@robinmordasiewicz/f5xc-terraform-mcp 2.3.0 → 2.4.4

package/dist/docs/specifications/api/docs-cloud-f5-com.0209.public.ves.io.schema.service_policy_rule.ves-swagger.json

@@ -0,0 +1 @@
+{"openapi":"3.0.0","info":{"title":"F5 Distributed Cloud Services API for ves.io.schema.service_policy_rule","description":"A service_policy_rule object consists of an unordered list of predicates and an action. The predicates are evaluated against a set of input fields that are\nextracted from or derived from an L7 request API. A request API is considered to match a rule if all predicates in the rule evaluate to true for that request.\nAny predicates that are not specified in a rule are implicitly considered to be true. If a request API matches a rule, the action specified for the rule is\nenforced for that request.\n\nA service_policy_rule can be part of exactly one service_policy and must belong to the same namespace as the service policy.","version":""},"paths":{"/api/config/namespaces/{metadata.namespace}/service_policy_rules":{"post":{"summary":"Create Service Policy Rule","description":"Create service_policy_rule creates a new object in the storage backend for metadata.namespace.","operationId":"ves.io.schema.service_policy_rule.API.Create","responses":{"200":{"description":"A successful response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleCreateResponse"}}}},"401":{"description":"Returned when operation is not authorized","content":{"application/json":{"schema":{"format":"string"}}}},"403":{"description":"Returned when there is no permission to access resource","content":{"application/json":{"schema":{"format":"string"}}}},"404":{"description":"Returned when resource is not found","content":{"application/json":{"schema":{"format":"string"}}}},"409":{"description":"Returned when operation on resource is conflicting with current value","content":{"application/json":{"schema":{"format":"string"}}}},"429":{"description":"Returned when operation has been rejected as it is happening too frequently","content":{"application/json":{"schema":{"format":"string"}}}},"500":{"description":"Returned when server encountered an error in processing API","content":{"application/json":{"schema":{"format":"string"}}}},"503":{"description":"Returned when service is unavailable temporarily","content":{"application/json":{"schema":{"format":"string"}}}},"504":{"description":"Returned when server timed out processing request","content":{"application/json":{"schema":{"format":"string"}}}}},"parameters":[{"name":"metadata.namespace","description":"namespace\n\nx-example: \"staging\"\nThis defines the workspace within which each the configuration object is to be created.\nMust be a DNS_LABEL format. For a namespace object itself, namespace value will be \"\"","in":"path","required":true,"x-displayname":"Namespace","schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleCreateRequest"}}},"required":true},"externalDocs":{"description":"Examples of this operation","url":"https://docs.cloud.f5.com/docs-v2/platform/reference/api-ref/ves-io-schema-service_policy_rule-api-create"},"x-ves-proto-rpc":"ves.io.schema.service_policy_rule.API.Create"},"x-displayname":"Service Policy Rule","x-ves-proto-service":"ves.io.schema.service_policy_rule.API","x-ves-proto-service-type":"AUTO_CRUD_PUBLIC"},"/api/config/namespaces/{metadata.namespace}/service_policy_rules/{metadata.name}":{"put":{"summary":"Replace Service Policy Rule","description":"Replace service_policy_rule replaces an existing object in the storage backend for metadata.namespace.","operationId":"ves.io.schema.service_policy_rule.API.Replace","responses":{"200":{"description":"A successful response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleReplaceResponse"}}}},"401":{"description":"Returned when operation is not authorized","content":{"application/json":{"schema":{"format":"string"}}}},"403":{"description":"Returned when there is no permission to access resource","content":{"application/json":{"schema":{"format":"string"}}}},"404":{"description":"Returned when resource is not found","content":{"application/json":{"schema":{"format":"string"}}}},"409":{"description":"Returned when operation on resource is conflicting with current value","content":{"application/json":{"schema":{"format":"string"}}}},"429":{"description":"Returned when operation has been rejected as it is