From 728f63b234f13980053a403e34647633adb22112 Mon Sep 17 00:00:00 2001 From: sra Date: Tue, 31 Mar 2026 16:25:48 +0530 Subject: [PATCH] Added new v2 Manage NGFW api endpoints --- cloudngfw/api/aws/associationrulestacks.mdx | 12 + cloudngfw/api/aws/certificateobjects.mdx | 12 + cloudngfw/api/aws/fileblockingaction.mdx | 12 + cloudngfw/api/aws/fqdnlist.mdx | 12 + cloudngfw/api/aws/intelligentfeed.mdx | 12 + cloudngfw/api/aws/logprofile.mdx | 12 + cloudngfw/api/aws/manageapitokens.mdx | 12 + .../api/aws/managecustomurlcategories.mdx | 12 + cloudngfw/api/aws/managengfw-v2.mdx | 12 + cloudngfw/api/aws/managengfw.mdx | 12 + cloudngfw/api/aws/managengfwtags.mdx | 12 + cloudngfw/api/aws/managerulestacks.mdx | 12 + cloudngfw/api/aws/managerulestacktags.mdx | 12 + cloudngfw/api/aws/managesubscription.mdx | 12 + cloudngfw/api/aws/predefinedurlcategories.mdx | 12 + cloudngfw/api/aws/prefixlist.mdx | 12 + cloudngfw/api/aws/securityrules.mdx | 12 + .../api/aws/useronboarding-linkaccount.mdx | 12 + .../api/aws/useronboarding-xaccountroles.mdx | 12 + .../cloudngfw/aws/AssociationRulestacks.yaml | 200 + .../cloudngfw/aws/CertificateObjects.yaml | 602 +++ openapi-specs/cloudngfw/aws/FQDNList.yaml | 624 ++++ .../cloudngfw/aws/FileBlockingAction.yaml | 412 ++ .../cloudngfw/aws/IntelligentFeed.yaml | 579 +++ openapi-specs/cloudngfw/aws/LogProfile.yaml | 232 ++ .../cloudngfw/aws/ManageAPITokens.yaml | 210 +- .../aws/ManageCustomURLCategories.yaml | 258 +- .../cloudngfw/aws/ManageNGFW-V2.yaml | 3312 +++++++++++++++++ openapi-specs/cloudngfw/aws/ManageNGFW.yaml | 695 +--- .../cloudngfw/aws/ManageNGFWTags.yaml | 150 +- .../cloudngfw/aws/ManageRulestackTags.yaml | 127 +- .../cloudngfw/aws/ManageRulestacks.yaml | 653 ++-- .../cloudngfw/aws/ManageSubscription.yaml | 48 +- .../aws/PredefinedURLCategories.yaml | 98 + openapi-specs/cloudngfw/aws/PrefixList.yaml | 609 +++ .../cloudngfw/aws/SecurityRules.yaml | 1565 ++++++++ .../aws/UserOnboarding-LinkAccount.yaml | 184 + .../aws/UserOnboarding-XAccountRoles.yaml | 266 ++ .../aws/spec/api/AssociationRulestacks.yaml | 200 + .../aws/spec/api/CertificateObjects.yaml | 602 +++ static/cloudngfw/aws/spec/api/FQDNList.yaml | 624 ++++ .../aws/spec/api/FileBlockingAction.yaml | 412 ++ .../aws/spec/api/IntelligentFeed.yaml | 579 +++ static/cloudngfw/aws/spec/api/LogProfile.yaml | 232 ++ .../aws/spec/api/ManageAPITokens.yaml | 288 ++ .../spec/api/ManageCustomURLCategories.yaml | 660 ++++ .../cloudngfw/aws/spec/api/ManageNGFW-V2.yaml | 3312 +++++++++++++++++ static/cloudngfw/aws/spec/api/ManageNGFW.yaml | 792 ++++ .../aws/spec/api/ManageNGFWTags.yaml | 316 ++ .../aws/spec/api/ManageRulestackTags.yaml | 299 ++ .../aws/spec/api/ManageRulestacks.yaml | 1134 ++++++ .../aws/spec/api/ManageSubscription.yaml | 90 + .../aws/spec/api/PredefinedURLCategories.yaml | 98 + static/cloudngfw/aws/spec/api/PrefixList.yaml | 609 +++ .../cloudngfw/aws/spec/api/SecurityRules.yaml | 1565 ++++++++ .../spec/api/UserOnboarding-LinkAccount.yaml | 184 + .../api/UserOnboarding-XAccountRoles.yaml | 266 ++ 57 files changed, 21674 insertions(+), 1640 deletions(-) create mode 100644 cloudngfw/api/aws/associationrulestacks.mdx create mode 100644 cloudngfw/api/aws/certificateobjects.mdx create mode 100644 cloudngfw/api/aws/fileblockingaction.mdx create mode 100644 cloudngfw/api/aws/fqdnlist.mdx create mode 100644 cloudngfw/api/aws/intelligentfeed.mdx create mode 100644 cloudngfw/api/aws/logprofile.mdx create mode 100644 cloudngfw/api/aws/manageapitokens.mdx create mode 100644 cloudngfw/api/aws/managecustomurlcategories.mdx create mode 100644 cloudngfw/api/aws/managengfw-v2.mdx create mode 100644 cloudngfw/api/aws/managengfw.mdx create mode 100644 cloudngfw/api/aws/managengfwtags.mdx create mode 100644 cloudngfw/api/aws/managerulestacks.mdx create mode 100644 cloudngfw/api/aws/managerulestacktags.mdx create mode 100644 cloudngfw/api/aws/managesubscription.mdx create mode 100644 cloudngfw/api/aws/predefinedurlcategories.mdx create mode 100644 cloudngfw/api/aws/prefixlist.mdx create mode 100644 cloudngfw/api/aws/securityrules.mdx create mode 100644 cloudngfw/api/aws/useronboarding-linkaccount.mdx create mode 100644 cloudngfw/api/aws/useronboarding-xaccountroles.mdx create mode 100644 openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml create mode 100644 openapi-specs/cloudngfw/aws/CertificateObjects.yaml create mode 100644 openapi-specs/cloudngfw/aws/FQDNList.yaml create mode 100644 openapi-specs/cloudngfw/aws/FileBlockingAction.yaml create mode 100644 openapi-specs/cloudngfw/aws/IntelligentFeed.yaml create mode 100644 openapi-specs/cloudngfw/aws/LogProfile.yaml create mode 100644 openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml create mode 100644 openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml create mode 100644 openapi-specs/cloudngfw/aws/PrefixList.yaml create mode 100644 openapi-specs/cloudngfw/aws/SecurityRules.yaml create mode 100644 openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml create mode 100644 openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml create mode 100644 static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml create mode 100644 static/cloudngfw/aws/spec/api/CertificateObjects.yaml create mode 100644 static/cloudngfw/aws/spec/api/FQDNList.yaml create mode 100644 static/cloudngfw/aws/spec/api/FileBlockingAction.yaml create mode 100644 static/cloudngfw/aws/spec/api/IntelligentFeed.yaml create mode 100644 static/cloudngfw/aws/spec/api/LogProfile.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageAPITokens.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageNGFW.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageRulestacks.yaml create mode 100644 static/cloudngfw/aws/spec/api/ManageSubscription.yaml create mode 100644 static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml create mode 100644 static/cloudngfw/aws/spec/api/PrefixList.yaml create mode 100644 static/cloudngfw/aws/spec/api/SecurityRules.yaml create mode 100644 static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml create mode 100644 static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml diff --git a/cloudngfw/api/aws/associationrulestacks.mdx b/cloudngfw/api/aws/associationrulestacks.mdx new file mode 100644 index 000000000..30b7e6546 --- /dev/null +++ b/cloudngfw/api/aws/associationrulestacks.mdx @@ -0,0 +1,12 @@ +--- +id: associationrulestacks +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/certificateobjects.mdx b/cloudngfw/api/aws/certificateobjects.mdx new file mode 100644 index 000000000..4d0e5d739 --- /dev/null +++ b/cloudngfw/api/aws/certificateobjects.mdx @@ -0,0 +1,12 @@ +--- +id: certificateobjects +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/fileblockingaction.mdx b/cloudngfw/api/aws/fileblockingaction.mdx new file mode 100644 index 000000000..feeff70df --- /dev/null +++ b/cloudngfw/api/aws/fileblockingaction.mdx @@ -0,0 +1,12 @@ +--- +id: fileblockingaction +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/fqdnlist.mdx b/cloudngfw/api/aws/fqdnlist.mdx new file mode 100644 index 000000000..95a76976b --- /dev/null +++ b/cloudngfw/api/aws/fqdnlist.mdx @@ -0,0 +1,12 @@ +--- +id: fqdnlist +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/intelligentfeed.mdx b/cloudngfw/api/aws/intelligentfeed.mdx new file mode 100644 index 000000000..3c93e64a2 --- /dev/null +++ b/cloudngfw/api/aws/intelligentfeed.mdx @@ -0,0 +1,12 @@ +--- +id: intelligentfeed +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/logprofile.mdx b/cloudngfw/api/aws/logprofile.mdx new file mode 100644 index 000000000..98093ed25 --- /dev/null +++ b/cloudngfw/api/aws/logprofile.mdx @@ -0,0 +1,12 @@ +--- +id: logprofile +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/manageapitokens.mdx b/cloudngfw/api/aws/manageapitokens.mdx new file mode 100644 index 000000000..102a44aea --- /dev/null +++ b/cloudngfw/api/aws/manageapitokens.mdx @@ -0,0 +1,12 @@ +--- +id: manageapitokens +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managecustomurlcategories.mdx b/cloudngfw/api/aws/managecustomurlcategories.mdx new file mode 100644 index 000000000..1ad1551a8 --- /dev/null +++ b/cloudngfw/api/aws/managecustomurlcategories.mdx @@ -0,0 +1,12 @@ +--- +id: managecustomurlcategories +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managengfw-v2.mdx b/cloudngfw/api/aws/managengfw-v2.mdx new file mode 100644 index 000000000..5f8c3f8cb --- /dev/null +++ b/cloudngfw/api/aws/managengfw-v2.mdx @@ -0,0 +1,12 @@ +--- +id: managengfw-v2 +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managengfw.mdx b/cloudngfw/api/aws/managengfw.mdx new file mode 100644 index 000000000..bdb603431 --- /dev/null +++ b/cloudngfw/api/aws/managengfw.mdx @@ -0,0 +1,12 @@ +--- +id: managengfw +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managengfwtags.mdx b/cloudngfw/api/aws/managengfwtags.mdx new file mode 100644 index 000000000..220cc85f4 --- /dev/null +++ b/cloudngfw/api/aws/managengfwtags.mdx @@ -0,0 +1,12 @@ +--- +id: managengfwtags +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managerulestacks.mdx b/cloudngfw/api/aws/managerulestacks.mdx new file mode 100644 index 000000000..41f1d83b0 --- /dev/null +++ b/cloudngfw/api/aws/managerulestacks.mdx @@ -0,0 +1,12 @@ +--- +id: managerulestacks +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managerulestacktags.mdx b/cloudngfw/api/aws/managerulestacktags.mdx new file mode 100644 index 000000000..7a161b358 --- /dev/null +++ b/cloudngfw/api/aws/managerulestacktags.mdx @@ -0,0 +1,12 @@ +--- +id: managerulestacktags +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/managesubscription.mdx b/cloudngfw/api/aws/managesubscription.mdx new file mode 100644 index 000000000..4021134e3 --- /dev/null +++ b/cloudngfw/api/aws/managesubscription.mdx @@ -0,0 +1,12 @@ +--- +id: managesubscription +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/predefinedurlcategories.mdx b/cloudngfw/api/aws/predefinedurlcategories.mdx new file mode 100644 index 000000000..2ea3fc4e1 --- /dev/null +++ b/cloudngfw/api/aws/predefinedurlcategories.mdx @@ -0,0 +1,12 @@ +--- +id: predefinedurlcategories +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/prefixlist.mdx b/cloudngfw/api/aws/prefixlist.mdx new file mode 100644 index 000000000..9a74ce4d8 --- /dev/null +++ b/cloudngfw/api/aws/prefixlist.mdx @@ -0,0 +1,12 @@ +--- +id: prefixlist +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/securityrules.mdx b/cloudngfw/api/aws/securityrules.mdx new file mode 100644 index 000000000..1d1aadc3b --- /dev/null +++ b/cloudngfw/api/aws/securityrules.mdx @@ -0,0 +1,12 @@ +--- +id: securityrules +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/useronboarding-linkaccount.mdx b/cloudngfw/api/aws/useronboarding-linkaccount.mdx new file mode 100644 index 000000000..d386f1ae2 --- /dev/null +++ b/cloudngfw/api/aws/useronboarding-linkaccount.mdx @@ -0,0 +1,12 @@ +--- +id: useronboarding-linkaccount +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/cloudngfw/api/aws/useronboarding-xaccountroles.mdx b/cloudngfw/api/aws/useronboarding-xaccountroles.mdx new file mode 100644 index 000000000..b14a45b0c --- /dev/null +++ b/cloudngfw/api/aws/useronboarding-xaccountroles.mdx @@ -0,0 +1,12 @@ +--- +id: useronboarding-xaccountroles +sidebar_label: Overview +hide_table_of_contents: True +hide_title: true +hide_sidebar: true +--- + +import useBaseUrl from "@docusaurus/useBaseUrl"; +import Redocusaurus from "@theme/Redocusaurus"; + + diff --git a/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml b/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml new file mode 100644 index 000000000..441d3e287 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml @@ -0,0 +1,200 @@ +components: + schemas: + AssociateGlobalRuleStackRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - RuleStackName + - AccountId + title: AssociateGlobalRuleStackRequest + type: object + AssociateGlobalRuleStackResponse: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + ResponseStatus: + $ref: '#/components/schemas/AssociateGlobalRuleStackResponse.Result' + RuleStackName: + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + title: AssociateGlobalRuleStackResponse + type: object + AssociateGlobalRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + AssociateRuleStackRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - RuleStackName + - AccountId + title: AssociateRuleStackRequest + type: object + AssociateRuleStackResponse: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + ResponseStatus: + $ref: '#/components/schemas/AssociateRuleStackResponse.Result' + RuleStackName: + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + title: AssociateRuleStackResponse + type: object + AssociateRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "There are two types of rulestacks:\n- **Local rulestack**-Consists\ + \ of local rules and manages them. A local account administrator can associate\ + \ local rulestacks to an NGFW in their AWS account.\n- **Global rulestack**-The\ + \ AWS Firewall Manager administrator can author a Firewall Manager Service (FMS)\ + \ policy and associate a global rulestack with it. AWS Firewall Manager manages\ + \ the global rulestack across all these NGFWs in different AWS accounts of an\ + \ AWS Organization. \n\nA global rulestack configures pre-rules and post-rules\ + \ on each NGFW. The AWS Firewall Manager administrator can author a FMS policy\ + \ and associate a global rulestack with it. AWS Firewall Manager manages the global\ + \ rulestack across all these NGFWs in different AWS accounts in the AWS Organization.\ + \ A global rulestack configures pre-rules and post-rules on each NGFW. \n\n>**Note:**\ + \ For FMS policy, there is no Local Firewall administrator. The local rulestack\ + \ administrator associates the local rulestacks to an NGFW. If the FMS service\ + \ handshake is successful, any local firewall administrator call must be disabled,\ + \ and the local rulestack administrator can associate the local rulestack to a\ + \ NGFW.\n\n### Permission Policies\n\n| Action | Local\ + \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ----------------------------- | :---------------------------: | :---------------------------:\ + \ | :----------------------------: | \n| Associate a Global Rulestack | ☐\ + \ | ☐ | **☑** \ + \ | \n| Associate a Local Rulestack | **☑**\ + \ | **☑** | ☐ \ + \ | \n\n>**Note:** The maximum local and global rulestacks you can create\ + \ per subscription is 10. \n" + title: Manage Association Rulestacks + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls/{ngfirewallname}/globalrulestack: + put: + description: 'Associate a global rulestack to a NGFW. + + ' + operationId: put-v1-config-ngfirewalls-ngfirewallname-globalrulestack + parameters: + - description: 'The name of the NGFW to which you want to associate the global + rulestack. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateGlobalRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateGlobalRuleStackResponse' + description: OK + summary: Associate a GlobalRuleStack + tags: + - AssociationRulestacks + /v1/config/ngfirewalls/{ngfirewallname}/rulestack: + put: + description: 'Associate a local rulestack to a NGFW. + + ' + operationId: put-v1-config-ngfirewalls-ngfirewallname-rulestack + parameters: + - description: 'The name of the NGFW to which you want to associate the local + rulestack. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateRuleStackResponse' + description: OK + summary: Associate a RuleStack + tags: + - AssociationRulestacks +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: AssociationRulestacks diff --git a/openapi-specs/cloudngfw/aws/CertificateObjects.yaml b/openapi-specs/cloudngfw/aws/CertificateObjects.yaml new file mode 100644 index 000000000..b176e998a --- /dev/null +++ b/openapi-specs/cloudngfw/aws/CertificateObjects.yaml @@ -0,0 +1,602 @@ +components: + schemas: + CreateCertificateObjectRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + CertificateSelfSigned: + default: false + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + maxLength: 512 + title: Description + type: string + Name: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + required: + - Name + title: CreateCertificateObjectRequest + type: object + CreateCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateCertificateObjectResponse.Result' + title: CreateCertificateObjectResponse + type: object + CreateCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + CreateCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/CreateCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteCertificateObjectRequest: + additionalProperties: false + properties: {} + title: DeleteCertificateObjectRequest + type: object + DeleteCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.Result' + title: DeleteCertificateObjectResponse + type: object + DeleteCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + DeleteCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeCertificateObjectRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + default: 100 + exclusiveMaximum: 101 + exclusiveMinimum: 0 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + Running: + default: false + title: Running + type: boolean + title: DescribeCertificateObjectRequest + type: object + DescribeCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.Result' + title: DescribeCertificateObjectResponse + type: object + DescribeCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + DescribeCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectCandidate: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails' + CertificateObjectRunning: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListCertificateObjectResponse.Result' + title: ListCertificateObjectResponse + type: object + ListCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectCandidate: + items: + type: string + title: Certificateobjectcandidate + type: array + CertificateObjectRunning: + items: + type: string + title: Certificateobjectrunning + type: array + CertificateObjectUncommitted: + items: + $ref: '#/components/schemas/ListCertificateObjectResponse.UncommittedCertificateObjectDetails' + title: Certificateobjectuncommitted + type: array + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCertificateObjectResponse.UncommittedCertificateObjectDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedCertificateObjectDetails + type: object + UpdateCertificateObjectRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + CertificateSelfSigned: + default: false + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + maxLength: 512 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: UpdateCertificateObjectRequest + type: object + UpdateCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.Result' + title: UpdateCertificateObjectResponse + type: object + UpdateCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + UpdateCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW uses certificates to access an intelligent feed and to\ + \ enable outbound decryption. These certificates are stored in the [AWS Secrets\ + \ Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).\ + \ \n\n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\ + | ----------------------------- | :--------------------------: | :---------------------------:\ + \ | :---------------------------: |\n| Create a Certificate Object | ☐\ + \ | **☑** | **☑** \ + \ |\n| Delete a Certificate Object | ☐ |\ + \ **☑** | **☑** | \ + \ \n| Update a Certificate Object | ☐ \ + \ | **☑** | **☑** | \n| Describe\ + \ a Certificate Object | **☑** | **☑** \ + \ | **☑** |\n| List Certificate Objects |\ + \ **☑** | **☑** | **☑** \ + \ |\n" + title: Manage Certificate Objects + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/certificates: + get: + description: 'Returns the list of certificate objects associated with the specified + rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-certificates + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListCertificateObjectResponse' + description: OK + summary: List CertificateObjects + tags: + - CertificateObjects + post: + description: 'Create a server certificate object for the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-certificates + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCertificateObjectResponse' + description: OK + summary: Create a CertificateObject + tags: + - CertificateObjects + /v1/config/rulestacks/{rulestackname}/certificates/{name}: + delete: + description: 'Delete a certificate object associated with the specified rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCertificateObjectResponse' + description: OK + summary: Delete a CertificateObject + tags: + - CertificateObjects + get: + description: "Returns the certificate object metadata associated with the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCertificateObjectResponse' + description: OK + summary: Describe a CertificateObject + tags: + - CertificateObjects + put: + description: 'Update the certificate object associated with the specified rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCertificateObjectResponse' + description: OK + summary: Update a CertificateObject + tags: + - CertificateObjects +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: CertificateObjects diff --git a/openapi-specs/cloudngfw/aws/FQDNList.yaml b/openapi-specs/cloudngfw/aws/FQDNList.yaml new file mode 100644 index 000000000..96d5efdfe --- /dev/null +++ b/openapi-specs/cloudngfw/aws/FQDNList.yaml @@ -0,0 +1,624 @@ +components: + schemas: + CreateFqdnListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + Name: + maxLength: 58 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + required: + - Name + - FqdnList + title: CreateFqdnListRequest + type: object + CreateFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateFqdnListResponse.Result' + title: CreateFqdnListResponse + type: object + CreateFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + CreateFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/CreateFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteFqdnListRequest: + additionalProperties: false + properties: {} + title: DeleteFqdnListRequest + type: object + DeleteFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteFqdnListResponse.Result' + title: DeleteFqdnListResponse + type: object + DeleteFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + DeleteFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/DeleteFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeFqdnListRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + Running: + default: false + title: Running + type: boolean + title: DescribeFqdnListRequest + type: object + DescribeFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeFqdnListResponse.Result' + title: DescribeFqdnListResponse + type: object + DescribeFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: FqdnListDetails + type: object + DescribeFqdnListResponse.FqdnListInfo: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: FqdnListInfo + type: object + DescribeFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListCandidate: + $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListDetails' + FqdnListRunning: + $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListInfo' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListFqdnListResponse.Result' + title: ListFqdnListResponse + type: object + ListFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListCandidate: + items: + type: string + title: Fqdnlistcandidate + type: array + FqdnListRunning: + items: + type: string + title: Fqdnlistrunning + type: array + FqdnListUncommitted: + items: + $ref: '#/components/schemas/ListFqdnListResponse.UncommittedFqdnListDetails' + title: Fqdnlistuncommitted + type: array + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFqdnListResponse.UncommittedFqdnListDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + operation: + title: Operation + type: string + required: + - Name + - operation + title: UncommittedFqdnListDetails + type: object + UpdateFqdnListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: UpdateFqdnListRequest + type: object + UpdateFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFqdnListResponse.Result' + title: UpdateFqdnListResponse + type: object + UpdateFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + UpdateFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/UpdateFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Address objects with type Fully Qualified Domain Name (FQDN). An FQDN\ + \ object provides further ease of use because DNS provides the FQDN resolution\ + \ to the IP addresses instead of you needing to know the IP addresses and manually\ + \ updating them every time the FQDN resolves to a new IP address.\n\nThese are\ + \ the following formats for FQDN. \n\n- Host names are composed of a sequence\ + \ of labels concatenated with dots\n- Each label must be from 1 to 63 characters\ + \ long\n- The entire host name, including the delimiting dots, has a maximum of\ + \ 253 ASCII characters\n- DNS names can contain only alphabetical characters (A-Z),\ + \ numeric characters (0-9), minus sign (-), and period (.) \n\nFor more information,\ + \ see [FQDN formats](https://en.wikipedia.org/wiki/Hostname).\n\n### Permission\ + \ Policies\n\n| Action | Local Firewall Administrator |\ + \ Local Rulestack Administrator | Global Rulestack Administrator |\n| ----------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Create FQDN List | ☐ | **☑**\ + \ | **☑** | \n| Delete FQDN List \ + \ | ☐ | **☑** |\ + \ **☑** | \n| Update FQDN List\ + \ | ☐ | **☑** \ + \ | **☑** | \n| List FQDN Lists | **☑**\ + \ | **☑** | **☑** \ + \ |\n| Describe FQDN List | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage FQDN List + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/fqdnlists: + get: + description: "Retrieve the information about the FDQN lists for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-fqdnlists + parameters: + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + - description: '' + in: query + name: describe + required: false + schema: + default: false + title: Describe + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListFqdnListResponse' + description: OK + summary: List FQDNLists + tags: + - FQDNList + post: + description: 'Create a FQDN list for a rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-fqdnlists + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFqdnListResponse' + description: OK + summary: Create a FQDNList + tags: + - FQDNList + /v1/config/rulestacks/{rulestackname}/fqdnlists/{name}: + delete: + description: "Delete the FDQN list associated with a rulestack. \n" + operationId: delete-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFqdnListResponse' + description: OK + summary: Delete a FQDNList + tags: + - FQDNList + get: + description: "Return the information the FDQN list associated with a rulestack.\ + \ \n" + operationId: get-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFqdnListResponse' + description: OK + summary: Describe a FQDNList + tags: + - FQDNList + put: + description: 'Update the FDQN list associated with a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFqdnListResponse' + description: OK + summary: Update a FQDNList + tags: + - FQDNList +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: FQDNList diff --git a/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml b/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml new file mode 100644 index 000000000..d207627a9 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml @@ -0,0 +1,412 @@ +components: + schemas: + DescribeFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.Result' + title: DescribeFileBlockingActionResponse + type: object + DescribeFileBlockingActionResponse.FileBlockingEntry: + additionalProperties: false + properties: + Action: + default: alert + enum: + - alert + - block + - continue + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + default: both + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FileBlockingEntry + type: object + DescribeFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingCandidate: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry' + FileBlockingRunning: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry' + FileType: + title: Filetype + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListFileBlockingActionResponse.Result' + title: ListFileBlockingActionResponse + type: object + ListFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingCandidate: + items: + type: string + title: Fileblockingcandidate + type: array + FileBlockingRunning: + items: + type: string + title: Fileblockingrunning + type: array + FileBlockingUncommitted: + items: + $ref: '#/components/schemas/ListFileBlockingActionResponse.UncommittedFileBlocking' + title: Fileblockinguncommitted + type: array + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFileBlockingActionResponse.UncommittedFileBlocking: + additionalProperties: false + properties: + Name: + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedFileBlocking + type: object + UpdateFileBlockingActionRequest: + additionalProperties: false + properties: + Action: + enum: + - alert + - block + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - Direction + - Action + title: UpdateFileBlockingActionRequest + type: object + UpdateFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.Result' + title: UpdateFileBlockingActionResponse + type: object + UpdateFileBlockingActionResponse.FileBlockingEntry: + additionalProperties: false + properties: + Action: + default: alert + enum: + - alert + - block + - continue + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + default: both + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FileBlockingEntry + type: object + UpdateFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingEntry: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.FileBlockingEntry' + FileType: + title: Filetype + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Allows you to identify specific file types that you want to block.\ + \ \n\n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\ + | ------------------------------- | :--------------------------: | :---------------------------:\ + \ | :---------------------------: |\n| Create a File Blocking Action | ☐\ + \ | **☑** | **☑** \ + \ | \n| Update a File Blocking Action | ☐ \ + \ | **☑** | **☑** | \ + \ \n| Delete a File Blocking Action | ☐ \ + \ | **☑** | **☑** | \n|\ + \ Describe a File Blocking Action | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage File Blocking Action + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes: + get: + description: 'Retrieves the metadata for the file blocking profile defined for + a specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + - description: '' + in: query + name: describe + required: false + schema: + default: false + title: Describe + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListFileBlockingActionResponse' + description: OK + summary: List File Blocking Actions + tags: + - FileBlockingAction + /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes/{type}: + get: + description: 'Use this command to return the data related to the file blocking + profile attached to a specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The type of file blocking action. + + ' + in: path + name: type + required: true + schema: + type: string + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse' + description: OK + summary: Describe File Blocking Action + tags: + - FileBlockingAction + put: + description: 'Update the file blocking profile to a specified rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The type of file blocking action. + + ' + in: path + name: type + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFileBlockingActionRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse' + description: OK + summary: Update File Blocking Action + tags: + - FileBlockingAction +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: FileBlockingAction diff --git a/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml b/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml new file mode 100644 index 000000000..8674828af --- /dev/null +++ b/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml @@ -0,0 +1,579 @@ +components: + schemas: + CreateIntelligentFeedRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + maxLength: 512 + title: Description + type: string + FeedURL: + maxLength: 255 + minLength: 1 + pattern: ^(http|https)://.+$ + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Name: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Time: + default: 3 + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + required: + - Name + - FeedURL + - Type + - Frequency + title: CreateIntelligentFeedRequest + type: object + CreateIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.Result' + title: CreateIntelligentFeedResponse + type: object + CreateIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + CreateIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteIntelligentFeedRequest: + additionalProperties: false + properties: {} + title: DeleteIntelligentFeedRequest + type: object + DeleteIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.Result' + title: DeleteIntelligentFeedResponse + type: object + DeleteIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + DeleteIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeIntelligentFeedRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + Running: + default: false + title: Running + type: boolean + title: DescribeIntelligentFeedRequest + type: object + DescribeIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.Result' + title: DescribeIntelligentFeedResponse + type: object + DescribeIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + DescribeIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedCandidate: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails' + FeedRunning: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateIntelligentFeedRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + maxLength: 512 + title: Description + type: string + FeedURL: + maxLength: 255 + minLength: 1 + pattern: ^(http|https)://.+$ + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + default: 3 + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - FeedURL + - Type + - Frequency + title: UpdateIntelligentFeedRequest + type: object + UpdateIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.Result' + title: UpdateIntelligentFeedResponse + type: object + UpdateIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + UpdateIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "An intelligent feed, also called an external dynamic list, is a list\ + \ that you or third-parties can host on an external web server. You can specify\ + \ the Intelligence Feed as the source or destination of your security rule. The\ + \ NGFW checks the hosted list at hourly or daily intervals, and enforces your\ + \ security rules based on the latest entries on your list, without requiring you\ + \ to make any configuration changes. \n\nFor more information about feeds, see\ + \ [EDL hosting service](https://docs.paloaltonetworks.com/resources/edl-hosting-service.html).\n\ + \n### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator|\n| ---------------------------\ + \ | :--------------------------: | :---------------------------: | :---------------------------:\ + \ |\n| Create Intelligent Feed | ☐ | **☑**\ + \ | **☑** |\n| Delete Intelligent Feed\ + \ | ☐ | **☑** | **☑**\ + \ | \n| Update Intelligent Feed |\ + \ ☐ | **☑** | **☑** \ + \ | \n| Describe Intelligent Feed | **☑** \ + \ | **☑** | **☑** |\n|\ + \ List Intelligent Feeds | **☑** | **☑** \ + \ | **☑** |\n" + title: Manage Intelligent Feed + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/feeds: + post: + description: 'Create intelligence feed to analyze threat data. + + ' + operationId: post-v1-config-rulestacks-rulestackname-feeds + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateIntelligentFeedResponse' + description: OK + summary: Create an IntelligentFeed + tags: + - IntelligentFeed + /v1/config/rulestacks/{rulestackname}/feeds/{name}: + delete: + description: 'Delete the threat intelligence feeds received for a specified + rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse' + description: OK + summary: Delete an IntelligentFeed + tags: + - IntelligentFeed + get: + description: "Returns the intelligence feed data collected for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse' + description: OK + summary: Describe an IntelligentFeed + tags: + - IntelligentFeed + put: + description: 'Update the threat intelligence feeds for a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse' + description: OK + summary: Update an IntelligentFeed + tags: + - IntelligentFeed +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: IntelligentFeed diff --git a/openapi-specs/cloudngfw/aws/LogProfile.yaml b/openapi-specs/cloudngfw/aws/LogProfile.yaml new file mode 100644 index 000000000..12402855e --- /dev/null +++ b/openapi-specs/cloudngfw/aws/LogProfile.yaml @@ -0,0 +1,232 @@ +components: + schemas: + ReadFWResourceLogProfileRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + required: + - AccountId + title: ReadFWResourceLogProfileRequest + type: object + ReadFWResourceLogProfileResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.Result' + title: ReadFWResourceLogProfileResponse + type: object + ReadFWResourceLogProfileResponse.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + ReadFWResourceLogProfileResponse.ResponseData: + properties: + AccountId: + title: Accountid + type: string + CloudWatchMetricNamespace: + title: Cloudwatchmetricnamespace + type: string + FirewallName: + title: Firewallname + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.LogProfileConfig' + title: Logdestinationconfigs + type: array + title: ResponseData + type: object + ReadFWResourceLogProfileResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateFWResourceLogProfileRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest.LogProfileConfig' + title: Logdestinationconfigs + type: array + required: + - LogDestinationConfigs + title: UpdateFWResourceLogProfileRequest + type: object + UpdateFWResourceLogProfileRequest.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + UpdateFWResourceLogProfileResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.Result' + title: UpdateFWResourceLogProfileResponse + type: object + UpdateFWResourceLogProfileResponse.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + UpdateFWResourceLogProfileResponse.ResponseData: + properties: + FirewallName: + title: Firewallname + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.LogProfileConfig' + title: Logdestinationconfigs + type: array + title: ResponseData + type: object + UpdateFWResourceLogProfileResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Log entries contain properties, activities, or behaviors associated\ + \ with the logged event, such as the application type or the IP address of an\ + \ attacker. \n\nCloud NGFW can captures threat, traffic, and decryption profiles.\ + \ For more information, see [Configure logging for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws).\n\ + \n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\ + \ | :----------------------------: |\n| Update Log Profile | **☑**\ + \ | ☐ | ☐ \ + \ |\n| Read Log Profile | **☑** |\ + \ **☑** | **☑** | \n" + title: Manage Log Profiles + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls/{ngfirewallname}/logprofile: + get: + description: 'Return the log destination of a specific NGFW. + + ' + operationId: get-v1-config-ngfirewalls-ngfirewallname-logprofile + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceLogProfileRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse' + description: OK + summary: Read logprofile config of a firewall + tags: + - LogProfile + put: + description: "Update the log destination of a specific NGFW. \n\n>The destination\ + \ is Fluentd, hence commit is not needed.