@itentialopensource/adapter-velocloud_orchestrator

{ "swagger": "2.0", "info": { "title": "VeloCloud Orchestrator API", "version": "3.3.2", "contact": { "name": "VMware SD-WAN by VeloCloud", "url": "https://www.vmware.com/products/sd-wan-by-velocloud.html" }, "description": "## <p>The VeloCloud Orchestrator (VCO) powers the management plane in the VMware SD-WAN solution. It offers a broad range of configuration, monitoring and troubleshooting functionality to service providers and enterprises alike. The principal web service with which users interact in order to exercise this functionality is called the <strong>VCO Portal</strong>.</p> <h2>The VCO Portal</h2> <p>The VCO Portal allows network administrators (or scripts and applications acting on their behalf) to manage network and device configuration and query current or historical network and device state. API clients may interact with the Portal via a JSON-RPC interface or a REST-like interface. It is possible to invoke all of the methods described in this document using either interface; there is no Portal functionality for which access is constrained exclusively to either JSON-RPC clients or REST-like ones.</p> <p>Both interfaces accept <strong>exclusively HTTP POST</strong> requests. Both also expect that request bodies, when present, are JSON-formatted -- consistent with RFC 2616, clients are furthermore expected to formally assert where this is the case using the `Content-Type` request header, e.g. `Content-Type: application/json`.</p> <h3>JSON-RPC Interface</h3> <p>The JSON-RPC API accepts calls via the `/portal` URL path (e.g. vco.velocloud.net/portal). Consistent with <a href=\"https://www.jsonrpc.org/specification\">v2.0 of the JSON-RPC specification</a>, the API expects JSON-encoded request payloads that consist of a method name (`method`), a parameters object (`params`), a user-specified unique request identifier (`id`, by convention an integer such as a millisecond-precision epoch timestamp), and a JSON-RPC specification version identifier (`jsonrpc`). The VCO supports only the 2.0 iteration of the JSON-RPC specification, and so the value of the `jsonrpc` parameter should always be the string `\"2.0\"`. A sample request follows:</p> <pre>curl --header 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"event/getEnterpriseEvents\",\"params\":{\"enterpriseId\":1},\"id\":1}' --cookie cookies.txt -X POST https://vco.velocloud.net/portal/</pre> <h3>REST-like Interface</h3> <p>The REST-like interface eliminates some of the protocol \"overhead\" imposed by the JSON-RPC interface, and may feel more familiar to those familiar with URL-based REST semantics. It also offers a greater degree of interoperability with a range of client-side tools designed for use with traditional REST APIs. The interface is accessible via the `/portal/rest/` base path. In processing REST-like requests, the VCO parses the method name from the portion of the URL path that follows the base path. The request body need contain only the method parameters, e.g.:</p> <pre>curl --header 'Content-Type: application/json' --data '{\"enterpriseId\":1}' --cookie cookies.txt -X POST https://vco.velocloud.net/portal/rest/event/getEnterpriseEvents</pre> <h2>Authentication</h2> <p>The VCO API supports cookie-based authentication. Most programming languages and HTTP client applications expose libraries or options that facilitate the management and use of session cookies, which clients are free to leverage in working with the VCO (e.g. curl exposes the `--cookie-jar` and `--cookie` options, Python's `requests` library <a href=\"https://requests.readthedocs.io/en/master/user/advanced/#session-objects\">exposes a Session interface</a>, etc.). Numerous code samples, wherein authentication is demonstrated in a variety of programming languages, are available via <a href=\"https://code.vmware.com/samples?categories=Sample&keywords=velocloud\">VMware Sample Exchange</a>.</p> <p>Clients initiate sessions by invoking either the `login/enterpriseLogin` or the `login/operatorLogin` method, depending on the user type associated with the client's credentials (Partner and Customer Admins should use the former method, and Operator Admins the latter). In the event of a successful authentication call, the API responds with an HTTP 200 status code and embeds a `velocloud.session` cookie in a `Set-Cookie` response header. When authentication is unsuccessful, the API responds with an HTTP 302 status code and includes a short message elaborating on the failure in a `velocloud.message` cookie. A sample authentication call is demonstrated with the curl command-line utility below (response truncated for brevity):</p> <pre>curl --cookie-jar /tmp/cookie.txt -i -X POST https://vco.velocloud.net/portal/rest/login/enterpriseLogin --data '{\"username\":\"admin@velocloud.net\",\"password\":\"'$SECRET'\"}'<br/>< HTTP/1.1 200 OK<br/>< Set-Cookie: velocloud.session=<token>; <attributes></pre> <p>Once a client has successfully retrieved a session cookie, it may begin to make API calls to API methods that require authentication by embedding the `velocloud.session` cookie in a `Cookie` request header (programming languages and other client utilities typically provide interfaces that simplify this).