happening too frequently","content":{"application/json":{"schema":{"format":"string"}}}},"500":{"description":"Returned when server encountered an error in processing API","content":{"application/json":{"schema":{"format":"string"}}}},"503":{"description":"Returned when service is unavailable temporarily","content":{"application/json":{"schema":{"format":"string"}}}},"504":{"description":"Returned when server timed out processing request","content":{"application/json":{"schema":{"format":"string"}}}}},"parameters":[{"name":"metadata.namespace","description":"namespace\n\nx-example: \"staging\"\nThis defines the workspace within which each the configuration object is to be created.\nMust be a DNS_LABEL format. For a namespace object itself, namespace value will be \"\"","in":"path","required":true,"x-displayname":"Namespace","schema":{"type":"string"}},{"name":"metadata.name","description":"name\n\nx-example: \"acmecorp-web\"\nThe configuration object to be replaced will be looked up by name","in":"path","required":true,"x-displayname":"Name","schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleReplaceRequest"}}},"required":true},"externalDocs":{"description":"Examples of this operation","url":"https://docs.cloud.f5.com/docs-v2/platform/reference/api-ref/ves-io-schema-service_policy_rule-api-replace"},"x-ves-proto-rpc":"ves.io.schema.service_policy_rule.API.Replace"},"x-displayname":"Service Policy Rule","x-ves-proto-service":"ves.io.schema.service_policy_rule.API","x-ves-proto-service-type":"AUTO_CRUD_PUBLIC"},"/api/config/namespaces/{namespace}/service_policy_rules":{"get":{"summary":"List Service Policy Rule","description":"List the set of service_policy_rule in a namespace","operationId":"ves.io.schema.service_policy_rule.API.List","responses":{"200":{"description":"A successful response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleListResponse"}}}},"401":{"description":"Returned when operation is not authorized","content":{"application/json":{"schema":{"format":"string"}}}},"403":{"description":"Returned when there is no permission to access resource","content":{"application/json":{"schema":{"format":"string"}}}},"404":{"description":"Returned when resource is not found","content":{"application/json":{"schema":{"format":"string"}}}},"409":{"description":"Returned when operation on resource is conflicting with current value","content":{"application/json":{"schema":{"format":"string"}}}},"429":{"description":"Returned when operation has been rejected as it is happening too frequently","content":{"application/json":{"schema":{"format":"string"}}}},"500":{"description":"Returned when server encountered an error in processing API","content":{"application/json":{"schema":{"format":"string"}}}},"503":{"description":"Returned when service is unavailable temporarily","content":{"application/json":{"schema":{"format":"string"}}}},"504":{"description":"Returned when server timed out processing request","content":{"application/json":{"schema":{"format":"string"}}}}},"parameters":[{"name":"namespace","description":"namespace\n\nx-example: \"ns1\"\nNamespace to scope the listing of service_policy_rule","in":"path","required":true,"x-displayname":"Namespace","schema":{"type":"string"}},{"name":"label_filter","description":"x-example: \"env in (staging, testing), tier in (web, db)\"\nA LabelSelectorType expression that every item in list response will satisfy","in":"query","required":false,"x-displayname":"Label Filter","schema":{"type":"string"}},{"name":"report_fields","description":"x-example: \"\"\nExtra fields to return along with summary fields","in":"query","required":false,"x-displayname":"Report Fields","explode":true,"schema":{"type":"array","items":{"type":"string"}}},{"name":"report_status_fields","description":"x-example: \"\"\nExtra status fields to return along with summary fields","in":"query","required":false,"x-displayname":"Report Status Fields","explode":true,"schema":{"type":"array","items":{"type":"string"}}}],"externalDocs":{"description":"Examples of this operation","url":"https://docs.cloud.f5.com/docs-v2/platform/reference/api-ref/ves-io-schema-service_policy_rule-api-list"},"x-ves-proto-rpc":"ves.io.schema.service_policy_rule.API.List"},"x-displayname":"Service Policy Rule","x-ves-proto-service":"ves.io.schema.service_policy_rule.API","x-ves-proto-service-type":"AUTO_CRUD_PUBLIC"},"/api/config/namespaces/{namespace}/service_policy_rules/{name}":{"get":{"summary":"Get