\n" + operationId: put-v1-config-ngfirewalls-ngfirewallname-logprofile + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse' + description: OK + summary: Update logprofile config of a firewall + tags: + - LogProfile +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: LogProfile diff --git a/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml b/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml index 66642547d..11ff63582 100644 --- a/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml +++ b/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml @@ -1,55 +1,5 @@ components: schemas: - DeleteTokensRequest: - additionalProperties: false - properties: {} - title: DeleteTokensRequest - type: object - DeleteTokensResponse: - additionalProperties: false - properties: - Response: - $ref: '#/components/schemas/DeleteTokensResponse.ResponseData' - description: 'The API call response. - - ' - ResponseStatus: - $ref: '#/components/schemas/DeleteTokensResponse.Result' - description: 'The API call response status. - - ' - title: DeleteTokensResponse - type: object - DeleteTokensResponse.ResponseData: - additionalProperties: false - properties: - TokenId: - description: 'The unique ID of the token. - - ' - title: Tokenid - type: string - title: ResponseData - type: object - DeleteTokensResponse.Result: - additionalProperties: false - properties: - ErrorCode: - default: 0 - description: 'Default value of a successful response is 0. Any other number - indicates an error code. - - ' - title: Errorcode - type: integer - Reason: - description: 'The error description. - - ' - title: Reason - type: string - title: Result - type: object DescribeProgrammaticAccessRequest: additionalProperties: false properties: {} @@ -60,30 +10,17 @@ components: properties: Response: $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.Result' - description: 'The API call response status. - - ' title: DescribeProgrammaticAccessResponse type: object DescribeProgrammaticAccessResponse.ResponseData: additionalProperties: false properties: Enabled: - description: 'Describes whether programmatic access is enabled for your - account. - - ' title: Enabled type: boolean MaxExpiryTime: - description: 'The maximum expiry time of the token. - - ' maximum: 1440 minimum: 480 title: Maxexpirytime @@ -95,16 +32,9 @@ components: properties: ErrorCode: default: 0 - description: 'Default value of a successful response is 0. Any other number - indicates an error code. - - ' title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -114,9 +44,6 @@ components: properties: ExpiryTime: default: 30 - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime @@ -128,44 +55,25 @@ components: properties: Response: $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.Result' - description: 'The API call response status. - - ' title: GetCloudFirewallAdminTokensResponse type: object GetCloudFirewallAdminTokensResponse.ResponseData: additionalProperties: false properties: Enabled: - description: 'Describes whether programmatic access is enabled for your - account. - - ' title: Enabled type: boolean ExpiryTime: - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime type: integer SubscriptionKey: - description: 'Your subscription key. - - ' title: Subscriptionkey type: string TokenId: - description: 'The unique ID of the token. - - ' title: Tokenid type: string title: ResponseData @@ -175,16 +83,9 @@ components: properties: ErrorCode: default: 0 - description: 'Default value of a successful response is 0. Any other number - indicates an error code. - - ' title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -194,9 +95,6 @@ components: properties: ExpiryTime: default: 30 - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime @@ -208,44 +106,25 @@ components: properties: Response: $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.Result' - description: 'The API call response status. - - ' title: GetCloudGlobalRulestackAdminTokensResponse type: object GetCloudGlobalRulestackAdminTokensResponse.ResponseData: additionalProperties: false properties: Enabled: - description: 'Describes whether programmatic access is enabled for your - account. - - ' title: Enabled type: boolean ExpiryTime: - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime type: integer SubscriptionKey: - description: 'Your subscription key. - - ' title: Subscriptionkey type: string TokenId: - description: 'The unique ID of the token. - - ' title: Tokenid type: string title: ResponseData @@ -255,16 +134,9 @@ components: properties: ErrorCode: default: 0 - description: 'Default value of a successful response is 0. Any other number - indicates an error code. - - ' title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -274,9 +146,6 @@ components: properties: ExpiryTime: default: 30 - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime @@ -288,44 +157,25 @@ components: properties: Response: $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.Result' - description: 'The API call response status. - - ' title: GetCloudRulestackAdminTokensResponse type: object GetCloudRulestackAdminTokensResponse.ResponseData: additionalProperties: false properties: Enabled: - description: 'Describes whether programmatic access is enabled for your - account. - - ' title: Enabled type: boolean ExpiryTime: - description: 'The expiry time of the token. - - ' maximum: 1440 minimum: 5 title: Expirytime type: integer SubscriptionKey: - description: 'Your subscription key. - - ' title: Subscriptionkey type: string TokenId: - description: 'The unique ID of the token. - - ' title: Tokenid type: string title: ResponseData @@ -335,34 +185,26 @@ components: properties: ErrorCode: default: 0 - description: 'Default value of a successful response is 0. Any other number - indicates an error code. - - ' title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result type: object info: contact: {} - description: "Generate JSON Web Token (JWT) to get programmatic access to authenticate\ - \ API calls. For more information, see [Enable Programmatic Access for Cloud NGFW](/cloudngfw/aws/api).\ - \ For information about roles and permissions, see [Cloud NGFW roles and permissions](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/invite-users).\ - \ \n>**Note:** Cloud NGFW Programmatic access is disabled by default. \n" + description: 'Generate JSON Web Token (JWT) to get programmatic access and authenticate + API calls. + + ' title: Manage API Tokens version: 1.0.0 openapi: 3.0.3 paths: /v1/mgmt/tokens: get: - description: "Retrieve the programmatic access information of your account.\ - \ \n\n>This service is available for Tenant Admins only." + description: '' operationId: get-v1-mgmt-tokens parameters: [] requestBody: @@ -382,8 +224,7 @@ paths: - ManageAPITokens /v1/mgmt/tokens/cloudfirewalladmin: get: - description: "Fetch the JSON Web Token (JWT) to enable programmatic access for\ - \ a cloud firewall admin role. \n" + description: '' operationId: get-v1-mgmt-tokens-cloudfirewalladmin parameters: [] requestBody: @@ -403,10 +244,7 @@ paths: - ManageAPITokens /v1/mgmt/tokens/cloudglobalrulestackadmin: get: - description: 'Fetch the JSON Web Token (JWT) to enable programmatic access for - a cloud global rulestack admin role. - - ' + description: '' operationId: get-v1-mgmt-tokens-cloudglobalrulestackadmin parameters: [] requestBody: @@ -426,10 +264,7 @@ paths: - ManageAPITokens /v1/mgmt/tokens/cloudrulestackadmin: get: - description: 'Fetch the JSON Web Token (JWT) to enable programmatic access for - a cloud local rulestack admin role. - - ' + description: '' operationId: get-v1-mgmt-tokens-cloudrulestackadmin parameters: [] requestBody: @@ -447,35 +282,6 @@ paths: summary: Get programmatic access token for CloudRulestackAdmin tags: - ManageAPITokens - /v1/mgmt/tokens/{TokenId}: - delete: - description: "Revoke the JSON Web Token (JWT) used for programmatic access.\ - \ This is considered as logout. \n" - operationId: delete-v1-mgmt-tokens-TokenId - parameters: - - description: 'The unique ID of the token. - - ' - in: path - name: TokenId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/DeleteTokensRequest' - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/DeleteTokensResponse' - description: OK - summary: Delete programmatic access token - tags: - - ManageAPITokens servers: - url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com tags: diff --git a/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml b/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml index 56b415db7..c63fba374 100644 --- a/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml +++ b/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml @@ -5,7 +5,6 @@ components: properties: Action: default: none - description: "URL actions. \n" enum: - none - allow @@ -14,30 +13,18 @@ components: title: Action type: string AuditComment: - description: 'The URL category audit remarks. - - ' title: Auditcomment type: string Description: - description: 'A description of the rulestack. - - ' maxLength: 255 title: Description type: string Name: - description: 'Name of the rulestack. - - ' maxLength: 29 pattern: ^[a-zA-Z][0-9a-zA-Z-]*$ title: Name type: string UrlTargets: - description: 'Specify where the URL opens. - - ' items: maxLength: 255 type: string @@ -53,42 +40,27 @@ components: properties: Response: $ref: '#/components/schemas/CreateCustomURLCategoryResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/CreateCustomURLCategoryResponse.Result' - description: 'The API call response status. - - ' title: CreateCustomURLCategoryResponse type: object CreateCustomURLCategoryResponse.CustomURLCategory: additionalProperties: false properties: Action: - description: 'The custom URL action. - - ' title: Action type: string AuditComment: - description: "Audit remarks. \n" title: Auditcomment type: string Description: - description: "The custom URL description. \n" maxLength: 255 title: Description type: string UpdateToken: - description: 'Refresh token. - - ' title: Updatetoken type: string UrlTargets: - description: "Custom URL destination. \n" items: maxLength: 255 type: string @@ -103,15 +75,10 @@ components: properties: CustomURLEntry: $ref: '#/components/schemas/CreateCustomURLCategoryResponse.CustomURLCategory' - description: 'The custom URL entry. - - ' Name: - description: "Name of the custom URL entry. \n" title: Name type: string RuleStackName: - description: "Name of the rulestack. \n" title: Rulestackname type: string title: ResponseData @@ -121,21 +88,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\ - You do not have sufficient access to perform this action.\n\n500\u2014\ - Bad request \n* InternalServerError\u2014Your request is valid but Cloud\ - \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: "The error description. \n" title: Reason type: string title: Result @@ -158,28 +113,19 @@ components: additionalProperties: false properties: Action: - description: 'The custom URL action. - - ' title: Action type: string AuditComment: - description: "Audit remarks. \n" title: Auditcomment type: string Description: - description: "The custom URL description. \n" maxLength: 255 title: Description type: string UpdateToken: - description: 'Refresh token. - - ' title: Updatetoken type: string UrlTargets: - description: "Custom URL destination. \n" items: maxLength: 255 type: string @@ -194,15 +140,10 @@ components: properties: CustomURLEntry: $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.CustomURLCategory' - description: 'The custom URL entry. - - ' Name: - description: "Name of the custom URL entry. \n" title: Name type: string RuleStackName: - description: "Name of the rulestack. \n" title: Rulestackname type: string title: ResponseData @@ -212,23 +153,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\ - You do not have sufficient access to perform this action.\n\n500\u2014\ - Bad request \n* InternalServerError\u2014Your request is valid but Cloud\ - \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -238,44 +165,27 @@ components: properties: Response: $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.Result' - description: 'The API call response status. - - ' title: DescribeCustomURLCategoryResponse type: object DescribeCustomURLCategoryResponse.CustomURLCategory: additionalProperties: false properties: Action: - description: 'The custom URL action. - - ' title: Action type: string AuditComment: - description: "Audit remarks. \n" title: Auditcomment type: string Description: - description: "The custom URL description. \n" maxLength: 255 title: Description type: string UpdateToken: - description: 'Refresh token. - - ' title: Updatetoken type: string UrlTargets: - description: 'Custom URL destination. - - ' items: maxLength: 255 type: string @@ -290,13 +200,7 @@ components: properties: URLCategoryEntry: $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategory' - description: 'The custom URL category entry. - - ' operation: - description: 'Custom URL operation. - - ' enum: - add - update @@ -320,23 +224,15 @@ components: additionalProperties: false properties: Name: - description: "Name of the custom URL entry. \n" title: Name type: string RuleStackName: - description: "Name of the rulestack. \n" title: Rulestackname type: string URLCategoryCandidate: $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB' - description: 'The custom URL candidate. - - ' URLCategoryRunning: $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB' - description: 'The custom URLs on run state. - - ' title: ResponseData type: object DescribeCustomURLCategoryResponse.Result: @@ -344,21 +240,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ - \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\ - You do not have sufficient access to perform this action.\n\n500\u2014\ - Bad request \n* InternalServerError\u2014Your request is valid but Cloud\ - \ NGFW could not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -368,64 +252,37 @@ components: properties: Response: $ref: '#/components/schemas/ListCustomURLCategoriesResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/ListCustomURLCategoriesResponse.Result' - description: 'The API call response status. - - ' title: ListCustomURLCategoriesResponse type: object ListCustomURLCategoriesResponse.ResponseData: additionalProperties: false properties: CategoriesCandidate: - description: 'Custom URL category candidate. - - ' items: type: string title: Categoriescandidate type: array CategoriesPreDefined: - description: 'Predefined URL category candidate - - ' items: type: string title: Categoriespredefined type: array CategoriesRunning: - description: 'Custom URLs on run state. - - ' items: type: string title: Categoriesrunning type: array CategoriesUncommitted: - description: 'Uncommitted custom URLs. - - ' items: $ref: '#/components/schemas/ListCustomURLCategoriesResponse.UncommittedCategory' title: Categoriesuncommitted type: array NextToken: - description: 'If the number of custom URL categories available for retrieval - exceeds the maximum you requested, Cloud NGFW returns a NextToken value - in response. To retrieve the next batch of URLs, use this token in your - next request. - - ' title: Nexttoken type: string RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string title: ResponseData @@ -435,18 +292,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. \n" title: Reason type: string title: Result @@ -455,9 +303,6 @@ components: additionalProperties: false properties: Name: - description: 'Name of the custom URL category. - - ' title: Name type: string Operation: @@ -473,7 +318,6 @@ components: properties: Action: default: none - description: "URL actions. \n" enum: - none - allow @@ -482,28 +326,16 @@ components: title: Action type: string AuditComment: - description: 'The URL category audit remarks. - - ' title: Auditcomment type: string Description: - description: 'A description of the rulestack. - - ' maxLength: 255 title: Description type: string UpdateToken: - description: 'Refresh the token. - - ' title: Updatetoken type: string UrlTargets: - description: 'Specify where the URL opens. - - ' items: maxLength: 255 type: string @@ -526,28 +358,19 @@ components: additionalProperties: false properties: Action: - description: 'The custom URL action. - - ' title: Action type: string AuditComment: - description: "Audit remarks. \n" title: Auditcomment type: string Description: - description: "The custom URL description. \n" maxLength: 255 title: Description type: string UpdateToken: - description: 'Refresh token. - - ' title: Updatetoken type: string UrlTargets: - description: "Custom URL destination. \n" items: maxLength: 255 type: string @@ -562,15 +385,10 @@ components: properties: CustomURLEntry: $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.CustomURLCategory' - description: 'The custom URL entry. - - ' Name: - description: "Name of the custom URL entry. \n" title: Name type: string RuleStackName: - description: "Name of the rulestack. \n" title: Rulestackname type: string title: ResponseData @@ -580,45 +398,45 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\ - You do not have sufficient access to perform this action.\n\n500\u2014\ - Bad request \n* InternalServerError\u2014Your request is valid but Cloud\ - \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result type: object info: contact: {} - description: "You can use the custom URL categories as a security policy match criteria.\ - \ You can specify your own URL filtering categories using a customer URL category\ - \ object. For example, create a custom list of URLs that you want to use as match\ - \ criteria in a Security policy rule.\n\nPalo Alto Networks provides a set of\ - \ predefined URL filtering categories. Refer the following links for more information.\n\ - - [Complete List of PAN-DB URL Filtering Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\ + description: "Palo Alto Networks provides a set of predefined URL filtering categories.\ + \ \nYou can also specify your own URL filtering categories using a customer URL\ + \ category object. For example, create a custom list of URLs that you want to\ + \ use as match criteria in a Security policy rule. \nYou can use the custom URL\ + \ categories as a security policy match criteria. \n\nFor more information, refer\ + \ to the following links.\n- [Where Can I Find a Complete List of PAN-DB URL Filtering\ + \ Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\ - [Palo Alto Networks URL filtering](https://urlfiltering.paloaltonetworks.com/)\n\ - [Create a custom URL category for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/cloud-ngfw-security-rule-objects/create-a-custom-url-category-for-cloud-ngfw-on-aws)\n\ - \ \n" + \n### Permission Policies\n\n| Action | Local\ + \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| -------------------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ Custom URL Category | ☐ | **☑**\ + \ | **☑** | \n| Delete Custom URL Category\ + \ | ☐ | **☑** \ + \ | **☑** | \n| Update Custom\ + \ URL Category | ☐ | **☑** \ + \ | **☑** | \n| Describe Custom URL Category\ + \ | **☑** | **☑** |\ + \ **☑** |\n| List Custom URL Categories |\ + \ **☑** | **☑** | **☑**\ + \ |\n" title: Manage Custom URL Categories version: 1.0.0 openapi: 3.0.3 paths: /v1/config/rulestacks/{rulestackname}/urlcustomcategories: get: - description: 'Retrieve the data of the custom URL categories for a specified + description: 'Retrieve the data of the custom URL categories of a specified rulestack. ' @@ -632,21 +450,14 @@ paths: required: true schema: type: string - - description: 'If the number of custom URL categories available for retrieval - exceeds the maximum you requested, Cloud NGFW returns a NextToken value - in response. To retrieve the next batch of URLs, use this token in your - next request. - - ' + - description: '' in: query name: nexttoken required: false schema: title: Nexttoken type: string - - description: 'Rulestack candidate. - - ' + - description: '' in: query name: candidate required: false @@ -654,9 +465,7 @@ paths: default: true title: Candidate type: boolean - - description: 'Rulestacks in run state. - - ' + - description: '' in: query name: running required: false @@ -664,9 +473,7 @@ paths: default: false title: Running type: boolean - - description: 'Uncommitted rulestacks. - - ' + - description: '' in: query name: uncommitted required: false @@ -674,10 +481,7 @@ paths: default: false title: Uncommitted type: boolean - - description: 'The maximum number of custom URL categories you want Cloud NGFW - to return for this request. - - ' + - description: '' in: query name: maxresults required: false @@ -787,9 +591,7 @@ paths: required: true schema: type: string - - description: 'Rulestacks in run state. - - ' + - description: '' in: query name: running required: false @@ -797,9 +599,7 @@ paths: default: true title: Running type: boolean - - description: 'Rulestack candidate. - - ' + - description: '' in: query name: candidate required: false diff --git a/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml b/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml new file mode 100644 index 000000000..f0513e30c --- /dev/null +++ b/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml @@ -0,0 +1,3312 @@ +components: + schemas: + model.CloudwatchMetrics: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + required: + - AccountId + - CloudWatchMetricNamespace + type: object + model.EgressNATConfig: + properties: + Enabled: + type: boolean + Settings: + $ref: '#/components/schemas/model.EgressNATSettings' + type: object + model.EgressNATSettings: + properties: + IPAMPoolId: + type: string + IPPoolType: + enum: + - AWSService + - BYOIP + type: string + type: object + model.EndpointConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + EgressNATEnabled: + type: boolean + EndpointId: + type: string + Mode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Prefixes: + $ref: '#/components/schemas/model.PrefixInfo' + RejectedReason: + type: string + Status: + enum: + - Pending + - Accepted + - Rejected + - Created + - Creating + - Deleting + type: string + SubnetId: + type: string + VpcId: + type: string + ZoneId: + type: string + required: + - Mode + type: object + model.FirewallRoles: + properties: + EndpointRole: + type: string + LoggingRole: + type: string + type: object + model.GWLBConfig: + properties: + DeregistrationDelay: + default: 300 + type: integer + RejectedFlowCountAlertThreshold: + default: 10 + type: integer + RejectedFlowCountTCPAlertThreshold: + default: 10 + type: integer + SessionRebalanceEnabled: + default: false + description: Omitempty skips creation of the field when false + type: boolean + TCPIdleTimeout: + default: 350 + type: integer + type: object + model.Ipv6Config: + properties: + Enabled: + type: boolean + type: object + model.LogConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + LogDestination: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + items: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + type: array + RoleType: + enum: + - ResourceBased + - IamBased + type: string + required: + - LogDestination + - LogDestinationType + - LogType + - RoleType + type: object + model.Notification: + properties: + ExpiryTime: + type: integer + Id: + type: string + Link: + $ref: '#/components/schemas/model.NotificationLink' + Msg: + type: string + type: object + model.NotificationLink: + properties: + Target: + type: string + Text: + type: string + type: object + model.PrefixConfig: + properties: + Cidrs: + items: + type: string + type: array + type: object + model.PrefixInfo: + properties: + PrivatePrefix: + $ref: '#/components/schemas/model.PrefixConfig' + PublicPrefix: + $ref: '#/components/schemas/model.PrefixConfig' + type: object + model.PrivateAccessConfig: + properties: + ResourceID: + type: string + Type: + enum: + - NetworkLoadBalancer + type: string + type: object + model.PublicIP: + properties: + IPAddress: + type: string + IPSource: + type: string + IPStatus: + type: string + type: object + model.ResourceStatus: + properties: + DeviceRuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + DeviceRuleStackCommitState: + enum: + - Submitted + - None + type: string + DeviceRuleStackCommitStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + FailureReason: + type: string + FirewallStatus: + enum: + - CREATING + - UPDATING + - DELETING + - CREATE_COMPLETE + - UPDATE_COMPLETE + - CREATE_FAIL + - UPDATE_FAIL + - DELETE_FAIL + - DELETE_COMPLETE + type: string + GlobalRuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + GlobalRuleStackStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + PublicIPs: + items: + $ref: '#/components/schemas/model.PublicIP' + type: array + RuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + RuleStackStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + SCMAssocStatus: + type: boolean + type: object + model.RuleStackCommitData: + properties: + CommitMessages: + items: + type: string + type: array + CommitTS: + type: string + type: object + model.RuleStackRoles: + properties: + DecryptionRole: + type: string + NetworkMonitoringRole: + type: string + type: object + model.SubnetMapping: + properties: + AvailabilityZone: + type: string + AvailabilityZoneId: + type: string + SubnetId: + type: string + type: object + model.TagEntry: + properties: + Key: + maxLength: 128 + minLength: 1 + type: string + Value: + maxLength: 256 + minLength: 1 + type: string + type: object + model.UserIDConfig: + properties: + AgentName: + type: string + CFTURLLink: + type: string + CollectorName: + type: string + CustomIncludeExcludeNetwork: + items: + $ref: '#/components/schemas/model.UserIDCustomSubnetFilter' + type: array + Enabled: + type: boolean + EndpointDNS: + type: string + Port: + type: integer + SecretKeyARN: + type: string + UserIDStatus: + enum: + - EndpointPending + - EndpointFail + - CommitFail + - Enabled + - Disabled + - DisablePending + - UpdatePending + - UpdateFail + type: string + type: object + model.UserIDCustomSubnetFilter: + properties: + DiscoveryInclude: + type: boolean + Enabled: + type: boolean + Name: + type: string + NetworkAddress: + type: string + type: object + response.ResponseStatus: + properties: + ErrorCode: + type: integer + Reason: + type: string + type: object + v1.AssociateRuleStackAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + - RuleStackName + type: object + v1.AssociateRuleStackAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.AssociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.AssociateRuleStackResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + - RuleStackName + type: object + v1.CreateFirewallAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + MultiVpcEnable: + type: boolean + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + VpcId: + type: string + required: + - AccountId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + type: object + v1.CreateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.CreateFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.CreateFirewallAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + required: + - AccountId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + type: object + v1.DeleteFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.FirewallResource' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.DeleteTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + TagKeys: + items: + maxLength: 128 + type: string + maxItems: 128 + type: array + required: + - FirewallName + - TagKeys + type: object + v1.DeleteTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.DeleteTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.DeleteTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + TagKeys: + items: + maxLength: 128 + type: string + maxItems: 128 + type: array + required: + - FirewallName + - TagKeys + type: object + v1.Features: + properties: + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + UserID: + $ref: '#/components/schemas/v2.UserIDRequest' + type: object + v1.FirewallInfo: + properties: + AccountId: + type: string + FirewallName: + type: string + type: object + v1.FirewallResource: + properties: + AccountId: + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + type: object + v1.ListFirewallsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ListFirewallsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ListFirewallsResponse: + properties: + Firewalls: + items: + $ref: '#/components/schemas/v1.FirewallInfo' + type: array + FirewallsDescribe: + items: + $ref: '#/components/schemas/v1.ReadFirewallResponse' + type: array + NextToken: + type: string + type: object + v1.ListTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + required: + - FirewallName + type: object + v1.ListTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ListTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ListTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + type: object + v1.LogDestinationConfig: + properties: + LogDestination: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + required: + - LogDestination + - LogDestinationType + - LogType + type: object + v1.ReadFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ReadFirewallResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ReadFirewallResource: + properties: + AccountId: + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + type: string + EndpointServiceName: + type: string + FirewallId: + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + Notifications: + items: + $ref: '#/components/schemas/model.Notification' + type: array + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + type: object + v1.ReadFirewallResponse: + properties: + Firewall: + $ref: '#/components/schemas/v1.ReadFirewallResource' + Status: + $ref: '#/components/schemas/model.ResourceStatus' + type: object + v1.ReadLogProfileAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + required: + - FirewallName + type: object + v1.ReadLogProfileAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ReadLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ReadLogProfileResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallId: + type: string + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateContentVersionAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + FirewallName: + type: string + required: + - FirewallName + type: object + v1.UpdateContentVersionAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateContentVersionResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateContentVersionResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + FirewallName: + type: string + required: + - FirewallName + type: object + v1.UpdateDescriptionAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - Description + - FirewallName + type: object + v1.UpdateDescriptionAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateDescriptionResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateDescriptionResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - Description + - FirewallName + type: object + v1.UpdateFeaturesAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Features: + $ref: '#/components/schemas/v1.Features' + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateFeaturesAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateFeaturesAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Features: + $ref: '#/components/schemas/v1.Features' + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateLogProfileAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateLogProfileAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateLogProfileResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallId: + type: string + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateSubnetMappingsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AssociateSubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + DisassociateSubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + FirewallName: + type: string + MultiVpcEnable: + type: boolean + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateSubnetMappingsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateSubnetMappingsAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + MultiVpcEnable: + type: boolean + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + - Tags + type: object + v1.UpdateTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + type: object + v2.AccountDetails: + properties: + AccountId: + type: string + CloudFormationTemplateURL: + type: string + ExternalId: + type: string + OnboardingStatus: + type: string + PrimaryAccount: + type: boolean + ServiceAccountId: + type: string + SnsTopicArn: + type: string + UpdateToken: + type: string + type: object + v2.AssociateLinkInput: + properties: + LinkId: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - LinkId + - UpdateToken + type: object + v2.AssociateLinkOutput: + properties: + Response: + $ref: '#/components/schemas/v2.AssociateLinkResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.AssociateLinkResponse: + properties: + FirewallId: + type: string + LinkId: + type: string + LinkStatus: + enum: + - Active + - Updating + type: string + UpdateToken: + maxLength: 1024 + type: string + required: + - FirewallId + - LinkId + - UpdateToken + type: object + v2.AssociateRuleStackInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - RuleStackName + - UpdateToken + type: object + v2.AssociateRuleStackOutput: + properties: + Response: + $ref: '#/components/schemas/v2.AssociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.AssociateRuleStackResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallId + - RuleStackName + - UpdateToken + type: object + v2.CreateFirewallAPIInput: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - CustomerZoneIdList + type: object + v2.CreateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.CreateFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.CreateFirewallAPIResponse: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + FirewallId: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + required: + - CustomerZoneIdList + type: object + v2.CreateLinkAccountAPIInput: + properties: + AWSMarketplaceToken: + type: string + AccountId: + maxLength: 12 + minLength: 12 + type: string + AgreementId: + type: string + EnableCFTRoleURLCreation: + type: boolean + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Existing: + type: boolean + OnboardingRegion: + type: string + Origin: + default: CloudNGFWConsole + enum: + - AWSMarketplace + - CloudNGFWConsole + - ProgrammaticAccess + type: string + ProductId: + type: string + type: object + v2.CreateLinkAccountAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.CreateLinkAccountAPIResponse: + properties: + AccountId: + type: string + CFTRoleURL: + type: string + EndpointMode: + type: string + Existing: + type: boolean + ExternalId: + type: string + Origin: + type: string + SNSTopicArn: + type: string + SecretsToken: + type: string + ServiceAccountId: + type: string + type: object + v2.DeleteFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DeleteFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DeleteFirewallAPIResponse: + properties: + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + FirewallStatus: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.DeleteLinkAccountAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + required: + - AccountId + type: object + v2.DeleteLinkAccountAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DeleteLinkAccountResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DeleteLinkAccountResponse: + properties: + AccountId: + type: string + ExternalId: + type: string + Organization: + type: string + type: object + v2.DisassociateLinkInput: + properties: + LinkId: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - LinkId + - UpdateToken + type: object + v2.DisassociateLinkOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DisassociateLinkResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DisassociateLinkResponse: + properties: + FirewallId: + type: string + LinkStatus: + enum: + - Active + - Updating + type: string + UpdateToken: + type: string + required: + - FirewallId + - UpdateToken + type: object + v2.DisassociateRuleStackInput: + properties: + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - UpdateToken + type: object + v2.DisassociateRuleStackOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DisassociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DisassociateRuleStackResponse: + properties: + FirewallId: + type: string + RuleStackName: + maxLength: 128 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallId + - UpdateToken + type: object + v2.EndpointRequest: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + EgressNATEnabled: + type: boolean + EndpointId: + type: string + Mode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Prefixes: + $ref: '#/components/schemas/model.PrefixInfo' + SubnetId: + type: string + VpcId: + type: string + ZoneId: + type: string + required: + - Mode + type: object + v2.FirewallInfo: + properties: + FirewallId: + type: string + Region: + type: string + type: object + v2.FirewallInfoDescribe: + properties: + Firewall: + $ref: '#/components/schemas/v2.ReadFirewallResource' + Status: + $ref: '#/components/schemas/model.ResourceStatus' + type: object + v2.ListFirewallsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ListFirewallsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ListFirewallsResponse: + properties: + Firewalls: + items: + $ref: '#/components/schemas/v2.FirewallInfo' + type: array + FirewallsDescribe: + items: + $ref: '#/components/schemas/v2.FirewallInfoDescribe' + type: array + NextToken: + type: string + type: object + v2.ListLinkAccountXaccountDetails: + properties: + AccountId: + type: string + AllowedMode: + type: string + CloudTrailRole: + type: string + DefaultRole: + type: string + Firewall: + $ref: '#/components/schemas/model.FirewallRoles' + RuleStack: + $ref: '#/components/schemas/model.RuleStackRoles' + type: object + v2.ListLinkAccountsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ListLinkAccountsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ListLinkAccountsResponse: + properties: + AccountDetails: + items: + $ref: '#/components/schemas/v2.AccountDetails' + type: array + AccountIds: + items: + type: string + type: array + MpRegion: + type: string + NextToken: + type: string + XAccountDetails: + items: + $ref: '#/components/schemas/v2.ListLinkAccountXaccountDetails' + type: array + type: object + v2.ReadFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.FirewallInfoDescribe' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ReadFirewallResource: + properties: + AdvancedThreatLog: + type: boolean + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + type: string + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointServiceName: + type: string + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + LinkStatus: + type: string + LogConfig: + $ref: '#/components/schemas/v2.ReadLogConfig' + Notifications: + items: + $ref: '#/components/schemas/model.Notification' + type: array + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Region: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.ReadLogConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + LogDestination: + type: string + LogDestinationRegion: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + items: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + type: array + RoleType: + enum: + - ResourceBased + - IamBased + type: string + required: + - LogDestination + - LogDestinationType + - LogType + - RoleType + type: object + v2.ReadLogProfileInput: + type: object + v2.ReadLogProfileOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ReadLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ReadLogProfileResponse: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + FirewallId: + type: string + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + Region: + type: string + UpdateToken: + type: string + type: object + v2.UpdateFirewallAPIInput: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + maxLength: 1024 + minLength: 1 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/v2.EndpointRequest' + type: array + GwlbTcpIdleTimeout: + maximum: 3600 + minimum: 0 + type: integer + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + UserID: + $ref: '#/components/schemas/v2.UserIDRequest' + required: + - DeploymentUpdateToken + - UpdateToken + type: object + v2.UpdateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.UpdateResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.UpdateLogProfileInput: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + type: object + v2.UpdateLogProfileOutput: + properties: + Response: + $ref: '#/components/schemas/v2.UpdateLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.UpdateLogProfileResponse: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + FirewallId: + type: string + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + Region: + type: string + UpdateToken: + type: string + type: object + v2.UpdateResponse: + properties: + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + type: string + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + GwlbTcpIdleTimeout: + maximum: 3600 + minimum: 0 + type: integer + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Region: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.UserIDRequest: + properties: + AgentName: + type: string + CollectorName: + type: string + CustomIncludeExcludeNetwork: + items: + $ref: '#/components/schemas/model.UserIDCustomSubnetFilter' + type: array + Enabled: + type: boolean + Port: + type: integer + SecretKeyARN: + type: string + type: object +info: + contact: {} + description: "The V2 API provides enhanced operations for managing Cloud NGFW resources.