</p> <p>Session cookies typically expire after a period of 24 hours (though liftetimes are configurable and may vary across VCO deployments). It is considered best practice to invalidate cookies whenever they are no longer required by initiating a call to the `logout` API method:</p> <pre>curl --cookie /tmp/cookie.txt -X POST https://vco.velocloud.net/portal/rest/logout</pre> <h2>Data Model & Terminology</h2> <p>The terminology of the VCO API schema doesn't always align with the terminology of the Web Console. Consider this a \"cheat sheat\" to aid in interpreting API constructs:</p> <ul><li><strong>Enterprise</strong>: Customer</li><li><strong>Enterprise Proxy</strong>: Partner</li><li><strong>Configuration</strong>: Device configurations are modeled in the API schema as a composition of \"Configuration\" entities. There are effectively three distinct types of Configurations: Operator Profiles (also referred to as \"Software Images\"), Customers Profiles (referred to in the API schema as \"Enterprise Configurations\"), and Edge-Specific Profiles.</li><li><strong>Configuration Module</strong>: Each configuration is composed of a set of modules (e.g. `deviceSettings`, `QOS`, `firewall`, `controlPlane`, etc.), wherein the actual configuration `data` resides. In the current version of the API, configuration changes must always be applied at the module level (i.e. via calls to the `configuration/updateConfigurationModule` API method). Partial updates on specific sections of Configuration Module `data` are not (yet) supported.</li><li><strong>Refs</strong>: `refs` are associations between a Network Service (e.g. DNS providers, authentication services, VPN hubs, etc.) and a Configuration (more precisely, a Configuration Module). They should generally be treated as read-only.</li></ul> <h2>Common Parameters</h2> <p>A few parameters appear repeatedly throughout the API schema:</p> <h3>`enterpriseId`</h3> <p>The Portal API enforces that an `enterpriseId` parameter is <strong>required on any request initiated by an Operator or Partner Administrator that accesses, or operates upon, a Customer-managed resource</strong> (e.g. Edges, Profiles, network services). `enterpriseId` is never required for API calls initiated by Customer Administrators (in such cases it is inferred based on the user's credential).</p> <h3>`enterpriseProxyId`</h3> <p>Similar to the `enterpriseId` parameter, the Portal API enforces that an `enterpriseProxyId` parameter is <strong>required on any request initiated by an Operator Administrator that accesses, or operates upon, a Partner-managed resource</strong> (e.g. Partner Events, Partner Gateway Pools, etc.). `enterpriseProxyId` is never required for API calls initiated by Partner Administrators (in such cases it is inferred based on the user's credential).</p> <h3>`with`</h3> <p>Many \"fetch\" API methods support a `with` parameter, which allows the user to optionally resolve related entities. `recentLinks` is a special instance of one such option that is supported by methods that fetch Edges, which will cause the API to resolve WAN links for which activity has been recorded in the last 24 hours. This should generally be preferred to the `links` option on methods where it is supported.</p> <h3>`interval`</h3> <p>Many methods, such as those that query events or volumetric flow data, support a query `interval`. The default query interval, inferred by the server when none is otherwise specified, is the most recent 12 hour period.</p> <p>The VCO exposes time series data (e.g. device system health metrics such as CPU and memory usage, network metrics such as latency/jitter/loss, volumetric traffic flow data) via various API methods that accept query intervals. By default, Edges and Gateways report new statistics to the Orchestrator every five minutes. Due to various factors (clock drift, network jitter, server-side processing delays), statistics associated with a given interval beginning at time `t` are often not reflected in API output until time `t + 10 minutes`. As such, we do not recommend using query intervals smaller than 10 minutes in time for these methods.</p> <h2>Datetimes</h2> <p>The Orchestrator API uses UTC time universally. Whenever a method request schema calls for a datetime value, and whenever a response includes a datetime value, the timezone should be inferred to be UTC.</p> <p>The VCO accepts the following datetime formats:</p> <ul><li>13-digit millisecond-precision epoch timestamps (e.g. `1500000000000`)</li><li>Datetime strings formatted consistently with RFC 3339. (e.g. `\"2017-01-01T00:00:00.000Z\"`)</li></ul> <br>\n" }, "basePath": "/portal/rest", "schemes": [ "https" ], "produces": [ "application/json" ], "paths": { "/login/operatorLogin": { "post": { "operationId": "login_operator_login", "summary": "Authenticate operator user", "description": "Authenticates an operator user and, upon successful login, returns a velocloud.session cookie. Pass this session cookie in the authentication header in subsequent VCO calls.