Service Policy Rule","description":"Get service_policy_rule reads a given object from storage backend for metadata.namespace.","operationId":"ves.io.schema.service_policy_rule.API.Get","responses":{"200":{"description":"A successful response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleGetResponse"}}}},"401":{"description":"Returned when operation is not authorized","content":{"application/json":{"schema":{"format":"string"}}}},"403":{"description":"Returned when there is no permission to access resource","content":{"application/json":{"schema":{"format":"string"}}}},"404":{"description":"Returned when resource is not found","content":{"application/json":{"schema":{"format":"string"}}}},"409":{"description":"Returned when operation on resource is conflicting with current value","content":{"application/json":{"schema":{"format":"string"}}}},"429":{"description":"Returned when operation has been rejected as it is happening too frequently","content":{"application/json":{"schema":{"format":"string"}}}},"500":{"description":"Returned when server encountered an error in processing API","content":{"application/json":{"schema":{"format":"string"}}}},"503":{"description":"Returned when service is unavailable temporarily","content":{"application/json":{"schema":{"format":"string"}}}},"504":{"description":"Returned when server timed out processing request","content":{"application/json":{"schema":{"format":"string"}}}}},"parameters":[{"name":"namespace","description":"namespace\n\nx-example: \"ns1\"\nThe namespace in which the configuration object is present","in":"path","required":true,"x-displayname":"Namespace","schema":{"type":"string"}},{"name":"name","description":"name\n\nx-example: \"name\"\nThe name of the configuration object to be fetched","in":"path","required":true,"x-displayname":"Name","schema":{"type":"string"}},{"name":"response_format","description":"The format in which the configuration object is to be fetched. This could be for example\n    - in GetSpec form for the contents of object\n    - in CreateRequest form to create a new similar object\n    - to ReplaceRequest form to replace changeable values\n\nDefault format of returned resource\nResponse should be in CreateRequest format\nResponse should be in ReplaceRequest format\nResponse should be in StatusObject(s) format\nResponse should be in format of GetSpecType\nResponse should have other objects referring to this object\nResponse should have deleted and disabled objects referrred by this object","in":"query","required":false,"x-displayname":"Broken Referred Objects","schema":{"type":"string","enum":["GET_RSP_FORMAT_DEFAULT","GET_RSP_FORMAT_FOR_CREATE","GET_RSP_FORMAT_FOR_REPLACE","GET_RSP_FORMAT_STATUS","GET_RSP_FORMAT_READ","GET_RSP_FORMAT_REFERRING_OBJECTS","GET_RSP_FORMAT_BROKEN_REFERENCES"],"default":"GET_RSP_FORMAT_DEFAULT"}}],"externalDocs":{"description":"Examples of this operation","url":"https://docs.cloud.f5.com/docs-v2/platform/reference/api-ref/ves-io-schema-service_policy_rule-api-get"},"x-ves-proto-rpc":"ves.io.schema.service_policy_rule.API.Get"},"delete":{"summary":"Delete Service Policy Rule","description":"Delete the specified service_policy_rule","operationId":"ves.io.schema.service_policy_rule.API.Delete","responses":{"200":{"description":"A successful response.","content":{"application/json":{"schema":{}}}},"401":{"description":"Returned when operation is not authorized","content":{"application/json":{"schema":{"format":"string"}}}},"403":{"description":"Returned when there is no permission to access resource","content":{"application/json":{"schema":{"format":"string"}}}},"404":{"description":"Returned when resource is not found","content":{"application/json":{"schema":{"format":"string"}}}},"409":{"description":"Returned when operation on resource is conflicting with current value","content":{"application/json":{"schema":{"format":"string"}}}},"429":{"description":"Returned when operation has been rejected as it is happening too frequently","content":{"application/json":{"schema":{"format":"string"}}}},"500":{"description":"Returned when server encountered an error in processing API","content":{"application/json":{"schema":{"format":"string"}}}},"503":{"description":"Returned when service is unavailable