\ + \ This version introduces new features and improvements for firewall management,\ + \ including support for managing firewalls by ID and name, content version updates,\ + \ and feature management.\n\n### Key Features\n\n- Manage firewalls by firewall\ + \ ID or firewall name\n- Update firewall content versions\n- Configure firewall\ + \ features \n- Link firewalls across accounts\n- Enhanced log profile and rulestack\ + \ management\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global\ + \ Rulestack Administrator |\n| -------------------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create/Delete\ + \ Firewall | **☑** | ☐ \ + \ | ☐ |\n| Update Firewall \ + \ | **☑** | ☐ \ + \ | ☐ |\n| Manage Firewall Features \ + \ | **☑** | ☐ | ☐\ + \ |\n| Link Accounts | **☑**\ + \ | ☐ | ☐ \ + \ |\n" + title: Manage Cloud NGFW (V2) + version: 1.0.0 +openapi: 3.0.3 +paths: + /v2/linkaccounts: + delete: + description: 'Delete a link account from V2 API configuration. + + ' + operationId: delete-v2-linkaccounts + parameters: + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput' + description: Bad Request + summary: delete linkaccounts + tags: + - ManageNGFW-V2 + get: + description: 'List all link accounts configured for V2 API. + + ' + operationId: get-v2-linkaccounts + parameters: + - description: Max results + in: query + name: maxresults + schema: + type: string + - description: describe the Accounts + in: query + name: describe + schema: + type: string + - description: Next token + in: query + name: nexttoken + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput' + description: Bad Request + summary: list linkaccounts + tags: + - ManageNGFW-V2 + post: + description: 'Create a new link account for V2 API access. + + ' + operationId: post-v2-linkaccounts + parameters: + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput' + description: Bad Request + summary: create linkaccounts + tags: + - ManageNGFW-V2 + /v2/ngfirewalls: + get: + description: 'List all Cloud NGFW resources in your account using V2 API. + + ' + operationId: get-v2-ngfirewalls + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Max results + in: query + name: maxresults + schema: + type: string + - description: describe the FW + in: query + name: describe + schema: + type: string + - description: Next token + in: query + name: nexttoken + schema: + type: string + - description: rulestack name + in: query + name: rulestackname + schema: + type: string + - description: global rulestack name + in: query + name: globalrulestackname + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListFirewallsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListFirewallsAPIOutput' + description: Bad Request + summary: list ngfirewalls + tags: + - ManageNGFW-V2 + post: + description: 'Create a new Cloud NGFW resource using V2 API. + + ' + operationId: post-v2-ngfirewalls + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIOutput' + description: Bad Request + summary: create ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/: + get: + description: 'Alternative endpoint to list all Cloud NGFW resources. + + ' + operationId: get-v2-ngfirewalls- + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListFirewallsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListFirewallsAPIOutput' + description: Bad Request + summary: v1 list firewalls + tags: + - ManageNGFW-V2 + post: + description: 'Alternative endpoint to create a new Cloud NGFW resource. + + ' + operationId: post-v2-ngfirewalls- + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIOutput' + description: Bad Request + summary: v1 create ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}: + delete: + description: 'Delete a specific firewall by firewall ID. + + ' + operationId: delete-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: 'The unique identifier of the firewall. + + ' + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput' + description: Bad Request + summary: delete ngfirewall + tags: + - ManageNGFW-V2 + get: + description: 'Retrieve details of a specific firewall by firewall ID. + + ' + operationId: get-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: 'The unique identifier of the firewall. + + ' + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadFirewallAPIOutput' + description: Bad Request + summary: read ngfirewall + tags: + - ManageNGFW-V2 + patch: + description: update ngfirewall + operationId: patch-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput' + description: Bad Request + summary: update ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/link: + delete: + description: disassociate fw link + operationId: delete-v2-ngfirewalls-firewallid-link + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkOutput' + description: Bad Request + summary: disassociate fw link + tags: + - ManageNGFW-V2 + post: + description: associate fw link + operationId: post-v2-ngfirewalls-firewallid-link + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkOutput' + description: Bad Request + summary: associate fw link + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/logprofile: + get: + description: read logprofile + operationId: get-v2-ngfirewalls-firewallid-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileOutput' + description: Bad Request + summary: read logprofile + tags: + - ManageNGFW-V2 + post: + description: update logprofile + operationId: post-v2-ngfirewalls-firewallid-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileOutput' + description: Bad Request + summary: update logprofile + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/rulestack: + delete: + description: disassociate rulestack + operationId: delete-v2-ngfirewalls-firewallid-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackOutput' + description: Bad Request + summary: disassociate rulestack + tags: + - ManageNGFW-V2 + post: + description: associate rulestack + operationId: post-v2-ngfirewalls-firewallid-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackOutput' + description: Bad Request + summary: associate rulestack + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}: + delete: + description: v1 delete firewall + operationId: delete-v2-ngfirewalls-firewallname + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput' + description: Bad Request + summary: v1 delete firewall + tags: + - ManageNGFW-V2 + get: + description: 'Retrieve details of a specific firewall by firewall name. + + ' + operationId: get-v2-ngfirewalls-firewallname + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadFirewallAPIOutput' + description: Bad Request + summary: v1 read firewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/contentversion: + put: + description: 'Update the content version for a firewall by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-contentversion + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput' + description: Bad Request + summary: v1 update content version + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/description: + put: + description: 'Update the description of a firewall by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-description + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput' + description: Bad Request + summary: v1 update description + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/features: + put: + description: 'Configure firewall features by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-features + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput' + description: Bad Request + summary: v1 update features + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/logprofile: + get: + description: v1 read logprofile + operationId: get-v2-ngfirewalls-firewallname-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: account id + in: query + name: accountid + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput' + description: Bad Request + summary: v1 read logprofile + tags: + - ManageNGFW-V2 + post: + description: v1 update logprofile + operationId: post-v2-ngfirewalls-firewallname-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput' + description: Bad Request + summary: v1 update logprofile + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/rulestack: + post: + description: v1 associate rulestack + operationId: post-v2-ngfirewalls-firewallname-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput' + description: Bad Request + summary: v1 associate rulestack + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/subnets: + post: + description: v1 update subnet mappings + operationId: post-v2-ngfirewalls-firewallname-subnets + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput' + description: Bad Request + summary: v1 update subnet mappings + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/tags: + delete: + description: 'Remove tags from a firewall by firewall name. + + ' + operationId: delete-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIOutput' + description: Bad Request + summary: v1 delete tags + tags: + - ManageNGFW-V2 + get: + description: 'List tags for a firewall by firewall name. + + ' + operationId: get-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIOutput' + description: Bad Request + summary: v1 list tags + tags: + - ManageNGFW-V2 + post: + description: 'Add tags to a firewall by firewall name. + + ' + operationId: post-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIOutput' + description: Bad Request + summary: v1 update tags + tags: + - ManageNGFW-V2 +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageNGFW-V2 diff --git a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml index 9a0db2f75..b3c713bd2 100644 --- a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml +++ b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml @@ -4,102 +4,59 @@ components: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string Description: - description: "Description of the NGFW. - - " maxLength: 512 pattern: ^.*$ title: Description type: string - LinkId: - description: "A unique identifier for establishing and managing the link between the Cloud NGFW and other AWS resources" - title: LinkId - type: string EndpointMode: - description: - "The management mode used to create endpoints automatically - or manually. - - " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. - - " maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ title: Firewallname type: string GlobalRuleStackName: - description: "Name of the global rulestack. - - " title: Globalrulestackname type: string RuleStackName: - description: "Name of the local rulestack. - - " title: Rulestackname type: string SubnetMappings: - description: - "The public subnets for your NGFW. Each subnet must belong - to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint - in each subnet. - - " items: - $ref: "#/components/schemas/CreateFWResourceRequest.SubnetMappingsType" + $ref: '#/components/schemas/CreateFWResourceRequest.SubnetMappingsType' title: Subnetmappings type: array Tags: - description: "The key:value pairs to associate with a resource. - - " items: - $ref: "#/components/schemas/CreateFWResourceRequest.TagEntry" + $ref: '#/components/schemas/CreateFWResourceRequest.TagEntry' maxItems: 50 title: Tags type: array VpcId: - description: - "The unique identifier of the VPCs that you want NGFW to retrieve.\ - \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: CreateFWResourceRequest type: object CreateFWResourceRequest.SubnetMappingsType: additionalProperties: false properties: AvailabilityZone: - description: - "The data center in a region available for use by the AWS customer. - - " title: Availabilityzone type: string SubnetId: - description: "The unique ID of the subnet in your VPC. - - " title: Subnetid type: string title: SubnetMappingsType @@ -108,52 +65,30 @@ components: additionalProperties: false properties: Key: - description: - "A unique identifier in the key-value pair. The constant that - defines the data set. - - . - - " title: Key type: string Value: - description: "The variable that belongs to the data set. - - " title: Value type: string required: - - Key - - Value + - Key + - Value title: TagEntry type: object CreateFWResourceResponse: properties: Response: - $ref: "#/components/schemas/CreateFWResourceResponse.FirewallResource" - description: "The API call response. - - " + $ref: '#/components/schemas/CreateFWResourceResponse.FirewallResource' ResponseStatus: - $ref: "#/components/schemas/CreateFWResourceResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/CreateFWResourceResponse.Result' title: CreateFWResourceResponse type: object CreateFWResourceResponse.FirewallResource: properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string AppIdVersion: - description: "The App-ID version of the specified application. - - " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -161,89 +96,51 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: - "Specify whether to automatically upgrade to the latest App-ID - version. - - " title: Automaticupgradeappidversion type: boolean - LinkId: - title: LinkId - type: string Description: - description: "Description of the NGFW. - - " title: Description type: string EndpointMode: - description: - "The management mode used to create endpoints automatically - or manually. - - " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. \n" maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ title: Firewallname type: string GlobalRuleStackName: - description: "Name of the global rulestack. - - " title: Globalrulestackname type: string RuleStackName: - description: "Name of the local rulestack. - - " title: Rulestackname type: string SubnetMappings: - description: - "The public subnets for your NGFW. Each subnet must belong - to a different Availability Zone (AZ) in the VPC. NGFW creates an NGFW - endpoint in each subnet. - - " items: type: object title: Subnetmappings type: array Tags: - description: "The key:value pairs to associate with a resource. - - " items: type: object title: Tags type: array UpdateToken: - default: "1" - description: "Refresh token. - - " + default: '1' title: Updatetoken type: string VpcId: - description: - "The unique identifier of the VPCs that you want NGFW to retrieve.\ - \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: FirewallResource type: object CreateFWResourceResponse.Result: @@ -251,24 +148,9 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\ - \ failed due to throttling limitations. \n\n500\u2014Bad request\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n\ - * InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. - - " title: Reason type: string title: Result @@ -277,9 +159,6 @@ components: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string title: DeleteFWResourceRequest @@ -287,29 +166,17 @@ components: DeleteFWResourceResponse: properties: Response: - $ref: "#/components/schemas/DeleteFWResourceResponse.FirewallResource" - description: "The API call response. - - " + $ref: '#/components/schemas/DeleteFWResourceResponse.FirewallResource' ResponseStatus: - $ref: "#/components/schemas/DeleteFWResourceResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/DeleteFWResourceResponse.Result' title: DeleteFWResourceResponse type: object DeleteFWResourceResponse.FirewallResource: properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string AppIdVersion: - description: "The App-ID version of the specified application. - - " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -317,86 +184,51 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: - "Specify whether to automatically upgrade to the latest App-ID - version. - - " title: Automaticupgradeappidversion type: boolean Description: - description: "Description of the NGFW. - - " title: Description type: string EndpointMode: - description: - "The management mode used to create endpoints automatically - or manually. - - " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. \n" maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ title: Firewallname type: string GlobalRuleStackName: - description: "Name of the global rulestack. - - " title: Globalrulestackname type: string RuleStackName: - description: "Name of the local rulestack. - - " title: Rulestackname type: string SubnetMappings: - description: - "The public subnets for your NGFW. Each subnet must belong - to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint - in each subnet. - - " items: type: object title: Subnetmappings type: array Tags: - description: "The key:value pairs to associate with a resource. - - " items: type: object title: Tags type: array UpdateToken: - default: "1" - description: "Refresh token. - - " + default: '1' title: Updatetoken type: string VpcId: - description: - "The unique identifier of the VPCs that you want NGFW to retrieve.\ - \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: FirewallResource type: object DeleteFWResourceResponse.Result: @@ -404,24 +236,9 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* ResourceNotFoundException\u2014Unable to\ - \ locate a resource using the parameters you provided.\n* UnsupportedOperationException\u2014\ - The operation you requested is not supported by Cloud NGFW.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. - - " title: Reason type: string title: Result @@ -431,19 +248,11 @@ components: properties: MaxResults: default: 1024 - description: - "The maximum number of firewalls that you want NGFW to return\ - \ for this request. \n" maximum: 1024 minimum: 1 title: Maxresults type: integer NextToken: - description: - "If the number of NGFWs available for retrieval exceeds the\ - \ maximum you requested, Cloud NGFW returns a NextToken value in response.\ - \ To retrieve the next batch of NGFWs, use this token in your next request.\ - \ \n" maxLength: 2048 minLength: 1 pattern: ^[-0-9A-Za-z:\/+=]+$ @@ -453,11 +262,6 @@ components: title: Rulestackname type: string VpcIds: - description: - "The unique identifier of the VPCs that you want NGFW to retrieve. - Leave this blank to retrieve all VPCs. - - " items: type: string title: Vpcids @@ -467,49 +271,31 @@ components: ListFWResourceResponse: properties: Response: - $ref: "#/components/schemas/ListFWResourceResponse.ResponseData" - description: "The API call response. - - " + $ref: '#/components/schemas/ListFWResourceResponse.ResponseData' ResponseStatus: - $ref: "#/components/schemas/ListFWResourceResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/ListFWResourceResponse.Result' title: ListFWResourceResponse type: object ListFWResourceResponse.FirewallInfo: properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. \n" title: Firewallname type: string required: - - FirewallName + - FirewallName title: FirewallInfo type: object ListFWResourceResponse.ResponseData: properties: Firewalls: - description: "The list of NGFWs. - - " items: - $ref: "#/components/schemas/ListFWResourceResponse.FirewallInfo" + $ref: '#/components/schemas/ListFWResourceResponse.FirewallInfo' title: Firewalls type: array NextToken: - description: - "If the number of NGFWs available for retrieval exceeds the\ - \ maximum you requested, Cloud NGFW returns a NextToken value in response.\ - \ To retrieve the next batch of NGFWs, use this token in your next request.\ - \ \n" title: Nexttoken type: string title: ResponseData @@ -519,21 +305,9 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ - \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. - - " title: Reason type: string title: Result @@ -542,9 +316,6 @@ components: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string title: ReadFWResourceRequest @@ -552,29 +323,17 @@ components: ReadFWResourceResponse: properties: Response: - $ref: "#/components/schemas/ReadFWResourceResponse.ResponseData" - description: "The API call response. - - " + $ref: '#/components/schemas/ReadFWResourceResponse.ResponseData' ResponseStatus: - $ref: "#/components/schemas/ReadFWResourceResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/ReadFWResourceResponse.Result' title: ReadFWResourceResponse type: object ReadFWResourceResponse.ReadFirewallResource: properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string AppIdVersion: - description: "The App-ID version of the specified application. - - " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -582,28 +341,15 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: - "Specify whether to automatically upgrade to the latest App-ID - version. - - " title: Automaticupgradeappidversion type: boolean Description: - description: "Description of the NGFW. - - " title: Description type: string EndpointMode: - description: - "The management mode used to create endpoints automatically - or manually. - - " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string EndpointServiceName: @@ -611,143 +357,100 @@ components: title: Endpointservicename type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. \n" maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ title: Firewallname type: string GlobalRuleStackName: - description: "Name of the global rulestack. - - " title: Globalrulestackname type: string RuleStackName: - description: "Name of the local rulestack. - - " title: Rulestackname type: string SubnetMappings: - description: - "The public subnets for your NGFW. Each subnet must belong - to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint - in each subnet. - - " items: type: object title: Subnetmappings type: array Tags: - description: "The key:value pairs to associate with a resource. - - " items: type: object title: Tags type: array UpdateToken: - default: "1" - description: "Refresh token. - - " + default: '1' title: Updatetoken type: string VpcId: - description: - "The unique identifier of the VPCs that you want NGFW to retrieve.\ - \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: ReadFirewallResource type: object ReadFWResourceResponse.ResourceAttachment: properties: EndpointId: - description: "The unique ID of the endpoint. - - " title: Endpointid type: string RejectedReason: - description: "Reason of rejection. - - " title: Rejectedreason type: string Status: enum: - - ACCEPTED - - PENDING - - REJECTED + - ACCEPTED + - PENDING + - REJECTED title: Status type: string SubnetId: - description: "The unique ID of the subnet in your VPC. - - " title: Subnetid type: string required: - - EndpointId - - Status + - EndpointId + - Status title: ResourceAttachment type: object ReadFWResourceResponse.ResourceStatus: properties: Attachments: - description: "The endpoint attachment. - - " items: - $ref: "#/components/schemas/ReadFWResourceResponse.ResourceAttachment" + $ref: '#/components/schemas/ReadFWResourceResponse.ResourceAttachment' title: Attachments type: array FailureReason: - description: "The reason for failure. - - " title: Failurereason type: string FirewallStatus: enum: - - CREATING - - UPDATING - - DELETING - - CREATE_COMPLETE - - UPDATE_COMPLETE - - CREATE_FAIL - - UPDATE_FAIL - - DELETE_FAIL + - CREATING + - UPDATING + - DELETING + - CREATE_COMPLETE + - UPDATE_COMPLETE + - CREATE_FAIL + - UPDATE_FAIL + - DELETE_FAIL title: Firewallstatus type: string RuleStackStatus: - description: "Status of rulestack. - - " title: Rulestackstatus type: string required: - - Attachments - - FirewallStatus + - Attachments + - FirewallStatus title: ResourceStatus type: object ReadFWResourceResponse.ResponseData: properties: Firewall: - $ref: "#/components/schemas/ReadFWResourceResponse.ReadFirewallResource" + $ref: '#/components/schemas/ReadFWResourceResponse.ReadFirewallResource' Status: - $ref: "#/components/schemas/ReadFWResourceResponse.ResourceStatus" - description: "Status of NGFW. - - " + $ref: '#/components/schemas/ReadFWResourceResponse.ResourceStatus' title: ResponseData type: object ReadFWResourceResponse.Result: @@ -755,21 +458,9 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ - \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description - - " title: Reason type: string title: Result @@ -778,68 +469,41 @@ components: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string Description: - description: "Description of the firewall. - - " maxLength: 512 pattern: ^.*$ title: Description type: string UpdateToken: - description: "Refresh token. - - " title: Updatetoken type: string required: - - Description + - Description title: UpdateFWResourceDescriptionRequest type: object UpdateFWResourceDescriptionResponse: properties: Response: - $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData" - description: "The API call response. - - " + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData' ResponseStatus: - $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.Result' title: UpdateFWResourceDescriptionResponse type: object UpdateFWResourceDescriptionResponse.ResponseData: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string Description: - description: "Description of the firewall. - - " title: Description type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. - - " title: Firewallname type: string UpdateToken: - description: "Refresh token. - - " title: Updatetoken type: string title: ResponseData @@ -849,21 +513,9 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ - \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. - - " title: Reason type: string title: Result @@ -872,31 +524,19 @@ components: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string AssociateSubnetMappings: - description: "Associate the subnets to NGFW. - - " items: - $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType" + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' title: Associatesubnetmappings type: array DisassociateSubnetMappings: - description: "Disassociate the subnet from NGFW. - - " items: - $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType" + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' title: Disassociatesubnetmappings type: array UpdateToken: - description: "Refresh token. - - " title: Updatetoken type: string title: UpdateFWResourceSubnetsRequest @@ -905,16 +545,9 @@ components: additionalProperties: false properties: AvailabilityZone: - description: - "The data center in a region available for use by the AWS customer. - - " title: Availabilityzone type: string SubnetId: - description: "The unique ID of the subnet in your VPC. - - " title: Subnetid type: string title: SubnetMappingsType @@ -922,46 +555,25 @@ components: UpdateFWResourceSubnetsResponse: properties: Response: - $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData" - description: "The API call response. - - " + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData' ResponseStatus: - $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.Result" - description: "The API call response status. - - " + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.Result' title: UpdateFWResourceSubnetsResponse type: object UpdateFWResourceSubnetsResponse.ResponseData: properties: AccountId: - description: "The unique ID of the account. - - " title: Accountid type: string FirewallName: - description: "Name of the NGFW, unique in a region for each customer. - - " title: Firewallname type: string SubnetMappings: - description: - "The public subnets for your NGFW. Each subnet must belong - to a different Availability Zone in the VPC. NGFW creates a firewall endpoint - in each subnet. - - " items: type: object title: Subnetmappings type: array UpdateToken: - description: "Refresh token. - - " title: Updatetoken type: string title: ResponseData @@ -971,86 +583,90 @@ components: properties: ErrorCode: default: 0 - description: - "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ - \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. - - " title: Reason type: string title: Result type: object info: contact: {} - description: - "Manage the IAM rules and permission required for user access. \ - \ \n" - title: Manage Cloud NGFW Resources + description: "Add and modify the user IAM rules and permission policies required\ + \ to expand or reduce their access and permissions. You can also delete a user.\ + \ And individual users can view their roles and change their name or password\ + \ as necessary.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator\ + \ | Global Rulestack Administrator |\n| :----------------------------------------:\ + \ | :---------------------------: | :--------------------------: | :----------------------------:\ + \ |\n| Create a Firewall Resource | **☑** \ + \ | ☐ | ☐ |\n| Delete\ + \ a Firewall Resource | **☑** | ☐\ + \ | ☐ | \ + \ \n| Describe a Firewall Resource | **☑** \ + \ | **☑** | **☑** | \n\ + | List Firewall Resources | **☑** |\ + \ **☑** | **☑** | \n| Update\ + \ a Firewall Resource Description | **☑** | ☐\ + \ | ☐ | \ + \ \n| Update a Firewall Content Version | **☑**\ + \ | ☐ | ☐ \ + \ | \n| Update a Firewall Resource\ + \ Subnet Mappings | **☑** | ☐ \ + \ | ☐ | \n" + title: Manage Cloud NGFW version: 1.0.0 openapi: 3.0.3 paths: /v1/config/ngfirewalls: get: - description: - "List all NGFWs in the Global Firewall Admin (FMS) account and - retrieve the metadata for the NGFW policies that you have defined. + description: 'List all firewalls in the Global Firewall Admin (FMS) account + and retrieve the metadata for the firewall policies that you have defined. - " + ' operationId: get-v1-config-ngfirewalls parameters: [] requestBody: content: application/json: schema: - $ref: "#/components/schemas/ListFWResourceRequest" + $ref: '#/components/schemas/ListFWResourceRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/ListFWResourceResponse" + $ref: '#/components/schemas/ListFWResourceResponse' description: OK summary: List Firewall Resources tags: - - ManageNGFW + - ManageNGFW post: - description: - "Create an NGFW and define configuration settings. The settings - that you define at creation include NGFW policy, subnets in your VPC, and - tags associated with the NGFW resource. + description: 'Create an AWS Network Firewall and define configuration settings. + The settings that you define at creation include firewall policy, subnets + in your VPC, and tags associated with the AWS firewall resource. - " + ' operationId: post-v1-config-ngfirewalls parameters: [] requestBody: content: application/json: schema: - $ref: "#/components/schemas/CreateFWResourceRequest" + $ref: '#/components/schemas/CreateFWResourceRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/CreateFWResourceResponse" + $ref: '#/components/schemas/CreateFWResourceResponse' description: OK summary: Create A Firewall Resource tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}: delete: - description: - "Delete the specified NGFW. You can check whether a NGFW is in\ + description: "Delete the specified NGFW. You can check whether a NGFW is in\ \ use by reviewing the route tables for the Availability Zones (AZs) where\ \ you have the NGFW subnet mappings. \n\nRetrieve the subnet mappings by\ \ calling `DescribeFirewall`. You can define and update the route tables through\ @@ -1059,119 +675,118 @@ paths: \ you can remove the NGFW safely.\n" operationId: delete-v1-config-ngfirewalls-ngfirewallname parameters: - - description: "The name of the NGFW. + - description: 'The name of the NGFW. - " - in: path - name: ngfirewallname - required: true - schema: - type: string + ' + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: "#/components/schemas/DeleteFWResourceRequest" + $ref: '#/components/schemas/DeleteFWResourceRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/DeleteFWResourceResponse" + $ref: '#/components/schemas/DeleteFWResourceResponse' description: OK summary: Delete A Firewall Resource tags: - - ManageNGFW + - ManageNGFW get: - description: "Returns the data of a specific NGFW resource. + description: 'Returns the data of a specific NGFW resource. - " + ' operationId: get-v1-config-ngfirewalls-ngfirewallname parameters: - - description: "The name of the NGFW. + - description: 'The name of the NGFW. - " - in: path - name: ngfirewallname - required: true - schema: - type: string + ' + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: "#/components/schemas/ReadFWResourceRequest" + $ref: '#/components/schemas/ReadFWResourceRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/ReadFWResourceResponse" + $ref: '#/components/schemas/ReadFWResourceResponse' description: OK summary: Describe A Firewall Resource tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}/description: put: - description: - "Modifies the description of a specific NGFW. Use the description + description: 'Modifies the description of a specific NGFW. Use the description to help identify the NGFW when you are working with it. - " + ' operationId: put-v1-config-ngfirewalls-ngfirewallname-description parameters: - - description: "The name of the NGFW. + - description: 'The name of the NGFW. - " - in: path - name: ngfirewallname - required: true - schema: - type: string + ' + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: "#/components/schemas/UpdateFWResourceDescriptionRequest" + $ref: '#/components/schemas/UpdateFWResourceDescriptionRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse" + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse' description: OK summary: Update A Firewall Resource Description tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}/subnets: put: description: "Update the subnet ID associated with a NGFW. \n" operationId: put-v1-config-ngfirewalls-ngfirewallname-subnets parameters: - - description: "The name of the NGFW. + - description: 'The name of the NGFW. - " - in: path - name: ngfirewallname - required: true - schema: - type: string + ' + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest" + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest' responses: - "200": + '200': content: application/json: schema: - $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse" + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse' description: OK summary: Update A Firewall Resource Subnet Mappings tags: - - ManageNGFW + - ManageNGFW servers: - - url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com tags: - - name: ManageNGFW +- name: ManageNGFW diff --git a/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml b/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml index 07b42b3d2..540850462 100644 --- a/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml +++ b/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml @@ -4,25 +4,15 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' title: Accountid type: string MaxResults: default: 1024 - description: "The maximum number of tags that you want NGFW to return for\ - \ this request. \n" maximum: 1024 minimum: 1 title: Maxresults type: integer NextToken: - description: 'If the number of tags available for retrieval exceeds the - maximum you requested, NGFW returns a NextToken value in response. To - retrieve the next batch of tags, use this token in your next request. - - ' title: Nexttoken type: string required: @@ -42,29 +32,15 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' title: Accountid type: string FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. - - ' title: Firewallname type: string NextToken: - description: 'If the number of tags available for retrieval exceeds the - maximum you requested, NGFW returns a NextToken value in response. To - retrieve the next batch of tags, use this token in your next request. - - ' title: Nexttoken type: string Tags: - description: 'The tags associated with the firewall. - - ' items: $ref: '#/components/schemas/FirewallListTagsForResourceResponse.TagEntry' title: Tags @@ -76,20 +52,9 @@ components: properties: ErrorCode: default: 0 - description: "400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description.\n \n" title: Reason type: string title: Result @@ -98,16 +63,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -119,15 +77,9 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' title: Accountid type: string Tags: - description: 'The tags associated with the firewall. - - ' items: $ref: '#/components/schemas/FirewallTagResourceRequest.TagEntry' maxItems: 50 @@ -142,18 +94,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - . - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -166,29 +109,17 @@ components: properties: Response: $ref: '#/components/schemas/FirewallTagResourceResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/FirewallTagResourceResponse.Result' - description: 'The API call response status. - - ' title: FirewallTagResourceResponse type: object FirewallTagResourceResponse.ResponseData: additionalProperties: false properties: FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. - - ' title: Firewallname type: string Tags: - description: 'The tags associated with the firewall. - - ' items: $ref: '#/components/schemas/FirewallTagResourceResponse.TagEntry' title: Tags @@ -200,21 +131,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. \n \n" title: Reason type: string title: Result @@ -223,16 +142,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -244,15 +156,9 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' title: Accountid type: string TagKeys: - description: 'A unique identifier in the key-value pair. - - ' items: maxLength: 128 minLength: 1 @@ -271,33 +177,20 @@ components: properties: Response: $ref: '#/components/schemas/FirewallUntagResourceResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/FirewallUntagResourceResponse.Result' - description: 'The API call response status. - - ' title: FirewallUntagResourceResponse type: object FirewallUntagResourceResponse.ResponseData: additionalProperties: false properties: AccountId: - description: "The unique ID of the account. \n" title: Accountid type: string FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. - - ' title: Firewallname type: string TagKeys: - description: 'A unique identifier in the key-value pair. - - ' items: type: string title: Tagkeys @@ -309,46 +202,37 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result type: object info: contact: {} - description: 'Search and filter NGFWs using tags. - - ' + description: "Apply tags to help search and filter your Cloud NGFW resources.