\n If you are using an HTTP client (e.g. Postman) that is configured to automatically follow HTTP redirects, a successful authentication request will cause your client to follow an HTTP 302 redirect to the portal 'Home' web page. Your session cookie can then be used to make VCO API calls. \n Note that session cookies expire after a period of time specified in the VCO configuration (default is 24 hours).", "tags": [ "all", "login" ], "parameters": [ { "$ref": "#/parameters/auth_param" } ], "responses": { "200": { "description": "If you are using an HTTP client that is configured to automatically follow HTTP redirects (e.g. Postman), a successful authentication request will cause your client to follow a HTTP 302 redirect to the portal 'Home' web page. Your session cookie may then be used to make API calls." }, "302": { "description": "An HTTP 302 response is returned on both successful and failed authentication attempts. If the response includes a Set-Cookie header specifying a non-empty velocloud.session cookie, authentication was successful and this cookie may be used to make API calls." } } } }, "/login/enterpriseLogin": { "post": { "operationId": "login_enterprise_login", "summary": "Authenticate enterprise or partner (MSP) user", "description": "Authenticates an enterprise or partner (MSP) user and, upon successful login, returns a velocloud.session cookie. Pass this session cookie in the authentication header in subsequent VCO calls.\n If you are using an HTTP client (e.g. Postman) that is configured to automatically follow HTTP redirects, a successful authentication request will cause your client to follow an HTTP 302 redirect to the portal 'Home' web page. Your session cookie can then be used to make VCO API calls.\n Note that session cookies expire after a period of time specified in the VCO configuration (default is 24 hours).", "tags": [ "all", "login" ], "parameters": [ { "$ref": "#/parameters/auth_param" } ], "responses": { "200": { "description": "If you are using an HTTP client that is configured to automatically follow HTTP redirects (e.g. Postman), a successful authentication request will cause your client to follow an HTTP 302 redirect to the portal 'Home' web page. Your session cookie may then be used to make API calls." }, "302": { "description": "An HTTP 302 response is returned on both successful and failed authentication attempts. If the response includes a Set-Cookie header specifying a non-empty velocloud.session cookie, authentication was successful and this cookie may be used to make API calls." } } } }, "/logout": { "post": { "operationId": "logout", "summary": "Logout and invalidate authorization session cookie", "description": "Logs out the VCO API user and invalidates the session cookie.", "tags": [ "all", "login" ], "parameters": [], "responses": { "200": { "description": "If you are using an HTTP client that is configured to automatically follow HTTP redirects (e.g. Postman), a successful logout request will cause your client to follow an HTTP 302 redirect to the portal login web page." }, "302": { "description": "An HTTP 302 (redirect) response is returned on both successful and failed logout attempts." } } } }, "/meta/{apiPath}": { "post": { "deprecated": true, "operationId": "meta", "summary": "Get Swagger specification for any VCO API call", "description": "Gets the Swagger specification for any VCO API call.", "tags": [ "all", "meta" ], "parameters": [ { "name": "apiPath", "in": "path", "description": "the path to another api method, starting after /rest/", "required": true, "type": "string" } ], "responses": { "200": { "description": "Request successful", "schema": { "type": "object", "properties": { "privileges": { "type": "object" }, "swagger": { "type": "object" } } } }, "400": { "$ref": "#/responses/generic_400" } } } }, "/clientDevice/setClientDeviceHostName": { "post": { "summary": "Set hostname for client device", "description": "Sets the `hostName` for client device\n\nPrivileges required:\n\n`UPDATE` `CLIENT_DEVICE`", "tags": [ "clientDevice", "all" ], "operationId": "set_client_device_host_name", "x-privileges": { "forceEnterpriseContext": true, "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "UPDATE", "object": "CLIENT_DEVICE" } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "title": "set_client_device_host_name", "type": "object", "properties": { "enterpriseId": { "type": "integer" }, "clientDeviceId": { "type": "integer" }, "hostName": { "type": "string" }, "macAddress": { "type": "string" }, "ipAddress": { "type": "string" } }, "required": [ "enterpriseId", "hostName" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/set_client_device_host_name_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/cloneAndConvertConfiguration": { "post": { "summary": "Create new segment-based profile from existing network-based profile", "description": "Clones and converts the specified network configuration (by `configurationId`). Accepts an `enterpriseId` or `networkId` to associate the new configuration with an enterprise or network. On success, returns the ID of the newly created configuration object.