temporarily","content":{"application/json":{"schema":{"format":"string"}}}},"504":{"description":"Returned when server timed out processing request","content":{"application/json":{"schema":{"format":"string"}}}}},"parameters":[{"name":"namespace","description":"namespace\n\nx-example: \"ns1\"\nNamespace in which the configuration object is present","in":"path","required":true,"x-displayname":"Namespace","schema":{"type":"string"}},{"name":"name","description":"name\n\nx-example: \"name\"\nName of the configuration object","in":"path","required":true,"x-displayname":"Name","schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/service_policy_ruleDeleteRequest"}}},"required":true},"externalDocs":{"description":"Examples of this operation","url":"https://docs.cloud.f5.com/docs-v2/platform/reference/api-ref/ves-io-schema-service_policy_rule-api-delete"},"x-ves-proto-rpc":"ves.io.schema.service_policy_rule.API.Delete"},"x-displayname":"Service Policy Rule","x-ves-proto-service":"ves.io.schema.service_policy_rule.API","x-ves-proto-service-type":"AUTO_CRUD_PUBLIC"}},"x-displayname":"Service Policy Rule","x-ves-proto-package":"ves.io.schema.service_policy_rule","components":{"schemas":{"app_firewallAppFirewallViolationType":{"type":"string","description":"List of all supported Violation Types\n\nVIOL_NONE\nVIOL_FILETYPE\nVIOL_METHOD\nVIOL_MANDATORY_HEADER\nVIOL_HTTP_RESPONSE_STATUS\nVIOL_REQUEST_MAX_LENGTH\nVIOL_FILE_UPLOAD\nVIOL_FILE_UPLOAD_IN_BODY\nVIOL_XML_MALFORMED\nVIOL_JSON_MALFORMED\nVIOL_ASM_COOKIE_MODIFIED\nVIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS\nVIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE\nVIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT\nVIOL_HTTP_PROTOCOL_NULL_IN_REQUEST\nVIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION\nVIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START\nVIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST\nVIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING\nVIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS\nVIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER\nVIOL_EVASION_DIRECTORY_TRAVERSALS\nVIOL_MALFORMED_REQUEST\nVIOL_EVASION_MULTIPLE_DECODING\nVIOL_DATA_GUARD\nVIOL_EVASION_APACHE_WHITESPACE\nVIOL_COOKIE_MODIFIED\nVIOL_EVASION_IIS_UNICODE_CODEPOINTS\nVIOL_EVASION_IIS_BACKSLASHES\nVIOL_EVASION_PERCENT_U_DECODING\nVIOL_EVASION_BARE_BYTE_DECODING\nVIOL_EVASION_BAD_UNESCAPE\nVIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING\nVIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST\nVIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS\nVIOL_ENCODING\nVIOL_COOKIE_MALFORMED\nVIOL_GRAPHQL_FORMAT\nVIOL_GRAPHQL_MALFORMED\nVIOL_GRAPHQL_INTROSPECTION_QUERY","title":"App Firewall Violation Type","enum":["VIOL_NONE","VIOL_FILETYPE","VIOL_METHOD","VIOL_MANDATORY_HEADER","VIOL_HTTP_RESPONSE_STATUS","VIOL_REQUEST_MAX_LENGTH","VIOL_FILE_UPLOAD","VIOL_FILE_UPLOAD_IN_BODY","VIOL_XML_MALFORMED","VIOL_JSON_MALFORMED","VIOL_ASM_COOKIE_MODIFIED","VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS","VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE","VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT","VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST","VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION","VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START","VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST","VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING","VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS","VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER","VIOL_EVASION_DIRECTORY_TRAVERSALS","VIOL_MALFORMED_REQUEST","VIOL_EVASION_MULTIPLE_DECODING","VIOL_DATA_GUARD","VIOL_EVASION_APACHE_WHITESPACE","VIOL_COOKIE_MODIFIED","VIOL_EVASION_IIS_UNICODE_CODEPOINTS","VIOL_EVASION_IIS_BACKSLASHES","VIOL_EVASION_PERCENT_U_DECODING","VIOL_EVASION_BARE_BYTE_DECODING","VIOL_EVASION_BAD_UNESCAPE","VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING","VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST","VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS","VIOL_ENCODING","VIOL_COOKIE_MALFORMED","VIOL_GRAPHQL_FORMAT","VIOL_GRAPHQL_MALFORMED","VIOL_GRAPHQL_INTROSPECTION_QUERY"],"default":"VIOL_NONE","x-displayname":"App Firewall Violation Type","x-ves-proto-enum":"ves.io.schema.app_firewall.AppFirewallViolationType"},"app_firewallAttackType":{"type":"string","description":"List