\n\n\ + ### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Tag Resource | **☑** | ☐\ + \ | ☐ | \n| Untag Resource\ + \ | **☑** | ☐ \ + \ | ☐ | \n| List Firewall\ + \ Tags | **☑** | **☑** \ + \ | ☐ |\n" title: Manage Cloud NGFW Tags version: 1.0.0 openapi: 3.0.3 paths: /v1/config/ngfirewalls/{ngfirewallname}/tags: delete: - description: 'Remove the tags associated with an NGFW resource. + description: 'Remove the tags associated with a resource. ' operationId: delete-v1-config-ngfirewalls-ngfirewallname-tags parameters: - - description: 'The name of the NGFW. - - ' + - description: '' in: path name: ngfirewallname required: true @@ -370,14 +254,12 @@ paths: tags: - ManageNGFWTags get: - description: 'Retrieve the tags associated with an NGFW resource. + description: 'Retrieve the tags associated with a resource. ' operationId: get-v1-config-ngfirewalls-ngfirewallname-tags parameters: - - description: 'The name of the NGFW. - - ' + - description: '' in: path name: ngfirewallname required: true @@ -399,8 +281,8 @@ paths: tags: - ManageNGFWTags post: - description: 'Add tags to an NGFW resource. You can tag the resources that you - manage through NGFW policies. + description: 'Add tags to a resource. You can tag the resources that you manage + through NGFW firewalls and policies. ' operationId: post-v1-config-ngfirewalls-ngfirewallname-tags diff --git a/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml b/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml index a0f8683e5..64116f2b4 100644 --- a/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml +++ b/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml @@ -13,23 +13,12 @@ components: additionalProperties: false properties: NextToken: - description: 'If the number of tags available for retrieval exceeds the - maximum you requested, Cloud NGFW returns a NextToken value in response. - To retrieve the next batch of tags, use this token in your next request. - - ' title: Nexttoken type: string RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string Tags: - description: 'The tags associated with the rulestack. - - ' items: $ref: '#/components/schemas/RulestackListTagsForResourceResponse.TagEntry' title: Tags @@ -41,23 +30,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -66,16 +41,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -87,9 +55,6 @@ components: additionalProperties: false properties: Tags: - description: 'The tags associated with the rulestack. - - ' items: $ref: '#/components/schemas/RulestackTagResourceRequest.TagEntry' maxItems: 50 @@ -103,18 +68,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - . - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -127,14 +83,8 @@ components: properties: Response: $ref: '#/components/schemas/RulestackTagResourceResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/RulestackTagResourceResponse.Result' - description: 'The API call response status. - - ' title: RulestackTagResourceResponse type: object RulestackTagResourceResponse.ResponseData: @@ -144,9 +94,6 @@ components: title: Rulestackname type: string Tags: - description: 'The tags associated with the rulestack. - - ' items: $ref: '#/components/schemas/RulestackTagResourceResponse.TagEntry' title: Tags @@ -158,21 +105,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. \n" title: Reason type: string title: Result @@ -181,16 +116,9 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - ' title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' title: Value type: string required: @@ -202,9 +130,6 @@ components: additionalProperties: false properties: TagKeys: - description: 'Keys and values of the tags. - - ' items: maxLength: 128 minLength: 1 @@ -222,27 +147,17 @@ components: properties: Response: $ref: '#/components/schemas/RulestackUntagResourceResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/RulestackUntagResourceResponse.Result' - description: 'The API call response status. - - ' title: RulestackUntagResourceResponse type: object RulestackUntagResourceResponse.ResponseData: additionalProperties: false properties: RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string TagKeys: - description: "A unique identifier in the key-value pair. \n" items: type: string title: Tagkeys @@ -254,37 +169,32 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: "The error description. \n" title: Reason type: string title: Result type: object info: contact: {} - description: 'Search and filter rulestacks using tags. - - ' + description: "Apply tags to help search and filter your rulestack resources.\n\n\ + ### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Tag Resource | **☑** | **☑**\ + \ | **☑** | \n| Untag Resource \ + \ | **☑** | **☑** \ + \ | **☑** | \n| List Firewall Tags\ + \ | ☐ | **☑** \ + \ | **☑** |\n" title: Manage Rulestack Tags version: 1.0.0 openapi: 3.0.3 paths: /v1/config/rulestacks/{rulestackname}/tags: delete: - description: 'Remove tags with specified keys from a specified rulestack resource. + description: 'Remove tags with specified keys from a specified resource. ' operationId: delete-v1-config-rulestacks-rulestackname-tags @@ -313,7 +223,7 @@ paths: tags: - ManageRulestackTags get: - description: 'Retrieve the tags associated with a specified rulestack resource. + description: 'Retrieve the tags associated with a specified resource. ' operationId: get-v1-config-rulestacks-rulestackname-tags @@ -326,8 +236,7 @@ paths: required: true schema: type: string - - description: "The maximum number of tags that you want NGFW to return for\ - \ this request. \n" + - description: '' in: query name: maxresults required: false @@ -337,11 +246,7 @@ paths: minimum: 1 title: Maxresults type: integer - - description: 'If the number of tags available for retrieval exceeds the maximum - you requested, Cloud NGFW returns a NextToken value in response. To retrieve - the next batch of tags, use this token in your next request. - - ' + - description: '' in: query name: nexttoken required: false @@ -359,8 +264,8 @@ paths: tags: - ManageRulestackTags post: - description: 'Add tags to a specific rulestack resource. You can tag the AWS - resources that you manage through rulestacks. + description: 'Add tags to a specific resource. You can tag the AWS resources + that you manage through rulestacks. ' operationId: post-v1-config-rulestacks-rulestackname-tags diff --git a/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml b/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml index 96ac61c56..48f15b55e 100644 --- a/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml +++ b/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml @@ -1,17 +1,38 @@ components: schemas: + CommitRequest: + additionalProperties: false + properties: {} + title: CommitRequest + type: object + CommitResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/CommitResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: CommitResponse + type: object + CommitResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object CreateRuleStackRequest: additionalProperties: false properties: RuleStackEntry: $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackCreateType' - description: 'Describe whether the rulestack is local or global. - - ' RuleStackName: - description: 'Name of the rulestack. - - ' maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ @@ -25,29 +46,17 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local @@ -60,9 +69,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -70,9 +76,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -80,31 +83,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -113,9 +104,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -137,13 +125,7 @@ components: properties: RuleStackEntry: $ref: '#/components/schemas/CreateRuleStackResponse.RuleStack' - description: 'Describe whether the rulestack is local or global. - - ' RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string title: ResponseData @@ -153,23 +135,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\ - \ failed due to throttling limitations. \n\n500\u2014Bad request \n\ - * InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -178,29 +146,17 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/CreateRuleStackResponse.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local @@ -216,9 +172,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -226,9 +179,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -236,31 +186,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -269,9 +207,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -298,13 +233,7 @@ components: properties: RuleStackEntry: $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackCreateType' - description: 'Describe whether the rulestack is local or global. - - ' RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string title: ResponseData @@ -314,23 +243,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\ - \ failed due to throttling limitations. \n\n500\u2014Bad request \n\ - * InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -339,29 +254,17 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local @@ -374,9 +277,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -384,9 +284,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -394,31 +291,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -427,9 +312,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -437,30 +319,70 @@ components: type: string title: RuleStackProfiles type: object + DescribeCommitRequest: + additionalProperties: false + properties: {} + title: DescribeCommitRequest + type: object + DescribeCommitResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeCommitResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeCommitResponse.Result' + title: DescribeCommitResponse + type: object + DescribeCommitResponse.ResponseData: + additionalProperties: false + properties: + CommitMessages: + items: + type: string + title: Commitmessages + type: array + CommitStatus: + title: Commitstatus + type: string + RuleStackName: + title: Rulestackname + type: string + ValidateMessages: + items: + type: string + title: Validatemessages + type: array + ValidateStatus: + title: Validatestatus + type: string + title: ResponseData + type: object + DescribeCommitResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object DescribeRuleStackRequest: additionalProperties: false properties: Candidate: default: true - description: 'Rulestack candidate. - - ' title: Candidate type: boolean MaxResults: - description: 'The maximum number of rulestacks that you want NGFW to return - for this request. - - ' exclusiveMaximum: 101 exclusiveMinimum: 0 title: Maxresults type: integer Running: default: false - description: 'Rulestacks in run state. - - ' title: Running type: boolean title: DescribeRuleStackRequest @@ -479,30 +401,15 @@ components: properties: RuleStackCandidate: $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack' - description: 'Rulestack candidate. - - ' RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string RuleStackRunning: $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack' - description: 'Rulestacks in run state. - - ' RuleStackState: - description: 'State of rulestack. - - ' title: Rulestackstate type: string Tags: - description: 'The tags associated with the rulestack. - - ' items: $ref: '#/components/schemas/DescribeRuleStackResponse.TagEntry' title: Tags @@ -514,20 +421,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -536,38 +432,23 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local title: Scope type: string UpdateToken: - description: 'Refresh token - - ' title: Updatetoken type: string title: RuleStack @@ -577,9 +458,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -587,9 +465,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -597,31 +472,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -630,9 +493,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -644,21 +504,12 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - . - - ' maxLength: 128 minLength: 1 pattern: ^.*$ title: Key type: string Value: - description: 'The variable that belongs to the data set. - - ' maxLength: 256 minLength: 1 pattern: ^.*$ @@ -674,42 +525,23 @@ components: properties: Candidate: default: true - description: 'Rulestack candidate. - - ' title: Candidate type: boolean MaxResults: default: 1024 - description: 'The maximum number of rulestacks that you want NGFW to return - for this request. - - ' maximum: 1024 minimum: 1 title: Maxresults type: integer NextToken: - description: 'If the number of rulestacks available for retrieval exceeds - the maximum you requested, NGFW returns a NextToken value in response. - To retrieve the next batch of rulestacks, use this token in your next - request. - - ' title: Nexttoken type: string Running: default: false - description: 'Rulestacks in run state. - - ' title: Running type: boolean Scope: default: All - description: 'The scope of the rulestack. - - ' enum: - Global - Local @@ -717,23 +549,13 @@ components: title: Scope type: string TagKey: - description: 'A unique identifier in the key-value pair. The constant that - defines the data set. - - ' title: Tagkey type: string TagValue: - description: 'The variable that belongs to the data set. - - ' title: Tagvalue type: string Uncommitted: default: false - description: 'Uncommitted rulestacks. - - ' title: Uncommitted type: boolean title: ListRuleStacksRequest @@ -751,34 +573,19 @@ components: additionalProperties: false properties: NextToken: - description: 'If the number of rulestacks available for retrieval exceeds - the maximum you requested, NGFW returns a NextToken value in response. - To retrieve the next batch of rulestacks, use this token in your next - request. - - ' title: Nexttoken type: string RuleStackCandidate: - description: 'Rulestack candidate. - - ' items: type: string title: Rulestackcandidate type: array RuleStackRunning: - description: 'Rulestacks in run state. - - ' items: type: string title: Rulestackrunning type: array RuleStackUncommitted: - description: 'Uncommitted rulestacks. - - ' items: $ref: '#/components/schemas/ListRuleStacksResponse.RuleStackOperation' title: Rulestackuncommitted @@ -790,23 +597,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\ - \ failed due to throttling limitations. \n\n500\u2014Bad request \n\ - * InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\ - AWS currently does not have enough capacity to fulfill your request.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -815,9 +608,6 @@ components: additionalProperties: false properties: Operation: - description: 'Rulestacks operation. - - ' enum: - add - delete @@ -825,61 +615,67 @@ components: title: Operation type: string RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string required: - RuleStackName title: RuleStackOperation type: object + RevertRequest: + additionalProperties: false + properties: {} + title: RevertRequest + type: object + RevertResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/RevertResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: RevertResponse + type: object + RevertResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object UpdateRuleStackRequest: additionalProperties: false properties: RuleStackEntry: $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStack' - description: 'Scope of the rulestack. - - ' title: UpdateRuleStackRequest type: object UpdateRuleStackRequest.RuleStack: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local title: Scope type: string UpdateToken: - description: 'Refresh token - - ' title: Updatetoken type: string title: RuleStack @@ -889,9 +685,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -899,9 +692,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -909,31 +699,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -942,9 +720,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -966,13 +741,7 @@ components: properties: RuleStackEntry: $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStack' - description: 'Describe whether the rulestack is local or global. - - ' RuleStackName: - description: 'Name of the rulestack. - - ' title: Rulestackname type: string title: ResponseData @@ -982,20 +751,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ - Operation failed due to invalid request. For example, unsupported parameter\ - \ name or value in the request.\n* LimitExceededException\u2014Operation\ - \ failed due to violation in limit settings.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -1004,38 +762,23 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. - - ' maxLength: 12 pattern: ^$|^[0-9]+$ title: Accountid type: string Description: - description: 'Description of the rulestack. - - ' maxLength: 512 title: Description type: string Profiles: $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStackProfiles' - description: 'Rulestack profile. - - ' Scope: - description: 'The scope of the rulestack. - - ' enum: - Global - Local title: Scope type: string UpdateToken: - description: 'Refresh token. - - ' title: Updatetoken type: string title: RuleStack @@ -1045,9 +788,6 @@ components: properties: AntiSpywareProfile: default: BestPractice - description: 'Anti-spyware security profile. - - ' enum: - custom - BestPractice @@ -1055,9 +795,6 @@ components: type: string AntiVirusProfile: default: BestPractice - description: 'Anti-virus security profile. - - ' enum: - custom - BestPractice @@ -1065,31 +802,19 @@ components: type: string FileBlockingProfile: default: BestPractice - description: 'File blocking security profile. - - ' enum: - custom - BestPractice title: Fileblockingprofile type: string OutboundTrustCertificate: - description: 'Outbound trust certificate profile. - - ' title: Outboundtrustcertificate type: string OutboundUnTrustCertificate: - description: 'Outbound untrust certificate profile. - - ' title: Outbounduntrustcertificate type: string URLFilteringProfile: default: None - description: 'URL filtering security profile. - - ' enum: - custom - BestPractice @@ -1098,9 +823,6 @@ components: type: string VulnerabilityProfile: default: BestPractice - description: 'Vulnerability security profile. - - ' enum: - custom - BestPractice @@ -1108,14 +830,56 @@ components: type: string title: RuleStackProfiles type: object + ValidateRequest: + additionalProperties: false + properties: {} + title: ValidateRequest + type: object + ValidateResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/ValidateResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: ValidateResponse + type: object + ValidateResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object info: contact: {} - description: "Rulestacks define access control (App-ID, URL Filtering) and threat\ - \ prevention behavior for the Cloud NGFW resources using security rules, associated\ - \ objects, and profiles. The Cloud NGFW resources use the rulestack definitions\ - \ to protect the traffic uisng a two-step process. First, it enforces rules to\ - \ allow or deny your traffic. Then, it inspects content on the allowed traffic\ - \ based on the Security Profiles you create. \n" + description: "Rulestacks defines access control (App-ID, URL Filtering) and threat\ + \ prevention behavior of Cloud NGFW resources. \n\nA Cloud NGFW resource uses\ + \ your rulestack definitions to protect the traffic by a two-step process. First,\ + \ it enforces your rules on the to allow or deny your traffic. Second, it performs\ + \ content inspection on the allowed traffic based on what you specify on the Security\ + \ Profiles. \n\nA rulestack includes a set of security rules, associated objects,\ + \ and profiles. \n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\ + \ Administrator |\n| ------------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ a Rulestack | ☐ | **☑** \ + \ | **☑** | \n| Delete a Rulestack \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Describe a Rulestack \ + \ | **☑** | **☑** | **☑**\ + \ | \n| List Rulestacks | **☑** \ + \ | **☑** | **☑** \ + \ |\n| Update a Rulestack | ☐ | **☑**\ + \ | **☑** |\n| List Security Rule Lists\ + \ | **☑** | **☑** | **☑**\ + \ |\n" title: Manage Rulestacks version: 1.0.0 openapi: 3.0.3 @@ -1123,7 +887,7 @@ paths: /v1/config/rulestacks: get: description: "Retrieve the metadata of the specified rulestack. \n\nYou can\ - \ also query rulestacks based on the tags using this command, `/v1/config/rulestacks?tags=`.\ + \ also query rulestacks based on the tags using this command, */v1/config/rulestacks?tags=*.\ \ \nThis command lists the rulestacks where the tag name starts with the\ \ string. \n\n>DynamoDB supports this command, and should be implemented\ \ as a library.\n" @@ -1253,6 +1017,117 @@ paths: summary: Update a RuleStack tags: - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/commit: + get: + description: 'View the commit status of the specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-commit + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCommitRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCommitResponse' + description: OK + summary: Describe commit status for a RuleStack + tags: + - ManageRulestacks + post: + description: 'Commit the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-commit + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CommitRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CommitResponse' + description: OK + summary: Commit a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/revert: + post: + description: 'Revert all uncommitted changes for the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-revert + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RevertRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RevertResponse' + description: OK + summary: Revert a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/validate: + post: + description: 'Validate the selected rulestack after commit. + + ' + operationId: post-v1-config-rulestacks-rulestackname-validate + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ValidateRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidateResponse' + description: OK + summary: Validate a RuleStack + tags: + - ManageRulestacks servers: - url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com tags: diff --git a/openapi-specs/cloudngfw/aws/ManageSubscription.yaml b/openapi-specs/cloudngfw/aws/ManageSubscription.yaml index 65fd07464..34822c6c8 100644 --- a/openapi-specs/cloudngfw/aws/ManageSubscription.yaml +++ b/openapi-specs/cloudngfw/aws/ManageSubscription.yaml @@ -10,23 +10,14 @@ components: properties: Response: $ref: '#/components/schemas/ListSubscriptionResponse.ResponseData' - description: 'The API call response. - - ' ResponseStatus: $ref: '#/components/schemas/ListSubscriptionResponse.Result' - description: 'The API call response status. - - ' title: ListSubscriptionResponse type: object ListSubscriptionResponse.ResponseData: additionalProperties: false properties: Subscriptions: - description: 'Subscription information of your account. - - ' items: $ref: '#/components/schemas/ListSubscriptionResponse.SubscriptionDetails' title: Subscriptions @@ -38,23 +29,9 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ - \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ - Operation failed because it is not valid. For example, when you delete\ - \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ - \ failed due to invalid request. For example, unsupported parameter name\ - \ or value in the request.\n* LimitExceededException\u2014Operation failed\ - \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\ - Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\ - Operation failed due to throttling limitations. \n\n500\u2014Bad request\ - \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\ - \ not perform the operation due to a system issue.\n" title: Errorcode type: integer Reason: - description: 'The error description. - - ' title: Reason type: string title: Result @@ -63,9 +40,6 @@ components: additionalProperties: false properties: SubscriptionKey: - description: 'Your subscription key. - - ' title: Subscriptionkey type: string required: @@ -74,21 +48,25 @@ components: type: object info: contact: {} - description: "[Subscribe to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html)\ - \ to create your first user; a Tenant Administrator. A Tenant Administrator is\ - \ the highest user level in the Cloud NGFW service. The Tenant Administrator has\ - \ the ability to add AWS accounts to the Cloud NGFW service and also onboard additional\ - \ users. \n" + description: "Subscribe to Cloud NGFW to start creating your first user; a tenant\ + \ administrator. \nA tenant administrator is the highest level of user in the\ + \ Cloud NGFW service. It provides the ability to add AWS accounts to the Cloud\ + \ NGFW service and onboard additional users. \n\nFor more information, see [Subscribe\ + \ to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html).\n\ + \n### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Create NGFW Subscription | ☐ | ☐ \ + \ | ☐ | \n| List Permission Policies\ + \ | **☑** | **☑** | **☑**\ + \ | \n" title: Manage Subscription version: 1.0.0 openapi: 3.0.3 paths: /v1/mgmt/subscribe: get: - description: 'Retrieve the subscription information of your account. The subscribed - user is Tenant Admin. - - ' + description: '' operationId: get-v1-mgmt-subscribe parameters: [] requestBody: diff --git a/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml b/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml new file mode 100644 index 000000000..50c50417d --- /dev/null +++ b/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml @@ -0,0 +1,98 @@ +components: + schemas: + ListURLPredefinedCategoriesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.Result' + title: ListURLPredefinedCategoriesResponse + type: object + ListURLPredefinedCategoriesResponse.PredefinedURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + Name: + title: Name + type: string + required: + - Action + - Name + title: PredefinedURLCategory + type: object + ListURLPredefinedCategoriesResponse.ResponseData: + additionalProperties: false + properties: + CategoriesRunning: + items: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.PredefinedURLCategory' + title: Categoriesrunning + type: array + NextToken: + title: Nexttoken + type: string + title: ResponseData + type: object + ListURLPredefinedCategoriesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: 'Use predefined URL categories in security rules to block or allow + access to websites. + + ' + title: Manage Predefined URL Categories + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/urlcategories: + get: + description: 'View the predefined URL categories. + + ' + operationId: get-v1-config-urlcategories + parameters: + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse' + description: OK + summary: List Pre-defined URL Categories + tags: + - PredefinedURLCategories +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: PredefinedURLCategories diff --git a/openapi-specs/cloudngfw/aws/PrefixList.yaml b/openapi-specs/cloudngfw/aws/PrefixList.yaml new file mode 100644 index 000000000..e1dad0c18 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/PrefixList.yaml @@ -0,0 +1,609 @@ +components: + schemas: + CreatePrefixListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + Name: + maxLength: 58 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + required: + - Name + - PrefixList + title: CreatePrefixListRequest + type: object + CreatePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreatePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreatePrefixListResponse.Result' + title: CreatePrefixListResponse + type: object + CreatePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + CreatePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/CreatePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreatePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeletePrefixListRequest: + additionalProperties: false + properties: {} + title: DeletePrefixListRequest + type: object + DeletePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeletePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeletePrefixListResponse.Result' + title: DeletePrefixListResponse + type: object + DeletePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + DeletePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/DeletePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeletePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribePrefixListRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + default: 100 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + Running: + default: false + title: Running + type: boolean + title: DescribePrefixListRequest + type: object + DescribePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribePrefixListResponse.Result' + title: DescribePrefixListResponse + type: object + DescribePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + DescribePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + PrefixListCandidate: + $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails' + PrefixListRunning: + $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListPrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListPrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListPrefixListResponse.Result' + title: ListPrefixListResponse + type: object + ListPrefixListResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + PrefixListCandidate: + items: + type: string + title: Prefixlistcandidate + type: array + PrefixListRunning: + items: + type: string + title: Prefixlistrunning + type: array + PrefixListUncommitted: + items: + $ref: '#/components/schemas/ListPrefixListResponse.UncommittedPrefixListDetails' + title: Prefixlistuncommitted + type: array + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListPrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListPrefixListResponse.UncommittedPrefixListDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedPrefixListDetails + type: object + UpdatePrefixListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - PrefixList + title: UpdatePrefixListRequest + type: object + UpdatePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdatePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdatePrefixListResponse.Result' + title: UpdatePrefixListResponse + type: object + UpdatePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + UpdatePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/UpdatePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdatePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "A prefix list allows you to group specific IP addresses that require\ + \ the same policy enforcement. A prefix list can contain one or more IP addresses\ + \ or IP netmask in CIDR notation.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator\ + \ | Global Rulestack Administrator |\n| ---------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ Prefix List | ☐ | **☑** \ + \ | **☑** | \n| Delete Prefix List \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Update Prefix List \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Describe Prefix List | **☑** \ + \ | **☑** | **☑** \ + \ |\n| List Prefix Lists | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage Prefix List + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/prefixlists: + get: + description: "Retrieve the information about the prefix lists for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-prefixlists + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListPrefixListResponse' + description: OK + summary: List PrefixLists + tags: + - PrefixList + post: + description: 'Create a prefix list to configure and maintain security groups + and route tables. + + ' + operationId: post-v1-config-rulestacks-rulestackname-prefixlists + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreatePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreatePrefixListResponse' + description: OK + summary: Create a PrefixList + tags: + - PrefixList + /v1/config/rulestacks/{rulestackname}/prefixlists/{name}: + delete: + description: "Delete the prefix list associated with the specified rulestack.\ + \ \n" + operationId: delete-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeletePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeletePrefixListResponse' + description: OK + summary: Delete a PrefixList + tags: + - PrefixList + get: + description: "Return the prefix list associated with a rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribePrefixListResponse' + description: OK + summary: Describe a PrefixList + tags: + - PrefixList + put: + description: 'Update the prefix list associated with a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdatePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdatePrefixListResponse' + description: OK + summary: Update a PrefixList + tags: + - PrefixList +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: PrefixList diff --git a/openapi-specs/cloudngfw/aws/SecurityRules.yaml b/openapi-specs/cloudngfw/aws/SecurityRules.yaml new file mode 100644 index 000000000..d5ebcdee3 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/SecurityRules.yaml @@ -0,0 +1,1565 @@ +components: + schemas: + CreateSecurityRuleRequest: + additionalProperties: false + properties: + Priority: + exclusiveMaximum: 1000001 + exclusiveMinimum: 0 + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleCreate' + required: + - Priority + - RuleEntry + title: CreateSecurityRuleRequest + type: object + CreateSecurityRuleRequest.RuleCreate: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/CreateSecurityRuleRequest.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleSource' + Tags: + items: + $ref: '#/components/schemas/CreateSecurityRuleRequest.Tag' + maxItems: 200 + title: Tags + type: array + required: + - RuleName + title: RuleCreate + type: object + CreateSecurityRuleRequest.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + CreateSecurityRuleRequest.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + CreateSecurityRuleRequest.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + CreateSecurityRuleRequest.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + CreateSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Result' + title: CreateSecurityRuleResponse + type: object + CreateSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + CreateSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/CreateSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + CreateSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + CreateSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + CreateSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + CreateSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + DeleteSecurityRuleRequest: + additionalProperties: false + properties: {} + title: DeleteSecurityRuleRequest + type: object + DeleteSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Result' + title: DeleteSecurityRuleResponse + type: object + DeleteSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + DeleteSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + DeleteSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + DeleteSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + DeleteSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + DescribeSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Result' + title: DescribeSecurityRuleResponse + type: object + DescribeSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntryCandidate: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule' + RuleEntryRunning: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + DescribeSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + DescribeSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + DescribeSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + DescribeSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + ListSecurityRulesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListSecurityRulesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListSecurityRulesResponse.Result' + title: ListSecurityRulesResponse + type: object + ListSecurityRulesResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + title: Nexttoken + type: string + RuleEntryCandidate: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier' + title: Ruleentrycandidate + type: array + RuleEntryRunning: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier' + title: Ruleentryrunning + type: array + RuleEntryUncommitted: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryUncommittedIdentifier' + title: Ruleentryuncommitted + type: array + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListSecurityRulesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListSecurityRulesResponse.RuleEntryIdentifier: + additionalProperties: false + properties: + Priority: + exclusiveMaximum: 1000001 + exclusiveMinimum: 0 + title: Priority + type: integer + RuleName: + title: Rulename + type: string + required: + - Priority + title: RuleEntryIdentifier + type: object + ListSecurityRulesResponse.RuleEntryUncommittedIdentifier: + additionalProperties: false + properties: + Operation: + title: Operation + type: string + Priority: + title: Priority + type: integer + RuleName: + title: Rulename + type: string + required: + - Priority + - RuleName + - Operation + title: RuleEntryUncommittedIdentifier + type: object + UpdateSecurityRuleRequest: + additionalProperties: false + properties: + RuleEntry: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.Rule' + required: + - RuleEntry + title: UpdateSecurityRuleRequest + type: object + UpdateSecurityRuleRequest.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleSource' + Tags: + items: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + UpdateSecurityRuleRequest.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + UpdateSecurityRuleRequest.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + UpdateSecurityRuleRequest.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + UpdateSecurityRuleRequest.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + UpdateSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Result' + title: UpdateSecurityRuleResponse + type: object + UpdateSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + UpdateSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + UpdateSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + UpdateSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + UpdateSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object +info: + contact: {} + description: "Security rules determine whether to block or allow a session based\ + \ on traffic attributes such as the source and destination IP address, source\ + \ and destination FQDNs, or the application. \n\nAll traffic passing through\ + \ the firewall is matched against a session and each session is matched against\ + \ a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional\ + \ traffic in that session (client to server and server to client). For traffic\ + \ that doesn\u2019t match any defined rules, the default rules apply. \n\nFor\ + \ more information, see [Create security roles on Cloud NGFW for AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/create-a-rule).\n\ + \n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\ + \ | :----------------------------: |\n| Create a Security Rule | ☐\ + \ | **☑** | **☑** \ + \ | \n| Delete a Security Rule | ☐ \ + \ | **☑** | **☑** | \ + \ \n| Describe a Security Rule | **☑** \ + \ | **☑** | **☑** |\ + \ \n| ResetSecurityRuleCounters | **☑** | **☑**\ + \ | **☑** |\n| RefreshSecurityRuleCounters\ + \ | **☑** | **☑** | **☑**\ + \ |\n| DescribeSecurityRuleCounters | **☑** \ + \ | **☑** | **☑** \ + \ |\n| List Security Rules | **☑** | **☑**\ + \ | **☑** | \ + \ \n| Update a Security Rule | ☐ |\ + \ **☑** | **☑** | \ + \ \n" + title: Manage Security Rules + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}: + get: + description: 'List all security rules associate with a rulestack in the order + of priority. + + ' + operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityRulesResponse' + description: OK + summary: List Security Rules + tags: + - SecurityRules + post: + description: 'Create a security rule for a rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-rulelists-rulelistname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateSecurityRuleResponse' + description: OK + summary: Create a Security Rule + tags: + - SecurityRules + /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}/priorities/{priority}: + delete: + description: 'Disassociate a security rule associated with a rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteSecurityRuleResponse' + description: OK + summary: Delete a Security Rule + tags: + - SecurityRules + get: + description: 'Retrieve the security rules associated with a rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + - description: '' + in: query + name: Candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: Running + required: false + schema: + default: false + title: Running + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeSecurityRuleResponse' + description: OK + summary: Describe a Security Rule + tags: + - SecurityRules + put: + description: 'Update a security rule associated a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateSecurityRuleResponse' + description: OK + summary: Update a Security Rule + tags: + - SecurityRules +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: SecurityRules diff --git a/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml b/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml new file mode 100644 index 000000000..a7cc0da82 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml @@ -0,0 +1,184 @@ +components: + schemas: + DescribeLinkAccountRequest: + additionalProperties: false + properties: {} + title: DescribeLinkAccountRequest + type: object + DescribeLinkAccountResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeLinkAccountResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeLinkAccountResponse.Result' + title: DescribeLinkAccountResponse + type: object + DescribeLinkAccountResponse.AccountTableEntryStatus: + description: An enumeration. + enum: + - Success + - Pending + - Deleting + - OffBoarding + - DeleteFailed + title: AccountTableEntryStatus + type: string + DescribeLinkAccountResponse.ResponseData: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + CloudFormationTemplateURL: + title: Cloudformationtemplateurl + type: string + ExternalId: + title: Externalid + type: string + OnboardingStatus: + allOf: + $ref: '#/components/schemas/DescribeLinkAccountResponse.AccountTableEntryStatus' + default: Pending + ServiceAccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Serviceaccountid + type: string + SnsTopicArn: + title: Snstopicarn + type: string + title: ResponseData + type: object + DescribeLinkAccountResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListLinkAccountsRequest: + additionalProperties: false + properties: {} + title: ListLinkAccountsRequest + type: object + ListLinkAccountsResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListLinkAccountsResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListLinkAccountsResponse.Result' + title: ListLinkAccountsResponse + type: object + ListLinkAccountsResponse.ResponseData: + additionalProperties: false + properties: + AccountIds: + items: + maxLength: 12 + pattern: ^$|^[0-9]+$ + type: string + title: Accountids + type: array + title: ResponseData + type: object + ListLinkAccountsResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW requires you to onboard an AWS account to create and manage\ + \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\ + \ template (CFT) stack to create these roles needed for Cloud NGFW to access resources\ + \ in your AWS environment. \n\nA link account is an unverified account used to\ + \ onboard an AWS account to a cloud NGFW service based on your input. A link account\ + \ is required to run the CFT. \n\n>**Note:** You can add only one link account\ + \ per subscription.