\n\nPrivileges required:\n\n`CREATE` `ENTERPRISE_PROFILE`, or\n\n`CREATE` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_clone_and_convert_configuration", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "CREATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "CREATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_clone_and_convert_configuration", "properties": { "configurationId": { "type": "integer" }, "enterpriseId": { "type": "integer" }, "name": { "type": "string" }, "description": { "type": "string" }, "guestVLANSegmentObjectId": { "type": "integer" } }, "required": [ "configurationId" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_clone_and_convert_configuration_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/cloneConfiguration": { "post": { "summary": "Clone configuration profile", "description": "Clones the specified configuration (by `configurationId`) and all associated configuration modules. Accepts an `enterpriseId` or `networkId` to associate the new configuration with an enterprise or network. Select modules may also be specified. On success, returns the `id` of the newly created configuration object.\n\nPrivileges required:\n\n`CREATE` `ENTERPRISE_PROFILE`, or\n\n`CREATE` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_clone_configuration", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "CREATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "CREATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_clone_configuration", "properties": { "configurationId": { "type": "integer" }, "networkId": { "type": "integer" }, "enterpriseId": { "type": "integer" }, "name": { "type": "string" }, "version": { "type": "string" }, "description": { "type": "string" } }, "required": [ "configurationId" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_clone_configuration_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/cloneEnterpriseTemplate": { "post": { "summary": "Clone default enterprise configuration profile", "description": "Creates a new enterprise configuration from the enterprise default configuration. On success, returns the `id` of the newly created configuration object.\n\nPrivileges required:\n\n`CREATE` `ENTERPRISE_PROFILE`, or\n\n`CREATE` `OPERATOR_PROFILE`", "tags": [ "all", "configuration" ], "operationId": "configuration_clone_enterprise_template", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "CREATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "CREATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_clone_enterprise_template", "properties": { "enterpriseId": { "type": "integer", "description": "Required if called from the operator or MSP context, identifies the target enterprise of the API call." }, "configurationType": { "type": "string", "enum": [ "SEGMENT_BASED", "NETWORK_BASED" ], "description": "If both network and segment based functionality is granted to the enterprise, chose which template type to clone. If not specified the type of the operator profile assigned to the enterprise will be used." }, "name": { "type": "string" }, "description": { "type": "string" } } } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_clone_enterprise_template_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/deleteConfiguration": { "post": { "summary": "Delete configuration profile", "description": "Deletes the specified configuration profile (by `id`). On success, returns an object indicating the number of objects (rows) deleted (1 or 0).\n\nPrivileges required:\n\n`DELETE` `ENTERPRISE_PROFILE`, or\n\n`DELETE` `OPERATOR_PROFILE`", "tags": [ "all", "configuration" ], "operationId": "configuration_delete_configuration", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "DELETE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "DELETE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_delete_configuration", "properties": { "enterpriseId": { "type": "integer" }, "id": { "type": "integer" } }, "required": [ "id" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_delete_configuration_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/getConfiguration": { "post": { "summary": "Get configuration profile", "description": "Gets the specified configuration profile, optionally with module details.