description: The folder name or firewall serial number + version: + type: integer + description: The configuration version number + date: + type: string + description: The timestamp of when the configuration version was pushed to the folder or firewall + format: date-time + required: + - device + - version + - date + jobs-response: + type: object + description: Response containing job data + properties: + data: + type: array + items: + $ref: '#/components/schemas/jobs' + running-config-versions-response: + type: object + description: Paginated response containing running configuration versions + properties: + data: + type: array + items: + $ref: '#/components/schemas/running-versions' + offset: + type: integer + limit: + type: integer + total: + type: integer + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + x-examples: {} + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + x-examples: {} + error_detail_cause_info: + type: object + title: Cause Info + properties: + code: + type: string + message: + type: string + details: + type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml b/openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml deleted file mode 100644 index a771cf975..000000000 --- a/openapi-specs/scm/config/cloudngfw/operations/operations _v1.1.yaml +++ /dev/null @@ -1,993 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Operations and Troubleshooting - description: | - These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/operations/v1' - description: Current -tags: - - name: Device Operations - description: Operations for device management and troubleshooting - - name: Jobs - description: Job status and result retrieval for asynchronous operations - -paths: - /local-config/versions: - get: - tags: - - Device Operations - summary: List local configuration versions for a device - description: | - Retrieves the version history of local configurations for a specified device. - - **Purpose:** - - Track configuration changes pushed to devices - - View version history with timestamps - - Identify current and previous configuration versions - - operationId: getLocalConfigVersions - parameters: - - name: device - in: query - description: | - The serial number of the device for which to retrieve configuration versions. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - responses: - '200': - description: | - Success - Returns array of local configuration versions. - - **Notes:** - - Empty array `[]` is returned if no versions exist - - Empty array `[]` is returned if device doesn't exist - - Versions typically ordered by timestamp - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/local_config_version' - examples: - with_versions: - summary: Device with configuration versions - value: - - id: 1 - serial: '007951000123456' - local_version: '1.0.0' - timestamp: '2025-01-15T10:30:00Z' - xfmed_version: '1.0.0-transformed' - - id: 2 - serial: '007951000123456' - local_version: '0.9.0' - timestamp: '2025-01-14T09:20:00Z' - xfmed_version: '0.9.0-transformed' - no_versions: - summary: Device with no versions (or non-existent device) - value: [] - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /local-config/download: - get: - tags: - - Device Operations - summary: Download local configuration file - description: | - Downloads a specific local configuration file for a device. - - **Purpose:** - - Retrieve the actual XML configuration file pushed to a device - - Download configuration for backup or review purposes - - Access specific configuration versions from history - - **Process:** - - Queries the database for the specified device and version - - Retrieves the base64-encoded configuration - - Decodes and returns it as an XML file download - - File is downloaded with name: `local-config-{device}-{version}.xml` - - operationId: downloadLocalConfig - parameters: - - name: device - in: query - description: | - The serial number of the device for which to download the configuration. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - name: version - in: query - description: | - The configuration version ID to download. - - **Source:** Use the `id` field from `/local-config/versions` response - - **Example:** `1` - - **Required:** Yes - required: true - schema: - type: string - example: '1' - - responses: - '200': - description: | - Success - Configuration file downloaded successfully. - - **Response Type:** Binary file download (XML) - **Content-Type:** `application/octet-stream` - **Filename:** `local-config-{device}-{version}.xml` - headers: - Content-Disposition: - description: Attachment header specifying the downloaded filename - schema: - type: string - example: 'attachment; filename=local-config-007951000123456-1.xml' - Content-Type: - description: MIME type of the downloaded file - schema: - type: string - example: 'application/octet-stream' - content: - application/octet-stream: - schema: - type: string - format: binary - description: | - XML configuration file content. - - The file contains the device's local configuration in XML format, - retrieved from the database and decoded from base64 encoding. - '400': - description: | - Bad Request - Missing required query parameters. - - **Common Causes:** - - Missing `device` parameter - - Missing `version` parameter - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - missing_device: - summary: Missing device parameter - value: - error: 'device query parameter is required' - missing_version: - summary: Missing version parameter - value: - error: 'version query parameter is required' - '404': - description: | - Not Found - Configuration not found for the specified device and version. - - **Common Causes:** - - Invalid version ID for the device - - Device configuration has been deleted - - Database record doesn't exist - content: - application/json: - schema: - type: object - properties: - error: - type: string - example: - error: 'configuration not found' - '500': - description: | - Internal Server Error - Database query error, parsing error, or decoding error. - - **Common Causes:** - - Database connectivity issues - - Invalid JSON response from database service - - Missing `local_cfg` field in database response - - Invalid base64 encoding in stored configuration - - Failed to decode base64 content - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - database_error: - summary: Database query error - value: - error: 'database query error' - parse_error: - summary: Failed to parse database response - value: - error: 'failed to parse response' - missing_field: - summary: Missing local_cfg field - value: - error: 'local_cfg field not found in response' - decode_error: - summary: Failed to decode configuration - value: - error: 'failed to decode configuration' - default: - $ref: '#/components/responses/default_errors' - /route-table: - get: - summary: Retrieve route table from a device - description: | - Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. - tags: - - Device Operations - operationId: requestRouteTable - parameters: - - name: device - in: query - description: The serial number of the device from which to retrieve the route table. - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - responses: - '200': - description: | - Success - Job created successfully. - Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. - content: - application/json: - schema: - type: object - required: - - job_id - properties: - job_id: - type: string - format: uuid - description: | - Unique identifier for the created routing table retrieval job. - - **Usage:** - - Use this ID with `GET /jobs/{job_id}` to poll for job completion - - Job typically completes within 5-30 seconds - - Job results will contain the routing table data from the device - example: '550e8400-e29b-41d4-a716-446655440000' - examples: - success: - summary: Successful job creation - value: - job_id: '550e8400-e29b-41d4-a716-446655440000' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - - /jobs/{id}: - get: - summary: Retrieve job status and results - description: | - Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. - tags: - - Jobs - operationId: getJobStatus - parameters: - - name: id - in: path - description: The unique identifier of the job to retrieve. - required: true - schema: - type: string - format: uuid - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - responses: - '200': - description: | - Success - Job details retrieved successfully. - The response includes job progress, state, request details, and results when available. - content: - application/json: - schema: - $ref: '#/components/schemas/job_status' - examples: - complete_routing_job: - summary: Completed routing table job - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 100 - state: 'complete' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: - - device: '012345678901234' - state: 'complete' - created_ts: '2026-03-02 19:00:04' - updated_ts: '2026-03-02 19:00:04' - details: - msg: 'Command completed successfully.' - result: - router_global: - '3.3.3.3/32': - - prefix: '3.3.3.3/32' - prefixLen: 32 - protocol: 'connected' - distance: 0 - metric: 0 - installed: true - selected: true - destSelected: true - uptime: '06w0d07h' - nexthopGroupId: 6 - nexthops: - - interfaceName: 'vlan.1' - interfaceIndex: 256 - active: true - fib: true - directlyConnected: true - flags: 'A ' - in_progress_job: - summary: Job in progress - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 50 - state: 'in_progress' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: [] - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - -components: - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - parameters: - uuid: - name: id - in: path - required: true - schema: - type: string - description: The UUID of the resource - pagination-optional: - name: pagination - in: query - required: false - schema: - type: boolean - description: The parameter to mention if the response should be paginated. By default, its set to false - name-optional: - name: name - in: query - required: false - schema: - type: string - description: The name of the resource - limit-optional: - name: limit - in: query - required: false - schema: - type: integer - description: The maximum number of resources to return - offset-optional: - name: offset - in: query - required: false - schema: - type: integer - description: The offset into the list of resources returned - folder: - name: folder - in: query - required: false - schema: - type: string - description: | - The folder in which the resource is defined - snippet: - name: snippet - in: query - required: false - schema: - type: string - description: | - The snippet in which the resource is defined - device: - name: device - in: query - required: false - schema: - type: string - description: | - The device in which the resource is defined - trusted-tenant-type: - name: type - in: query - required: true - schema: - type: string - enum: - - subscriber - - publisher - description: | - Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. - trust-ids: - name: trustids - in: query - required: true - schema: - type: string - description: | - Comma-separated list of trust IDs - snippet-id: - name: snippet-id - in: query - required: true - schema: - type: string - description: | - The ID of the snippet - recipient-tsgs: - name: tsgs - in: query - required: true - schema: - type: string - description: | - Comma-separated list of recipient TSG IDs - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: 'E016' - message: Not Authenticated - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: 'E016' - message: Invalid Credential - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: 'E016' - message: Key Too Long - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: 'E016' - message: Key Expired - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: 'E016' - message: The password needs to be changed. - details: {} - _request_id: 'abcd-1234' - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: 'E007' - message: Unauthorized - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: 'E012' - message: Version Not Supported - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: 'E012' - message: Method Not Supported - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: 'E003' - message: 'Missing Query Parameter: name' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: 'E003' - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: 'E003' - message: Missing Body - details: {} - _request_id: 'abcd-1234' - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: 'E012' - message: 'Action Not Supported: move' - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: 'E013' - message: Bad XPath - details: {} - _request_id: 'abcd-1234' - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: 'E005' - message: Object Not Present - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: 'E016' - message: Object Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: 'E006' - message: Name Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: 'E009' - message: Reference Not Zero - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: 'E003' - message: Invalid Object - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: 'E003' - message: Invalid Command - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: 'E003' - message: Malformed Command - details: {} - _request_id: 'abcd-1234' - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 'abcd-1234' - schemas: - job_status: - type: object - required: - - jobId - - progress - - state - - request - - results - properties: - jobId: - type: string - format: uuid - description: Unique identifier for the job. - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: - type: integer - minimum: 0 - maximum: 100 - description: Job completion percentage. - example: 100 - state: - type: string - description: Current state of the job. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - request: - type: object - description: The original request that initiated the job. - required: - - command - - devices - properties: - command: - type: string - description: The command that was executed. - example: 'show-advanced-routing-route' - devices: - type: array - description: List of device serial numbers for which the command was executed. - items: - type: string - pattern: '^[0-9]{14,15}$' - example: - - '012345678901234' - results: - type: array - description: Array of results from each device. The structure of the result data varies based on the job type. - items: - $ref: '#/components/schemas/job_result' - job_result: - type: object - required: - - device - - state - - created_ts - - updated_ts - - details - properties: - device: - type: string - pattern: '^[0-9]{14,15}$' - description: The serial number of the device. - example: '012345678901234' - state: - type: string - description: The state of the job for this specific device. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - created_ts: - type: string - description: Timestamp when the job was created. - example: '2026-03-02 19:00:04' - updated_ts: - type: string - description: Timestamp when the job was last updated. - example: '2026-03-02 19:00:04' - details: - type: object - description: Detailed results from the command execution. The structure varies based on the command type. - required: - - msg - - result - properties: - msg: - type: string - description: Status message from the command execution. - example: 'Command completed successfully.' - result: - type: object - description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. - additionalProperties: true - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - error_detail_cause_info: - title: Cause Info - type: object - properties: - 'code': - type: string - message: - type: string - details: - oneOf: - - type: string - - type: object - help: - type: string - local_config_version: - type: object - required: - - id - - serial - - local_version - - timestamp - - xfmed_version - properties: - id: - type: integer - description: | - Unique identifier for this configuration version entry in the database. - example: 1 - serial: - type: string - description: | - Device serial number (14-15 digits). - - Identifies which device this configuration version belongs to. - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - local_version: - type: string - description: | - Local configuration version identifier. - - **Format:** Version string (typically semantic versioning) - **Purpose:** Identifies the original configuration version - example: '1.0.0' - timestamp: - type: string - format: date-time - description: | - When this configuration version was created or pushed to the device. - - **Format:** ISO 8601 date-time (UTC) - **Source:** Database `ts` field - example: '2025-01-15T10:30:00Z' - xfmed_version: - type: string - description: | - Transformed configuration version identifier. - - **Purpose:** Version identifier after transformation/processing - **Use Case:** Tracking configuration pipeline transformations - example: '1.0.0-transformed' - md5: - type: string - description: | - MD5 hash of the configuration (optional). - - **Note:** Currently not populated in responses - **Purpose:** Configuration integrity verification - example: 'abc123def456' - -security: - - scmToken: [] -x-internal: false diff --git a/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml new file mode 100644 index 000000000..6cea9c4c6 --- /dev/null +++ b/openapi-specs/scm/config/ngfw/operations/config-operations-feb-v1.yaml @@ -0,0 +1,867 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Config Operations + description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' + description: Current + - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' + description: Legacy +paths: + /jobs: + get: + tags: + - Jobs + summary: List jobs + description: | + Retrieve a list of configuration jobs. + operationId: ListJobs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/jobs' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/jobs/{id}': + get: + tags: + - Jobs + summary: Get a job + description: | + Get an existing configuration job. + operationId: GetJobsByID + parameters: + - $ref: '#/components/parameters/jobid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/jobs-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/config-versions:load': + post: + tags: + - Config Versions + summary: Load config version + description: | + Load a specific configuration version into the candidate configuration. + operationId: LoadConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/load-config' + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/candidate:push': + post: + tags: + - Config Versions + summary: Push the candidate configuration + description: | + Push the candidate configuration. + operationId: PushCandidateConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + type: object + properties: + admin: + type: array + description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. + items: + type: string + description: + type: string + description: A description of the changes being pushed + allOf: + - type: object + title: folders + properties: + folder: + type: array + description: The target folders for the configuration push + uniqueItems: true + items: + type: string + pattern: ^[a-zA-Z\d-_\. ]+$ + maxLength: 64 + example: [Prisma Access, Mobile Users, Service Conncetions] + required: + - folders + - type: object + title: devices + properties: + devices: + type: array + description: The target devices for the configuration push + uniqueItems: true + items: + type: number + maxLength: 16 + example: [007951000388704, 007951000388707, 007051000239252] + required: + - folders + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /config-versions: + get: + tags: + - Config Versions + summary: List configuration versions + description: | + Retrieve a list of configuration versions. + operationId: ListConfigVersions + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/config-version' + offset: + type: integer + limit: + type: integer + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/candidate: + delete: + tags: + - Config Versions + summary: Delete a candidate configuration + description: | + Delete a candidate configuration. Roll back to the running configuration. + operationId: DeleteCandidateConfigVersions + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/{version}': + get: + tags: + - Config Versions + summary: Get config by version + description: | + Get config by version. + operationId: GetConfigVersionsByID + parameters: + - $ref: '#/components/parameters/version' + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/config-version' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/running: + get: + tags: + - Config Versions + summary: Get running configuration versions + description: | + Get the running configuration versions on each folder. + operationId: GetRunningConfigVersions + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/running-config-versions-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' +tags: + - name: Config Versions + description: Config Versions + - name: Jobs + description: Jobs +components: + parameters: + limit: + name: limit + in: query + description: The maximum number of results per page + required: false + schema: + type: integer + default: 200 + offset: + name: offset + in: query + description: The offset into the list of results returned + required: false + schema: + type: integer + default: 0 + jobid: + name: id + in: path + description: The ID of the job + required: true + schema: + type: string + version: + name: version + in: path + description: The configuration version number + required: true + schema: + type: integer + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: E016 + message: Not Authenticated + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: E016 + message: Invalid Credential + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: E016 + message: Key Too Long + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: E016 + message: Key Expired + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: E016 + message: The password needs to be changed. + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: E007 + message: Unauthorized + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: E012 + message: Version Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: E012 + message: Method Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: E003 + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: E003 + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: E003 + message: 'Missing Query Parameter: name' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: E003 + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: E003 + message: Missing Body + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: E012 + message: 'Action Not Supported: move' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: E013 + message: Bad XPath + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: E005 + message: Object Not Present + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: E016 + message: Object Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: E006 + message: Name Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: E009 + message: Reference Not Zero + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: E003 + message: Invalid Object + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: E003 + message: Invalid Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: E003 + message: Malformed Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + schemas: + jobs: + type: object + properties: + device_name: + type: string + description: The name of the device + end_ts: + type: string + description: The timestamp indicating when the job was finished + id: + type: string + description: The job ID + example: "115" + job_result: + type: string + description: The job result + example: "2" + job_status: + type: string + description: The current status of the job + example: "2" + job_type: + type: string + description: The job type + example: "53" + parent_id: + type: string + description: The parent job ID + example: "114" + percent: + type: string + description: Job completion percentage + result_str: + type: string + enum: + - OK + - FAIL + - PEND + - WAIT + - CANCELLED + - TIMEOUT + description: The result of the job + start_ts: + type: string + description: The timestamp indicating when the job was created + status_str: + type: string + enum: + - ACT + - FIN + - PEND + - PUSHSENT + - PUSHFAIL + - PUSHABORT + - PUSHTIMEOUT + description: The current status of the job + summary: + type: string + description: The completion summary of the job + type_str: + type: string + enum: + - CommitAll + - CommitAndPush + - NGFW-Bootstrap-Push + - Validate + description: The job type + example: CommitAndPush + uname: + type: string + description: The administrator or service account that created the job + format: email + description: + type: string + description: A description provided by the administrator or service account + example: Added a new security rule for marketing + details: + type: string + description: JSON string with detailed errors or info + example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" + required: + - device_name + - end_ts + - id + - job_result + - job_status + - job_type + - parent_id + - percent + - result_str + - start_ts + - status_str + - summary + - type_str + - uname + load-config: + type: object + properties: + version: + type: integer + config-version: + type: object + properties: + id: + type: integer + description: The configuration version + version: + type: string + description: The configuration version name + date: + type: string + format: date-time + admin: + type: string + description: The administrator or service account that pushed this configuration version + format: email + scope: + type: string + description: + type: string + swg_config: + type: string + updated: + type: number + created: + type: number + deleted: + type: number + ngfw_scope: + type: string + description: A comma separated list of firewall serial numbers + types: + type: string + impacted_devices: + type: string + edited_by: + type: string + required: + - id + - version + - date + - admin + - scope + - description + - updated + - created + - deleted + - types + - impacted_devices + - edited_by + running-versions: + type: object + properties: + device: + type: string + description: The folder name or firewall serial number + version: + type: integer + description: The configuration version number + date: + type: string + description: The timestamp of when the configuration version was pushed to the folder or firewall + format: date-time + required: + - device + - version + - date + jobs-response: + type: object + description: Response containing job data + properties: + data: + type: array + items: + $ref: '#/components/schemas/jobs' + running-config-versions-response: + type: object + description: Paginated response containing running configuration versions + properties: + data: + type: array + items: + $ref: '#/components/schemas/running-versions' + offset: + type: integer + limit: + type: integer + total: + type: integer + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + x-examples: {} + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + x-examples: {} + error_detail_cause_info: + type: object + title: Cause Info + properties: + code: + type: string + message: + type: string + details: + type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml b/openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml deleted file mode 100644 index a771cf975..000000000 --- a/openapi-specs/scm/config/ngfw/operations/operations _v1.1.yaml +++ /dev/null @@ -1,993 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Operations and Troubleshooting - description: | - These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/operations/v1' - description: Current -tags: - - name: Device Operations - description: Operations for device management and troubleshooting - - name: Jobs - description: Job status and result retrieval for asynchronous operations - -paths: - /local-config/versions: - get: - tags: - - Device Operations - summary: List local configuration versions for a device - description: | - Retrieves the version history of local configurations for a specified device. - - **Purpose:** - - Track configuration changes pushed to devices - - View version history with timestamps - - Identify current and previous configuration versions - - operationId: getLocalConfigVersions - parameters: - - name: device - in: query - description: | - The serial number of the device for which to retrieve configuration versions. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - responses: - '200': - description: | - Success - Returns array of local configuration versions. - - **Notes:** - - Empty array `[]` is returned if no versions exist - - Empty array `[]` is returned if device doesn't exist - - Versions typically ordered by timestamp - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/local_config_version' - examples: - with_versions: - summary: Device with configuration versions - value: - - id: 1 - serial: '007951000123456' - local_version: '1.0.0' - timestamp: '2025-01-15T10:30:00Z' - xfmed_version: '1.0.0-transformed' - - id: 2 - serial: '007951000123456' - local_version: '0.9.0' - timestamp: '2025-01-14T09:20:00Z' - xfmed_version: '0.9.0-transformed' - no_versions: - summary: Device with no versions (or non-existent device) - value: [] - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /local-config/download: - get: - tags: - - Device Operations - summary: Download local configuration file - description: | - Downloads a specific local configuration file for a device. - - **Purpose:** - - Retrieve the actual XML configuration file pushed to a device - - Download configuration for backup or review purposes - - Access specific configuration versions from history - - **Process:** - - Queries the database for the specified device and version - - Retrieves the base64-encoded configuration - - Decodes and returns it as an XML file download - - File is downloaded with name: `local-config-{device}-{version}.xml` - - operationId: downloadLocalConfig - parameters: - - name: device - in: query - description: | - The serial number of the device for which to download the configuration. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - name: version - in: query - description: | - The configuration version ID to download. - - **Source:** Use the `id` field from `/local-config/versions` response - - **Example:** `1` - - **Required:** Yes - required: true - schema: - type: string - example: '1' - - responses: - '200': - description: | - Success - Configuration file downloaded successfully. - - **Response Type:** Binary file download (XML) - **Content-Type:** `application/octet-stream` - **Filename:** `local-config-{device}-{version}.xml` - headers: - Content-Disposition: - description: Attachment header specifying the downloaded filename - schema: - type: string - example: 'attachment; filename=local-config-007951000123456-1.xml' - Content-Type: - description: MIME type of the downloaded file - schema: - type: string - example: 'application/octet-stream' - content: - application/octet-stream: - schema: - type: string - format: binary - description: | - XML configuration file content. - - The file contains the device's local configuration in XML format, - retrieved from the database and decoded from base64 encoding. - '400': - description: | - Bad Request - Missing required query parameters. - - **Common Causes:** - - Missing `device` parameter - - Missing `version` parameter - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - missing_device: - summary: Missing device parameter - value: - error: 'device query parameter is required' - missing_version: - summary: Missing version parameter - value: - error: 'version query parameter is required' - '404': - description: | - Not Found - Configuration not found for the specified device and version. - - **Common Causes:** - - Invalid version ID for the device - - Device configuration has been deleted - - Database record doesn't exist - content: - application/json: - schema: - type: object - properties: - error: - type: string - example: - error: 'configuration not found' - '500': - description: | - Internal Server Error - Database query error, parsing error, or decoding error. - - **Common Causes:** - - Database connectivity issues - - Invalid JSON response from database service - - Missing `local_cfg` field in database response - - Invalid base64 encoding in stored configuration - - Failed to decode base64 content - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - database_error: - summary: Database query error - value: - error: 'database query error' - parse_error: - summary: Failed to parse database response - value: - error: 'failed to parse response' - missing_field: - summary: Missing local_cfg field - value: - error: 'local_cfg field not found in response' - decode_error: - summary: Failed to decode configuration - value: - error: 'failed to decode configuration' - default: - $ref: '#/components/responses/default_errors' - /route-table: - get: - summary: Retrieve route table from a device - description: | - Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. - tags: - - Device Operations - operationId: requestRouteTable - parameters: - - name: device - in: query - description: The serial number of the device from which to retrieve the route table. - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - responses: - '200': - description: | - Success - Job created successfully. - Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. - content: - application/json: - schema: - type: object - required: - - job_id - properties: - job_id: - type: string - format: uuid - description: | - Unique identifier for the created routing table retrieval job. - - **Usage:** - - Use this ID with `GET /jobs/{job_id}` to poll for job completion - - Job typically completes within 5-30 seconds - - Job results will contain the routing table data from the device - example: '550e8400-e29b-41d4-a716-446655440000' - examples: - success: - summary: Successful job creation - value: - job_id: '550e8400-e29b-41d4-a716-446655440000' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - - /jobs/{id}: - get: - summary: Retrieve job status and results - description: | - Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. - tags: - - Jobs - operationId: getJobStatus - parameters: - - name: id - in: path - description: The unique identifier of the job to retrieve. - required: true - schema: - type: string - format: uuid - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - responses: - '200': - description: | - Success - Job details retrieved successfully. - The response includes job progress, state, request details, and results when available. - content: - application/json: - schema: - $ref: '#/components/schemas/job_status' - examples: - complete_routing_job: - summary: Completed routing table job - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 100 - state: 'complete' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: - - device: '012345678901234' - state: 'complete' - created_ts: '2026-03-02 19:00:04' - updated_ts: '2026-03-02 19:00:04' - details: - msg: 'Command completed successfully.' - result: - router_global: - '3.3.3.3/32': - - prefix: '3.3.3.3/32' - prefixLen: 32 - protocol: 'connected' - distance: 0 - metric: 0 - installed: true - selected: true - destSelected: true - uptime: '06w0d07h' - nexthopGroupId: 6 - nexthops: - - interfaceName: 'vlan.1' - interfaceIndex: 256 - active: true - fib: true - directlyConnected: true - flags: 'A ' - in_progress_job: - summary: Job in progress - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 50 - state: 'in_progress' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: [] - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - -components: - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - parameters: - uuid: - name: id - in: path - required: true - schema: - type: string - description: The UUID of the resource - pagination-optional: - name: pagination - in: query - required: false - schema: - type: boolean - description: The parameter to mention if the response should be paginated. By default, its set to false - name-optional: - name: name - in: query - required: false - schema: - type: string - description: The name of the resource - limit-optional: - name: limit - in: query - required: false - schema: - type: integer - description: The maximum number of resources to return - offset-optional: - name: offset - in: query - required: false - schema: - type: integer - description: The offset into the list of resources returned - folder: - name: folder - in: query - required: false - schema: - type: string - description: | - The folder in which the resource is defined - snippet: - name: snippet - in: query - required: false - schema: - type: string - description: | - The snippet in which the resource is defined - device: - name: device - in: query - required: false - schema: - type: string - description: | - The device in which the resource is defined - trusted-tenant-type: - name: type - in: query - required: true - schema: - type: string - enum: - - subscriber - - publisher - description: | - Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. - trust-ids: - name: trustids - in: query - required: true - schema: - type: string - description: | - Comma-separated list of trust IDs - snippet-id: - name: snippet-id - in: query - required: true - schema: - type: string - description: | - The ID of the snippet - recipient-tsgs: - name: tsgs - in: query - required: true - schema: - type: string - description: | - Comma-separated list of recipient TSG IDs - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: 'E016' - message: Not Authenticated - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: 'E016' - message: Invalid Credential - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: 'E016' - message: Key Too Long - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: 'E016' - message: Key Expired - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: 'E016' - message: The password needs to be changed. - details: {} - _request_id: 'abcd-1234' - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: 'E007' - message: Unauthorized - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: 'E012' - message: Version Not Supported - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: 'E012' - message: Method Not Supported - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: 'E003' - message: 'Missing Query Parameter: name' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: 'E003' - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: 'E003' - message: Missing Body - details: {} - _request_id: 'abcd-1234' - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: 'E012' - message: 'Action Not Supported: move' - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: 'E013' - message: Bad XPath - details: {} - _request_id: 'abcd-1234' - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: 'E005' - message: Object Not Present - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: 'E016' - message: Object Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: 'E006' - message: Name Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: 'E009' - message: Reference Not Zero - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: 'E003' - message: Invalid Object - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: 'E003' - message: Invalid Command - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: 'E003' - message: Malformed Command - details: {} - _request_id: 'abcd-1234' - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 'abcd-1234' - schemas: - job_status: - type: object - required: - - jobId - - progress - - state - - request - - results - properties: - jobId: - type: string - format: uuid - description: Unique identifier for the job. - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: - type: integer - minimum: 0 - maximum: 100 - description: Job completion percentage. - example: 100 - state: - type: string - description: Current state of the job. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - request: - type: object - description: The original request that initiated the job. - required: - - command - - devices - properties: - command: - type: string - description: The command that was executed. - example: 'show-advanced-routing-route' - devices: - type: array - description: List of device serial numbers for which the command was executed. - items: - type: string - pattern: '^[0-9]{14,15}$' - example: - - '012345678901234' - results: - type: array - description: Array of results from each device. The structure of the result data varies based on the job type. - items: - $ref: '#/components/schemas/job_result' - job_result: - type: object - required: - - device - - state - - created_ts - - updated_ts - - details - properties: - device: - type: string - pattern: '^[0-9]{14,15}$' - description: The serial number of the device. - example: '012345678901234' - state: - type: string - description: The state of the job for this specific device. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - created_ts: - type: string - description: Timestamp when the job was created. - example: '2026-03-02 19:00:04' - updated_ts: - type: string - description: Timestamp when the job was last updated. - example: '2026-03-02 19:00:04' - details: - type: object - description: Detailed results from the command execution. The structure varies based on the command type. - required: - - msg - - result - properties: - msg: - type: string - description: Status message from the command execution. - example: 'Command completed successfully.' - result: - type: object - description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. - additionalProperties: true - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - error_detail_cause_info: - title: Cause Info - type: object - properties: - 'code': - type: string - message: - type: string - details: - oneOf: - - type: string - - type: object - help: - type: string - local_config_version: - type: object - required: - - id - - serial - - local_version - - timestamp - - xfmed_version - properties: - id: - type: integer - description: | - Unique identifier for this configuration version entry in the database. - example: 1 - serial: - type: string - description: | - Device serial number (14-15 digits). - - Identifies which device this configuration version belongs to. - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - local_version: - type: string - description: | - Local configuration version identifier. - - **Format:** Version string (typically semantic versioning) - **Purpose:** Identifies the original configuration version - example: '1.0.0' - timestamp: - type: string - format: date-time - description: | - When this configuration version was created or pushed to the device. - - **Format:** ISO 8601 date-time (UTC) - **Source:** Database `ts` field - example: '2025-01-15T10:30:00Z' - xfmed_version: - type: string - description: | - Transformed configuration version identifier. - - **Purpose:** Version identifier after transformation/processing - **Use Case:** Tracking configuration pipeline transformations - example: '1.0.0-transformed' - md5: - type: string - description: | - MD5 hash of the configuration (optional). - - **Note:** Currently not populated in responses - **Purpose:** Configuration integrity verification - example: 'abc123def456' - -security: - - scmToken: [] -x-internal: false diff --git a/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml b/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml new file mode 100644 index 000000000..6cea9c4c6 --- /dev/null +++ b/openapi-specs/scm/config/sase/operations/config-operations-feb-v1.yaml @@ -0,0 +1,867 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Config Operations + description: These APIs are used for Prisma Access and NGFW operations within Strata Cloud Manager. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/config/operations/v1' + description: Current + - url: 'https://api.sase.paloaltonetworks.com/sse/config/v1' + description: Legacy +paths: + /jobs: + get: + tags: + - Jobs + summary: List jobs + description: | + Retrieve a list of configuration jobs. + operationId: ListJobs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + allOf: + - type: array + items: + $ref: '#/components/schemas/jobs' + limit: + type: integer + default: 200 + offset: + type: integer + default: 0 + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/jobs/{id}': + get: + tags: + - Jobs + summary: Get a job + description: | + Get an existing configuration job. + operationId: GetJobsByID + parameters: + - $ref: '#/components/parameters/jobid' + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/jobs-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + '/config-versions:load': + post: + tags: + - Config Versions + summary: Load config version + description: | + Load a specific configuration version into the candidate configuration. + operationId: LoadConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/load-config' + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/candidate:push': + post: + tags: + - Config Versions + summary: Push the candidate configuration + description: | + Push the candidate configuration. + operationId: PushCandidateConfigVersions + requestBody: + description: Created + content: + application/json: + schema: + type: object + properties: + admin: + type: array + description: List the administrators and/or service accounts in this field. If you want to push folder named All, please do not add this admin field at all and list each of the folders under All in the folder field. + items: + type: string + description: + type: string + description: A description of the changes being pushed + allOf: + - type: object + title: folders + properties: + folder: + type: array + description: The target folders for the configuration push + uniqueItems: true + items: + type: string + pattern: ^[a-zA-Z\d-_\. ]+$ + maxLength: 64 + example: [Prisma Access, Mobile Users, Service Conncetions] + required: + - folders + - type: object + title: devices + properties: + devices: + type: array + description: The target devices for the configuration push + uniqueItems: true + items: + type: number + maxLength: 16 + example: [007951000388704, 007951000388707, 007051000239252] + required: + - folders + responses: + '201': + $ref: '#/components/responses/http_created' + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + /config-versions: + get: + tags: + - Config Versions + summary: List configuration versions + description: | + Retrieve a list of configuration versions. + operationId: ListConfigVersions + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/config-version' + offset: + type: integer + limit: + type: integer + total: + type: integer + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/candidate: + delete: + tags: + - Config Versions + summary: Delete a candidate configuration + description: | + Delete a candidate configuration. Roll back to the running configuration. + operationId: DeleteCandidateConfigVersions + responses: + '200': + $ref: '#/components/responses/http_ok' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + '409': + $ref: '#/components/responses/conflict_errors' + default: + $ref: '#/components/responses/default_errors' + '/config-versions/{version}': + get: + tags: + - Config Versions + summary: Get config by version + description: | + Get config by version. + operationId: GetConfigVersionsByID + parameters: + - $ref: '#/components/parameters/version' + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/config-version' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /config-versions/running: + get: + tags: + - Config Versions + summary: Get running configuration versions + description: | + Get the running configuration versions on each folder. + operationId: GetRunningConfigVersions + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/running-config-versions-response' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' +tags: + - name: Config Versions + description: Config Versions + - name: Jobs + description: Jobs +components: + parameters: + limit: + name: limit + in: query + description: The maximum number of results per page + required: false + schema: + type: integer + default: 200 + offset: + name: offset + in: query + description: The offset into the list of results returned + required: false + schema: + type: integer + default: 0 + jobid: + name: id + in: path + description: The ID of the job + required: true + schema: + type: string + version: + name: version + in: path + description: The configuration version number + required: true + schema: + type: integer + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: E016 + message: Not Authenticated + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: E016 + message: Invalid Credential + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: E016 + message: Key Too Long + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: E016 + message: Key Expired + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: E016 + message: The password needs to be changed. + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: E007 + message: Unauthorized + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: E012 + message: Version Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: E012 + message: Method Not Supported + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: E003 + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: E003 + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: E003 + message: 'Missing Query Parameter: name' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: E003 + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: E003 + message: Missing Body + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: E012 + message: 'Action Not Supported: move' + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: E013 + message: Bad XPath + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: E005 + message: Object Not Present + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: E016 + message: Object Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: E006 + message: Name Not Unique + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: E009 + message: Reference Not Zero + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: E003 + message: Invalid Object + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: E003 + message: Invalid Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: E003 + message: Malformed Command + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: 123e4567-e89b-12d3-a456-426655440000 + schemas: + jobs: + type: object + properties: + device_name: + type: string + description: The name of the device + end_ts: + type: string + description: The timestamp indicating when the job was finished + id: + type: string + description: The job ID + example: "115" + job_result: + type: string + description: The job result + example: "2" + job_status: + type: string + description: The current status of the job + example: "2" + job_type: + type: string + description: The job type + example: "53" + parent_id: + type: string + description: The parent job ID + example: "114" + percent: + type: string + description: Job completion percentage + result_str: + type: string + enum: + - OK + - FAIL + - PEND + - WAIT + - CANCELLED + - TIMEOUT + description: The result of the job + start_ts: + type: string + description: The timestamp indicating when the job was created + status_str: + type: string + enum: + - ACT + - FIN + - PEND + - PUSHSENT + - PUSHFAIL + - PUSHABORT + - PUSHTIMEOUT + description: The current status of the job + summary: + type: string + description: The completion summary of the job + type_str: + type: string + enum: + - CommitAll + - CommitAndPush + - NGFW-Bootstrap-Push + - Validate + description: The job type + example: CommitAndPush + uname: + type: string + description: The administrator or service account that created the job + format: email + description: + type: string + description: A description provided by the administrator or service account + example: Added a new security rule for marketing + details: + type: string + description: JSON string with detailed errors or info + example: "{\"errors\":[\"Config push aborted, error: Failed to handle VPN clusters. Please check AutoVPN config for the device\"]}" + required: + - device_name + - end_ts + - id + - job_result + - job_status + - job_type + - parent_id + - percent + - result_str + - start_ts + - status_str + - summary + - type_str + - uname + load-config: + type: object + properties: + version: + type: integer + config-version: + type: object + properties: + id: + type: integer + description: The configuration version + version: + type: string + description: The configuration version name + date: + type: string + format: date-time + admin: + type: string + description: The administrator or service account that pushed this configuration version + format: email + scope: + type: string + description: + type: string + swg_config: + type: string + updated: + type: number + created: + type: number + deleted: + type: number + ngfw_scope: + type: string + description: A comma separated list of firewall serial numbers + types: + type: string + impacted_devices: + type: string + edited_by: + type: string + required: + - id + - version + - date + - admin + - scope + - description + - updated + - created + - deleted + - types + - impacted_devices + - edited_by + running-versions: + type: object + properties: + device: + type: string + description: The folder name or firewall serial number + version: + type: integer + description: The configuration version number + date: + type: string + description: The timestamp of when the configuration version was pushed to the folder or firewall + format: date-time + required: + - device + - version + - date + jobs-response: + type: object + description: Response containing job data + properties: + data: + type: array + items: + $ref: '#/components/schemas/jobs' + running-config-versions-response: + type: object + description: Paginated response containing running configuration versions + properties: + data: + type: array + items: + $ref: '#/components/schemas/running-versions' + offset: + type: integer + limit: + type: integer + total: + type: integer + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + x-examples: {} + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + x-examples: {} + error_detail_cause_info: + type: object + title: Cause Info + properties: + code: + type: string + message: + type: string + details: + type: object + help: + type: string +security: + - scmToken: [] +x-internal: false diff --git a/openapi-specs/scm/config/sase/operations/operations _v1.1.yaml b/openapi-specs/scm/config/sase/operations/operations _v1.1.yaml deleted file mode 100644 index a771cf975..000000000 --- a/openapi-specs/scm/config/sase/operations/operations _v1.1.yaml +++ /dev/null @@ -1,993 +0,0 @@ -openapi: 3.0.0 -info: - version: 2.0.0 - title: Operations and Troubleshooting - description: | - These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. - termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' - contact: - email: support@paloaltonetworks.com - name: Palo Alto Networks Technical Support - url: 'https://support.paloaltonetworks.com' - license: - name: MIT - url: https://opensource.org/license/mit -servers: - - url: 'https://api.strata.paloaltonetworks.com/operations/v1' - description: Current -tags: - - name: Device Operations - description: Operations for device management and troubleshooting - - name: Jobs - description: Job status and result retrieval for asynchronous operations - -paths: - /local-config/versions: - get: - tags: - - Device Operations - summary: List local configuration versions for a device - description: | - Retrieves the version history of local configurations for a specified device. - - **Purpose:** - - Track configuration changes pushed to devices - - View version history with timestamps - - Identify current and previous configuration versions - - operationId: getLocalConfigVersions - parameters: - - name: device - in: query - description: | - The serial number of the device for which to retrieve configuration versions. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - responses: - '200': - description: | - Success - Returns array of local configuration versions. - - **Notes:** - - Empty array `[]` is returned if no versions exist - - Empty array `[]` is returned if device doesn't exist - - Versions typically ordered by timestamp - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/local_config_version' - examples: - with_versions: - summary: Device with configuration versions - value: - - id: 1 - serial: '007951000123456' - local_version: '1.0.0' - timestamp: '2025-01-15T10:30:00Z' - xfmed_version: '1.0.0-transformed' - - id: 2 - serial: '007951000123456' - local_version: '0.9.0' - timestamp: '2025-01-14T09:20:00Z' - xfmed_version: '0.9.0-transformed' - no_versions: - summary: Device with no versions (or non-existent device) - value: [] - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - /local-config/download: - get: - tags: - - Device Operations - summary: Download local configuration file - description: | - Downloads a specific local configuration file for a device. - - **Purpose:** - - Retrieve the actual XML configuration file pushed to a device - - Download configuration for backup or review purposes - - Access specific configuration versions from history - - **Process:** - - Queries the database for the specified device and version - - Retrieves the base64-encoded configuration - - Decodes and returns it as an XML file download - - File is downloaded with name: `local-config-{device}-{version}.xml` - - operationId: downloadLocalConfig - parameters: - - name: device - in: query - description: | - The serial number of the device for which to download the configuration. - - **Format:** Typically 14-15 digit device serial number - - **Example:** `007951000123456` - - **Required:** Yes - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - - name: version - in: query - description: | - The configuration version ID to download. - - **Source:** Use the `id` field from `/local-config/versions` response - - **Example:** `1` - - **Required:** Yes - required: true - schema: - type: string - example: '1' - - responses: - '200': - description: | - Success - Configuration file downloaded successfully. - - **Response Type:** Binary file download (XML) - **Content-Type:** `application/octet-stream` - **Filename:** `local-config-{device}-{version}.xml` - headers: - Content-Disposition: - description: Attachment header specifying the downloaded filename - schema: - type: string - example: 'attachment; filename=local-config-007951000123456-1.xml' - Content-Type: - description: MIME type of the downloaded file - schema: - type: string - example: 'application/octet-stream' - content: - application/octet-stream: - schema: - type: string - format: binary - description: | - XML configuration file content. - - The file contains the device's local configuration in XML format, - retrieved from the database and decoded from base64 encoding. - '400': - description: | - Bad Request - Missing required query parameters. - - **Common Causes:** - - Missing `device` parameter - - Missing `version` parameter - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - missing_device: - summary: Missing device parameter - value: - error: 'device query parameter is required' - missing_version: - summary: Missing version parameter - value: - error: 'version query parameter is required' - '404': - description: | - Not Found - Configuration not found for the specified device and version. - - **Common Causes:** - - Invalid version ID for the device - - Device configuration has been deleted - - Database record doesn't exist - content: - application/json: - schema: - type: object - properties: - error: - type: string - example: - error: 'configuration not found' - '500': - description: | - Internal Server Error - Database query error, parsing error, or decoding error. - - **Common Causes:** - - Database connectivity issues - - Invalid JSON response from database service - - Missing `local_cfg` field in database response - - Invalid base64 encoding in stored configuration - - Failed to decode base64 content - content: - application/json: - schema: - type: object - properties: - error: - type: string - examples: - database_error: - summary: Database query error - value: - error: 'database query error' - parse_error: - summary: Failed to parse database response - value: - error: 'failed to parse response' - missing_field: - summary: Missing local_cfg field - value: - error: 'local_cfg field not found in response' - decode_error: - summary: Failed to decode configuration - value: - error: 'failed to decode configuration' - default: - $ref: '#/components/responses/default_errors' - /route-table: - get: - summary: Retrieve route table from a device - description: | - Initiates an asynchronous job to retrieve the route table from a specified device. It returns a job ID that can be used to poll for results using the jobs endpoint. - tags: - - Device Operations - operationId: requestRouteTable - parameters: - - name: device - in: query - description: The serial number of the device from which to retrieve the route table. - required: true - schema: - type: string - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - responses: - '200': - description: | - Success - Job created successfully. - Use the returned `job_id` to poll for results using `GET /jobs/{job_id}`. - content: - application/json: - schema: - type: object - required: - - job_id - properties: - job_id: - type: string - format: uuid - description: | - Unique identifier for the created routing table retrieval job. - - **Usage:** - - Use this ID with `GET /jobs/{job_id}` to poll for job completion - - Job typically completes within 5-30 seconds - - Job results will contain the routing table data from the device - example: '550e8400-e29b-41d4-a716-446655440000' - examples: - success: - summary: Successful job creation - value: - job_id: '550e8400-e29b-41d4-a716-446655440000' - '400': - $ref: '#/components/responses/bad_request_errors_basic' - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - - /jobs/{id}: - get: - summary: Retrieve job status and results - description: | - Retrieves the current status and results of an asynchronous job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. - tags: - - Jobs - operationId: getJobStatus - parameters: - - name: id - in: path - description: The unique identifier of the job to retrieve. - required: true - schema: - type: string - format: uuid - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - responses: - '200': - description: | - Success - Job details retrieved successfully. - The response includes job progress, state, request details, and results when available. - content: - application/json: - schema: - $ref: '#/components/schemas/job_status' - examples: - complete_routing_job: - summary: Completed routing table job - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 100 - state: 'complete' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: - - device: '012345678901234' - state: 'complete' - created_ts: '2026-03-02 19:00:04' - updated_ts: '2026-03-02 19:00:04' - details: - msg: 'Command completed successfully.' - result: - router_global: - '3.3.3.3/32': - - prefix: '3.3.3.3/32' - prefixLen: 32 - protocol: 'connected' - distance: 