\n\n### Permission Policies\n\n| Action |\ + \ Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\ + \ Administrator |\n| ------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: | \n| Create\ + \ Link Account | ☐ | ☐ \ + \ | ☐ | \n| Delete Link Account | ☐\ + \ | ☐ | ☐ \ + \ | \n| Describe Link Account | **☑**\ + \ | **☑** | **☑** \ + \ | \n| List Link Account | **☑** | **☑**\ + \ | **☑** |\n" + title: User Onboarding using Link Account + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/linkaccounts: + get: + description: 'List all accounts linked with the an admin account. + + ' + operationId: get-v1-mgmt-linkaccounts + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListLinkAccountsRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListLinkAccountsResponse' + description: OK + summary: List Link Accounts + tags: + - UserOnboarding-LinkAccount + /v1/mgmt/linkaccounts/{accountid}: + get: + description: 'View the details of the account IDs associated with the admin + account. + + ' + operationId: get-v1-mgmt-linkaccounts-accountid + parameters: + - description: 'The unique ID of the account. + + ' + in: path + name: accountid + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLinkAccountRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLinkAccountResponse' + description: OK + summary: Describe Link Account + tags: + - UserOnboarding-LinkAccount +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: UserOnboarding-LinkAccount diff --git a/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml b/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml new file mode 100644 index 000000000..e58489f17 --- /dev/null +++ b/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml @@ -0,0 +1,266 @@ +components: + schemas: + DescribeXAccountRoleArnResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.Result' + title: DescribeXAccountRoleArnResponse + type: object + DescribeXAccountRoleArnResponse.AccountTableEntryStatus: + description: An enumeration. + enum: + - Success + - Pending + - Deleting + - OffBoarding + - DeleteFailed + title: AccountTableEntryStatus + type: string + DescribeXAccountRoleArnResponse.FirewallRoles: + additionalProperties: false + properties: + EndpointRole: + title: Endpointrole + type: string + LoggingRole: + title: Loggingrole + type: string + title: FirewallRoles + type: object + DescribeXAccountRoleArnResponse.ResponseData: + additionalProperties: false + properties: + AccountGroups: + items: + type: string + title: Accountgroups + type: array + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + AllowedMode: + enum: + - ServiceManaged + - CustomerManaged + title: Allowedmode + type: string + AvailabilityZones: + items: + type: string + title: Availabilityzones + type: array + CloudTrailRole: + title: Cloudtrailrole + type: string + DefaultRole: + title: Defaultrole + type: string + Firewall: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.FirewallRoles' + OnboardingStatus: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.AccountTableEntryStatus' + RuleStack: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.RuleStackRoles' + VpcInformations: + items: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.VpcDetails' + title: Vpcinformations + type: array + title: ResponseData + type: object + DescribeXAccountRoleArnResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeXAccountRoleArnResponse.RuleStackRoles: + additionalProperties: false + properties: + DecryptionRole: + title: Decryptionrole + type: string + title: RuleStackRoles + type: object + DescribeXAccountRoleArnResponse.SubnetDetails: + additionalProperties: false + properties: + SubnetId: + title: Subnetid + type: string + SubnetName: + title: Subnetname + type: string + required: + - SubnetId + title: SubnetDetails + type: object + DescribeXAccountRoleArnResponse.VpcDetails: + additionalProperties: false + properties: + SubnetInformations: + items: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.SubnetDetails' + title: Subnetinformations + type: array + VpcId: + title: Vpcid + type: string + VpcName: + title: Vpcname + type: string + required: + - VpcId + title: VpcDetails + type: object + ListXAccountRolesRequest: + additionalProperties: false + properties: + MaxResults: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + title: ListXAccountRolesRequest + type: object + ListXAccountRolesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListXAccountRolesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListXAccountRolesResponse.Result' + title: ListXAccountRolesResponse + type: object + ListXAccountRolesResponse.ResponseData: + additionalProperties: false + properties: + AccountIds: + items: + maxLength: 12 + pattern: ^$|^[0-9]+$ + type: string + title: Accountids + type: array + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + title: ResponseData + type: object + ListXAccountRolesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW requires you to onboard an AWS account to create and manage\ + \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\ + \ Template (CFT) stack to create these roles needed for Cloud NGFW to access resources\ + \ in your AWS environment.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global\ + \ Rulestack Administrator |\n| ------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: | \n| Put XAccount\ + \ Roles | ☐ | ☐ \ + \ | ☐ |\n| Describe XAccount Roles | **☑**\ + \ | **☑** | **☑** \ + \ | \n| List Member Accounts | **☑** \ + \ | **☑** | **☑** \ + \ | \n| Delete XAccount Roles | ☐ | ☐\ + \ | ☐ |\n" + title: User Onboarding using Endpoint Role + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/xaccountroles: + get: + description: "Lists all accounts on-boarded using endpoint role. \n" + operationId: get-v1-mgmt-xaccountroles + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListXAccountRolesRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListXAccountRolesResponse' + description: OK + summary: List Member accounts and cross account roles + tags: + - UserOnboarding-XAccountRoles + /v1/mgmt/xaccountroles/{accountid}: + get: + description: 'Retrieve the information of a specific account. + + ' + operationId: get-v1-mgmt-xaccountroles-accountid + parameters: + - description: 'The unique ID of the account. + + ' + in: path + name: accountid + required: true + schema: + type: string + - description: '' + in: query + name: describeaccount + required: false + schema: + default: false + title: Describeaccount + type: boolean + - description: '' + in: query + name: vpcid + required: false + schema: + title: Vpcid + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse' + description: OK + summary: Describe Member accounts and cross account Roles + tags: + - UserOnboarding-XAccountRoles +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: UserOnboarding-XAccountRoles diff --git a/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml b/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml new file mode 100644 index 000000000..441d3e287 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml @@ -0,0 +1,200 @@ +components: + schemas: + AssociateGlobalRuleStackRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - RuleStackName + - AccountId + title: AssociateGlobalRuleStackRequest + type: object + AssociateGlobalRuleStackResponse: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + ResponseStatus: + $ref: '#/components/schemas/AssociateGlobalRuleStackResponse.Result' + RuleStackName: + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + title: AssociateGlobalRuleStackResponse + type: object + AssociateGlobalRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + AssociateRuleStackRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - RuleStackName + - AccountId + title: AssociateRuleStackRequest + type: object + AssociateRuleStackResponse: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + ResponseStatus: + $ref: '#/components/schemas/AssociateRuleStackResponse.Result' + RuleStackName: + title: Rulestackname + type: string + UpdateToken: + title: Updatetoken + type: string + title: AssociateRuleStackResponse + type: object + AssociateRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "There are two types of rulestacks:\n- **Local rulestack**-Consists\ + \ of local rules and manages them. A local account administrator can associate\ + \ local rulestacks to an NGFW in their AWS account.\n- **Global rulestack**-The\ + \ AWS Firewall Manager administrator can author a Firewall Manager Service (FMS)\ + \ policy and associate a global rulestack with it. AWS Firewall Manager manages\ + \ the global rulestack across all these NGFWs in different AWS accounts of an\ + \ AWS Organization. \n\nA global rulestack configures pre-rules and post-rules\ + \ on each NGFW. The AWS Firewall Manager administrator can author a FMS policy\ + \ and associate a global rulestack with it. AWS Firewall Manager manages the global\ + \ rulestack across all these NGFWs in different AWS accounts in the AWS Organization.\ + \ A global rulestack configures pre-rules and post-rules on each NGFW. \n\n>**Note:**\ + \ For FMS policy, there is no Local Firewall administrator. The local rulestack\ + \ administrator associates the local rulestacks to an NGFW. If the FMS service\ + \ handshake is successful, any local firewall administrator call must be disabled,\ + \ and the local rulestack administrator can associate the local rulestack to a\ + \ NGFW.\n\n### Permission Policies\n\n| Action | Local\ + \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ----------------------------- | :---------------------------: | :---------------------------:\ + \ | :----------------------------: | \n| Associate a Global Rulestack | ☐\ + \ | ☐ | **☑** \ + \ | \n| Associate a Local Rulestack | **☑**\ + \ | **☑** | ☐ \ + \ | \n\n>**Note:** The maximum local and global rulestacks you can create\ + \ per subscription is 10. \n" + title: Manage Association Rulestacks + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls/{ngfirewallname}/globalrulestack: + put: + description: 'Associate a global rulestack to a NGFW. + + ' + operationId: put-v1-config-ngfirewalls-ngfirewallname-globalrulestack + parameters: + - description: 'The name of the NGFW to which you want to associate the global + rulestack. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateGlobalRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateGlobalRuleStackResponse' + description: OK + summary: Associate a GlobalRuleStack + tags: + - AssociationRulestacks + /v1/config/ngfirewalls/{ngfirewallname}/rulestack: + put: + description: 'Associate a local rulestack to a NGFW. + + ' + operationId: put-v1-config-ngfirewalls-ngfirewallname-rulestack + parameters: + - description: 'The name of the NGFW to which you want to associate the local + rulestack. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AssociateRuleStackResponse' + description: OK + summary: Associate a RuleStack + tags: + - AssociationRulestacks +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: AssociationRulestacks diff --git a/static/cloudngfw/aws/spec/api/CertificateObjects.yaml b/static/cloudngfw/aws/spec/api/CertificateObjects.yaml new file mode 100644 index 000000000..b176e998a --- /dev/null +++ b/static/cloudngfw/aws/spec/api/CertificateObjects.yaml @@ -0,0 +1,602 @@ +components: + schemas: + CreateCertificateObjectRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + CertificateSelfSigned: + default: false + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + maxLength: 512 + title: Description + type: string + Name: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + required: + - Name + title: CreateCertificateObjectRequest + type: object + CreateCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateCertificateObjectResponse.Result' + title: CreateCertificateObjectResponse + type: object + CreateCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + CreateCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/CreateCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteCertificateObjectRequest: + additionalProperties: false + properties: {} + title: DeleteCertificateObjectRequest + type: object + DeleteCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.Result' + title: DeleteCertificateObjectResponse + type: object + DeleteCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + DeleteCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/DeleteCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeCertificateObjectRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + default: 100 + exclusiveMaximum: 101 + exclusiveMinimum: 0 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + Running: + default: false + title: Running + type: boolean + title: DescribeCertificateObjectRequest + type: object + DescribeCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.Result' + title: DescribeCertificateObjectResponse + type: object + DescribeCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + DescribeCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectCandidate: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails' + CertificateObjectRunning: + $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListCertificateObjectResponse.Result' + title: ListCertificateObjectResponse + type: object + ListCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectCandidate: + items: + type: string + title: Certificateobjectcandidate + type: array + CertificateObjectRunning: + items: + type: string + title: Certificateobjectrunning + type: array + CertificateObjectUncommitted: + items: + $ref: '#/components/schemas/ListCertificateObjectResponse.UncommittedCertificateObjectDetails' + title: Certificateobjectuncommitted + type: array + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCertificateObjectResponse.UncommittedCertificateObjectDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedCertificateObjectDetails + type: object + UpdateCertificateObjectRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + CertificateSelfSigned: + default: false + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + maxLength: 512 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: UpdateCertificateObjectRequest + type: object + UpdateCertificateObjectResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.Result' + title: UpdateCertificateObjectResponse + type: object + UpdateCertificateObjectResponse.CertificateDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + CertificateSelfSigned: + title: Certificateselfsigned + type: boolean + CertificateSignerArn: + title: Certificatesignerarn + type: string + Description: + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + title: CertificateDetails + type: object + UpdateCertificateObjectResponse.ResponseData: + additionalProperties: false + properties: + CertificateObjectEntry: + $ref: '#/components/schemas/UpdateCertificateObjectResponse.CertificateDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateCertificateObjectResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW uses certificates to access an intelligent feed and to\ + \ enable outbound decryption. These certificates are stored in the [AWS Secrets\ + \ Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).\ + \ \n\n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\ + | ----------------------------- | :--------------------------: | :---------------------------:\ + \ | :---------------------------: |\n| Create a Certificate Object | ☐\ + \ | **☑** | **☑** \ + \ |\n| Delete a Certificate Object | ☐ |\ + \ **☑** | **☑** | \ + \ \n| Update a Certificate Object | ☐ \ + \ | **☑** | **☑** | \n| Describe\ + \ a Certificate Object | **☑** | **☑** \ + \ | **☑** |\n| List Certificate Objects |\ + \ **☑** | **☑** | **☑** \ + \ |\n" + title: Manage Certificate Objects + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/certificates: + get: + description: 'Returns the list of certificate objects associated with the specified + rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-certificates + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListCertificateObjectResponse' + description: OK + summary: List CertificateObjects + tags: + - CertificateObjects + post: + description: 'Create a server certificate object for the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-certificates + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCertificateObjectResponse' + description: OK + summary: Create a CertificateObject + tags: + - CertificateObjects + /v1/config/rulestacks/{rulestackname}/certificates/{name}: + delete: + description: 'Delete a certificate object associated with the specified rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCertificateObjectResponse' + description: OK + summary: Delete a CertificateObject + tags: + - CertificateObjects + get: + description: "Returns the certificate object metadata associated with the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCertificateObjectResponse' + description: OK + summary: Describe a CertificateObject + tags: + - CertificateObjects + put: + description: 'Update the certificate object associated with the specified rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-certificates-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the certificate. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCertificateObjectRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCertificateObjectResponse' + description: OK + summary: Update a CertificateObject + tags: + - CertificateObjects +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: CertificateObjects diff --git a/static/cloudngfw/aws/spec/api/FQDNList.yaml b/static/cloudngfw/aws/spec/api/FQDNList.yaml new file mode 100644 index 000000000..96d5efdfe --- /dev/null +++ b/static/cloudngfw/aws/spec/api/FQDNList.yaml @@ -0,0 +1,624 @@ +components: + schemas: + CreateFqdnListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + Name: + maxLength: 58 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + required: + - Name + - FqdnList + title: CreateFqdnListRequest + type: object + CreateFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateFqdnListResponse.Result' + title: CreateFqdnListResponse + type: object + CreateFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + CreateFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/CreateFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteFqdnListRequest: + additionalProperties: false + properties: {} + title: DeleteFqdnListRequest + type: object + DeleteFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteFqdnListResponse.Result' + title: DeleteFqdnListResponse + type: object + DeleteFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + DeleteFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/DeleteFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeFqdnListRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + Running: + default: false + title: Running + type: boolean + title: DescribeFqdnListRequest + type: object + DescribeFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeFqdnListResponse.Result' + title: DescribeFqdnListResponse + type: object + DescribeFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: FqdnListDetails + type: object + DescribeFqdnListResponse.FqdnListInfo: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: FqdnListInfo + type: object + DescribeFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListCandidate: + $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListDetails' + FqdnListRunning: + $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListInfo' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListFqdnListResponse.Result' + title: ListFqdnListResponse + type: object + ListFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListCandidate: + items: + type: string + title: Fqdnlistcandidate + type: array + FqdnListRunning: + items: + type: string + title: Fqdnlistrunning + type: array + FqdnListUncommitted: + items: + $ref: '#/components/schemas/ListFqdnListResponse.UncommittedFqdnListDetails' + title: Fqdnlistuncommitted + type: array + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFqdnListResponse.UncommittedFqdnListDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + operation: + title: Operation + type: string + required: + - Name + - operation + title: UncommittedFqdnListDetails + type: object + UpdateFqdnListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + required: + - FqdnList + title: UpdateFqdnListRequest + type: object + UpdateFqdnListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFqdnListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFqdnListResponse.Result' + title: UpdateFqdnListResponse + type: object + UpdateFqdnListResponse.FqdnListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + FqdnList: + items: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + type: string + title: Fqdnlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - FqdnList + title: FqdnListDetails + type: object + UpdateFqdnListResponse.ResponseData: + additionalProperties: false + properties: + FqdnListEntry: + $ref: '#/components/schemas/UpdateFqdnListResponse.FqdnListDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateFqdnListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Address objects with type Fully Qualified Domain Name (FQDN). An FQDN\ + \ object provides further ease of use because DNS provides the FQDN resolution\ + \ to the IP addresses instead of you needing to know the IP addresses and manually\ + \ updating them every time the FQDN resolves to a new IP address.\n\nThese are\ + \ the following formats for FQDN. \n\n- Host names are composed of a sequence\ + \ of labels concatenated with dots\n- Each label must be from 1 to 63 characters\ + \ long\n- The entire host name, including the delimiting dots, has a maximum of\ + \ 253 ASCII characters\n- DNS names can contain only alphabetical characters (A-Z),\ + \ numeric characters (0-9), minus sign (-), and period (.) \n\nFor more information,\ + \ see [FQDN formats](https://en.wikipedia.org/wiki/Hostname).\n\n### Permission\ + \ Policies\n\n| Action | Local Firewall Administrator |\ + \ Local Rulestack Administrator | Global Rulestack Administrator |\n| ----------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Create FQDN List | ☐ | **☑**\ + \ | **☑** | \n| Delete FQDN List \ + \ | ☐ | **☑** |\ + \ **☑** | \n| Update FQDN List\ + \ | ☐ | **☑** \ + \ | **☑** | \n| List FQDN Lists | **☑**\ + \ | **☑** | **☑** \ + \ |\n| Describe FQDN List | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage FQDN List + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/fqdnlists: + get: + description: "Retrieve the information about the FDQN lists for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-fqdnlists + parameters: + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + - description: '' + in: query + name: describe + required: false + schema: + default: false + title: Describe + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListFqdnListResponse' + description: OK + summary: List FQDNLists + tags: + - FQDNList + post: + description: 'Create a FQDN list for a rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-fqdnlists + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFqdnListResponse' + description: OK + summary: Create a FQDNList + tags: + - FQDNList + /v1/config/rulestacks/{rulestackname}/fqdnlists/{name}: + delete: + description: "Delete the FDQN list associated with a rulestack. \n" + operationId: delete-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFqdnListResponse' + description: OK + summary: Delete a FQDNList + tags: + - FQDNList + get: + description: "Return the information the FDQN list associated with a rulestack.\ + \ \n" + operationId: get-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFqdnListResponse' + description: OK + summary: Describe a FQDNList + tags: + - FQDNList + put: + description: 'Update the FDQN list associated with a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-fqdnlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the FQDN list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFqdnListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFqdnListResponse' + description: OK + summary: Update a FQDNList + tags: + - FQDNList +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: FQDNList diff --git a/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml b/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml new file mode 100644 index 000000000..d207627a9 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml @@ -0,0 +1,412 @@ +components: + schemas: + DescribeFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.Result' + title: DescribeFileBlockingActionResponse + type: object + DescribeFileBlockingActionResponse.FileBlockingEntry: + additionalProperties: false + properties: + Action: + default: alert + enum: + - alert + - block + - continue + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + default: both + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FileBlockingEntry + type: object + DescribeFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingCandidate: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry' + FileBlockingRunning: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry' + FileType: + title: Filetype + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListFileBlockingActionResponse.Result' + title: ListFileBlockingActionResponse + type: object + ListFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingCandidate: + items: + type: string + title: Fileblockingcandidate + type: array + FileBlockingRunning: + items: + type: string + title: Fileblockingrunning + type: array + FileBlockingUncommitted: + items: + $ref: '#/components/schemas/ListFileBlockingActionResponse.UncommittedFileBlocking' + title: Fileblockinguncommitted + type: array + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFileBlockingActionResponse.UncommittedFileBlocking: + additionalProperties: false + properties: + Name: + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedFileBlocking + type: object + UpdateFileBlockingActionRequest: + additionalProperties: false + properties: + Action: + enum: + - alert + - block + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - Direction + - Action + title: UpdateFileBlockingActionRequest + type: object + UpdateFileBlockingActionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.Result' + title: UpdateFileBlockingActionResponse + type: object + UpdateFileBlockingActionResponse.FileBlockingEntry: + additionalProperties: false + properties: + Action: + default: alert + enum: + - alert + - block + - continue + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Direction: + default: both + enum: + - upload + - download + - both + title: Direction + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FileBlockingEntry + type: object + UpdateFileBlockingActionResponse.ResponseData: + additionalProperties: false + properties: + FileBlockingEntry: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse.FileBlockingEntry' + FileType: + title: Filetype + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateFileBlockingActionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Allows you to identify specific file types that you want to block.\ + \ \n\n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\ + | ------------------------------- | :--------------------------: | :---------------------------:\ + \ | :---------------------------: |\n| Create a File Blocking Action | ☐\ + \ | **☑** | **☑** \ + \ | \n| Update a File Blocking Action | ☐ \ + \ | **☑** | **☑** | \ + \ \n| Delete a File Blocking Action | ☐ \ + \ | **☑** | **☑** | \n|\ + \ Describe a File Blocking Action | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage File Blocking Action + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes: + get: + description: 'Retrieves the metadata for the file blocking profile defined for + a specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + - description: '' + in: query + name: describe + required: false + schema: + default: false + title: Describe + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListFileBlockingActionResponse' + description: OK + summary: List File Blocking Actions + tags: + - FileBlockingAction + /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes/{type}: + get: + description: 'Use this command to return the data related to the file blocking + profile attached to a specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The type of file blocking action. + + ' + in: path + name: type + required: true + schema: + type: string + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeFileBlockingActionResponse' + description: OK + summary: Describe File Blocking Action + tags: + - FileBlockingAction + put: + description: 'Update the file blocking profile to a specified rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The type of file blocking action. + + ' + in: path + name: type + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFileBlockingActionRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFileBlockingActionResponse' + description: OK + summary: Update File Blocking Action + tags: + - FileBlockingAction +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: FileBlockingAction diff --git a/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml b/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml new file mode 100644 index 000000000..8674828af --- /dev/null +++ b/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml @@ -0,0 +1,579 @@ +components: + schemas: + CreateIntelligentFeedRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + maxLength: 512 + title: Description + type: string + FeedURL: + maxLength: 255 + minLength: 1 + pattern: ^(http|https)://.+$ + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Name: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Time: + default: 3 + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + required: + - Name + - FeedURL + - Type + - Frequency + title: CreateIntelligentFeedRequest + type: object + CreateIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.Result' + title: CreateIntelligentFeedResponse + type: object + CreateIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + CreateIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/CreateIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteIntelligentFeedRequest: + additionalProperties: false + properties: {} + title: DeleteIntelligentFeedRequest + type: object + DeleteIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.Result' + title: DeleteIntelligentFeedResponse + type: object + DeleteIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + DeleteIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeIntelligentFeedRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + Running: + default: false + title: Running + type: boolean + title: DescribeIntelligentFeedRequest + type: object + DescribeIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.Result' + title: DescribeIntelligentFeedResponse + type: object + DescribeIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + DescribeIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedCandidate: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails' + FeedRunning: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateIntelligentFeedRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + maxLength: 512 + title: Description + type: string + FeedURL: + maxLength: 255 + minLength: 1 + pattern: ^(http|https)://.+$ + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + default: 3 + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - FeedURL + - Type + - Frequency + title: UpdateIntelligentFeedRequest + type: object + UpdateIntelligentFeedResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.Result' + title: UpdateIntelligentFeedResponse + type: object + UpdateIntelligentFeedResponse.FeedDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Certificate: + title: Certificate + type: string + Description: + title: Description + type: string + FeedURL: + title: Feedurl + type: string + Frequency: + enum: + - HOURLY + - DAILY + title: Frequency + type: string + Time: + maximum: 23 + minimum: 0 + title: Time + type: integer + Type: + enum: + - IP_LIST + - URL_LIST + title: Type + type: string + UpdateToken: + default: '1' + title: Updatetoken + type: string + title: FeedDetails + type: object + UpdateIntelligentFeedResponse.ResponseData: + additionalProperties: false + properties: + FeedEntry: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse.FeedDetails' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateIntelligentFeedResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "An intelligent feed, also called an external dynamic list, is a list\ + \ that you or third-parties can host on an external web server. You can specify\ + \ the Intelligence Feed as the source or destination of your security rule. The\ + \ NGFW checks the hosted list at hourly or daily intervals, and enforces your\ + \ security rules based on the latest entries on your list, without requiring you\ + \ to make any configuration changes. \n\nFor more information about feeds, see\ + \ [EDL hosting service](https://docs.paloaltonetworks.com/resources/edl-hosting-service.html).\n\ + \n### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator|\n| ---------------------------\ + \ | :--------------------------: | :---------------------------: | :---------------------------:\ + \ |\n| Create Intelligent Feed | ☐ | **☑**\ + \ | **☑** |\n| Delete Intelligent Feed\ + \ | ☐ | **☑** | **☑**\ + \ | \n| Update Intelligent Feed |\ + \ ☐ | **☑** | **☑** \ + \ | \n| Describe Intelligent Feed | **☑** \ + \ | **☑** | **☑** |\n|\ + \ List Intelligent Feeds | **☑** | **☑** \ + \ | **☑** |\n" + title: Manage Intelligent Feed + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/feeds: + post: + description: 'Create intelligence feed to analyze threat data. + + ' + operationId: post-v1-config-rulestacks-rulestackname-feeds + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateIntelligentFeedResponse' + description: OK + summary: Create an IntelligentFeed + tags: + - IntelligentFeed + /v1/config/rulestacks/{rulestackname}/feeds/{name}: + delete: + description: 'Delete the threat intelligence feeds received for a specified + rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteIntelligentFeedResponse' + description: OK + summary: Delete an IntelligentFeed + tags: + - IntelligentFeed + get: + description: "Returns the intelligence feed data collected for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeIntelligentFeedResponse' + description: OK + summary: Describe an IntelligentFeed + tags: + - IntelligentFeed + put: + description: 'Update the threat intelligence feeds for a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-feeds-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the feed. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateIntelligentFeedRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateIntelligentFeedResponse' + description: OK + summary: Update an IntelligentFeed + tags: + - IntelligentFeed +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: IntelligentFeed diff --git a/static/cloudngfw/aws/spec/api/LogProfile.yaml b/static/cloudngfw/aws/spec/api/LogProfile.yaml new file mode 100644 index 000000000..12402855e --- /dev/null +++ b/static/cloudngfw/aws/spec/api/LogProfile.yaml @@ -0,0 +1,232 @@ +components: + schemas: + ReadFWResourceLogProfileRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + required: + - AccountId + title: ReadFWResourceLogProfileRequest + type: object + ReadFWResourceLogProfileResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.Result' + title: ReadFWResourceLogProfileResponse + type: object + ReadFWResourceLogProfileResponse.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + ReadFWResourceLogProfileResponse.ResponseData: + properties: + AccountId: + title: Accountid + type: string + CloudWatchMetricNamespace: + title: Cloudwatchmetricnamespace + type: string + FirewallName: + title: Firewallname + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.LogProfileConfig' + title: Logdestinationconfigs + type: array + title: ResponseData + type: object + ReadFWResourceLogProfileResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateFWResourceLogProfileRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest.LogProfileConfig' + title: Logdestinationconfigs + type: array + required: + - LogDestinationConfigs + title: UpdateFWResourceLogProfileRequest + type: object + UpdateFWResourceLogProfileRequest.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + UpdateFWResourceLogProfileResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.Result' + title: UpdateFWResourceLogProfileResponse + type: object + UpdateFWResourceLogProfileResponse.LogProfileConfig: + additionalProperties: false + properties: + LogDestination: + title: Logdestination + type: string + LogDestinationType: + title: Logdestinationtype + type: string + LogType: + title: Logtype + type: string + required: + - LogDestination + - LogDestinationType + - LogType + title: LogProfileConfig + type: object + UpdateFWResourceLogProfileResponse.ResponseData: + properties: + FirewallName: + title: Firewallname + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.LogProfileConfig' + title: Logdestinationconfigs + type: array + title: ResponseData + type: object + UpdateFWResourceLogProfileResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Log entries contain properties, activities, or behaviors associated\ + \ with the logged event, such as the application type or the IP address of an\ + \ attacker. \n\nCloud NGFW can captures threat, traffic, and decryption profiles.\ + \ For more information, see [Configure logging for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws).\n\ + \n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\ + \ | :----------------------------: |\n| Update Log Profile | **☑**\ + \ | ☐ | ☐ \ + \ |\n| Read Log Profile | **☑** |\ + \ **☑** | **☑** | \n" + title: Manage Log Profiles + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls/{ngfirewallname}/logprofile: + get: + description: 'Return the log destination of a specific NGFW. + + ' + operationId: get-v1-config-ngfirewalls-ngfirewallname-logprofile + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceLogProfileRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceLogProfileResponse' + description: OK + summary: Read logprofile config of a firewall + tags: + - LogProfile + put: + description: "Update the log destination of a specific NGFW. \n\n>The destination\ + \ is Fluentd, hence commit is not needed.\n" + operationId: put-v1-config-ngfirewalls-ngfirewallname-logprofile + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse' + description: OK + summary: Update logprofile config of a firewall + tags: + - LogProfile +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: LogProfile diff --git a/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml b/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml new file mode 100644 index 000000000..11ff63582 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml @@ -0,0 +1,288 @@ +components: + schemas: + DescribeProgrammaticAccessRequest: + additionalProperties: false + properties: {} + title: DescribeProgrammaticAccessRequest + type: object + DescribeProgrammaticAccessResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.Result' + title: DescribeProgrammaticAccessResponse + type: object + DescribeProgrammaticAccessResponse.ResponseData: + additionalProperties: false + properties: + Enabled: + title: Enabled + type: boolean + MaxExpiryTime: + maximum: 1440 + minimum: 480 + title: Maxexpirytime + type: integer + title: ResponseData + type: object + DescribeProgrammaticAccessResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + GetCloudFirewallAdminTokensRequest: + additionalProperties: false + properties: + ExpiryTime: + default: 30 + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + title: GetCloudFirewallAdminTokensRequest + type: object + GetCloudFirewallAdminTokensResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.Result' + title: GetCloudFirewallAdminTokensResponse + type: object + GetCloudFirewallAdminTokensResponse.ResponseData: + additionalProperties: false + properties: + Enabled: + title: Enabled + type: boolean + ExpiryTime: + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + SubscriptionKey: + title: Subscriptionkey + type: string + TokenId: + title: Tokenid + type: string + title: ResponseData + type: object + GetCloudFirewallAdminTokensResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + GetCloudGlobalRulestackAdminTokensRequest: + additionalProperties: false + properties: + ExpiryTime: + default: 30 + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + title: GetCloudGlobalRulestackAdminTokensRequest + type: object + GetCloudGlobalRulestackAdminTokensResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.Result' + title: GetCloudGlobalRulestackAdminTokensResponse + type: object + GetCloudGlobalRulestackAdminTokensResponse.ResponseData: + additionalProperties: false + properties: + Enabled: + title: Enabled + type: boolean + ExpiryTime: + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + SubscriptionKey: + title: Subscriptionkey + type: string + TokenId: + title: Tokenid + type: string + title: ResponseData + type: object + GetCloudGlobalRulestackAdminTokensResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + GetCloudRulestackAdminTokensRequest: + additionalProperties: false + properties: + ExpiryTime: + default: 30 + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + title: GetCloudRulestackAdminTokensRequest + type: object + GetCloudRulestackAdminTokensResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.Result' + title: GetCloudRulestackAdminTokensResponse + type: object + GetCloudRulestackAdminTokensResponse.ResponseData: + additionalProperties: false + properties: + Enabled: + title: Enabled + type: boolean + ExpiryTime: + maximum: 1440 + minimum: 5 + title: Expirytime + type: integer + SubscriptionKey: + title: Subscriptionkey + type: string + TokenId: + title: Tokenid + type: string + title: ResponseData + type: object + GetCloudRulestackAdminTokensResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: 'Generate JSON Web Token (JWT) to get programmatic access and authenticate + API calls. + + ' + title: Manage API Tokens + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/tokens: + get: + description: '' + operationId: get-v1-mgmt-tokens + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeProgrammaticAccessRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeProgrammaticAccessResponse' + description: OK + summary: Describe programmatic access + tags: + - ManageAPITokens + /v1/mgmt/tokens/cloudfirewalladmin: + get: + description: '' + operationId: get-v1-mgmt-tokens-cloudfirewalladmin + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudFirewallAdminTokensRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse' + description: OK + summary: Get programmatic access token for CloudFirewallAdmin + tags: + - ManageAPITokens + /v1/mgmt/tokens/cloudglobalrulestackadmin: + get: + description: '' + operationId: get-v1-mgmt-tokens-cloudglobalrulestackadmin + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse' + description: OK + summary: Get programmatic access token for CloudGlobalRulestackAdmin + tags: + - ManageAPITokens + /v1/mgmt/tokens/cloudrulestackadmin: + get: + description: '' + operationId: get-v1-mgmt-tokens-cloudrulestackadmin + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudRulestackAdminTokensRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse' + description: OK + summary: Get programmatic access token for CloudRulestackAdmin + tags: + - ManageAPITokens +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageAPITokens diff --git a/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml b/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml new file mode 100644 index 000000000..c63fba374 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml @@ -0,0 +1,660 @@ +components: + schemas: + CreateCustomURLCategoryRequest: + additionalProperties: false + properties: + Action: + default: none + enum: + - none + - allow + - alert + - block + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + Name: + maxLength: 29 + pattern: ^[a-zA-Z][0-9a-zA-Z-]*$ + title: Name + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - Name + - UrlTargets + title: CreateCustomURLCategoryRequest + type: object + CreateCustomURLCategoryResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateCustomURLCategoryResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateCustomURLCategoryResponse.Result' + title: CreateCustomURLCategoryResponse + type: object + CreateCustomURLCategoryResponse.CustomURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - UrlTargets + title: CustomURLCategory + type: object + CreateCustomURLCategoryResponse.ResponseData: + additionalProperties: false + properties: + CustomURLEntry: + $ref: '#/components/schemas/CreateCustomURLCategoryResponse.CustomURLCategory' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateCustomURLCategoryResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteCustomURLCategoryRequest: + additionalProperties: false + properties: {} + title: DeleteCustomURLCategoryRequest + type: object + DeleteCustomURLCategoryResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.Result' + title: DeleteCustomURLCategoryResponse + type: object + DeleteCustomURLCategoryResponse.CustomURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - UrlTargets + title: CustomURLCategory + type: object + DeleteCustomURLCategoryResponse.ResponseData: + additionalProperties: false + properties: + CustomURLEntry: + $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.CustomURLCategory' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteCustomURLCategoryResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeCustomURLCategoryResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.Result' + title: DescribeCustomURLCategoryResponse + type: object + DescribeCustomURLCategoryResponse.CustomURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - UrlTargets + title: CustomURLCategory + type: object + DescribeCustomURLCategoryResponse.CustomURLCategoryDB: + additionalProperties: false + properties: + URLCategoryEntry: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategory' + operation: + enum: + - add + - update + - delete + title: Operation + type: string + pk: + title: Pk + type: string + sk: + maxLength: 29 + pattern: ^[a-zA-Z][0-9a-zA-Z-]*$ + title: Sk + type: string + required: + - pk + - sk + title: CustomURLCategoryDB + type: object + DescribeCustomURLCategoryResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + URLCategoryCandidate: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB' + URLCategoryRunning: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB' + title: ResponseData + type: object + DescribeCustomURLCategoryResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCustomURLCategoriesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListCustomURLCategoriesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListCustomURLCategoriesResponse.Result' + title: ListCustomURLCategoriesResponse + type: object + ListCustomURLCategoriesResponse.ResponseData: + additionalProperties: false + properties: + CategoriesCandidate: + items: + type: string + title: Categoriescandidate + type: array + CategoriesPreDefined: + items: + type: string + title: Categoriespredefined + type: array + CategoriesRunning: + items: + type: string + title: Categoriesrunning + type: array + CategoriesUncommitted: + items: + $ref: '#/components/schemas/ListCustomURLCategoriesResponse.UncommittedCategory' + title: Categoriesuncommitted + type: array + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListCustomURLCategoriesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListCustomURLCategoriesResponse.UncommittedCategory: + additionalProperties: false + properties: + Name: + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedCategory + type: object + UpdateCustomURLCategoryRequest: + additionalProperties: false + properties: + Action: + default: none + enum: + - none + - allow + - alert + - block + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - UrlTargets + title: UpdateCustomURLCategoryRequest + type: object + UpdateCustomURLCategoryResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.Result' + title: UpdateCustomURLCategoryResponse + type: object + UpdateCustomURLCategoryResponse.CustomURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + AuditComment: + title: Auditcomment + type: string + Description: + maxLength: 255 + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + UrlTargets: + items: + maxLength: 255 + type: string + title: Urltargets + type: array + required: + - UrlTargets + title: CustomURLCategory + type: object + UpdateCustomURLCategoryResponse.ResponseData: + additionalProperties: false + properties: + CustomURLEntry: + $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.CustomURLCategory' + Name: + title: Name + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateCustomURLCategoryResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Palo Alto Networks provides a set of predefined URL filtering categories.\ + \ \nYou can also specify your own URL filtering categories using a customer URL\ + \ category object. For example, create a custom list of URLs that you want to\ + \ use as match criteria in a Security policy rule. \nYou can use the custom URL\ + \ categories as a security policy match criteria. \n\nFor more information, refer\ + \ to the following links.\n- [Where Can I Find a Complete List of PAN-DB URL Filtering\ + \ Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\ + - [Palo Alto Networks URL filtering](https://urlfiltering.paloaltonetworks.com/)\n\ + - [Create a custom URL category for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/cloud-ngfw-security-rule-objects/create-a-custom-url-category-for-cloud-ngfw-on-aws)\n\ + \n### Permission Policies\n\n| Action | Local\ + \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| -------------------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ Custom URL Category | ☐ | **☑**\ + \ | **☑** | \n| Delete Custom URL Category\ + \ | ☐ | **☑** \ + \ | **☑** | \n| Update Custom\ + \ URL Category | ☐ | **☑** \ + \ | **☑** | \n| Describe Custom URL Category\ + \ | **☑** | **☑** |\ + \ **☑** |\n| List Custom URL Categories |\ + \ **☑** | **☑** | **☑**\ + \ |\n" + title: Manage Custom URL Categories + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/urlcustomcategories: + get: + description: 'Retrieve the data of the custom URL categories of a specified + rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-urlcustomcategories + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListCustomURLCategoriesResponse' + description: OK + summary: List Custom URL Categories + tags: + - ManageCustomURLCategories + post: + description: 'Create a custom URL filtering object to specify exceptions to + URL category enforcement, and to create a custom URL category based on multiple + URL categories. + + ' + operationId: post-v1-config-rulestacks-rulestackname-urlcustomcategories + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCustomURLCategoryRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateCustomURLCategoryResponse' + description: OK + summary: Create Custom URL Category + tags: + - ManageCustomURLCategories + /v1/config/rulestacks/{rulestackname}/urlcustomcategories/{name}: + delete: + description: "Delete a custom URL category for a specified rulestack. \n" + operationId: delete-v1-config-rulestacks-rulestackname-urlcustomcategories-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'URL Category. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCustomURLCategoryRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteCustomURLCategoryResponse' + description: OK + summary: Delete Custom URL Category + tags: + - ManageCustomURLCategories + get: + description: 'Return the custom URL category of a specified rule group. This + command describes custom categories and the default predefined ones. + + ' + operationId: get-v1-config-rulestacks-rulestackname-urlcustomcategories-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'URL Category. + + ' + in: path + name: name + required: true + schema: + type: string + - description: '' + in: query + name: running + required: false + schema: + default: true + title: Running + type: boolean + - description: '' + in: query + name: candidate + required: false + schema: + default: false + title: Candidate + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCustomURLCategoryResponse' + description: OK + summary: Describe Custom URL Category + tags: + - ManageCustomURLCategories + put: + description: 'Modify the custom URL category of a specified rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-urlcustomcategories-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'URL Category. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCustomURLCategoryRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateCustomURLCategoryResponse' + description: OK + summary: Update Custom URL Category + tags: + - ManageCustomURLCategories +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageCustomURLCategories diff --git a/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml b/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml new file mode 100644 index 000000000..f0513e30c --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml @@ -0,0 +1,3312 @@ +components: + schemas: + model.CloudwatchMetrics: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + required: + - AccountId + - CloudWatchMetricNamespace + type: object + model.EgressNATConfig: + properties: + Enabled: + type: boolean + Settings: + $ref: '#/components/schemas/model.EgressNATSettings' + type: object + model.EgressNATSettings: + properties: + IPAMPoolId: + type: string + IPPoolType: + enum: + - AWSService + - BYOIP + type: string + type: object + model.EndpointConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + EgressNATEnabled: + type: boolean + EndpointId: + type: string + Mode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Prefixes: + $ref: '#/components/schemas/model.PrefixInfo' + RejectedReason: + type: string + Status: + enum: + - Pending + - Accepted + - Rejected + - Created + - Creating + - Deleting + type: string + SubnetId: + type: string + VpcId: + type: string + ZoneId: + type: string + required: + - Mode + type: object + model.FirewallRoles: + properties: + EndpointRole: + type: string + LoggingRole: + type: string + type: object + model.GWLBConfig: + properties: + DeregistrationDelay: + default: 300 + type: integer + RejectedFlowCountAlertThreshold: + default: 10 + type: integer + RejectedFlowCountTCPAlertThreshold: + default: 10 + type: integer + SessionRebalanceEnabled: + default: false + description: Omitempty skips creation of the field when false + type: boolean + TCPIdleTimeout: + default: 350 + type: integer + type: object + model.Ipv6Config: + properties: + Enabled: + type: boolean + type: object + model.LogConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + LogDestination: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + items: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + type: array + RoleType: + enum: + - ResourceBased + - IamBased + type: string + required: + - LogDestination + - LogDestinationType + - LogType + - RoleType + type: object + model.Notification: + properties: + ExpiryTime: + type: integer + Id: + type: string + Link: + $ref: '#/components/schemas/model.NotificationLink' + Msg: + type: string + type: object + model.NotificationLink: + properties: + Target: + type: string + Text: + type: string + type: object + model.PrefixConfig: + properties: + Cidrs: + items: + type: string + type: array + type: object + model.PrefixInfo: + properties: + PrivatePrefix: + $ref: '#/components/schemas/model.PrefixConfig' + PublicPrefix: + $ref: '#/components/schemas/model.PrefixConfig' + type: object + model.PrivateAccessConfig: + properties: + ResourceID: + type: string + Type: + enum: + - NetworkLoadBalancer + type: string + type: object + model.PublicIP: + properties: + IPAddress: + type: string + IPSource: + type: string + IPStatus: + type: string + type: object + model.ResourceStatus: + properties: + DeviceRuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + DeviceRuleStackCommitState: + enum: + - Submitted + - None + type: string + DeviceRuleStackCommitStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + FailureReason: + type: string + FirewallStatus: + enum: + - CREATING + - UPDATING + - DELETING + - CREATE_COMPLETE + - UPDATE_COMPLETE + - CREATE_FAIL + - UPDATE_FAIL + - DELETE_FAIL + - DELETE_COMPLETE + type: string + GlobalRuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + GlobalRuleStackStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + PublicIPs: + items: + $ref: '#/components/schemas/model.PublicIP' + type: array + RuleStackCommitInfo: + $ref: '#/components/schemas/model.RuleStackCommitData' + RuleStackStatus: + enum: + - Running + - Uncommitted + - Precommit + - PrecommitDone + - PrevalidateDone + - Committing + - Failed + - Success + type: string + SCMAssocStatus: + type: boolean + type: object + model.RuleStackCommitData: + properties: + CommitMessages: + items: + type: string + type: array + CommitTS: + type: string + type: object + model.RuleStackRoles: + properties: + DecryptionRole: + type: string + NetworkMonitoringRole: + type: string + type: object + model.SubnetMapping: + properties: + AvailabilityZone: + type: string + AvailabilityZoneId: + type: string + SubnetId: + type: string + type: object + model.TagEntry: + properties: + Key: + maxLength: 128 + minLength: 1 + type: string + Value: + maxLength: 256 + minLength: 1 + type: string + type: object + model.UserIDConfig: + properties: + AgentName: + type: string + CFTURLLink: + type: string + CollectorName: + type: string + CustomIncludeExcludeNetwork: + items: + $ref: '#/components/schemas/model.UserIDCustomSubnetFilter' + type: array + Enabled: + type: boolean + EndpointDNS: + type: string + Port: + type: integer + SecretKeyARN: + type: string + UserIDStatus: + enum: + - EndpointPending + - EndpointFail + - CommitFail + - Enabled + - Disabled + - DisablePending + - UpdatePending + - UpdateFail + type: string + type: object + model.UserIDCustomSubnetFilter: + properties: + DiscoveryInclude: + type: boolean + Enabled: + type: boolean + Name: + type: string + NetworkAddress: + type: string + type: object + response.ResponseStatus: + properties: + ErrorCode: + type: integer + Reason: + type: string + type: object + v1.AssociateRuleStackAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + - RuleStackName + type: object + v1.AssociateRuleStackAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.AssociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.AssociateRuleStackResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + - RuleStackName + type: object + v1.CreateFirewallAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + MultiVpcEnable: + type: boolean + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + VpcId: + type: string + required: + - AccountId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + type: object + v1.CreateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.CreateFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.CreateFirewallAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + required: + - AccountId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + type: object + v1.DeleteFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.FirewallResource' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.DeleteTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + TagKeys: + items: + maxLength: 128 + type: string + maxItems: 128 + type: array + required: + - FirewallName + - TagKeys + type: object + v1.DeleteTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.DeleteTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.DeleteTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + TagKeys: + items: + maxLength: 128 + type: string + maxItems: 128 + type: array + required: + - FirewallName + - TagKeys + type: object + v1.Features: + properties: + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + UserID: + $ref: '#/components/schemas/v2.UserIDRequest' + type: object + v1.FirewallInfo: + properties: + AccountId: + type: string + FirewallName: + type: string + type: object + v1.FirewallResource: + properties: + AccountId: + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + type: object + v1.ListFirewallsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ListFirewallsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ListFirewallsResponse: + properties: + Firewalls: + items: + $ref: '#/components/schemas/v1.FirewallInfo' + type: array + FirewallsDescribe: + items: + $ref: '#/components/schemas/v1.ReadFirewallResponse' + type: array + NextToken: + type: string + type: object + v1.ListTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + required: + - FirewallName + type: object + v1.ListTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ListTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ListTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + type: object + v1.LogDestinationConfig: + properties: + LogDestination: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + required: + - LogDestination + - LogDestinationType + - LogType + type: object + v1.ReadFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ReadFirewallResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ReadFirewallResource: + properties: + AccountId: + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointMode: + type: string + EndpointServiceName: + type: string + FirewallId: + type: string + FirewallName: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + LinkStatus: + type: string + MultiVpcEnable: + type: boolean + Notifications: + items: + $ref: '#/components/schemas/model.Notification' + type: array + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + SecurityZones: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + VpcId: + type: string + type: object + v1.ReadFirewallResponse: + properties: + Firewall: + $ref: '#/components/schemas/v1.ReadFirewallResource' + Status: + $ref: '#/components/schemas/model.ResourceStatus' + type: object + v1.ReadLogProfileAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + required: + - FirewallName + type: object + v1.ReadLogProfileAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.ReadLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.ReadLogProfileResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallId: + type: string + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateContentVersionAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + FirewallName: + type: string + required: + - FirewallName + type: object + v1.UpdateContentVersionAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateContentVersionResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateContentVersionResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AppIdVersion: + type: string + AutomaticUpgradeAppIdVersion: + type: boolean + FirewallName: + type: string + required: + - FirewallName + type: object + v1.UpdateDescriptionAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - Description + - FirewallName + type: object + v1.UpdateDescriptionAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateDescriptionResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateDescriptionResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Description: + type: string + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - Description + - FirewallName + type: object + v1.UpdateFeaturesAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Features: + $ref: '#/components/schemas/v1.Features' + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateFeaturesAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateFeaturesAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + Features: + $ref: '#/components/schemas/v1.Features' + FirewallName: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateLogProfileAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateLogProfileAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateLogProfileResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AdvancedThreatLog: + type: boolean + CloudWatchMetricNamespace: + type: string + CloudWatchMetricsFields: + items: + type: string + type: array + FirewallId: + type: string + FirewallName: + type: string + LogDestinationConfigs: + items: + $ref: '#/components/schemas/v1.LogDestinationConfig' + type: array + required: + - FirewallName + type: object + v1.UpdateSubnetMappingsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + AssociateSubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + DisassociateSubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + FirewallName: + type: string + MultiVpcEnable: + type: boolean + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateSubnetMappingsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateSubnetMappingsAPIResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + MultiVpcEnable: + type: boolean + SubnetMappings: + items: + $ref: '#/components/schemas/model.SubnetMapping' + type: array + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallName + type: object + v1.UpdateTagsAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + - Tags + type: object + v1.UpdateTagsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v1.UpdateTagsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v1.UpdateTagsResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallName: + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - FirewallName + type: object + v2.AccountDetails: + properties: + AccountId: + type: string + CloudFormationTemplateURL: + type: string + ExternalId: + type: string + OnboardingStatus: + type: string + PrimaryAccount: + type: boolean + ServiceAccountId: + type: string + SnsTopicArn: + type: string + UpdateToken: + type: string + type: object + v2.AssociateLinkInput: + properties: + LinkId: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - LinkId + - UpdateToken + type: object + v2.AssociateLinkOutput: + properties: + Response: + $ref: '#/components/schemas/v2.AssociateLinkResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.AssociateLinkResponse: + properties: + FirewallId: + type: string + LinkId: + type: string + LinkStatus: + enum: + - Active + - Updating + type: string + UpdateToken: + maxLength: 1024 + type: string + required: + - FirewallId + - LinkId + - UpdateToken + type: object + v2.AssociateRuleStackInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - RuleStackName + - UpdateToken + type: object + v2.AssociateRuleStackOutput: + properties: + Response: + $ref: '#/components/schemas/v2.AssociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.AssociateRuleStackResponse: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + FirewallId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallId + - RuleStackName + - UpdateToken + type: object + v2.CreateFirewallAPIInput: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + required: + - CustomerZoneIdList + type: object + v2.CreateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.CreateFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.CreateFirewallAPIResponse: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + FirewallId: + type: string + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + LinkId: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + required: + - CustomerZoneIdList + type: object + v2.CreateLinkAccountAPIInput: + properties: + AWSMarketplaceToken: + type: string + AccountId: + maxLength: 12 + minLength: 12 + type: string + AgreementId: + type: string + EnableCFTRoleURLCreation: + type: boolean + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Existing: + type: boolean + OnboardingRegion: + type: string + Origin: + default: CloudNGFWConsole + enum: + - AWSMarketplace + - CloudNGFWConsole + - ProgrammaticAccess + type: string + ProductId: + type: string + type: object + v2.CreateLinkAccountAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.CreateLinkAccountAPIResponse: + properties: + AccountId: + type: string + CFTRoleURL: + type: string + EndpointMode: + type: string + Existing: + type: boolean + ExternalId: + type: string + Origin: + type: string + SNSTopicArn: + type: string + SecretsToken: + type: string + ServiceAccountId: + type: string + type: object + v2.DeleteFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DeleteFirewallAPIResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DeleteFirewallAPIResponse: + properties: + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + FirewallStatus: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.DeleteLinkAccountAPIInput: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + required: + - AccountId + type: object + v2.DeleteLinkAccountAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DeleteLinkAccountResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DeleteLinkAccountResponse: + properties: + AccountId: + type: string + ExternalId: + type: string + Organization: + type: string + type: object + v2.DisassociateLinkInput: + properties: + LinkId: + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - LinkId + - UpdateToken + type: object + v2.DisassociateLinkOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DisassociateLinkResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DisassociateLinkResponse: + properties: + FirewallId: + type: string + LinkStatus: + enum: + - Active + - Updating + type: string + UpdateToken: + type: string + required: + - FirewallId + - UpdateToken + type: object + v2.DisassociateRuleStackInput: + properties: + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - UpdateToken + type: object + v2.DisassociateRuleStackOutput: + properties: + Response: + $ref: '#/components/schemas/v2.DisassociateRuleStackResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.DisassociateRuleStackResponse: + properties: + FirewallId: + type: string + RuleStackName: + maxLength: 128 + type: string + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + required: + - FirewallId + - UpdateToken + type: object + v2.EndpointRequest: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + EgressNATEnabled: + type: boolean + EndpointId: + type: string + Mode: + enum: + - ServiceManaged + - CustomerManaged + type: string + Prefixes: + $ref: '#/components/schemas/model.PrefixInfo' + SubnetId: + type: string + VpcId: + type: string + ZoneId: + type: string + required: + - Mode + type: object + v2.FirewallInfo: + properties: + FirewallId: + type: string + Region: + type: string + type: object + v2.FirewallInfoDescribe: + properties: + Firewall: + $ref: '#/components/schemas/v2.ReadFirewallResource' + Status: + $ref: '#/components/schemas/model.ResourceStatus' + type: object + v2.ListFirewallsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ListFirewallsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ListFirewallsResponse: + properties: + Firewalls: + items: + $ref: '#/components/schemas/v2.FirewallInfo' + type: array + FirewallsDescribe: + items: + $ref: '#/components/schemas/v2.FirewallInfoDescribe' + type: array + NextToken: + type: string + type: object + v2.ListLinkAccountXaccountDetails: + properties: + AccountId: + type: string + AllowedMode: + type: string + CloudTrailRole: + type: string + DefaultRole: + type: string + Firewall: + $ref: '#/components/schemas/model.FirewallRoles' + RuleStack: + $ref: '#/components/schemas/model.RuleStackRoles' + type: object + v2.ListLinkAccountsAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ListLinkAccountsResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ListLinkAccountsResponse: + properties: + AccountDetails: + items: + $ref: '#/components/schemas/v2.AccountDetails' + type: array + AccountIds: + items: + type: string + type: array + MpRegion: + type: string + NextToken: + type: string + XAccountDetails: + items: + $ref: '#/components/schemas/v2.ListLinkAccountXaccountDetails' + type: array + type: object + v2.ReadFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.FirewallInfoDescribe' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ReadFirewallResource: + properties: + AdvancedThreatLog: + type: boolean + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + type: string + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + EndpointServiceName: + type: string + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + LinkStatus: + type: string + LogConfig: + $ref: '#/components/schemas/v2.ReadLogConfig' + Notifications: + items: + $ref: '#/components/schemas/model.Notification' + type: array + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Region: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.ReadLogConfig: + properties: + AccountId: + maxLength: 12 + minLength: 12 + type: string + LogDestination: + type: string + LogDestinationRegion: + type: string + LogDestinationType: + enum: + - S3 + - CloudWatchLogs + - KinesisDataFirehose + type: string + LogType: + items: + enum: + - TRAFFIC + - DECRYPTION + - THREAT + - USER_ID + type: string + type: array + RoleType: + enum: + - ResourceBased + - IamBased + type: string + required: + - LogDestination + - LogDestinationType + - LogType + - RoleType + type: object + v2.ReadLogProfileInput: + type: object + v2.ReadLogProfileOutput: + properties: + Response: + $ref: '#/components/schemas/v2.ReadLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.ReadLogProfileResponse: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + FirewallId: + type: string + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + Region: + type: string + UpdateToken: + type: string + type: object + v2.UpdateFirewallAPIInput: + properties: + AllowListAccounts: + items: + type: string + maxItems: 300 + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + maxLength: 1024 + minLength: 1 + type: string + Description: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/v2.EndpointRequest' + type: array + GwlbTcpIdleTimeout: + maximum: 3600 + minimum: 0 + type: integer + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + UserID: + $ref: '#/components/schemas/v2.UserIDRequest' + required: + - DeploymentUpdateToken + - UpdateToken + type: object + v2.UpdateFirewallAPIOutput: + properties: + Response: + $ref: '#/components/schemas/v2.UpdateResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.UpdateLogProfileInput: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + UpdateToken: + maxLength: 1024 + minLength: 1 + type: string + type: object + v2.UpdateLogProfileOutput: + properties: + Response: + $ref: '#/components/schemas/v2.UpdateLogProfileResponse' + ResponseStatus: + $ref: '#/components/schemas/response.ResponseStatus' + type: object + v2.UpdateLogProfileResponse: + properties: + AdvancedThreatLog: + type: boolean + CloudwatchMetrics: + $ref: '#/components/schemas/model.CloudwatchMetrics' + FirewallId: + type: string + LogConfig: + $ref: '#/components/schemas/model.LogConfig' + Region: + type: string + UpdateToken: + type: string + type: object + v2.UpdateResponse: + properties: + AllowListAccounts: + items: + type: string + type: array + ChangeProtection: + items: + type: string + type: array + CustomerZoneIdList: + items: + type: string + type: array + DeploymentUpdateToken: + type: string + Description: + type: string + DeviceRuleStackCommitStatus: + type: string + EgressNAT: + $ref: '#/components/schemas/model.EgressNATConfig' + Endpoints: + items: + $ref: '#/components/schemas/model.EndpointConfig' + type: array + FirewallId: + type: string + GWLB: + $ref: '#/components/schemas/model.GWLBConfig' + GlobalRuleStackName: + maxLength: 128 + minLength: 1 + type: string + GwlbTcpIdleTimeout: + maximum: 3600 + minimum: 0 + type: integer + Ipv6: + $ref: '#/components/schemas/model.Ipv6Config' + LinkId: + type: string + PrivateAccess: + $ref: '#/components/schemas/model.PrivateAccessConfig' + Region: + type: string + RuleStackName: + maxLength: 128 + minLength: 1 + type: string + Tags: + items: + $ref: '#/components/schemas/model.TagEntry' + maxItems: 50 + type: array + UpdateToken: + type: string + UserID: + $ref: '#/components/schemas/model.UserIDConfig' + required: + - CustomerZoneIdList + type: object + v2.UserIDRequest: + properties: + AgentName: + type: string + CollectorName: + type: string + CustomIncludeExcludeNetwork: + items: + $ref: '#/components/schemas/model.UserIDCustomSubnetFilter' + type: array + Enabled: + type: boolean + Port: + type: integer + SecretKeyARN: + type: string + type: object +info: + contact: {} + description: "The V2 API provides enhanced operations for managing Cloud NGFW resources.\ + \ This version introduces new features and improvements for firewall management,\ + \ including support for managing firewalls by ID and name, content version updates,\ + \ and feature management.