of all Attack Types\n\nATTACK_TYPE_NONE\nATTACK_TYPE_NON_BROWSER_CLIENT\nATTACK_TYPE_OTHER_APPLICATION_ATTACKS\nATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE\nATTACK_TYPE_DETECTION_EVASION\nATTACK_TYPE_VULNERABILITY_SCAN\nATTACK_TYPE_ABUSE_OF_FUNCTIONALITY\nATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS\nATTACK_TYPE_BUFFER_OVERFLOW\nATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION\nATTACK_TYPE_INFORMATION_LEAKAGE\nATTACK_TYPE_DIRECTORY_INDEXING\nATTACK_TYPE_PATH_TRAVERSAL\nATTACK_TYPE_XPATH_INJECTION\nATTACK_TYPE_LDAP_INJECTION\nATTACK_TYPE_SERVER_SIDE_CODE_INJECTION\nATTACK_TYPE_COMMAND_EXECUTION\nATTACK_TYPE_SQL_INJECTION\nATTACK_TYPE_CROSS_SITE_SCRIPTING\nATTACK_TYPE_DENIAL_OF_SERVICE\nATTACK_TYPE_HTTP_PARSER_ATTACK\nATTACK_TYPE_SESSION_HIJACKING\nATTACK_TYPE_HTTP_RESPONSE_SPLITTING\nATTACK_TYPE_FORCEFUL_BROWSING\nATTACK_TYPE_REMOTE_FILE_INCLUDE\nATTACK_TYPE_MALICIOUS_FILE_UPLOAD\nATTACK_TYPE_GRAPHQL_PARSER_ATTACK","title":"AttackType","enum":["ATTACK_TYPE_NONE","ATTACK_TYPE_NON_BROWSER_CLIENT","ATTACK_TYPE_OTHER_APPLICATION_ATTACKS","ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE","ATTACK_TYPE_DETECTION_EVASION","ATTACK_TYPE_VULNERABILITY_SCAN","ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY","ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS","ATTACK_TYPE_BUFFER_OVERFLOW","ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION","ATTACK_TYPE_INFORMATION_LEAKAGE","ATTACK_TYPE_DIRECTORY_INDEXING","ATTACK_TYPE_PATH_TRAVERSAL","ATTACK_TYPE_XPATH_INJECTION","ATTACK_TYPE_LDAP_INJECTION","ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION","ATTACK_TYPE_COMMAND_EXECUTION","ATTACK_TYPE_SQL_INJECTION","ATTACK_TYPE_CROSS_SITE_SCRIPTING","ATTACK_TYPE_DENIAL_OF_SERVICE","ATTACK_TYPE_HTTP_PARSER_ATTACK","ATTACK_TYPE_SESSION_HIJACKING","ATTACK_TYPE_HTTP_RESPONSE_SPLITTING","ATTACK_TYPE_FORCEFUL_BROWSING","ATTACK_TYPE_REMOTE_FILE_INCLUDE","ATTACK_TYPE_MALICIOUS_FILE_UPLOAD","ATTACK_TYPE_GRAPHQL_PARSER_ATTACK"],"default":"ATTACK_TYPE_NONE","x-displayname":"Attack Types","x-ves-proto-enum":"ves.io.schema.app_firewall.AttackType"},"ioschemaEmpty":{"type":"object","description":"This can be used for messages where no values are needed","title":"Empty","x-displayname":"Empty","x-ves-proto-message":"ves.io.schema.Empty"},"ioschemaObjectRefType":{"type":"object","description":"This type establishes a 'direct reference' from one object(the referrer) to another(the referred).\nSuch a reference is in form of tenant/namespace/name for public API and Uid for private API\nThis type of reference is called direct because the relation is explicit and concrete (as opposed\nto selector reference which builds a group based on labels of selectee objects)","title":"ObjectRefType","x-displayname":"Object reference","x-ves-proto-message":"ves.io.schema.ObjectRefType","properties":{"kind":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then kind will hold the referred object's kind (e.g. \"route\")\n\nExample: ` \"virtual_site\"`","title":"kind","x-displayname":"Kind","x-ves-example":"virtual_site"},"name":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then name will hold the referred object's(e.g. route's) name.\n\nExample: ` \"contactus-route\"`","title":"name","x-displayname":"Name","x-ves-example":"contactus-route"},"namespace":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then namespace will hold the referred object's(e.g. route's) namespace.\n\nExample: ` \"ns1\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"ns1"},"tenant":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then tenant will hold the referred object's(e.g. route's) tenant.\n\nExample: ` \"acmecorp\"`","title":"tenant","x-displayname":"Tenant","x-ves-example":"acmecorp"},"uid":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then uid will hold the referred object's(e.g. route's) uid.\n\nExample: ` \"d15f1fad-4d37-48c0-8706-df1824d76d31\"`","title":"uid","x-displayname":"UID","x-ves-example":"d15f1fad-4d37-48c0-8706-df1824d76d31"}}},"policyAppFirewallAttackTypeContext":{"type":"object","description":"App Firewall Attack Type context changes to be applied for this request","title":"App Firewall Attack Type Context","x-displayname":"App Firewall Attack Type Context","x-ves-proto-message":"ves.io.schema.policy.AppFirewallAttackTypeContext","properties":{"context":{"$ref":"#/components/schemas/policyDetectionContext"},"context_name":{"type":"string","description":" Relevant only for contexts: Header, Cookie and Parameter.