0 - metric: 0 - installed: true - selected: true - destSelected: true - uptime: '06w0d07h' - nexthopGroupId: 6 - nexthops: - - interfaceName: 'vlan.1' - interfaceIndex: 256 - active: true - fib: true - directlyConnected: true - flags: 'A ' - in_progress_job: - summary: Job in progress - value: - jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: 50 - state: 'in_progress' - request: - command: 'show-advanced-routing-route' - devices: - - '012345678901234' - results: [] - '401': - $ref: '#/components/responses/auth_errors' - '403': - $ref: '#/components/responses/access_errors' - '404': - $ref: '#/components/responses/not_found' - default: - $ref: '#/components/responses/default_errors' - -components: - securitySchemes: - scmOAuth: - type: oauth2 - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - flows: - clientCredentials: - tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token - scopes: {} - scmToken: - type: http - description: | - Strata Cloud Manager APIs authenticate client requests using the - OAuth 2.0 Client Credentials flow. Please use the `client_id`, - `client_secret` values associated with an IAM service account along - with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the - Tenant Service Group (TSG) ID. The resulting JWT access token should - be attached to all API calls as a `Bearer` token in the `Authorization` - header (ex. `Authorization: Bearer tokenstring`). - scheme: bearer - bearerFormat: JWT - parameters: - uuid: - name: id - in: path - required: true - schema: - type: string - description: The UUID of the resource - pagination-optional: - name: pagination - in: query - required: false - schema: - type: boolean - description: The parameter to mention if the response should be paginated. By default, its set to false - name-optional: - name: name - in: query - required: false - schema: - type: string - description: The name of the resource - limit-optional: - name: limit - in: query - required: false - schema: - type: integer - description: The maximum number of resources to return - offset-optional: - name: offset - in: query - required: false - schema: - type: integer - description: The offset into the list of resources returned - folder: - name: folder - in: query - required: false - schema: - type: string - description: | - The folder in which the resource is defined - snippet: - name: snippet - in: query - required: false - schema: - type: string - description: | - The snippet in which the resource is defined - device: - name: device - in: query - required: false - schema: - type: string - description: | - The device in which the resource is defined - trusted-tenant-type: - name: type - in: query - required: true - schema: - type: string - enum: - - subscriber - - publisher - description: | - Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. - trust-ids: - name: trustids - in: query - required: true - schema: - type: string - description: | - Comma-separated list of trust IDs - snippet-id: - name: snippet-id - in: query - required: true - schema: - type: string - description: | - The ID of the snippet - recipient-tsgs: - name: tsgs - in: query - required: true - schema: - type: string - description: | - Comma-separated list of recipient TSG IDs - responses: - http_ok: - description: OK - http_created: - description: Created - auth_errors: - description: Unauthorized - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_not_authenticated: - $ref: '#/components/examples/json_401_panui_auth_not_authenticated' - invalid_credential: - $ref: '#/components/examples/json_401_panui_auth_invalid_credential' - key_too_long: - $ref: '#/components/examples/json_401_panui_auth_key_too_long' - key_expired: - $ref: '#/components/examples/json_401_panui_auth_key_expired' - need_password_change: - $ref: '#/components/examples/json_401_panui_auth_need_password_change' - access_errors: - description: Forbidden - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - auth_unauthorized: - $ref: '#/components/examples/json_403_panui_auth_unauthorized' - bad_request_errors_basic: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - bad_request_errors_basic_with_body: - description: Bad Request - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - input_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' - output_format_mismatch: - $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' - missing_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' - invalid_query_parameter: - $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' - missing_body: - $ref: '#/components/examples/json_400_panui_restapi_missing_body' - invalid_object: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' - not_found: - description: Not Found - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_present: - $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' - conflict_errors: - description: Conflict - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - object_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' - name_not_unique: - $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' - reference_not_zero: - $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' - default_errors: - description: General Errors - content: - application/json: - schema: - $ref: '#/components/schemas/generic_error' - examples: - version_not_supported: - $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' - method_not_allowed: - $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' - action_not_supported: - $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' - bad_xpath: - $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' - invalid_command: - $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' - malformed_command: - $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' - session_timeout: - $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' - examples: - json_401_panui_auth_not_authenticated: - summary: Not Authenticated - value: - _errors: - - code: 'E016' - message: Not Authenticated - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_invalid_credential: - summary: Invalid Credential - value: - _errors: - - code: 'E016' - message: Invalid Credential - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_too_long: - summary: Key Too Long - value: - _errors: - - code: 'E016' - message: Key Too Long - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_key_expired: - summary: Key Expired - value: - _errors: - - code: 'E016' - message: Key Expired - details: {} - _request_id: 'abcd-1234' - json_401_panui_auth_need_password_change: - summary: Need Password Change - value: - _errors: - - code: 'E016' - message: The password needs to be changed. - details: {} - _request_id: 'abcd-1234' - json_403_panui_auth_unauthorized: - summary: Unauthorized - value: - _errors: - - code: 'E007' - message: Unauthorized - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_version_not_supported: - summary: Version Not Supported - value: - _errors: - - code: 'E012' - message: Version Not Supported - details: {} - _request_id: 'abcd-1234' - json_501_panui_restapi_method_not_supported: - summary: Method Not Supported - value: - _errors: - - code: 'E012' - message: Method Not Supported - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_input_format_mismatch: - summary: Input Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Input Format Mismatch: input-format=json' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_output_format_mismatch: - summary: Output Format Mismatch - value: - _errors: - - code: 'E003' - message: 'Output Format Mismatch: output-format=json Accept=xml' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_query_parameter: - summary: Missing Query Parameter - value: - _errors: - - code: 'E003' - message: 'Missing Query Parameter: name' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_invalid_query_parameter: - summary: Invalid Query Parameter - value: - _errors: - - code: 'E003' - message: 'Invalid Query Parameter: location=invalid' - details: {} - _request_id: 'abcd-1234' - json_400_panui_restapi_missing_body: - summary: Missing Body - value: - _errors: - - code: 'E003' - message: Missing Body - details: {} - _request_id: 'abcd-1234' - json_405_panui_restapi_action_not_supported: - summary: Action Not Supported - value: - _errors: - - code: 'E012' - message: 'Action Not Supported: move' - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_bad_xpath: - summary: Bad XPath - value: - _errors: - - code: 'E013' - message: Bad XPath - details: {} - _request_id: 'abcd-1234' - json_404_panui_mgmt_object_not_present: - summary: Object Not Present - value: - _errors: - - code: 'E005' - message: Object Not Present - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_object_not_unique: - summary: Object Not Unique - value: - _errors: - - code: 'E016' - message: Object Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_name_not_unique: - summary: Name Not Unique - value: - _errors: - - code: 'E006' - message: Name Not Unique - details: {} - _request_id: 'abcd-1234' - json_409_panui_mgmt_reference_not_zero: - summary: Reference Not Zero - value: - _errors: - - code: 'E009' - message: Reference Not Zero - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_object: - summary: Invalid Object - value: - _errors: - - code: 'E003' - message: Invalid Object - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_invalid_command: - summary: Invalid Command - value: - _errors: - - code: 'E003' - message: Invalid Command - details: {} - _request_id: 'abcd-1234' - json_400_panui_mgmt_malformed_command: - summary: Malformed Command - value: - _errors: - - code: 'E003' - message: Malformed Command - details: {} - _request_id: 'abcd-1234' - json_504_panui_mgmt_session_timeout: - summary: Session Timeout - value: - _errors: - - code: '4' - message: Session Timeout - details: {} - _request_id: 'abcd-1234' - schemas: - job_status: - type: object - required: - - jobId - - progress - - state - - request - - results - properties: - jobId: - type: string - format: uuid - description: Unique identifier for the job. - example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' - progress: - type: integer - minimum: 0 - maximum: 100 - description: Job completion percentage. - example: 100 - state: - type: string - description: Current state of the job. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - request: - type: object - description: The original request that initiated the job. - required: - - command - - devices - properties: - command: - type: string - description: The command that was executed. - example: 'show-advanced-routing-route' - devices: - type: array - description: List of device serial numbers for which the command was executed. - items: - type: string - pattern: '^[0-9]{14,15}$' - example: - - '012345678901234' - results: - type: array - description: Array of results from each device. The structure of the result data varies based on the job type. - items: - $ref: '#/components/schemas/job_result' - job_result: - type: object - required: - - device - - state - - created_ts - - updated_ts - - details - properties: - device: - type: string - pattern: '^[0-9]{14,15}$' - description: The serial number of the device. - example: '012345678901234' - state: - type: string - description: The state of the job for this specific device. - enum: - - pending - - in_progress - - complete - - failed - example: 'complete' - created_ts: - type: string - description: Timestamp when the job was created. - example: '2026-03-02 19:00:04' - updated_ts: - type: string - description: Timestamp when the job was last updated. - example: '2026-03-02 19:00:04' - details: - type: object - description: Detailed results from the command execution. The structure varies based on the command type. - required: - - msg - - result - properties: - msg: - type: string - description: Status message from the command execution. - example: 'Command completed successfully.' - result: - type: object - description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. - additionalProperties: true - generic_error: - type: object - properties: - _errors: - $ref: '#/components/schemas/error_detail_cause_infos' - _request_id: - type: string - error_detail_cause_infos: - type: array - items: - $ref: '#/components/schemas/error_detail_cause_info' - error_detail_cause_info: - title: Cause Info - type: object - properties: - 'code': - type: string - message: - type: string - details: - oneOf: - - type: string - - type: object - help: - type: string - local_config_version: - type: object - required: - - id - - serial - - local_version - - timestamp - - xfmed_version - properties: - id: - type: integer - description: | - Unique identifier for this configuration version entry in the database. - example: 1 - serial: - type: string - description: | - Device serial number (14-15 digits). - - Identifies which device this configuration version belongs to. - pattern: '^[0-9]{14,15}$' - example: '007951000123456' - local_version: - type: string - description: | - Local configuration version identifier. - - **Format:** Version string (typically semantic versioning) - **Purpose:** Identifies the original configuration version - example: '1.0.0' - timestamp: - type: string - format: date-time - description: | - When this configuration version was created or pushed to the device. - - **Format:** ISO 8601 date-time (UTC) - **Source:** Database `ts` field - example: '2025-01-15T10:30:00Z' - xfmed_version: - type: string - description: | - Transformed configuration version identifier. - - **Purpose:** Version identifier after transformation/processing - **Use Case:** Tracking configuration pipeline transformations - example: '1.0.0-transformed' - md5: - type: string - description: | - MD5 hash of the configuration (optional). - - **Note:** Currently not populated in responses - **Purpose:** Configuration integrity verification - example: 'abc123def456' - -security: - - scmToken: [] -x-internal: false From 09139d34b5ba342ab00df622b8bea71c16a78244 Mon Sep 17 00:00:00 2001 From: sra Date: Fri, 20 Mar 2026 09:07:42 +0530 Subject: [PATCH 5/6] Added spec file for Network Services from the MR-376 --- ...eb-v1.yaml => network-services_march.yaml} | 302 ++++-------------- ...eb-v1.yaml => network-services_march.yaml} | 302 ++++-------------- ...eb-v1.yaml => network-services_march.yaml} | 302 ++++-------------- 3 files changed, 180 insertions(+), 726 deletions(-) rename openapi-specs/scm/config/ngfw/network/{network-services-feb-v1.yaml => network-services_march.yaml} (98%) rename openapi-specs/scm/config/sase/network configurations/{network-services-feb-v1.yaml => network-services_march.yaml} (98%) rename openapi-specs/scm/config/sase/network/{network-services-feb-v1.yaml => network-services_march.yaml} (98%) diff --git a/openapi-specs/scm/config/ngfw/network/network-services-feb-v1.yaml b/openapi-specs/scm/config/ngfw/network/network-services_march.yaml similarity index 98% rename from openapi-specs/scm/config/ngfw/network/network-services-feb-v1.yaml rename to openapi-specs/scm/config/ngfw/network/network-services_march.yaml index c9d72cfef..347a4fba8 100644 --- a/openapi-specs/scm/config/ngfw/network/network-services-feb-v1.yaml +++ b/openapi-specs/scm/config/ngfw/network/network-services_march.yaml @@ -101,8 +101,6 @@ tags: description: VLAN Interfaces - name: Zone Protection Profiles description: Zone Protection Profiles - - name: Ssl Decryption Settings - description: Ssl Decrypt - name: Remote Networks License description: Remote Networks License Info - name: LLDP Profiles @@ -7862,68 +7860,26 @@ components: send_email: type: array items: - type: object + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string GlobalprotectMatchList: type: object properties: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -7931,15 +7887,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -7952,49 +7908,7 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -8002,15 +7916,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -8027,55 +7941,13 @@ components: send_email: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - name: - type: string name: type: string quarantine: @@ -8083,11 +7955,11 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string SystemMatchList: type: object properties: @@ -8100,34 +7972,19 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean UseridMatchList: @@ -8136,15 +7993,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string description: type: string filter: @@ -8155,52 +8012,10 @@ components: type: boolean send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - action: - type: string - registration: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - localhost: - type: object - properties: - panorama: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer send_email: type: array items: - type: object + type: string LicenseInfo: type: object properties: @@ -8384,6 +8199,9 @@ components: type: string description: Interface variable or hardcoded vlan/loopback. vlan will be passed as default value default: vlan + ip: + type: string + description: IP Prefix of the assigned interface authentication: type: object oneOf: @@ -8908,7 +8726,7 @@ components: enable: type: boolean description: Enable tunnel monitoring on this tunnel - default: true + default: false destination_ip: type: string description: Destination IP to send ICMP probe @@ -10975,7 +10793,7 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource loopback interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: @@ -10983,24 +10801,24 @@ components: pattern: '^\$[a-zA-Z\d\-_\. ]+$' type: string default_value: - description: Default interface assignment + description: Default interface assignment for loopback interface pattern: '^loopback\.