\n\n### Key Features\n\n- Manage firewalls by firewall\ + \ ID or firewall name\n- Update firewall content versions\n- Configure firewall\ + \ features \n- Link firewalls across accounts\n- Enhanced log profile and rulestack\ + \ management\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global\ + \ Rulestack Administrator |\n| -------------------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create/Delete\ + \ Firewall | **☑** | ☐ \ + \ | ☐ |\n| Update Firewall \ + \ | **☑** | ☐ \ + \ | ☐ |\n| Manage Firewall Features \ + \ | **☑** | ☐ | ☐\ + \ |\n| Link Accounts | **☑**\ + \ | ☐ | ☐ \ + \ |\n" + title: Manage Cloud NGFW (V2) + version: 1.0.0 +openapi: 3.0.3 +paths: + /v2/linkaccounts: + delete: + description: 'Delete a link account from V2 API configuration. + + ' + operationId: delete-v2-linkaccounts + parameters: + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput' + description: Bad Request + summary: delete linkaccounts + tags: + - ManageNGFW-V2 + get: + description: 'List all link accounts configured for V2 API. + + ' + operationId: get-v2-linkaccounts + parameters: + - description: Max results + in: query + name: maxresults + schema: + type: string + - description: describe the Accounts + in: query + name: describe + schema: + type: string + - description: Next token + in: query + name: nexttoken + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput' + description: Bad Request + summary: list linkaccounts + tags: + - ManageNGFW-V2 + post: + description: 'Create a new link account for V2 API access. + + ' + operationId: post-v2-linkaccounts + parameters: + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput' + description: Bad Request + summary: create linkaccounts + tags: + - ManageNGFW-V2 + /v2/ngfirewalls: + get: + description: 'List all Cloud NGFW resources in your account using V2 API. + + ' + operationId: get-v2-ngfirewalls + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Max results + in: query + name: maxresults + schema: + type: string + - description: describe the FW + in: query + name: describe + schema: + type: string + - description: Next token + in: query + name: nexttoken + schema: + type: string + - description: rulestack name + in: query + name: rulestackname + schema: + type: string + - description: global rulestack name + in: query + name: globalrulestackname + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListFirewallsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ListFirewallsAPIOutput' + description: Bad Request + summary: list ngfirewalls + tags: + - ManageNGFW-V2 + post: + description: 'Create a new Cloud NGFW resource using V2 API. + + ' + operationId: post-v2-ngfirewalls + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.CreateFirewallAPIOutput' + description: Bad Request + summary: create ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/: + get: + description: 'Alternative endpoint to list all Cloud NGFW resources. + + ' + operationId: get-v2-ngfirewalls- + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListFirewallsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListFirewallsAPIOutput' + description: Bad Request + summary: v1 list firewalls + tags: + - ManageNGFW-V2 + post: + description: 'Alternative endpoint to create a new Cloud NGFW resource. + + ' + operationId: post-v2-ngfirewalls- + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.CreateFirewallAPIOutput' + description: Bad Request + summary: v1 create ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}: + delete: + description: 'Delete a specific firewall by firewall ID. + + ' + operationId: delete-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: 'The unique identifier of the firewall. + + ' + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput' + description: Bad Request + summary: delete ngfirewall + tags: + - ManageNGFW-V2 + get: + description: 'Retrieve details of a specific firewall by firewall ID. + + ' + operationId: get-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: 'The unique identifier of the firewall. + + ' + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadFirewallAPIOutput' + description: Bad Request + summary: read ngfirewall + tags: + - ManageNGFW-V2 + patch: + description: update ngfirewall + operationId: patch-v2-ngfirewalls-firewallid + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput' + description: Bad Request + summary: update ngfirewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/link: + delete: + description: disassociate fw link + operationId: delete-v2-ngfirewalls-firewallid-link + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateLinkOutput' + description: Bad Request + summary: disassociate fw link + tags: + - ManageNGFW-V2 + post: + description: associate fw link + operationId: post-v2-ngfirewalls-firewallid-link + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateLinkOutput' + description: Bad Request + summary: associate fw link + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/logprofile: + get: + description: read logprofile + operationId: get-v2-ngfirewalls-firewallid-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.ReadLogProfileOutput' + description: Bad Request + summary: read logprofile + tags: + - ManageNGFW-V2 + post: + description: update logprofile + operationId: post-v2-ngfirewalls-firewallid-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.UpdateLogProfileOutput' + description: Bad Request + summary: update logprofile + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_id}/rulestack: + delete: + description: disassociate rulestack + operationId: delete-v2-ngfirewalls-firewallid-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.DisassociateRuleStackOutput' + description: Bad Request + summary: disassociate rulestack + tags: + - ManageNGFW-V2 + post: + description: associate rulestack + operationId: post-v2-ngfirewalls-firewallid-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: Firewall ID + in: path + name: firewall_id + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v2.AssociateRuleStackOutput' + description: Bad Request + summary: associate rulestack + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}: + delete: + description: v1 delete firewall + operationId: delete-v2-ngfirewalls-firewallname + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput' + description: Bad Request + summary: v1 delete firewall + tags: + - ManageNGFW-V2 + get: + description: 'Retrieve details of a specific firewall by firewall name. + + ' + operationId: get-v2-ngfirewalls-firewallname + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadFirewallAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadFirewallAPIOutput' + description: Bad Request + summary: v1 read firewall + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/contentversion: + put: + description: 'Update the content version for a firewall by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-contentversion + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput' + description: Bad Request + summary: v1 update content version + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/description: + put: + description: 'Update the description of a firewall by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-description + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput' + description: Bad Request + summary: v1 update description + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/features: + put: + description: 'Configure firewall features by firewall name. + + ' + operationId: put-v2-ngfirewalls-firewallname-features + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput' + description: Bad Request + summary: v1 update features + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/logprofile: + get: + description: v1 read logprofile + operationId: get-v2-ngfirewalls-firewallname-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: account id + in: query + name: accountid + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput' + description: Bad Request + summary: v1 read logprofile + tags: + - ManageNGFW-V2 + post: + description: v1 update logprofile + operationId: post-v2-ngfirewalls-firewallname-logprofile + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput' + description: Bad Request + summary: v1 update logprofile + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/rulestack: + post: + description: v1 associate rulestack + operationId: post-v2-ngfirewalls-firewallname-rulestack + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: string + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput' + description: Bad Request + summary: v1 associate rulestack + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/subnets: + post: + description: v1 update subnet mappings + operationId: post-v2-ngfirewalls-firewallname-subnets + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput' + description: Bad Request + summary: v1 update subnet mappings + tags: + - ManageNGFW-V2 + /v2/ngfirewalls/{firewall_name}/tags: + delete: + description: 'Remove tags from a firewall by firewall name. + + ' + operationId: delete-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.DeleteTagsAPIOutput' + description: Bad Request + summary: v1 delete tags + tags: + - ManageNGFW-V2 + get: + description: 'List tags for a firewall by firewall name. + + ' + operationId: get-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.ListTagsAPIOutput' + description: Bad Request + summary: v1 list tags + tags: + - ManageNGFW-V2 + post: + description: 'Add tags to a firewall by firewall name. + + ' + operationId: post-v2-ngfirewalls-firewallname-tags + parameters: + - description: FW region + in: query + name: region + required: true + schema: + type: string + - description: v1 route + in: query + name: v1route + required: true + schema: + type: boolean + - description: Authorization + in: header + name: Authorization + required: true + schema: + type: string + - description: x-api-key + in: header + name: x-api-key + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIOutput' + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/v1.UpdateTagsAPIOutput' + description: Bad Request + summary: v1 update tags + tags: + - ManageNGFW-V2 +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageNGFW-V2 diff --git a/static/cloudngfw/aws/spec/api/ManageNGFW.yaml b/static/cloudngfw/aws/spec/api/ManageNGFW.yaml new file mode 100644 index 000000000..b3c713bd2 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageNGFW.yaml @@ -0,0 +1,792 @@ +components: + schemas: + CreateFWResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + Description: + maxLength: 512 + pattern: ^.*$ + title: Description + type: string + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + title: Endpointmode + type: string + FirewallName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Firewallname + type: string + GlobalRuleStackName: + title: Globalrulestackname + type: string + RuleStackName: + title: Rulestackname + type: string + SubnetMappings: + items: + $ref: '#/components/schemas/CreateFWResourceRequest.SubnetMappingsType' + title: Subnetmappings + type: array + Tags: + items: + $ref: '#/components/schemas/CreateFWResourceRequest.TagEntry' + maxItems: 50 + title: Tags + type: array + VpcId: + title: Vpcid + type: string + required: + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + title: CreateFWResourceRequest + type: object + CreateFWResourceRequest.SubnetMappingsType: + additionalProperties: false + properties: + AvailabilityZone: + title: Availabilityzone + type: string + SubnetId: + title: Subnetid + type: string + title: SubnetMappingsType + type: object + CreateFWResourceRequest.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + CreateFWResourceResponse: + properties: + Response: + $ref: '#/components/schemas/CreateFWResourceResponse.FirewallResource' + ResponseStatus: + $ref: '#/components/schemas/CreateFWResourceResponse.Result' + title: CreateFWResourceResponse + type: object + CreateFWResourceResponse.FirewallResource: + properties: + AccountId: + title: Accountid + type: string + AppIdVersion: + maxLength: 64 + minLength: 1 + pattern: ^[0-9]+-[0-9]+$ + title: Appidversion + type: string + AutomaticUpgradeAppIdVersion: + default: true + title: Automaticupgradeappidversion + type: boolean + Description: + title: Description + type: string + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + title: Endpointmode + type: string + FirewallName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Firewallname + type: string + GlobalRuleStackName: + title: Globalrulestackname + type: string + RuleStackName: + title: Rulestackname + type: string + SubnetMappings: + items: + type: object + title: Subnetmappings + type: array + Tags: + items: + type: object + title: Tags + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + VpcId: + title: Vpcid + type: string + required: + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + title: FirewallResource + type: object + CreateFWResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteFWResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + title: DeleteFWResourceRequest + type: object + DeleteFWResourceResponse: + properties: + Response: + $ref: '#/components/schemas/DeleteFWResourceResponse.FirewallResource' + ResponseStatus: + $ref: '#/components/schemas/DeleteFWResourceResponse.Result' + title: DeleteFWResourceResponse + type: object + DeleteFWResourceResponse.FirewallResource: + properties: + AccountId: + title: Accountid + type: string + AppIdVersion: + maxLength: 64 + minLength: 1 + pattern: ^[0-9]+-[0-9]+$ + title: Appidversion + type: string + AutomaticUpgradeAppIdVersion: + default: true + title: Automaticupgradeappidversion + type: boolean + Description: + title: Description + type: string + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + title: Endpointmode + type: string + FirewallName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Firewallname + type: string + GlobalRuleStackName: + title: Globalrulestackname + type: string + RuleStackName: + title: Rulestackname + type: string + SubnetMappings: + items: + type: object + title: Subnetmappings + type: array + Tags: + items: + type: object + title: Tags + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + VpcId: + title: Vpcid + type: string + required: + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + title: FirewallResource + type: object + DeleteFWResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListFWResourceRequest: + additionalProperties: false + properties: + MaxResults: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + VpcIds: + items: + type: string + title: Vpcids + type: array + title: ListFWResourceRequest + type: object + ListFWResourceResponse: + properties: + Response: + $ref: '#/components/schemas/ListFWResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListFWResourceResponse.Result' + title: ListFWResourceResponse + type: object + ListFWResourceResponse.FirewallInfo: + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + required: + - FirewallName + title: FirewallInfo + type: object + ListFWResourceResponse.ResponseData: + properties: + Firewalls: + items: + $ref: '#/components/schemas/ListFWResourceResponse.FirewallInfo' + title: Firewalls + type: array + NextToken: + title: Nexttoken + type: string + title: ResponseData + type: object + ListFWResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ReadFWResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + title: ReadFWResourceRequest + type: object + ReadFWResourceResponse: + properties: + Response: + $ref: '#/components/schemas/ReadFWResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ReadFWResourceResponse.Result' + title: ReadFWResourceResponse + type: object + ReadFWResourceResponse.ReadFirewallResource: + properties: + AccountId: + title: Accountid + type: string + AppIdVersion: + maxLength: 64 + minLength: 1 + pattern: ^[0-9]+-[0-9]+$ + title: Appidversion + type: string + AutomaticUpgradeAppIdVersion: + default: true + title: Automaticupgradeappidversion + type: boolean + Description: + title: Description + type: string + EndpointMode: + enum: + - ServiceManaged + - CustomerManaged + title: Endpointmode + type: string + EndpointServiceName: + default: Creating + title: Endpointservicename + type: string + FirewallName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Firewallname + type: string + GlobalRuleStackName: + title: Globalrulestackname + type: string + RuleStackName: + title: Rulestackname + type: string + SubnetMappings: + items: + type: object + title: Subnetmappings + type: array + Tags: + items: + type: object + title: Tags + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + VpcId: + title: Vpcid + type: string + required: + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId + title: ReadFirewallResource + type: object + ReadFWResourceResponse.ResourceAttachment: + properties: + EndpointId: + title: Endpointid + type: string + RejectedReason: + title: Rejectedreason + type: string + Status: + enum: + - ACCEPTED + - PENDING + - REJECTED + title: Status + type: string + SubnetId: + title: Subnetid + type: string + required: + - EndpointId + - Status + title: ResourceAttachment + type: object + ReadFWResourceResponse.ResourceStatus: + properties: + Attachments: + items: + $ref: '#/components/schemas/ReadFWResourceResponse.ResourceAttachment' + title: Attachments + type: array + FailureReason: + title: Failurereason + type: string + FirewallStatus: + enum: + - CREATING + - UPDATING + - DELETING + - CREATE_COMPLETE + - UPDATE_COMPLETE + - CREATE_FAIL + - UPDATE_FAIL + - DELETE_FAIL + title: Firewallstatus + type: string + RuleStackStatus: + title: Rulestackstatus + type: string + required: + - Attachments + - FirewallStatus + title: ResourceStatus + type: object + ReadFWResourceResponse.ResponseData: + properties: + Firewall: + $ref: '#/components/schemas/ReadFWResourceResponse.ReadFirewallResource' + Status: + $ref: '#/components/schemas/ReadFWResourceResponse.ResourceStatus' + title: ResponseData + type: object + ReadFWResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateFWResourceDescriptionRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + Description: + maxLength: 512 + pattern: ^.*$ + title: Description + type: string + UpdateToken: + title: Updatetoken + type: string + required: + - Description + title: UpdateFWResourceDescriptionRequest + type: object + UpdateFWResourceDescriptionResponse: + properties: + Response: + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.Result' + title: UpdateFWResourceDescriptionResponse + type: object + UpdateFWResourceDescriptionResponse.ResponseData: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + Description: + title: Description + type: string + FirewallName: + title: Firewallname + type: string + UpdateToken: + title: Updatetoken + type: string + title: ResponseData + type: object + UpdateFWResourceDescriptionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateFWResourceSubnetsRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + AssociateSubnetMappings: + items: + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' + title: Associatesubnetmappings + type: array + DisassociateSubnetMappings: + items: + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' + title: Disassociatesubnetmappings + type: array + UpdateToken: + title: Updatetoken + type: string + title: UpdateFWResourceSubnetsRequest + type: object + UpdateFWResourceSubnetsRequest.SubnetMappingsType: + additionalProperties: false + properties: + AvailabilityZone: + title: Availabilityzone + type: string + SubnetId: + title: Subnetid + type: string + title: SubnetMappingsType + type: object + UpdateFWResourceSubnetsResponse: + properties: + Response: + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.Result' + title: UpdateFWResourceSubnetsResponse + type: object + UpdateFWResourceSubnetsResponse.ResponseData: + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + SubnetMappings: + items: + type: object + title: Subnetmappings + type: array + UpdateToken: + title: Updatetoken + type: string + title: ResponseData + type: object + UpdateFWResourceSubnetsResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Add and modify the user IAM rules and permission policies required\ + \ to expand or reduce their access and permissions. You can also delete a user.\ + \ And individual users can view their roles and change their name or password\ + \ as necessary.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator\ + \ | Global Rulestack Administrator |\n| :----------------------------------------:\ + \ | :---------------------------: | :--------------------------: | :----------------------------:\ + \ |\n| Create a Firewall Resource | **☑** \ + \ | ☐ | ☐ |\n| Delete\ + \ a Firewall Resource | **☑** | ☐\ + \ | ☐ | \ + \ \n| Describe a Firewall Resource | **☑** \ + \ | **☑** | **☑** | \n\ + | List Firewall Resources | **☑** |\ + \ **☑** | **☑** | \n| Update\ + \ a Firewall Resource Description | **☑** | ☐\ + \ | ☐ | \ + \ \n| Update a Firewall Content Version | **☑**\ + \ | ☐ | ☐ \ + \ | \n| Update a Firewall Resource\ + \ Subnet Mappings | **☑** | ☐ \ + \ | ☐ | \n" + title: Manage Cloud NGFW + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls: + get: + description: 'List all firewalls in the Global Firewall Admin (FMS) account + and retrieve the metadata for the firewall policies that you have defined. + + ' + operationId: get-v1-config-ngfirewalls + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListFWResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListFWResourceResponse' + description: OK + summary: List Firewall Resources + tags: + - ManageNGFW + post: + description: 'Create an AWS Network Firewall and define configuration settings. + The settings that you define at creation include firewall policy, subnets + in your VPC, and tags associated with the AWS firewall resource. + + ' + operationId: post-v1-config-ngfirewalls + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFWResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateFWResourceResponse' + description: OK + summary: Create A Firewall Resource + tags: + - ManageNGFW + /v1/config/ngfirewalls/{ngfirewallname}: + delete: + description: "Delete the specified NGFW. You can check whether a NGFW is in\ + \ use by reviewing the route tables for the Availability Zones (AZs) where\ + \ you have the NGFW subnet mappings. \n\nRetrieve the subnet mappings by\ + \ calling `DescribeFirewall`. You can define and update the route tables through\ + \ Amazon VPC as needed. Update the route tables for the AZs to remove the\ + \ NGFW endpoints. When the route tables no longer use the NGFW endpoints,\ + \ you can remove the NGFW safely.\n" + operationId: delete-v1-config-ngfirewalls-ngfirewallname + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFWResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteFWResourceResponse' + description: OK + summary: Delete A Firewall Resource + tags: + - ManageNGFW + get: + description: 'Returns the data of a specific NGFW resource. + + ' + operationId: get-v1-config-ngfirewalls-ngfirewallname + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ReadFWResourceResponse' + description: OK + summary: Describe A Firewall Resource + tags: + - ManageNGFW + /v1/config/ngfirewalls/{ngfirewallname}/description: + put: + description: 'Modifies the description of a specific NGFW. Use the description + to help identify the NGFW when you are working with it. + + ' + operationId: put-v1-config-ngfirewalls-ngfirewallname-description + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceDescriptionRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse' + description: OK + summary: Update A Firewall Resource Description + tags: + - ManageNGFW + /v1/config/ngfirewalls/{ngfirewallname}/subnets: + put: + description: "Update the subnet ID associated with a NGFW. \n" + operationId: put-v1-config-ngfirewalls-ngfirewallname-subnets + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse' + description: OK + summary: Update A Firewall Resource Subnet Mappings + tags: + - ManageNGFW +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageNGFW diff --git a/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml b/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml new file mode 100644 index 000000000..540850462 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml @@ -0,0 +1,316 @@ +components: + schemas: + FirewallListTagsForResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + MaxResults: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + NextToken: + title: Nexttoken + type: string + required: + - AccountId + title: FirewallListTagsForResourceRequest + type: object + FirewallListTagsForResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/FirewallListTagsForResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/FirewallListTagsForResourceResponse.Result' + title: FirewallListTagsForResourceResponse + type: object + FirewallListTagsForResourceResponse.ResponseData: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + NextToken: + title: Nexttoken + type: string + Tags: + items: + $ref: '#/components/schemas/FirewallListTagsForResourceResponse.TagEntry' + title: Tags + type: array + title: ResponseData + type: object + FirewallListTagsForResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + FirewallListTagsForResourceResponse.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + FirewallTagResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + Tags: + items: + $ref: '#/components/schemas/FirewallTagResourceRequest.TagEntry' + maxItems: 50 + title: Tags + type: array + required: + - AccountId + - Tags + title: FirewallTagResourceRequest + type: object + FirewallTagResourceRequest.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + FirewallTagResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/FirewallTagResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/FirewallTagResourceResponse.Result' + title: FirewallTagResourceResponse + type: object + FirewallTagResourceResponse.ResponseData: + additionalProperties: false + properties: + FirewallName: + title: Firewallname + type: string + Tags: + items: + $ref: '#/components/schemas/FirewallTagResourceResponse.TagEntry' + title: Tags + type: array + title: ResponseData + type: object + FirewallTagResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + FirewallTagResourceResponse.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + FirewallUntagResourceRequest: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + TagKeys: + items: + maxLength: 128 + minLength: 1 + pattern: ^.*$ + type: string + maxItems: 50 + title: Tagkeys + type: array + required: + - AccountId + - TagKeys + title: FirewallUntagResourceRequest + type: object + FirewallUntagResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/FirewallUntagResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/FirewallUntagResourceResponse.Result' + title: FirewallUntagResourceResponse + type: object + FirewallUntagResourceResponse.ResponseData: + additionalProperties: false + properties: + AccountId: + title: Accountid + type: string + FirewallName: + title: Firewallname + type: string + TagKeys: + items: + type: string + title: Tagkeys + type: array + title: ResponseData + type: object + FirewallUntagResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Apply tags to help search and filter your Cloud NGFW resources.\n\n\ + ### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Tag Resource | **☑** | ☐\ + \ | ☐ | \n| Untag Resource\ + \ | **☑** | ☐ \ + \ | ☐ | \n| List Firewall\ + \ Tags | **☑** | **☑** \ + \ | ☐ |\n" + title: Manage Cloud NGFW Tags + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/ngfirewalls/{ngfirewallname}/tags: + delete: + description: 'Remove the tags associated with a resource. + + ' + operationId: delete-v1-config-ngfirewalls-ngfirewallname-tags + parameters: + - description: '' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallUntagResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallUntagResourceResponse' + description: OK + summary: Firewall Untag Resource + tags: + - ManageNGFWTags + get: + description: 'Retrieve the tags associated with a resource. + + ' + operationId: get-v1-config-ngfirewalls-ngfirewallname-tags + parameters: + - description: '' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallListTagsForResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallListTagsForResourceResponse' + description: OK + summary: List Firewall Tags + tags: + - ManageNGFWTags + post: + description: 'Add tags to a resource. You can tag the resources that you manage + through NGFW firewalls and policies. + + ' + operationId: post-v1-config-ngfirewalls-ngfirewallname-tags + parameters: + - description: 'The name of the NGFW. + + ' + in: path + name: ngfirewallname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallTagResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/FirewallTagResourceResponse' + description: OK + summary: Firewall Tag Resource + tags: + - ManageNGFWTags +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageNGFWTags diff --git a/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml b/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml new file mode 100644 index 000000000..64116f2b4 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml @@ -0,0 +1,299 @@ +components: + schemas: + RulestackListTagsForResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/RulestackListTagsForResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/RulestackListTagsForResourceResponse.Result' + title: RulestackListTagsForResourceResponse + type: object + RulestackListTagsForResourceResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + title: Nexttoken + type: string + RuleStackName: + title: Rulestackname + type: string + Tags: + items: + $ref: '#/components/schemas/RulestackListTagsForResourceResponse.TagEntry' + title: Tags + type: array + title: ResponseData + type: object + RulestackListTagsForResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + RulestackListTagsForResourceResponse.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + RulestackTagResourceRequest: + additionalProperties: false + properties: + Tags: + items: + $ref: '#/components/schemas/RulestackTagResourceRequest.TagEntry' + maxItems: 50 + title: Tags + type: array + required: + - Tags + title: RulestackTagResourceRequest + type: object + RulestackTagResourceRequest.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + RulestackTagResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/RulestackTagResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/RulestackTagResourceResponse.Result' + title: RulestackTagResourceResponse + type: object + RulestackTagResourceResponse.ResponseData: + additionalProperties: false + properties: + RuleStackName: + title: Rulestackname + type: string + Tags: + items: + $ref: '#/components/schemas/RulestackTagResourceResponse.TagEntry' + title: Tags + type: array + title: ResponseData + type: object + RulestackTagResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + RulestackTagResourceResponse.TagEntry: + additionalProperties: false + properties: + Key: + title: Key + type: string + Value: + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + RulestackUntagResourceRequest: + additionalProperties: false + properties: + TagKeys: + items: + maxLength: 128 + minLength: 1 + pattern: ^.*$ + type: string + maxItems: 50 + title: Tagkeys + type: array + required: + - TagKeys + title: RulestackUntagResourceRequest + type: object + RulestackUntagResourceResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/RulestackUntagResourceResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/RulestackUntagResourceResponse.Result' + title: RulestackUntagResourceResponse + type: object + RulestackUntagResourceResponse.ResponseData: + additionalProperties: false + properties: + RuleStackName: + title: Rulestackname + type: string + TagKeys: + items: + type: string + title: Tagkeys + type: array + title: ResponseData + type: object + RulestackUntagResourceResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Apply tags to help search and filter your rulestack resources.\n\n\ + ### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Tag Resource | **☑** | **☑**\ + \ | **☑** | \n| Untag Resource \ + \ | **☑** | **☑** \ + \ | **☑** | \n| List Firewall Tags\ + \ | ☐ | **☑** \ + \ | **☑** |\n" + title: Manage Rulestack Tags + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/tags: + delete: + description: 'Remove tags with specified keys from a specified resource. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-tags + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RulestackUntagResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RulestackUntagResourceResponse' + description: OK + summary: Rulestack Untag Resource + tags: + - ManageRulestackTags + get: + description: 'Retrieve the tags associated with a specified resource. + + ' + operationId: get-v1-config-rulestacks-rulestackname-tags + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RulestackListTagsForResourceResponse' + description: OK + summary: List Rulestack Tags + tags: + - ManageRulestackTags + post: + description: 'Add tags to a specific resource. You can tag the AWS resources + that you manage through rulestacks. + + ' + operationId: post-v1-config-rulestacks-rulestackname-tags + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RulestackTagResourceRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RulestackTagResourceResponse' + description: OK + summary: Rulestack Tag Resource + tags: + - ManageRulestackTags +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageRulestackTags diff --git a/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml b/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml new file mode 100644 index 000000000..48f15b55e --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml @@ -0,0 +1,1134 @@ +components: + schemas: + CommitRequest: + additionalProperties: false + properties: {} + title: CommitRequest + type: object + CommitResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/CommitResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: CommitResponse + type: object + CommitResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + CreateRuleStackRequest: + additionalProperties: false + properties: + RuleStackEntry: + $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackCreateType' + RuleStackName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulestackname + type: string + required: + - RuleStackName + title: CreateRuleStackRequest + type: object + CreateRuleStackRequest.RuleStackCreateType: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + title: RuleStackCreateType + type: object + CreateRuleStackRequest.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + CreateRuleStackResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateRuleStackResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateRuleStackResponse.Result' + title: CreateRuleStackResponse + type: object + CreateRuleStackResponse.ResponseData: + additionalProperties: false + properties: + RuleStackEntry: + $ref: '#/components/schemas/CreateRuleStackResponse.RuleStack' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + CreateRuleStackResponse.RuleStack: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/CreateRuleStackResponse.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + UpdateToken: + title: Updatetoken + type: string + title: RuleStack + type: object + CreateRuleStackResponse.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + DeleteRuleStackRequest: + additionalProperties: false + properties: {} + title: DeleteRuleStackRequest + type: object + DeleteRuleStackResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteRuleStackResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteRuleStackResponse.Result' + title: DeleteRuleStackResponse + type: object + DeleteRuleStackResponse.ResponseData: + additionalProperties: false + properties: + RuleStackEntry: + $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackCreateType' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteRuleStackResponse.RuleStackCreateType: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + title: RuleStackCreateType + type: object + DeleteRuleStackResponse.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + DescribeCommitRequest: + additionalProperties: false + properties: {} + title: DescribeCommitRequest + type: object + DescribeCommitResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeCommitResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeCommitResponse.Result' + title: DescribeCommitResponse + type: object + DescribeCommitResponse.ResponseData: + additionalProperties: false + properties: + CommitMessages: + items: + type: string + title: Commitmessages + type: array + CommitStatus: + title: Commitstatus + type: string + RuleStackName: + title: Rulestackname + type: string + ValidateMessages: + items: + type: string + title: Validatemessages + type: array + ValidateStatus: + title: Validatestatus + type: string + title: ResponseData + type: object + DescribeCommitResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeRuleStackRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + exclusiveMaximum: 101 + exclusiveMinimum: 0 + title: Maxresults + type: integer + Running: + default: false + title: Running + type: boolean + title: DescribeRuleStackRequest + type: object + DescribeRuleStackResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeRuleStackResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeRuleStackResponse.Result' + title: DescribeRuleStackResponse + type: object + DescribeRuleStackResponse.ResponseData: + additionalProperties: false + properties: + RuleStackCandidate: + $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack' + RuleStackName: + title: Rulestackname + type: string + RuleStackRunning: + $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack' + RuleStackState: + title: Rulestackstate + type: string + Tags: + items: + $ref: '#/components/schemas/DescribeRuleStackResponse.TagEntry' + title: Tags + type: array + title: ResponseData + type: object + DescribeRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeRuleStackResponse.RuleStack: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + UpdateToken: + title: Updatetoken + type: string + title: RuleStack + type: object + DescribeRuleStackResponse.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + DescribeRuleStackResponse.TagEntry: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + pattern: ^.*$ + title: Key + type: string + Value: + maxLength: 256 + minLength: 1 + pattern: ^.*$ + title: Value + type: string + required: + - Key + - Value + title: TagEntry + type: object + ListRuleStacksRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + NextToken: + title: Nexttoken + type: string + Running: + default: false + title: Running + type: boolean + Scope: + default: All + enum: + - Global + - Local + - All + title: Scope + type: string + TagKey: + title: Tagkey + type: string + TagValue: + title: Tagvalue + type: string + Uncommitted: + default: false + title: Uncommitted + type: boolean + title: ListRuleStacksRequest + type: object + ListRuleStacksResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListRuleStacksResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListRuleStacksResponse.Result' + title: ListRuleStacksResponse + type: object + ListRuleStacksResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + title: Nexttoken + type: string + RuleStackCandidate: + items: + type: string + title: Rulestackcandidate + type: array + RuleStackRunning: + items: + type: string + title: Rulestackrunning + type: array + RuleStackUncommitted: + items: + $ref: '#/components/schemas/ListRuleStacksResponse.RuleStackOperation' + title: Rulestackuncommitted + type: array + title: ResponseData + type: object + ListRuleStacksResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListRuleStacksResponse.RuleStackOperation: + additionalProperties: false + properties: + Operation: + enum: + - add + - delete + - update + title: Operation + type: string + RuleStackName: + title: Rulestackname + type: string + required: + - RuleStackName + title: RuleStackOperation + type: object + RevertRequest: + additionalProperties: false + properties: {} + title: RevertRequest + type: object + RevertResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/RevertResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: RevertResponse + type: object + RevertResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateRuleStackRequest: + additionalProperties: false + properties: + RuleStackEntry: + $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStack' + title: UpdateRuleStackRequest + type: object + UpdateRuleStackRequest.RuleStack: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + UpdateToken: + title: Updatetoken + type: string + title: RuleStack + type: object + UpdateRuleStackRequest.