\n Name of the Context that the WAF Exclusion Rules will check.\n Wildcard matching can be used by prefixing or suffixing the context name\n with an wildcard asterisk (*).\n\nExample: ` \"exampleuser-agent for Header\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_len: 128\n","title":"Context Name","maxLength":128,"x-displayname":"Context Name","x-ves-example":"example: user-agent for Header","x-ves-validation-rules":{"ves.io.schema.rules.string.max_len":"128"}},"exclude_attack_type":{"$ref":"#/components/schemas/app_firewallAttackType"}}},"policyAppFirewallDetectionControl":{"type":"object","description":"Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.","title":"App Firewall Detection Control","x-displayname":"App Firewall Detection Control","x-ves-proto-message":"ves.io.schema.policy.AppFirewallDetectionControl","properties":{"exclude_attack_type_contexts":{"type":"array","description":" Attack Types to be excluded for the defined match criteria\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"Exclude Attack Types Contexts","maxItems":64,"items":{"$ref":"#/components/schemas/policyAppFirewallAttackTypeContext"},"x-displayname":"Attack Types","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}},"exclude_bot_name_contexts":{"type":"array","description":" Bot Names to be excluded for the defined match criteria\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"Exclude Bot Names Contexts","maxItems":64,"items":{"$ref":"#/components/schemas/policyBotNameContext"},"x-displayname":"Bot Names","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}},"exclude_signature_contexts":{"type":"array","description":" Signature IDs to be excluded for the defined match criteria\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 1024\n  ves.io.schema.rules.repeated.unique: true\n","title":"Exclude Signature Contexts","maxItems":1024,"items":{"$ref":"#/components/schemas/policyAppFirewallSignatureContext"},"x-displayname":"Signature IDs","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"1024","ves.io.schema.rules.repeated.unique":"true"}},"exclude_violation_contexts":{"type":"array","description":" Violations to be excluded for the defined match criteria\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"Exclude Violation Contexts","maxItems":64,"items":{"$ref":"#/components/schemas/policyAppFirewallViolationContext"},"x-displayname":"Violations","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}}}},"policyAppFirewallSignatureContext":{"type":"object","description":"App Firewall signature context changes to be applied for this request","title":"App Firewall Signature Context","x-displayname":"App Firewall Signature Context","x-ves-proto-message":"ves.io.schema.policy.AppFirewallSignatureContext","properties":{"context":{"$ref":"#/components/schemas/policyDetectionContext"},"context_name":{"type":"string","description":" Relevant only for contexts: Header, Cookie and Parameter.\n Name of the Context that the WAF Exclusion Rules will check.\n Wildcard matching can be used by prefixing or suffixing the context name\n with an wildcard asterisk (*).\n\nExample: ` \"exampleuser-agent for Header\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_len: 128\n","title":"Context Name","maxLength":128,"x-displayname":"Context Name","x-ves-example":"example: user-agent for Header","x-ves-validation-rules":{"ves.io.schema.rules.string.max_len":"128"}},"signature_id":{"type":"integer","description":" The allowed values for signature id are 0 and in the range of 200000001-299999999.\n 0 implies that all signatures will be excluded for the specified context.\n\nExample: ` \"10000001\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.uint32.gte: 0\n  ves.io.schema.rules.uint32.lte: 299999999\n","title":"SignatureID","format":"int64","x-displayname":"SignatureID","x-ves-example":"10000001","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.uint32.gte":"0","ves.io.schema.rules.uint32.lte":"299999999"}}}},"policyAppFirewallViolationContext":{"type":"object","description":"App Firewall violation context changes to be applied for this request","title":"App Firewall Violation Context","x-displayname":"App Firewall Violation Context","x-ves-proto-message":"ves.io.schema.policy.AppFirewallViolationContext","properties":{"context":{"$ref":"#/components/schemas/policyDetectionContext"},"context_name":{"type":"string","description":" Relevant only for contexts: Header, Cookie and Parameter.