([1-9][0-9]{0,3})$' type: string example: 'loopback.123' comment: - description: Description + description: Description for loopback interface type: string mtu: - description: MTU + description: MTU for loopback interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for loopback interface type: string example: string ip: - description: Loopback IP Parent + description: Loopback IP Parent type: array items: type: object @@ -11015,32 +10833,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for loopback interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for loopback interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for loopback interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for loopback interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for loopback interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for loopback interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for loopback interface default: "EUI-64" oneOf: - type: object @@ -11083,27 +10901,27 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource for tunnel interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: - description: L3 sub-interface name + description: L3 sub-interface name for tunnel interface type: string default_value: - description: Default interface assignment + description: Default interface assignment for tunnel interface pattern: '^tunnel\.([1-9][0-9]{0,3})$' type: string example: 'tunnel.123' comment: - description: Description + description: Description for tunnel interface type: string mtu: - description: MTU + description: MTU for tunnel interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for tunnel interface type: string example: string ip: @@ -11122,32 +10940,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for tunnel interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for tunnel interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for tunnel interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for tunnel interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for tunnel interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for tunnel interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for tunnel interface default: "EUI-64" oneOf: @@ -13027,7 +12845,7 @@ components: comments: description: Description of the link tag type: string - maxLength: 0 + maxLength: 1024 oneOf: - type: object title: folder @@ -15190,16 +15008,16 @@ components: inherit: type: object oneOf: - - title: ipv4 + - title: yes required: - - ipv4 + - yes properties: yes: type: object properties: {} - - title: 'no' + - title: no required: - - 'no' + - no properties: no: type: object @@ -16365,7 +16183,7 @@ components: key: description: MD5 hash type: string - maxLength: 16 + maxLength: 256 format: password preferred: description: Preferred? diff --git a/openapi-specs/scm/config/sase/network configurations/network-services-feb-v1.yaml b/openapi-specs/scm/config/sase/network configurations/network-services_march.yaml similarity index 98% rename from openapi-specs/scm/config/sase/network configurations/network-services-feb-v1.yaml rename to openapi-specs/scm/config/sase/network configurations/network-services_march.yaml index c9d72cfef..347a4fba8 100644 --- a/openapi-specs/scm/config/sase/network configurations/network-services-feb-v1.yaml +++ b/openapi-specs/scm/config/sase/network configurations/network-services_march.yaml @@ -101,8 +101,6 @@ tags: description: VLAN Interfaces - name: Zone Protection Profiles description: Zone Protection Profiles - - name: Ssl Decryption Settings - description: Ssl Decrypt - name: Remote Networks License description: Remote Networks License Info - name: LLDP Profiles @@ -7862,68 +7860,26 @@ components: send_email: type: array items: - type: object + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string GlobalprotectMatchList: type: object properties: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -7931,15 +7887,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -7952,49 +7908,7 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -8002,15 +7916,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -8027,55 +7941,13 @@ components: send_email: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - name: - type: string name: type: string quarantine: @@ -8083,11 +7955,11 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string SystemMatchList: type: object properties: @@ -8100,34 +7972,19 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean UseridMatchList: @@ -8136,15 +7993,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string description: type: string filter: @@ -8155,52 +8012,10 @@ components: type: boolean send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - action: - type: string - registration: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - localhost: - type: object - properties: - panorama: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer send_email: type: array items: - type: object + type: string LicenseInfo: type: object properties: @@ -8384,6 +8199,9 @@ components: type: string description: Interface variable or hardcoded vlan/loopback. vlan will be passed as default value default: vlan + ip: + type: string + description: IP Prefix of the assigned interface authentication: type: object oneOf: @@ -8908,7 +8726,7 @@ components: enable: type: boolean description: Enable tunnel monitoring on this tunnel - default: true + default: false destination_ip: type: string description: Destination IP to send ICMP probe @@ -10975,7 +10793,7 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource loopback interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: @@ -10983,24 +10801,24 @@ components: pattern: '^\$[a-zA-Z\d\-_\. ]+$' type: string default_value: - description: Default interface assignment + description: Default interface assignment for loopback interface pattern: '^loopback\.([1-9][0-9]{0,3})$' type: string example: 'loopback.123' comment: - description: Description + description: Description for loopback interface type: string mtu: - description: MTU + description: MTU for loopback interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for loopback interface type: string example: string ip: - description: Loopback IP Parent + description: Loopback IP Parent type: array items: type: object @@ -11015,32 +10833,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for loopback interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for loopback interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for loopback interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for loopback interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for loopback interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for loopback interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for loopback interface default: "EUI-64" oneOf: - type: object @@ -11083,27 +10901,27 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource for tunnel interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: - description: L3 sub-interface name + description: L3 sub-interface name for tunnel interface type: string default_value: - description: Default interface assignment + description: Default interface assignment for tunnel interface pattern: '^tunnel\.([1-9][0-9]{0,3})$' type: string example: 'tunnel.123' comment: - description: Description + description: Description for tunnel interface type: string mtu: - description: MTU + description: MTU for tunnel interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for tunnel interface type: string example: string ip: @@ -11122,32 +10940,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for tunnel interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for tunnel interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for tunnel interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for tunnel interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for tunnel interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for tunnel interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for tunnel interface default: "EUI-64" oneOf: @@ -13027,7 +12845,7 @@ components: comments: description: Description of the link tag type: string - maxLength: 0 + maxLength: 1024 oneOf: - type: object title: folder @@ -15190,16 +15008,16 @@ components: inherit: type: object oneOf: - - title: ipv4 + - title: yes required: - - ipv4 + - yes properties: yes: type: object properties: {} - - title: 'no' + - title: no required: - - 'no' + - no properties: no: type: object @@ -16365,7 +16183,7 @@ components: key: description: MD5 hash type: string - maxLength: 16 + maxLength: 256 format: password preferred: description: Preferred? diff --git a/openapi-specs/scm/config/sase/network/network-services-feb-v1.yaml b/openapi-specs/scm/config/sase/network/network-services_march.yaml similarity index 98% rename from openapi-specs/scm/config/sase/network/network-services-feb-v1.yaml rename to openapi-specs/scm/config/sase/network/network-services_march.yaml index c9d72cfef..347a4fba8 100644 --- a/openapi-specs/scm/config/sase/network/network-services-feb-v1.yaml +++ b/openapi-specs/scm/config/sase/network/network-services_march.yaml @@ -101,8 +101,6 @@ tags: description: VLAN Interfaces - name: Zone Protection Profiles description: Zone Protection Profiles - - name: Ssl Decryption Settings - description: Ssl Decrypt - name: Remote Networks License description: Remote Networks License Info - name: LLDP Profiles @@ -7862,68 +7860,26 @@ components: send_email: type: array items: - type: object + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string GlobalprotectMatchList: type: object properties: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -7931,15 +7887,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -7952,49 +7908,7 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string + type: string name: type: string quarantine: @@ -8002,15 +7916,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean description: @@ -8027,55 +7941,13 @@ components: send_email: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer - action: - type: string - registration: - type: object - properties: - localhost: - type: object - properties: - panorama: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - name: - type: string name: type: string quarantine: @@ -8083,11 +7955,11 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string SystemMatchList: type: object properties: @@ -8100,34 +7972,19 @@ components: send_email: type: array items: - type: object - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string + type: string send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string send_to_panorama: type: boolean UseridMatchList: @@ -8136,15 +7993,15 @@ components: send_http: type: array items: - type: object + type: string send_snmptrap: type: array items: - type: object + type: string send_syslog: type: array items: - type: object + type: string description: type: string filter: @@ -8155,52 +8012,10 @@ components: type: boolean send_to_panorama: type: boolean - actions: - type: array - items: - type: object - properties: - name: - type: string - type: - type: object - properties: - integration: - type: object - properties: - action: - type: string - tagging: - type: object - properties: - action: - type: string - registration: - type: object - properties: - remote: - type: object - properties: - http_profile: - type: string - localhost: - type: object - properties: - panorama: - type: object - properties: - tags: - type: array - items: - type: object - target: - type: string - timeout: - type: integer send_email: type: array items: - type: object + type: string LicenseInfo: type: object properties: @@ -8384,6 +8199,9 @@ components: type: string description: Interface variable or hardcoded vlan/loopback. vlan will be passed as default value default: vlan + ip: + type: string + description: IP Prefix of the assigned interface authentication: type: object oneOf: @@ -8908,7 +8726,7 @@ components: enable: type: boolean description: Enable tunnel monitoring on this tunnel - default: true + default: false destination_ip: type: string description: Destination IP to send ICMP probe @@ -10975,7 +10793,7 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource loopback interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: @@ -10983,24 +10801,24 @@ components: pattern: '^\$[a-zA-Z\d\-_\. ]+$' type: string default_value: - description: Default interface assignment + description: Default interface assignment for loopback interface pattern: '^loopback\.([1-9][0-9]{0,3})$' type: string example: 'loopback.123' comment: - description: Description + description: Description for loopback interface type: string mtu: - description: MTU + description: MTU for loopback interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for loopback interface type: string example: string ip: - description: Loopback IP Parent + description: Loopback IP Parent type: array items: type: object @@ -11015,32 +10833,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for loopback interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for loopback interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for loopback interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for loopback interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for loopback interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for loopback interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for loopback interface default: "EUI-64" oneOf: - type: object @@ -11083,27 +10901,27 @@ components: properties: id: type: string - description: UUID of the resource + description: UUID of the resource for tunnel interface readOnly: true example: 123e4567-e89b-12d3-a456-426655440000 name: - description: L3 sub-interface name + description: L3 sub-interface name for tunnel interface type: string default_value: - description: Default interface assignment + description: Default interface assignment for tunnel interface pattern: '^tunnel\.