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + UpdateRuleStackResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateRuleStackResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateRuleStackResponse.Result' + title: UpdateRuleStackResponse + type: object + UpdateRuleStackResponse.ResponseData: + additionalProperties: false + properties: + RuleStackEntry: + $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStack' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateRuleStackResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateRuleStackResponse.RuleStack: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + Description: + maxLength: 512 + title: Description + type: string + Profiles: + $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStackProfiles' + Scope: + enum: + - Global + - Local + title: Scope + type: string + UpdateToken: + title: Updatetoken + type: string + title: RuleStack + type: object + UpdateRuleStackResponse.RuleStackProfiles: + additionalProperties: false + properties: + AntiSpywareProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antispywareprofile + type: string + AntiVirusProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Antivirusprofile + type: string + FileBlockingProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Fileblockingprofile + type: string + OutboundTrustCertificate: + title: Outboundtrustcertificate + type: string + OutboundUnTrustCertificate: + title: Outbounduntrustcertificate + type: string + URLFilteringProfile: + default: None + enum: + - custom + - BestPractice + - None + title: Urlfilteringprofile + type: string + VulnerabilityProfile: + default: BestPractice + enum: + - custom + - BestPractice + title: Vulnerabilityprofile + type: string + title: RuleStackProfiles + type: object + ValidateRequest: + additionalProperties: false + properties: {} + title: ValidateRequest + type: object + ValidateResponse: + additionalProperties: false + properties: + ResponseStatus: + $ref: '#/components/schemas/ValidateResponse.Result' + RuleStackName: + title: Rulestackname + type: string + title: ValidateResponse + type: object + ValidateResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Rulestacks defines access control (App-ID, URL Filtering) and threat\ + \ prevention behavior of Cloud NGFW resources. \n\nA Cloud NGFW resource uses\ + \ your rulestack definitions to protect the traffic by a two-step process. First,\ + \ it enforces your rules on the to allow or deny your traffic. Second, it performs\ + \ content inspection on the allowed traffic based on what you specify on the Security\ + \ Profiles. \n\nA rulestack includes a set of security rules, associated objects,\ + \ and profiles. \n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\ + \ Administrator |\n| ------------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ a Rulestack | ☐ | **☑** \ + \ | **☑** | \n| Delete a Rulestack \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Describe a Rulestack \ + \ | **☑** | **☑** | **☑**\ + \ | \n| List Rulestacks | **☑** \ + \ | **☑** | **☑** \ + \ |\n| Update a Rulestack | ☐ | **☑**\ + \ | **☑** |\n| List Security Rule Lists\ + \ | **☑** | **☑** | **☑**\ + \ |\n" + title: Manage Rulestacks + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks: + get: + description: "Retrieve the metadata of the specified rulestack. \n\nYou can\ + \ also query rulestacks based on the tags using this command, */v1/config/rulestacks?tags=*.\ + \ \nThis command lists the rulestacks where the tag name starts with the\ + \ string. \n\n>DynamoDB supports this command, and should be implemented\ + \ as a library.\n" + operationId: get-v1-config-rulestacks + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListRuleStacksRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListRuleStacksResponse' + description: OK + summary: List RuleStack + tags: + - ManageRulestacks + post: + description: 'Create a global or local rulestack. Global role affects only Global + rulestacks and Local role affects only local rulestacks. + + ' + operationId: post-v1-config-rulestacks + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateRuleStackResponse' + description: OK + summary: Create a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}: + delete: + description: 'Delete a specific rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteRuleStackResponse' + description: OK + summary: Delete a RuleStack + tags: + - ManageRulestacks + get: + description: 'Returns the data of the specific rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeRuleStackResponse' + description: OK + summary: Describe a RuleStack + tags: + - ManageRulestacks + put: + description: "Modify the rulestack. \n\n>**Note:** You cannot update the scope\ + \ of the rulestack.\n" + operationId: put-v1-config-rulestacks-rulestackname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateRuleStackRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateRuleStackResponse' + description: OK + summary: Update a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/commit: + get: + description: 'View the commit status of the specified rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-commit + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCommitRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeCommitResponse' + description: OK + summary: Describe commit status for a RuleStack + tags: + - ManageRulestacks + post: + description: 'Commit the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-commit + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CommitRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CommitResponse' + description: OK + summary: Commit a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/revert: + post: + description: 'Revert all uncommitted changes for the specified rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-revert + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RevertRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RevertResponse' + description: OK + summary: Revert a RuleStack + tags: + - ManageRulestacks + /v1/config/rulestacks/{rulestackname}/validate: + post: + description: 'Validate the selected rulestack after commit. + + ' + operationId: post-v1-config-rulestacks-rulestackname-validate + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ValidateRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidateResponse' + description: OK + summary: Validate a RuleStack + tags: + - ManageRulestacks +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageRulestacks diff --git a/static/cloudngfw/aws/spec/api/ManageSubscription.yaml b/static/cloudngfw/aws/spec/api/ManageSubscription.yaml new file mode 100644 index 000000000..34822c6c8 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/ManageSubscription.yaml @@ -0,0 +1,90 @@ +components: + schemas: + ListSubscriptionRequest: + additionalProperties: false + properties: {} + title: ListSubscriptionRequest + type: object + ListSubscriptionResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListSubscriptionResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListSubscriptionResponse.Result' + title: ListSubscriptionResponse + type: object + ListSubscriptionResponse.ResponseData: + additionalProperties: false + properties: + Subscriptions: + items: + $ref: '#/components/schemas/ListSubscriptionResponse.SubscriptionDetails' + title: Subscriptions + type: array + title: ResponseData + type: object + ListSubscriptionResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListSubscriptionResponse.SubscriptionDetails: + additionalProperties: false + properties: + SubscriptionKey: + title: Subscriptionkey + type: string + required: + - SubscriptionKey + title: SubscriptionDetails + type: object +info: + contact: {} + description: "Subscribe to Cloud NGFW to start creating your first user; a tenant\ + \ administrator. \nA tenant administrator is the highest level of user in the\ + \ Cloud NGFW service. It provides the ability to add AWS accounts to the Cloud\ + \ NGFW service and onboard additional users. \n\nFor more information, see [Subscribe\ + \ to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html).\n\ + \n### Permission Policies\n\n| Action | Local Firewall Administrator\ + \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------\ + \ | :---------------------------: | :---------------------------: | :----------------------------:\ + \ |\n| Create NGFW Subscription | ☐ | ☐ \ + \ | ☐ | \n| List Permission Policies\ + \ | **☑** | **☑** | **☑**\ + \ | \n" + title: Manage Subscription + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/subscribe: + get: + description: '' + operationId: get-v1-mgmt-subscribe + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListSubscriptionRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSubscriptionResponse' + description: OK + summary: List CloudNGFW Subscriptions + tags: + - ManageSubscription +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: ManageSubscription diff --git a/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml b/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml new file mode 100644 index 000000000..50c50417d --- /dev/null +++ b/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml @@ -0,0 +1,98 @@ +components: + schemas: + ListURLPredefinedCategoriesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.Result' + title: ListURLPredefinedCategoriesResponse + type: object + ListURLPredefinedCategoriesResponse.PredefinedURLCategory: + additionalProperties: false + properties: + Action: + title: Action + type: string + Name: + title: Name + type: string + required: + - Action + - Name + title: PredefinedURLCategory + type: object + ListURLPredefinedCategoriesResponse.ResponseData: + additionalProperties: false + properties: + CategoriesRunning: + items: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.PredefinedURLCategory' + title: Categoriesrunning + type: array + NextToken: + title: Nexttoken + type: string + title: ResponseData + type: object + ListURLPredefinedCategoriesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: 'Use predefined URL categories in security rules to block or allow + access to websites. + + ' + title: Manage Predefined URL Categories + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/urlcategories: + get: + description: 'View the predefined URL categories. + + ' + operationId: get-v1-config-urlcategories + parameters: + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse' + description: OK + summary: List Pre-defined URL Categories + tags: + - PredefinedURLCategories +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: PredefinedURLCategories diff --git a/static/cloudngfw/aws/spec/api/PrefixList.yaml b/static/cloudngfw/aws/spec/api/PrefixList.yaml new file mode 100644 index 000000000..e1dad0c18 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/PrefixList.yaml @@ -0,0 +1,609 @@ +components: + schemas: + CreatePrefixListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + Name: + maxLength: 58 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + required: + - Name + - PrefixList + title: CreatePrefixListRequest + type: object + CreatePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreatePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreatePrefixListResponse.Result' + title: CreatePrefixListResponse + type: object + CreatePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + CreatePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/CreatePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreatePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeletePrefixListRequest: + additionalProperties: false + properties: {} + title: DeletePrefixListRequest + type: object + DeletePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeletePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeletePrefixListResponse.Result' + title: DeletePrefixListResponse + type: object + DeletePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + DeletePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/DeletePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeletePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribePrefixListRequest: + additionalProperties: false + properties: + Candidate: + default: true + title: Candidate + type: boolean + MaxResults: + default: 100 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + Running: + default: false + title: Running + type: boolean + title: DescribePrefixListRequest + type: object + DescribePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribePrefixListResponse.Result' + title: DescribePrefixListResponse + type: object + DescribePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + DescribePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + PrefixListCandidate: + $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails' + PrefixListRunning: + $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListPrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListPrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListPrefixListResponse.Result' + title: ListPrefixListResponse + type: object + ListPrefixListResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + PrefixListCandidate: + items: + type: string + title: Prefixlistcandidate + type: array + PrefixListRunning: + items: + type: string + title: Prefixlistrunning + type: array + PrefixListUncommitted: + items: + $ref: '#/components/schemas/ListPrefixListResponse.UncommittedPrefixListDetails' + title: Prefixlistuncommitted + type: array + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListPrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListPrefixListResponse.UncommittedPrefixListDetails: + additionalProperties: false + properties: + Name: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Name + type: string + Operation: + title: Operation + type: string + required: + - Name + - Operation + title: UncommittedPrefixListDetails + type: object + UpdatePrefixListRequest: + additionalProperties: false + properties: + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Description: + maxLength: 512 + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - PrefixList + title: UpdatePrefixListRequest + type: object + UpdatePrefixListResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdatePrefixListResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdatePrefixListResponse.Result' + title: UpdatePrefixListResponse + type: object + UpdatePrefixListResponse.PrefixListDetails: + additionalProperties: false + properties: + AuditComment: + title: Auditcomment + type: string + Description: + title: Description + type: string + PrefixList: + items: + type: string + title: Prefixlist + type: array + UpdateToken: + default: '1' + title: Updatetoken + type: string + required: + - PrefixList + title: PrefixListDetails + type: object + UpdatePrefixListResponse.ResponseData: + additionalProperties: false + properties: + Name: + title: Name + type: string + PrefixListEntry: + $ref: '#/components/schemas/UpdatePrefixListResponse.PrefixListDetails' + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdatePrefixListResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "A prefix list allows you to group specific IP addresses that require\ + \ the same policy enforcement. A prefix list can contain one or more IP addresses\ + \ or IP netmask in CIDR notation.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator\ + \ | Global Rulestack Administrator |\n| ---------------------------- | :---------------------------:\ + \ | :---------------------------: | :----------------------------: |\n| Create\ + \ Prefix List | ☐ | **☑** \ + \ | **☑** | \n| Delete Prefix List \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Update Prefix List \ + \ | ☐ | **☑** | **☑**\ + \ | \n| Describe Prefix List | **☑** \ + \ | **☑** | **☑** \ + \ |\n| List Prefix Lists | **☑** | **☑**\ + \ | **☑** |\n" + title: Manage Prefix List + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/prefixlists: + get: + description: "Retrieve the information about the prefix lists for the specified\ + \ rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-prefixlists + parameters: + - description: '' + in: path + name: rulestackname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListPrefixListResponse' + description: OK + summary: List PrefixLists + tags: + - PrefixList + post: + description: 'Create a prefix list to configure and maintain security groups + and route tables. + + ' + operationId: post-v1-config-rulestacks-rulestackname-prefixlists + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreatePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreatePrefixListResponse' + description: OK + summary: Create a PrefixList + tags: + - PrefixList + /v1/config/rulestacks/{rulestackname}/prefixlists/{name}: + delete: + description: "Delete the prefix list associated with the specified rulestack.\ + \ \n" + operationId: delete-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeletePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeletePrefixListResponse' + description: OK + summary: Delete a PrefixList + tags: + - PrefixList + get: + description: "Return the prefix list associated with a rulestack. \n" + operationId: get-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribePrefixListResponse' + description: OK + summary: Describe a PrefixList + tags: + - PrefixList + put: + description: 'Update the prefix list associated with a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-prefixlists-name + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the prefix list. + + ' + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdatePrefixListRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdatePrefixListResponse' + description: OK + summary: Update a PrefixList + tags: + - PrefixList +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: PrefixList diff --git a/static/cloudngfw/aws/spec/api/SecurityRules.yaml b/static/cloudngfw/aws/spec/api/SecurityRules.yaml new file mode 100644 index 000000000..d5ebcdee3 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/SecurityRules.yaml @@ -0,0 +1,1565 @@ +components: + schemas: + CreateSecurityRuleRequest: + additionalProperties: false + properties: + Priority: + exclusiveMaximum: 1000001 + exclusiveMinimum: 0 + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleCreate' + required: + - Priority + - RuleEntry + title: CreateSecurityRuleRequest + type: object + CreateSecurityRuleRequest.RuleCreate: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/CreateSecurityRuleRequest.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleSource' + Tags: + items: + $ref: '#/components/schemas/CreateSecurityRuleRequest.Tag' + maxItems: 200 + title: Tags + type: array + required: + - RuleName + title: RuleCreate + type: object + CreateSecurityRuleRequest.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + CreateSecurityRuleRequest.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + CreateSecurityRuleRequest.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + CreateSecurityRuleRequest.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + CreateSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/CreateSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Result' + title: CreateSecurityRuleResponse + type: object + CreateSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + CreateSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + CreateSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/CreateSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/CreateSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + CreateSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + CreateSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + CreateSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + CreateSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + DeleteSecurityRuleRequest: + additionalProperties: false + properties: {} + title: DeleteSecurityRuleRequest + type: object + DeleteSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Result' + title: DeleteSecurityRuleResponse + type: object + DeleteSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DeleteSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DeleteSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/DeleteSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + DeleteSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + DeleteSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + DeleteSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + DeleteSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + DescribeSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Result' + title: DescribeSecurityRuleResponse + type: object + DescribeSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntryCandidate: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule' + RuleEntryRunning: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + DescribeSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/DescribeSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + DescribeSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + DescribeSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + DescribeSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + DescribeSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + ListSecurityRulesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListSecurityRulesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListSecurityRulesResponse.Result' + title: ListSecurityRulesResponse + type: object + ListSecurityRulesResponse.ResponseData: + additionalProperties: false + properties: + NextToken: + title: Nexttoken + type: string + RuleEntryCandidate: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier' + title: Ruleentrycandidate + type: array + RuleEntryRunning: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier' + title: Ruleentryrunning + type: array + RuleEntryUncommitted: + items: + $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryUncommittedIdentifier' + title: Ruleentryuncommitted + type: array + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + ListSecurityRulesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListSecurityRulesResponse.RuleEntryIdentifier: + additionalProperties: false + properties: + Priority: + exclusiveMaximum: 1000001 + exclusiveMinimum: 0 + title: Priority + type: integer + RuleName: + title: Rulename + type: string + required: + - Priority + title: RuleEntryIdentifier + type: object + ListSecurityRulesResponse.RuleEntryUncommittedIdentifier: + additionalProperties: false + properties: + Operation: + title: Operation + type: string + Priority: + title: Priority + type: integer + RuleName: + title: Rulename + type: string + required: + - Priority + - RuleName + - Operation + title: RuleEntryUncommittedIdentifier + type: object + UpdateSecurityRuleRequest: + additionalProperties: false + properties: + RuleEntry: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.Rule' + required: + - RuleEntry + title: UpdateSecurityRuleRequest + type: object + UpdateSecurityRuleRequest.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleSource' + Tags: + items: + $ref: '#/components/schemas/UpdateSecurityRuleRequest.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + UpdateSecurityRuleRequest.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + UpdateSecurityRuleRequest.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + UpdateSecurityRuleRequest.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + UpdateSecurityRuleRequest.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object + UpdateSecurityRuleResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Result' + title: UpdateSecurityRuleResponse + type: object + UpdateSecurityRuleResponse.ResponseData: + additionalProperties: false + properties: + Priority: + title: Priority + type: integer + RuleEntry: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Rule' + RuleListName: + title: Rulelistname + type: string + RuleStackName: + title: Rulestackname + type: string + title: ResponseData + type: object + UpdateSecurityRuleResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + UpdateSecurityRuleResponse.Rule: + additionalProperties: false + properties: + Action: + default: Allow + enum: + - Allow + - DenySilent + - DenyResetServer + - DenyResetBoth + title: Action + type: string + Applications: + default: + - Any + items: + type: string + title: Applications + type: array + AuditComment: + maxLength: 512 + title: Auditcomment + type: string + Category: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.UrlCategory' + DecryptionRuleType: + enum: + - SSLOutboundInspection + title: Decryptionruletype + type: string + Description: + maxLength: 512 + title: Description + type: string + Destination: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleDestination' + Enabled: + default: true + title: Enabled + type: boolean + Logging: + default: false + title: Logging + type: boolean + NegateDestination: + default: false + title: Negatedestination + type: boolean + NegateSource: + default: false + title: Negatesource + type: boolean + Protocol: + default: application-default + title: Protocol + type: string + RuleName: + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + title: Rulename + type: string + Source: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleSource' + Tags: + items: + $ref: '#/components/schemas/UpdateSecurityRuleResponse.Tag' + maxItems: 200 + title: Tags + type: array + UpdateToken: + title: Updatetoken + type: string + required: + - RuleName + title: Rule + type: object + UpdateSecurityRuleResponse.RuleDestination: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + FqdnLists: + items: + type: string + title: Fqdnlists + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleDestination + type: object + UpdateSecurityRuleResponse.RuleSource: + additionalProperties: false + properties: + Cidrs: + default: + - Any + items: + type: string + title: Cidrs + type: array + Countries: + items: + type: string + title: Countries + type: array + Feeds: + items: + type: string + title: Feeds + type: array + PrefixLists: + items: + type: string + title: Prefixlists + type: array + title: RuleSource + type: object + UpdateSecurityRuleResponse.Tag: + additionalProperties: false + properties: + Key: + maxLength: 128 + minLength: 1 + title: Key + type: string + Value: + maxLength: 128 + minLength: 1 + title: Value + type: string + required: + - Key + - Value + title: Tag + type: object + UpdateSecurityRuleResponse.UrlCategory: + additionalProperties: false + properties: + IntelligentFeeds: + items: + type: string + title: Intelligentfeeds + type: array + URLCategoryNames: + items: + type: string + title: Urlcategorynames + type: array + title: UrlCategory + type: object +info: + contact: {} + description: "Security rules determine whether to block or allow a session based\ + \ on traffic attributes such as the source and destination IP address, source\ + \ and destination FQDNs, or the application. \n\nAll traffic passing through\ + \ the firewall is matched against a session and each session is matched against\ + \ a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional\ + \ traffic in that session (client to server and server to client). For traffic\ + \ that doesn\u2019t match any defined rules, the default rules apply. \n\nFor\ + \ more information, see [Create security roles on Cloud NGFW for AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/create-a-rule).\n\ + \n### Permission Policies\n\n| Action | Local Firewall\ + \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\ + \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\ + \ | :----------------------------: |\n| Create a Security Rule | ☐\ + \ | **☑** | **☑** \ + \ | \n| Delete a Security Rule | ☐ \ + \ | **☑** | **☑** | \ + \ \n| Describe a Security Rule | **☑** \ + \ | **☑** | **☑** |\ + \ \n| ResetSecurityRuleCounters | **☑** | **☑**\ + \ | **☑** |\n| RefreshSecurityRuleCounters\ + \ | **☑** | **☑** | **☑**\ + \ |\n| DescribeSecurityRuleCounters | **☑** \ + \ | **☑** | **☑** \ + \ |\n| List Security Rules | **☑** | **☑**\ + \ | **☑** | \ + \ \n| Update a Security Rule | ☐ |\ + \ **☑** | **☑** | \ + \ \n" + title: Manage Security Rules + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}: + get: + description: 'List all security rules associate with a rulestack in the order + of priority. + + ' + operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: query + name: nexttoken + required: false + schema: + title: Nexttoken + type: string + - description: '' + in: query + name: candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: running + required: false + schema: + default: false + title: Running + type: boolean + - description: '' + in: query + name: uncommitted + required: false + schema: + default: false + title: Uncommitted + type: boolean + - description: '' + in: query + name: maxresults + required: false + schema: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityRulesResponse' + description: OK + summary: List Security Rules + tags: + - SecurityRules + post: + description: 'Create a security rule for a rulestack. + + ' + operationId: post-v1-config-rulestacks-rulestackname-rulelists-rulelistname + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CreateSecurityRuleResponse' + description: OK + summary: Create a Security Rule + tags: + - SecurityRules + /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}/priorities/{priority}: + delete: + description: 'Disassociate a security rule associated with a rulestack. + + ' + operationId: delete-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DeleteSecurityRuleResponse' + description: OK + summary: Delete a Security Rule + tags: + - SecurityRules + get: + description: 'Retrieve the security rules associated with a rulestack. + + ' + operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + - description: '' + in: query + name: Candidate + required: false + schema: + default: true + title: Candidate + type: boolean + - description: '' + in: query + name: Running + required: false + schema: + default: false + title: Running + type: boolean + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeSecurityRuleResponse' + description: OK + summary: Describe a Security Rule + tags: + - SecurityRules + put: + description: 'Update a security rule associated a rulestack. + + ' + operationId: put-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority + parameters: + - description: 'The name of the rulestack. + + ' + in: path + name: rulestackname + required: true + schema: + type: string + - description: 'The name of the rulelist. + + ' + in: path + name: rulelistname + required: true + schema: + type: string + - description: '' + in: path + name: priority + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateSecurityRuleRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateSecurityRuleResponse' + description: OK + summary: Update a Security Rule + tags: + - SecurityRules +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: SecurityRules diff --git a/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml b/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml new file mode 100644 index 000000000..a7cc0da82 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml @@ -0,0 +1,184 @@ +components: + schemas: + DescribeLinkAccountRequest: + additionalProperties: false + properties: {} + title: DescribeLinkAccountRequest + type: object + DescribeLinkAccountResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeLinkAccountResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeLinkAccountResponse.Result' + title: DescribeLinkAccountResponse + type: object + DescribeLinkAccountResponse.AccountTableEntryStatus: + description: An enumeration. + enum: + - Success + - Pending + - Deleting + - OffBoarding + - DeleteFailed + title: AccountTableEntryStatus + type: string + DescribeLinkAccountResponse.ResponseData: + additionalProperties: false + properties: + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + CloudFormationTemplateURL: + title: Cloudformationtemplateurl + type: string + ExternalId: + title: Externalid + type: string + OnboardingStatus: + allOf: + $ref: '#/components/schemas/DescribeLinkAccountResponse.AccountTableEntryStatus' + default: Pending + ServiceAccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Serviceaccountid + type: string + SnsTopicArn: + title: Snstopicarn + type: string + title: ResponseData + type: object + DescribeLinkAccountResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + ListLinkAccountsRequest: + additionalProperties: false + properties: {} + title: ListLinkAccountsRequest + type: object + ListLinkAccountsResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListLinkAccountsResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListLinkAccountsResponse.Result' + title: ListLinkAccountsResponse + type: object + ListLinkAccountsResponse.ResponseData: + additionalProperties: false + properties: + AccountIds: + items: + maxLength: 12 + pattern: ^$|^[0-9]+$ + type: string + title: Accountids + type: array + title: ResponseData + type: object + ListLinkAccountsResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW requires you to onboard an AWS account to create and manage\ + \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\ + \ template (CFT) stack to create these roles needed for Cloud NGFW to access resources\ + \ in your AWS environment. \n\nA link account is an unverified account used to\ + \ onboard an AWS account to a cloud NGFW service based on your input. A link account\ + \ is required to run the CFT. \n\n>**Note:** You can add only one link account\ + \ per subscription.\n\n### Permission Policies\n\n| Action |\ + \ Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\ + \ Administrator |\n| ------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: | \n| Create\ + \ Link Account | ☐ | ☐ \ + \ | ☐ | \n| Delete Link Account | ☐\ + \ | ☐ | ☐ \ + \ | \n| Describe Link Account | **☑**\ + \ | **☑** | **☑** \ + \ | \n| List Link Account | **☑** | **☑**\ + \ | **☑** |\n" + title: User Onboarding using Link Account + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/linkaccounts: + get: + description: 'List all accounts linked with the an admin account. + + ' + operationId: get-v1-mgmt-linkaccounts + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListLinkAccountsRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListLinkAccountsResponse' + description: OK + summary: List Link Accounts + tags: + - UserOnboarding-LinkAccount + /v1/mgmt/linkaccounts/{accountid}: + get: + description: 'View the details of the account IDs associated with the admin + account. + + ' + operationId: get-v1-mgmt-linkaccounts-accountid + parameters: + - description: 'The unique ID of the account. + + ' + in: path + name: accountid + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLinkAccountRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeLinkAccountResponse' + description: OK + summary: Describe Link Account + tags: + - UserOnboarding-LinkAccount +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: UserOnboarding-LinkAccount diff --git a/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml b/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml new file mode 100644 index 000000000..e58489f17 --- /dev/null +++ b/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml @@ -0,0 +1,266 @@ +components: + schemas: + DescribeXAccountRoleArnResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.Result' + title: DescribeXAccountRoleArnResponse + type: object + DescribeXAccountRoleArnResponse.AccountTableEntryStatus: + description: An enumeration. + enum: + - Success + - Pending + - Deleting + - OffBoarding + - DeleteFailed + title: AccountTableEntryStatus + type: string + DescribeXAccountRoleArnResponse.FirewallRoles: + additionalProperties: false + properties: + EndpointRole: + title: Endpointrole + type: string + LoggingRole: + title: Loggingrole + type: string + title: FirewallRoles + type: object + DescribeXAccountRoleArnResponse.ResponseData: + additionalProperties: false + properties: + AccountGroups: + items: + type: string + title: Accountgroups + type: array + AccountId: + maxLength: 12 + pattern: ^$|^[0-9]+$ + title: Accountid + type: string + AllowedMode: + enum: + - ServiceManaged + - CustomerManaged + title: Allowedmode + type: string + AvailabilityZones: + items: + type: string + title: Availabilityzones + type: array + CloudTrailRole: + title: Cloudtrailrole + type: string + DefaultRole: + title: Defaultrole + type: string + Firewall: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.FirewallRoles' + OnboardingStatus: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.AccountTableEntryStatus' + RuleStack: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.RuleStackRoles' + VpcInformations: + items: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.VpcDetails' + title: Vpcinformations + type: array + title: ResponseData + type: object + DescribeXAccountRoleArnResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object + DescribeXAccountRoleArnResponse.RuleStackRoles: + additionalProperties: false + properties: + DecryptionRole: + title: Decryptionrole + type: string + title: RuleStackRoles + type: object + DescribeXAccountRoleArnResponse.SubnetDetails: + additionalProperties: false + properties: + SubnetId: + title: Subnetid + type: string + SubnetName: + title: Subnetname + type: string + required: + - SubnetId + title: SubnetDetails + type: object + DescribeXAccountRoleArnResponse.VpcDetails: + additionalProperties: false + properties: + SubnetInformations: + items: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.SubnetDetails' + title: Subnetinformations + type: array + VpcId: + title: Vpcid + type: string + VpcName: + title: Vpcname + type: string + required: + - VpcId + title: VpcDetails + type: object + ListXAccountRolesRequest: + additionalProperties: false + properties: + MaxResults: + default: 1024 + maximum: 1024 + minimum: 1 + title: Maxresults + type: integer + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + title: ListXAccountRolesRequest + type: object + ListXAccountRolesResponse: + additionalProperties: false + properties: + Response: + $ref: '#/components/schemas/ListXAccountRolesResponse.ResponseData' + ResponseStatus: + $ref: '#/components/schemas/ListXAccountRolesResponse.Result' + title: ListXAccountRolesResponse + type: object + ListXAccountRolesResponse.ResponseData: + additionalProperties: false + properties: + AccountIds: + items: + maxLength: 12 + pattern: ^$|^[0-9]+$ + type: string + title: Accountids + type: array + NextToken: + maxLength: 2048 + minLength: 1 + pattern: ^[-0-9A-Za-z:\/+=]+$ + title: Nexttoken + type: string + title: ResponseData + type: object + ListXAccountRolesResponse.Result: + additionalProperties: false + properties: + ErrorCode: + default: 0 + title: Errorcode + type: integer + Reason: + title: Reason + type: string + title: Result + type: object +info: + contact: {} + description: "Cloud NGFW requires you to onboard an AWS account to create and manage\ + \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\ + \ Template (CFT) stack to create these roles needed for Cloud NGFW to access resources\ + \ in your AWS environment.\n\n### Permission Policies\n\n| Action \ + \ | Local Firewall Administrator | Local Rulestack Administrator | Global\ + \ Rulestack Administrator |\n| ------------------------ | :---------------------------:\ + \ | :---------------------------: | :----------------------------: | \n| Put XAccount\ + \ Roles | ☐ | ☐ \ + \ | ☐ |\n| Describe XAccount Roles | **☑**\ + \ | **☑** | **☑** \ + \ | \n| List Member Accounts | **☑** \ + \ | **☑** | **☑** \ + \ | \n| Delete XAccount Roles | ☐ | ☐\ + \ | ☐ |\n" + title: User Onboarding using Endpoint Role + version: 1.0.0 +openapi: 3.0.3 +paths: + /v1/mgmt/xaccountroles: + get: + description: "Lists all accounts on-boarded using endpoint role. \n" + operationId: get-v1-mgmt-xaccountroles + parameters: [] + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ListXAccountRolesRequest' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListXAccountRolesResponse' + description: OK + summary: List Member accounts and cross account roles + tags: + - UserOnboarding-XAccountRoles + /v1/mgmt/xaccountroles/{accountid}: + get: + description: 'Retrieve the information of a specific account. + + ' + operationId: get-v1-mgmt-xaccountroles-accountid + parameters: + - description: 'The unique ID of the account. + + ' + in: path + name: accountid + required: true + schema: + type: string + - description: '' + in: query + name: describeaccount + required: false + schema: + default: false + title: Describeaccount + type: boolean + - description: '' + in: query + name: vpcid + required: false + schema: + title: Vpcid + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DescribeXAccountRoleArnResponse' + description: OK + summary: Describe Member accounts and cross account Roles + tags: + - UserOnboarding-XAccountRoles +servers: +- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com +tags: +- name: UserOnboarding-XAccountRoles