\n Name of the Context that the WAF Exclusion Rules will check.\n Wildcard matching can be used by prefixing or suffixing the context name\n with an wildcard asterisk (*).\n\nExample: ` \"exampleuser-agent for Header\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_len: 128\n","title":"Context Name","maxLength":128,"x-displayname":"Context Name","x-ves-example":"example: user-agent for Header","x-ves-validation-rules":{"ves.io.schema.rules.string.max_len":"128"}},"exclude_violation":{"$ref":"#/components/schemas/app_firewallAppFirewallViolationType"}}},"policyAppTrafficType":{"type":"string","description":"x-displayName: \"App Traffic type\"\nApplication traffic type\n\n - WEB: WebTrafficType\n\nx-displayName: \"Web Traffic\"\nWeb application traffic type.\n - MOBILE: MobileTrafficType\n\nx-displayName: \"Mobile Traffic\"\nMobile application traffic type.","title":"AppTrafficType","enum":["WEB","MOBILE"],"default":"WEB"},"policyArgMatcherType":{"type":"object","description":"A argument matcher specifies the name of a single argument in the body and the criteria to match it.\nA argument matcher can check for one of the following:\n* Presence or absence of the argument\n* At least one of the values for the argument in the request satisfies the MatcherType item","title":"ArgMatcherType","x-displayname":"Argument Matcher","x-ves-displayorder":"1,6,4","x-ves-oneof-field-match":"[\"check_not_present\",\"check_present\",\"item\"]","x-ves-proto-message":"ves.io.schema.policy.ArgMatcherType","properties":{"check_not_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"check_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"invert_matcher":{"type":"boolean","description":" Invert Match of the expression defined","title":"invert_matcher","format":"boolean","x-displayname":"Invert Matcher"},"item":{"$ref":"#/components/schemas/policyMatcherType"},"name":{"type":"string","description":" x-example: \"phones[_]\"\n x-example: \"cars.make.toyota.models[1]\"\n x-example: \"cars.make.honda.models[_]\"\n x-example: \"cars.make[_].models[_]\"\n A case-sensitive JSON path in the HTTP request body.\n\nExample: ` \"name\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.json_path: true\n  ves.io.schema.rules.string.max_bytes: 256\n","title":"name","maxLength":256,"x-displayname":"Argument Name","x-ves-example":"name","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.json_path":"true","ves.io.schema.rules.string.max_bytes":"256"}}}},"policyAsnMatchList":{"type":"object","description":"An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer.","title":"Asn Match List","x-displayname":"ASN Match List","x-ves-proto-message":"ves.io.schema.policy.AsnMatchList","properties":{"as_numbers":{"type":"array","description":" An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer.\n\nExample: ` \"[713, 7932, 847325, 4683, 15269, 1000001]\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.min_items: 1\n  ves.io.schema.rules.repeated.unique: true\n","title":"as numbers","minItems":1,"maxItems":16,"items":{"type":"integer","format":"int64"},"x-displayname":"AS Numbers","x-ves-example":"[713, 7932, 847325, 4683, 15269, 1000001]","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.min_items":"1","ves.io.schema.rules.repeated.unique":"true"}}}},"policyAsnMatcherType":{"type":"object","description":"Match any AS number contained in the list of bgp_asn_sets.","title":"asn matcher type","x-displayname":"ASN Matcher","x-ves-proto-message":"ves.io.schema.policy.AsnMatcherType","properties":{"asn_sets":{"type":"array","description":" A list of references to bgp_asn_set objects.\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.max_items: 4\n","title":"asn_sets","maxItems":4,"items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"BGP ASN Sets","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.max_items":"4"}}}},"policyBotNameContext":{"type":"object","description":"Specifies bot to be excluded by its name.","title":"Bot Name Context","x-displayname":"Bot Name","x-ves-proto-message":"ves.io.schema.policy.BotNameContext","properties":{"bot_name":{"type":"string","description":"\nExample: ` \"Hydra\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n","title":"BotName","x-displayname":"Bot Name","x-ves-example":"Hydra","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true"}}}},"policyChallengeAction":{"type":"string","description":"x-displayName: \"Challenge Action\"\nThe challenge options to use when a policy based challenge is configured.