([1-9][0-9]{0,3})$' type: string example: 'tunnel.123' comment: - description: Description + description: Description for tunnel interface type: string mtu: - description: MTU + description: MTU for tunnel interface type: integer minimum: 576 maximum: 9216 interface_management_profile: - description: Interface management profile + description: Interface management profile for tunnel interface type: string example: string ip: @@ -11122,32 +10940,32 @@ components: type: object properties: address: - description: IPv6 Address Parent + description: IPv6 Address Parent for tunnel interface type: array items: type: object properties: enable_on_interface: type: boolean - description: Enable Address on Interface + description: Enable Address on Interface for tunnel interface default: true name: type: string - description: IPv6 Address + description: IPv6 Address for tunnel interface example: '2001:DB8::1/128' anycast: - description: Anycast + description: Anycast for tunnel interface type: object prefix: - description: Use interface ID as host portion + description: Use interface ID as host portion for tunnel interface type: object enabled: - description: Enable IPv6 + description: Enable IPv6 for tunnel interface type: boolean default: false interface_id: type: string - description: Interface ID + description: Interface ID for tunnel interface default: "EUI-64" oneOf: @@ -13027,7 +12845,7 @@ components: comments: description: Description of the link tag type: string - maxLength: 0 + maxLength: 1024 oneOf: - type: object title: folder @@ -15190,16 +15008,16 @@ components: inherit: type: object oneOf: - - title: ipv4 + - title: yes required: - - ipv4 + - yes properties: yes: type: object properties: {} - - title: 'no' + - title: no required: - - 'no' + - no properties: no: type: object @@ -16365,7 +16183,7 @@ components: key: description: MD5 hash type: string - maxLength: 16 + maxLength: 256 format: password preferred: description: Preferred? From 153093c849df131d9c0a89354f2d1fa9cca13d66 Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 23 Mar 2026 19:14:27 +0530 Subject: [PATCH 6/6] Added NGFW Operations under SCM --- docusaurus.config.ts | 5 + .../ngfw-operations/NGFW-Operations-v1.yaml | 1430 +++++++++++++++++ .../ngfw-operations-introduction.md | 36 + products/scm/sidebars.ts | 12 + src/pages/strata-cloud-manager/index.js | 7 + 5 files changed, 1490 insertions(+) create mode 100644 openapi-specs/scm/config/ngfw-operations/NGFW-Operations-v1.yaml create mode 100644 products/scm/api/config/ngfw-operations/ngfw-operations-introduction.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 363595acc..340fce4d2 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -904,6 +904,11 @@ const config = { outputDir: "products/scm/api/config/cloudngfw/security", sidebarOptions: { groupPathsBy: "tag" }, }, + "ngfw-operations": { + specPath: "openapi-specs/scm/config/ngfw-operations", + outputDir: "products/scm/api/config/ngfw-operations", + sidebarOptions: { groupPathsBy: "tag" }, + }, adem: { specPath: "openapi-specs/access/adem", outputDir: "products/access/api/adem", diff --git a/openapi-specs/scm/config/ngfw-operations/NGFW-Operations-v1.yaml b/openapi-specs/scm/config/ngfw-operations/NGFW-Operations-v1.yaml new file mode 100644 index 000000000..0e385c0a8 --- /dev/null +++ b/openapi-specs/scm/config/ngfw-operations/NGFW-Operations-v1.yaml @@ -0,0 +1,1430 @@ +openapi: 3.0.0 +info: + version: 2.0.0 + title: Operations and Troubleshooting + description: | + These APIs can be used to retrieve operational data on your devices, for management and troubleshooting purposes. + termsOfService: 'https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf' + contact: + email: support@paloaltonetworks.com + name: Palo Alto Networks Technical Support + url: 'https://support.paloaltonetworks.com' + license: + name: MIT + url: https://opensource.org/license/mit +servers: + - url: 'https://api.strata.paloaltonetworks.com/operations/v1' + description: Current +tags: + - name: Device Operations + description: Operations for device management and troubleshooting + - name: Jobs + description: Job status and result retrieval for asynchronous operations + +paths: + /local-config/versions: + get: + tags: + - Device Operations + summary: List local configuration versions for a device + description: | + Retrieves the version history of local configurations for a specified device. + + **Purpose:** + - Track configuration changes pushed to devices + - View version history with timestamps + - Identify current and previous configuration versions + + operationId: getLocalConfigVersions + parameters: + - name: device + in: query + description: | + The serial number of the device for which to retrieve configuration versions. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + + responses: + '200': + description: | + Success - Returns array of local configuration versions. + + **Notes:** + - Empty array `[]` is returned if no versions exist + - Empty array `[]` is returned if device doesn't exist + - Versions typically ordered by timestamp + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/local_config_version' + examples: + with_versions: + summary: Device with configuration versions + value: + - id: 1 + serial: '007951000123456' + local_version: '1.0.0' + timestamp: '2025-01-15T10:30:00Z' + xfmed_version: '1.0.0-transformed' + - id: 2 + serial: '007951000123456' + local_version: '0.9.0' + timestamp: '2025-01-14T09:20:00Z' + xfmed_version: '0.9.0-transformed' + no_versions: + summary: Device with no versions (or non-existent device) + value: [] + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /local-config/download: + get: + tags: + - Device Operations + summary: Download local configuration file + description: | + Downloads a specific local configuration file for a device. + + **Purpose:** + - Retrieve the actual XML configuration file pushed to a device + - Download configuration for backup or review purposes + - Access specific configuration versions from history + + **Process:** + - Queries the database for the specified device and version + - Retrieves the base64-encoded configuration + - Decodes and returns it as an XML file download + - File is downloaded with name: `local-config-{device}-{version}.xml` + + operationId: downloadLocalConfig + parameters: + - name: device + in: query + description: | + The serial number of the device for which to download the configuration. + + **Format:** Typically 14-15 digit device serial number + + **Example:** `007951000123456` + + **Required:** Yes + required: true + schema: + type: string + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + - name: version + in: query + description: | + The configuration version ID to download. + + **Source:** Use the `id` field from `/local-config/versions` response + + **Example:** `1` + + **Required:** Yes + required: true + schema: + type: string + example: '1' + + responses: + '200': + description: | + Success - Configuration file downloaded successfully. + + **Response Type:** Binary file download (XML) + **Content-Type:** `application/octet-stream` + **Filename:** `local-config-{device}-{version}.xml` + headers: + Content-Disposition: + description: Attachment header specifying the downloaded filename + schema: + type: string + example: 'attachment; filename=local-config-007951000123456-1.xml' + Content-Type: + description: MIME type of the downloaded file + schema: + type: string + example: 'application/octet-stream' + content: + application/octet-stream: + schema: + type: string + format: binary + description: | + XML configuration file content. + + The file contains the device's local configuration in XML format, + retrieved from the database and decoded from base64 encoding. + '400': + description: | + Bad Request - Missing required query parameters. + + **Common Causes:** + - Missing `device` parameter + - Missing `version` parameter + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + missing_device: + summary: Missing device parameter + value: + error: 'device query parameter is required' + missing_version: + summary: Missing version parameter + value: + error: 'version query parameter is required' + '404': + description: | + Not Found - Configuration not found for the specified device and version. + + **Common Causes:** + - Invalid version ID for the device + - Device configuration has been deleted + - Database record doesn't exist + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: + error: 'configuration not found' + '500': + description: | + Internal Server Error - Database query error, parsing error, or decoding error. + + **Common Causes:** + - Database connectivity issues + - Invalid JSON response from database service + - Missing `local_cfg` field in database response + - Invalid base64 encoding in stored configuration + - Failed to decode base64 content + content: + application/json: + schema: + type: object + properties: + error: + type: string + examples: + database_error: + summary: Database query error + value: + error: 'database query error' + parse_error: + summary: Failed to parse database response + value: + error: 'failed to parse response' + missing_field: + summary: Missing local_cfg field + value: + error: 'local_cfg field not found in response' + decode_error: + summary: Failed to decode configuration + value: + error: 'failed to decode configuration' + default: + $ref: '#/components/responses/default_errors' + /jobs/route-table: + post: + summary: Initiate a job to retrieve route table from device(s) + description: | + Initiates an asynchronous job to retrieve the route table from one or more specified devices. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestRouteTable + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + + /jobs/dns-proxy: + post: + summary: Initiate a job to retrieve the dns proxy table from device(s) + description: | + Initiates an asynchronous job to retrieve the dns proxy table from one or more specified devices. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestDnsProxy + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /jobs/fib-table: + post: + summary: Initiate a job to retrieve FIB table from device(s) + description: | + Initiates an asynchronous job to retrieve the FIB (Forwarding Information Base) Table from one or more specified devices. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestFIBTable + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /jobs/logging-service-forwarding-status: + post: + summary: Initiate a job to request logging service forwarding status for device(s) + description: | + Initiates an asynchronous job to retrieve the logging service forwarding status for one or more specified devices. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestLoggingServiceForwardingStatus + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /jobs/device-interfaces: + post: + summary: Initiate a job to retrieve network interfaces from device(s) + description: | + Initiates an asynchronous job to retrieve the network interfaces from one or more specified devices. It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: requestDeviceInterfaces + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /jobs/bgp-policy-export: + post: + summary: Initiate a job for BGP Policy Export from device(s) + description: | + Initiates an asynchronous job for BGP Policy Export from device(s). It returns a job ID that can be used to poll for results using the jobs endpoint. + tags: + - Device Operations + operationId: bgpPolicyExport + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - devices + properties: + devices: + type: array + description: List of device serial numbers from which to retrieve the route table. Must contain between 1 and 5 unique device serial numbers. + minItems: 1 + maxItems: 5 + uniqueItems: true + items: + type: string + pattern: '^[0-9]{14,15}$' + description: Device serial number. + example: + - '007951000123456' + - '007951000123457' + - '007951000123458' + examples: + single_device: + summary: Single device request + value: + devices: + - '007951000123456' + multiple_devices: + summary: Multiple devices request + value: + devices: + - '007951000123456' + - '007951000123457' + - '007951000123458' + responses: + '200': + description: | + Success - Job created successfully. + Use the returned `job_id` to poll for results using `GET /device/jobs/{job_id}`. + content: + application/json: + schema: + type: object + required: + - job_id + properties: + job_id: + type: string + format: uuid + description: | + Unique identifier for the created routing table retrieval job. + + **Usage:** + - Use this ID with `GET /device/jobs/{job_id}` to poll for job completion + - Job typically completes within 5-30 seconds + - Job results will contain the routing table data from the device(s) + example: '550e8400-e29b-41d4-a716-446655440000' + examples: + success: + summary: Successful job creation + value: + job_id: '550e8400-e29b-41d4-a716-446655440000' + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + /device/jobs/{id}: + get: + summary: Retrieve job status and results, running on a device + description: | + Retrieves the current status and results of an asynchronous device job. Poll this endpoint to check job completion and retrieve the results once the job state is complete. + tags: + - Jobs + operationId: getJobStatus + parameters: + - name: id + in: path + description: The unique identifier of the job to retrieve. + required: true + schema: + type: string + format: uuid + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' + responses: + '200': + description: | + Success - Job details retrieved successfully. + The response includes job progress, state, request details, and results when available. + content: + application/json: + schema: + $ref: '#/components/schemas/job_status' + examples: + complete_routing_job: + summary: Completed routing table job + value: + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' + progress: 100 + state: 'complete' + request: + command: 'show-advanced-routing-route' + devices: + - '012345678901234' + results: + - device: '012345678901234' + state: 'complete' + created_ts: '2026-03-02 19:00:04' + updated_ts: '2026-03-02 19:00:04' + details: + msg: 'Command completed successfully.' + result: + router_global: + '3.3.3.3/32': + - prefix: '3.3.3.3/32' + prefixLen: 32 + protocol: 'connected' + distance: 0 + metric: 0 + installed: true + selected: true + destSelected: true + uptime: '06w0d07h' + nexthopGroupId: 6 + nexthops: + - interfaceName: 'vlan.1' + interfaceIndex: 256 + active: true + fib: true + directlyConnected: true + flags: 'A ' + in_progress_job: + summary: Job in progress + value: + jobId: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' + progress: 50 + state: 'in_progress' + request: + command: 'show-advanced-routing-route' + devices: + - '012345678901234' + results: [] + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + +components: + securitySchemes: + scmOAuth: + type: oauth2 + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + flows: + clientCredentials: + tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token + scopes: {} + scmToken: + type: http + description: | + Strata Cloud Manager APIs authenticate client requests using the + OAuth 2.0 Client Credentials flow. Please use the `client_id`, + `client_secret` values associated with an IAM service account along + with a scope value of `tsg_id:XXXXXXXXXX`, where `XXXXXXXXXX` is the + Tenant Service Group (TSG) ID. The resulting JWT access token should + be attached to all API calls as a `Bearer` token in the `Authorization` + header (ex. `Authorization: Bearer tokenstring`). + scheme: bearer + bearerFormat: JWT + parameters: + uuid: + name: id + in: path + required: true + schema: + type: string + description: The UUID of the resource + pagination-optional: + name: pagination + in: query + required: false + schema: + type: boolean + description: The parameter to mention if the response should be paginated. By default, its set to false + name-optional: + name: name + in: query + required: false + schema: + type: string + description: The name of the resource + limit-optional: + name: limit + in: query + required: false + schema: + type: integer + description: The maximum number of resources to return + offset-optional: + name: offset + in: query + required: false + schema: + type: integer + description: The offset into the list of resources returned + folder: + name: folder + in: query + required: false + schema: + type: string + description: | + The folder in which the resource is defined + snippet: + name: snippet + in: query + required: false + schema: + type: string + description: | + The snippet in which the resource is defined + device: + name: device + in: query + required: false + schema: + type: string + description: | + The device in which the resource is defined + trusted-tenant-type: + name: type + in: query + required: true + schema: + type: string + enum: + - subscriber + - publisher + description: | + Specifies the type of the tenant that is trusted, either 'subscriber' or 'publisher'. + trust-ids: + name: trustids + in: query + required: true + schema: + type: string + description: | + Comma-separated list of trust IDs + snippet-id: + name: snippet-id + in: query + required: true + schema: + type: string + description: | + The ID of the snippet + recipient-tsgs: + name: tsgs + in: query + required: true + schema: + type: string + description: | + Comma-separated list of recipient TSG IDs + responses: + http_ok: + description: OK + http_created: + description: Created + auth_errors: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_not_authenticated: + $ref: '#/components/examples/json_401_panui_auth_not_authenticated' + invalid_credential: + $ref: '#/components/examples/json_401_panui_auth_invalid_credential' + key_too_long: + $ref: '#/components/examples/json_401_panui_auth_key_too_long' + key_expired: + $ref: '#/components/examples/json_401_panui_auth_key_expired' + need_password_change: + $ref: '#/components/examples/json_401_panui_auth_need_password_change' + access_errors: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + auth_unauthorized: + $ref: '#/components/examples/json_403_panui_auth_unauthorized' + bad_request_errors_basic: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + bad_request_errors_basic_with_body: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + input_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_input_format_mismatch' + output_format_mismatch: + $ref: '#/components/examples/json_400_panui_restapi_output_format_mismatch' + missing_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_missing_query_parameter' + invalid_query_parameter: + $ref: '#/components/examples/json_400_panui_restapi_invalid_query_parameter' + missing_body: + $ref: '#/components/examples/json_400_panui_restapi_missing_body' + invalid_object: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_object' + not_found: + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_present: + $ref: '#/components/examples/json_404_panui_mgmt_object_not_present' + conflict_errors: + description: Conflict + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + object_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_object_not_unique' + name_not_unique: + $ref: '#/components/examples/json_409_panui_mgmt_name_not_unique' + reference_not_zero: + $ref: '#/components/examples/json_409_panui_mgmt_reference_not_zero' + default_errors: + description: General Errors + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + examples: + version_not_supported: + $ref: '#/components/examples/json_501_panui_restapi_version_not_supported' + method_not_allowed: + $ref: '#/components/examples/json_501_panui_restapi_method_not_supported' + action_not_supported: + $ref: '#/components/examples/json_405_panui_restapi_action_not_supported' + bad_xpath: + $ref: '#/components/examples/json_400_panui_mgmt_bad_xpath' + invalid_command: + $ref: '#/components/examples/json_400_panui_mgmt_invalid_command' + malformed_command: + $ref: '#/components/examples/json_400_panui_mgmt_malformed_command' + session_timeout: + $ref: '#/components/examples/json_504_panui_mgmt_session_timeout' + examples: + json_401_panui_auth_not_authenticated: + summary: Not Authenticated + value: + _errors: + - code: 'E016' + message: Not Authenticated + details: {} + _request_id: 'abcd-1234' + json_401_panui_auth_invalid_credential: + summary: Invalid Credential + value: + _errors: + - code: 'E016' + message: Invalid Credential + details: {} + _request_id: 'abcd-1234' + json_401_panui_auth_key_too_long: + summary: Key Too Long + value: + _errors: + - code: 'E016' + message: Key Too Long + details: {} + _request_id: 'abcd-1234' + json_401_panui_auth_key_expired: + summary: Key Expired + value: + _errors: + - code: 'E016' + message: Key Expired + details: {} + _request_id: 'abcd-1234' + json_401_panui_auth_need_password_change: + summary: Need Password Change + value: + _errors: + - code: 'E016' + message: The password needs to be changed. + details: {} + _request_id: 'abcd-1234' + json_403_panui_auth_unauthorized: + summary: Unauthorized + value: + _errors: + - code: 'E007' + message: Unauthorized + details: {} + _request_id: 'abcd-1234' + json_501_panui_restapi_version_not_supported: + summary: Version Not Supported + value: + _errors: + - code: 'E012' + message: Version Not Supported + details: {} + _request_id: 'abcd-1234' + json_501_panui_restapi_method_not_supported: + summary: Method Not Supported + value: + _errors: + - code: 'E012' + message: Method Not Supported + details: {} + _request_id: 'abcd-1234' + json_400_panui_restapi_input_format_mismatch: + summary: Input Format Mismatch + value: + _errors: + - code: 'E003' + message: 'Input Format Mismatch: input-format=json' + details: {} + _request_id: 'abcd-1234' + json_400_panui_restapi_output_format_mismatch: + summary: Output Format Mismatch + value: + _errors: + - code: 'E003' + message: 'Output Format Mismatch: output-format=json Accept=xml' + details: {} + _request_id: 'abcd-1234' + json_400_panui_restapi_missing_query_parameter: + summary: Missing Query Parameter + value: + _errors: + - code: 'E003' + message: 'Missing Query Parameter: name' + details: {} + _request_id: 'abcd-1234' + json_400_panui_restapi_invalid_query_parameter: + summary: Invalid Query Parameter + value: + _errors: + - code: 'E003' + message: 'Invalid Query Parameter: location=invalid' + details: {} + _request_id: 'abcd-1234' + json_400_panui_restapi_missing_body: + summary: Missing Body + value: + _errors: + - code: 'E003' + message: Missing Body + details: {} + _request_id: 'abcd-1234' + json_405_panui_restapi_action_not_supported: + summary: Action Not Supported + value: + _errors: + - code: 'E012' + message: 'Action Not Supported: move' + details: {} + _request_id: 'abcd-1234' + json_400_panui_mgmt_bad_xpath: + summary: Bad XPath + value: + _errors: + - code: 'E013' + message: Bad XPath + details: {} + _request_id: 'abcd-1234' + json_404_panui_mgmt_object_not_present: + summary: Object Not Present + value: + _errors: + - code: 'E005' + message: Object Not Present + details: {} + _request_id: 'abcd-1234' + json_409_panui_mgmt_object_not_unique: + summary: Object Not Unique + value: + _errors: + - code: 'E016' + message: Object Not Unique + details: {} + _request_id: 'abcd-1234' + json_409_panui_mgmt_name_not_unique: + summary: Name Not Unique + value: + _errors: + - code: 'E006' + message: Name Not Unique + details: {} + _request_id: 'abcd-1234' + json_409_panui_mgmt_reference_not_zero: + summary: Reference Not Zero + value: + _errors: + - code: 'E009' + message: Reference Not Zero + details: {} + _request_id: 'abcd-1234' + json_400_panui_mgmt_invalid_object: + summary: Invalid Object + value: + _errors: + - code: 'E003' + message: Invalid Object + details: {} + _request_id: 'abcd-1234' + json_400_panui_mgmt_invalid_command: + summary: Invalid Command + value: + _errors: + - code: 'E003' + message: Invalid Command + details: {} + _request_id: 'abcd-1234' + json_400_panui_mgmt_malformed_command: + summary: Malformed Command + value: + _errors: + - code: 'E003' + message: Malformed Command + details: {} + _request_id: 'abcd-1234' + json_504_panui_mgmt_session_timeout: + summary: Session Timeout + value: + _errors: + - code: '4' + message: Session Timeout + details: {} + _request_id: 'abcd-1234' + schemas: + job_status: + type: object + required: + - jobId + - progress + - state + - request + - results + properties: + jobId: + type: string + format: uuid + description: Unique identifier for the job. + example: 'ab123c4d-e56f-7g8h-901i-23jk4l5mn678' + progress: + type: integer + minimum: 0 + maximum: 100 + description: Job completion percentage. + example: 100 + state: + type: string + description: Current state of the job. + enum: + - pending + - in_progress + - complete + - failed + example: 'complete' + request: + type: object + description: The original request that initiated the job. + required: + - command + - devices + properties: + command: + type: string + description: The command that was executed. + example: 'show-advanced-routing-route' + devices: + type: array + description: List of device serial numbers for which the command was executed. + items: + type: string + pattern: '^[0-9]{14,15}$' + example: + - '012345678901234' + results: + type: array + description: Array of results from each device. The structure of the result data varies based on the job type. + items: + $ref: '#/components/schemas/job_result' + job_result: + type: object + required: + - device + - state + - created_ts + - updated_ts + - details + properties: + device: + type: string + pattern: '^[0-9]{14,15}$' + description: The serial number of the device. + example: '012345678901234' + state: + type: string + description: The state of the job for this specific device. + enum: + - pending + - in_progress + - complete + - failed + example: 'complete' + created_ts: + type: string + description: Timestamp when the job was created. + example: '2026-03-02 19:00:04' + updated_ts: + type: string + description: Timestamp when the job was last updated. + example: '2026-03-02 19:00:04' + details: + type: object + description: Detailed results from the command execution. The structure varies based on the command type. + required: + - msg + - result + properties: + msg: + type: string + description: Status message from the command execution. + example: 'Command completed successfully.' + result: + type: object + description: The actual result data from the command. Structure varies by command type and may contain routing tables, device information, or other operational data. + additionalProperties: true + generic_error: + type: object + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + error_detail_cause_infos: + type: array + items: + $ref: '#/components/schemas/error_detail_cause_info' + error_detail_cause_info: + title: Cause Info + type: object + properties: + 'code': + type: string + message: + type: string + details: + oneOf: + - type: string + - type: object + help: + type: string + local_config_version: + type: object + required: + - id + - serial + - local_version + - timestamp + - xfmed_version + properties: + id: + type: integer + description: | + Unique identifier for this configuration version entry in the database. + example: 1 + serial: + type: string + description: | + Device serial number (14-15 digits). + + Identifies which device this configuration version belongs to. + pattern: '^[0-9]{14,15}$' + example: '007951000123456' + local_version: + type: string + description: | + Local configuration version identifier. + + **Format:** Version string (typically semantic versioning) + **Purpose:** Identifies the original configuration version + example: '1.0.0' + timestamp: + type: string + format: date-time + description: | + When this configuration version was created or pushed to the device. + + **Format:** ISO 8601 date-time (UTC) + **Source:** Database `ts` field + example: '2025-01-15T10:30:00Z' + xfmed_version: + type: string + description: | + Transformed configuration version identifier. + + **Purpose:** Version identifier after transformation/processing + **Use Case:** Tracking configuration pipeline transformations + example: '1.0.0-transformed' + md5: + type: string + description: | + MD5 hash of the configuration (optional). + + **Note:** Currently not populated in responses + **Purpose:** Configuration integrity verification + example: 'abc123def456' + +security: + - scmToken: [] +x-internal: false diff --git a/products/scm/api/config/ngfw-operations/ngfw-operations-introduction.md b/products/scm/api/config/ngfw-operations/ngfw-operations-introduction.md new file mode 100644 index 000000000..86375e692 --- /dev/null +++ b/products/scm/api/config/ngfw-operations/ngfw-operations-introduction.md @@ -0,0 +1,36 @@ +--- +id: ngfw-operations-introduction +title: NGFW Operations APIs +sidebar_label: NGFW Operations APIs +slug:slug: /scm/api/ngfw-operations +keywords: + - Strata Cloud Manager + - Configuration + - Setup + - Reference + - API +--- + +# Operations and Troubleshooting API Reference + +Welcome to the **Operations and Troubleshooting API** portal. This suite of endpoints provides the programmatic tools necessary to monitor device health, audit configuration history, and retrieve real-time operational data from your Palo Alto Networks managed assets. + +By leveraging these APIs, technical operations teams can automate diagnostic workflows and integrate deep device visibility into custom management dashboards. + +## Key Capabilities + +### 1. Configuration Management +Maintain a clear audit trail of your environment with dedicated configuration endpoints: +* **Version History:** Retrieve a comprehensive list of local configuration versions for any device, including timestamps and transformation IDs. +* **Secure Downloads:** Programmatically fetch the actual XML configuration files pushed to a device for offline analysis or backup verification. + +### 2. Real-Time Operational Diagnostics +Initiate asynchronous jobs to pull live telemetry and state information without blocking your primary application flow. These jobs support up to five devices per request: +* **Routing & Forwarding:** Access Route Tables and Forwarding Information Base (FIB) data to troubleshoot traffic paths. +* **Network Services:** Monitor DNS proxy tables and logging service forwarding status to ensure core services are reachable. +* **Interface Telemetry:** Retrieve detailed network interface states and statistics directly from the hardware. + +### 3. Automated Job Tracking +Our asynchronous architecture ensures your application remains responsive: +* **Polling Mechanism:** Use the Job ID returned by any operation to track progress from `pending` to `complete`. +* **Structured Results:** Receive granular, device-specific data in a standardized JSON format, ready for automated parsing or visualization. \ No newline at end of file diff --git a/products/scm/sidebars.ts b/products/scm/sidebars.ts index 0d71d60e0..31597f10f 100644 --- a/products/scm/sidebars.ts +++ b/products/scm/sidebars.ts @@ -349,6 +349,18 @@ module.exports = { }, ], }, + { + type: "category", + label: "NGFW Operations", + collapsed: true, + items: [ + { + type: "doc", + id: "scm/api/config/ngfw-operations/ngfw-operations-introduction", + }, + require("./api/config/ngfw-operations/sidebar"), + ], + }, ], scmauth: ["scm/api/auth/auth-api", require("./api/auth/sidebar")], scmiam: ["scm/api/iam/iam-api", require("./api/iam/sidebar")], diff --git a/src/pages/strata-cloud-manager/index.js b/src/pages/strata-cloud-manager/index.js index 216edc9dc..d62f5d878 100644 --- a/src/pages/strata-cloud-manager/index.js +++ b/src/pages/strata-cloud-manager/index.js @@ -158,6 +158,13 @@ export default function SCMLandingPage() { icon: "api-doc", }, ], + "NGFW Operations": [ + { + to: "scm/api/config/ngfw-operations/ngfw-operations-introduction", + label: "NGFW Operations", + icon: "api-doc", + }, + ], "Cloud NGFW Configuration": [ { to: "scm/api/config/cloudngfw/operations/operations-api-cloud-ngfw",