\n\nPrivileges required:\n\n`READ` `ENTERPRISE_PROFILE`, or\n\n`READ` `OPERATOR_PROFILE`", "tags": [ "all", "configuration" ], "operationId": "configuration_get_configuration", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "READ", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "READ", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_get_configuration", "properties": { "id": { "type": "integer" }, "enterpriseId": { "type": "integer" }, "with": { "type": "array", "items": { "type": "string", "enum": [ "modules", "edgeCount", "enterprises", "enterpriseCount", "counts" ] } } }, "required": [ "id" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_get_configuration_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/getConfigurationModules": { "post": { "summary": "Get configuration profile modules", "description": "Gets all configuration modules for the specified configuration profile.\n\nPrivileges required:\n\n`READ` `ENTERPRISE_PROFILE`, or\n\n`READ` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_get_configuration_modules", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "READ", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "READ", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_get_configuration_modules", "properties": { "configurationId": { "type": "integer" }, "enterpriseId": { "type": "integer" }, "noData": { "type": "boolean" }, "modules": { "type": "array", "items": { "type": "string", "enum": [ "imageUpdate", "controlPlane", "managementPlane", "firewall", "QOS", "deviceSettings", "WAN", "metaData", "properties" ] } } }, "required": [ "configurationId" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "title": "configuration_get_configuration_modules_result", "type": "array", "items": { "$ref": "#/definitions/configuration_get_configuration_modules_result_item" } } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/getIdentifiableApplications": { "post": { "summary": "Get the applications that are identifiable through DPI.", "description": "Gets all applications that are identifiable through DPI. If called from an operator or MSP context, then `enterpriseId` is required.\n\nPrivileges required:\n\n`READ` `ENTERPRISE_PROFILE`", "tags": [ "all", "configuration" ], "operationId": "configuration_get_identifiable_applications", "x-privileges": { "forceEnterpriseContext": true, "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "READ", "object": "ENTERPRISE_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_get_identifiable_applications", "properties": { "enterpriseId": { "type": "integer" } } } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_get_identifiable_applications_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/getRoutableApplications": { "post": { "summary": "Get first packet routable applications", "description": "Gets all applications that are first packet routable. If called from an operator or MSP context, then `enterpriseId` is required.Optionally, specify `edgeId` to get the map for a specific Edge.\n\nPrivileges required:\n\n`VIEW_FLOW_STATS` `undefined`", "tags": [ "all", "configuration" ], "operationId": "configuration_get_routable_applications", "x-privileges": { "forceEnterpriseContext": true, "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "VIEW_FLOW_STATS", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_get_routable_applications", "properties": { "enterpriseId": { "type": "integer" }, "edgeId": { "type": "integer" } } } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_get_routable_applications_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/insertConfigurationModule": { "post": { "summary": "Create configuration module", "description": "Creates a new configuration module for the specified configuration profile.\n\nPrivileges required:\n\n`UPDATE` `ENTERPRISE_PROFILE`, or\n\n`UPDATE` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_insert_configuration_module", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "UPDATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "UPDATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_insert_configuration_module", "properties": { "enterpriseId": { "type": "integer" }, "name": { "type": "string", "enum": [ "imageUpdate", "controlPlane", "managementPlane", "firewall", "QOS", "deviceSettings", "WAN", "metaData", "properties" ] }, "type": { "type": "string", "enum": [ "ENTERPRISE", "OPERATOR", "GATEWAY" ] }, "description": { "type": "string" }, "data": { "type": "object" }, "configurationId": { "type": "integer" }, "version": { "type": "string" } }, "required": [ "name", "data", "configurationId" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_insert_configuration_module_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/updateConfiguration": { "post": { "summary": "Update configuration profile", "description": "Updates the specified configuration profile record according to the attribute:value mappings specified in the `_update` object.\n\nPrivileges required:\n\n`UPDATE` `ENTERPRISE_PROFILE`, or\n\n`UPDATE` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_update_configuration", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "UPDATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "UPDATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_update_configuration", "properties": { "id": { "type": "integer" }, "enterpriseId": { "type": "integer" }, "_update": { "type": "object", "properties": { "name": { "type": "string" }, "description": { "type": "string" }, "version": { "type": "string" }, "effective": { "type": "string" } } } }, "required": [ "id", "_update" ] } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/rows_modified_confirmation" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/configuration/updateConfigurationModule": { "post": { "summary": "Update configuration module", "description": "Updates the specified configuration module. Expects an `_update` object containing the field(s) to be updated and their corresponding value(s). For most use cases, configuration module `data` should be the only module attribute that it is necessary to update. This method does not support partial updates on specific sub-sections of the `data` object.\n\nPrivileges required:\n\n`UPDATE` `ENTERPRISE_PROFILE`, or\n\n`UPDATE` `OPERATOR_PROFILE`", "tags": [ "configuration", "all" ], "operationId": "configuration_update_configuration_module", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "ANY" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "UPDATE", "object": "ENTERPRISE_PROFILE", "sufficient": true }, { "action": "UPDATE", "object": "OPERATOR_PROFILE", "sufficient": true } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "configuration_update_configuration_module", "properties": { "id": { "type": "integer", "description": "Alias for `configurationModuleId`" }, "configurationModuleId": { "type": "integer", "description": "The `id` of the target configuration module. This parameter, or its alias `id`, is required." }, "enterpriseId": { "type": "integer" }, "basic": { "type": "boolean", "default": false }, "_update": { "$ref": "#/definitions/configuration_module" } }, "example": { "enterpriseId": 4, "configurationModuleId": 5161, "_update": { "data": { "inbound": [], "segments": [ { "segment": { "segmentId": 0, "name": "Global Segment", "type": "REGULAR", "segmentLogicalId": "0f966250-942d-48cc-be87-d656734f6449" }, "firewall_logging_enabled": false, "outbound": [ { "name": "Block Google DNS", "match": { "appid": -1, "classid": -1, "dscp": -1, "sip": "any", "smac": "any", "sport_high": -1, "sport_low": -1, "ssm": "255.255.255.255", "svlan": -1, "os_version": -1, "hostname": "", "dip": "8.8.8.8", "dport_low": 53, "dport_high": 53, "dsm": "255.255.255.255", "dvlan": -1, "proto": 6, "s_rule_type": "prefix", "d_rule_type": "exact" }, "action": { "allow_or_deny": "deny" }, "loggingEnabled": false } ] } ], "firewall_enabled": true, "firewall_logging_enabled": true } } } } } ], "responses": { "200": { "description": "Request was successfully processed", "schema": { "$ref": "#/definitions/configuration_update_configuration_module_result" } }, "400": { "$ref": "#/responses/generic_400" }, "500": { "$ref": "#/responses/generic_500" } } } }, "/disasterRecovery/configureActiveForReplication": { "post": { "summary": "Configure current VCO for disaster recovery", "tags": [ "all", "disasterRecovery" ], "description": "Configures the current Orchestrator to be active and the specified Orchestrator to be standby for Orchestrator disaster recovery replication. Required attributes: 1) `standbyList`, a single-entry array containing the `standbyAddress` and `standbyUuid`, 2) `drVCOUser`, a Orchestrator super user available on both the active and standby VCOs, and 3) `drVCOPassword`, the password of `drVCOUser` on the standby Orchestrator (unless the `autoConfigStandby` option is specified as `false`). The call sets up the active Orchestrator to allow replication from the standby and then (unless `autoConfigStandby` is `false`) makes a `transitionToStandby` API call to the specified standby, expected to have been previously placed in `STANDBY_CANDIDATE` state via `prepareForStandby`. After this call, the active and standby VCOs should be polled via `getReplicationStatus` until they both reach `STANDBY_RUNNING` `drState` (or a configuration error is reported). (Note: `drVCOPassword` is not persisted.)\n\nPrivileges required:\n\n`CREATE` `REPLICATION`", "operationId": "disaster_recovery_configure_active_for_replication", "x-privileges": { "excludeAuthTypes": [], "allowAuthTypes": [ "OPERATOR_USER" ], "allowPrincipleTypes": [], "excludePrincipleTypes": [ "EDGE", "GATEWAY" ], "requirePrivileges": [ { "action": "CREATE", "object": "REPLICATION" } ] }, "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "title": "disaster_recovery_configure_active_for_replication", "properties": { "standbyList": { "type": "array", "items": { "title": "standby_vco_designee", "type": "object", "properties": { "standbyAddress": { "type": "string" }, "standbyReplicationAddress": { "type": "string" }, "standbyUuid": { "type": "string" } }, "required": [ "standbyAddress", "standbyUuid" ] } }, "autoConfigStandby": { "type": "boolean", "default": true }, "drVCOUser": { "type": "string" }, "drVCOPassword": { "type": "string" } }, "required": [ "standbyList", "drVCOUser", "drVCOPassword" ] } } ], "responses": { "200": { "description": "Request was successfully