\n\n - DEFAULT_CHALLENGE: DEFAULT_CHALLENGE\n\nx-displayName: \"Default Challenge\"\nDefault challenge.\n - ENABLE_JAVASCRIPT_CHALLENGE: ENABLE_JAVASCRIPT_CHALLENGE\n\nx-displayName: \"Enable Javascript Challenge\"\nEnable javascript challenge.\n - ENABLE_CAPTCHA_CHALLENGE: ENABLE_CAPTCHA_CHALLENGE\n\nx-displayName: \"Enable Captcha Challenge\"\nCaptcha challenge.\n - DISABLE_CHALLENGE: DISABLE_CHALLENGE\n\nx-displayName: \"Disable Challenge\"\nDisable challenge\n - TEMPORARY_BLOCKING: TEMPORARY_BLOCKING\n\nx-displayName: \"Block Temporarily\"\nBlock the user temporarily.","title":"Challenge Action","enum":["DEFAULT_CHALLENGE","ENABLE_JAVASCRIPT_CHALLENGE","ENABLE_CAPTCHA_CHALLENGE","DISABLE_CHALLENGE","TEMPORARY_BLOCKING"],"default":"DEFAULT_CHALLENGE"},"policyContentRewriteAction":{"type":"object","description":"x-displayName: \"Content Rewrite Action\"\nRewrite HTML response action to insert HTML content such as Javascript <script> tags into the HTML document","title":"ContentRewriteAction","properties":{"element_selector":{"type":"string","description":"x-displayName: \"Element selector to rewrite\"\nx-example: \"value\"\nx-required\nElement selector to insert into.","title":"Element selector"},"insert_content":{"type":"string","description":"x-displayName: \"HTML Content to insert\"\nx-example: \"value\"\nHTML content to insert.","title":"Insert Content"},"inserted_types":{"type":"object","description":"x-displayName: \"Inserted types\"\nInserted types of security configuration like Bot Defense, Client Side Defense.","title":"Inserted types"},"position":{"$ref":"#/components/schemas/policyHTMLPosition"}}},"policyCookieMatcherType":{"type":"object","description":"A cookie matcher specifies the name of a single cookie and the criteria to match it. The input has a list of values for each\ncookie in the request.\nA cookie matcher can check for one of the following:\n* Presence or absence of the cookie\n* At least one of the values for the cookie in the request satisfies the MatcherType item","title":"CookieMatcherType","x-displayname":"Cookie Matcher","x-ves-displayorder":"1,6,4","x-ves-oneof-field-match":"[\"check_not_present\",\"check_present\",\"item\"]","x-ves-proto-message":"ves.io.schema.policy.CookieMatcherType","properties":{"check_not_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"check_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"invert_matcher":{"type":"boolean","description":" Invert Match of the expression defined","title":"invert_matcher","format":"boolean","x-displayname":"Invert Matcher"},"item":{"$ref":"#/components/schemas/policyMatcherType"},"name":{"type":"string","description":" A case-sensitive cookie name.\n\nExample: ` \"Session\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.max_bytes: 256\n","title":"name","maxLength":256,"x-displayname":"Cookie Name","x-ves-example":"Session","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.max_bytes":"256"}}}},"policyDataGuardControl":{"type":"object","description":"x-displayName: \"Data Guard Control\"\nData Guard changes to be applied for this request","title":"Data Guard Control","properties":{"policy_name":{"type":"string","description":"x-displayName: \"Policy Name\"\nx-example: \"value\"\nSets the BD Policy to use","title":"Set BD Policy name"}}},"policyDetectionContext":{"type":"string","description":"The available contexts for Exclusion rules.\n\n - CONTEXT_ANY: CONTEXT_ANY\n\nDetection will be excluded for all contexts.\n - CONTEXT_BODY: CONTEXT_BODY\n\nDetection will be excluded for the request body.\n - CONTEXT_REQUEST: CONTEXT_REQUEST\n\nDetection will be excluded for the request.\n - CONTEXT_RESPONSE: CONTEXT_RESPONSE\n\n - CONTEXT_PARAMETER: CONTEXT_PARAMETER\n\nDetection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters.\n - CONTEXT_HEADER: CONTEXT_HEADER\n\nDetection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers.\n - CONTEXT_COOKIE: CONTEXT_COOKIE\n\nDetection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies.\n - CONTEXT_URL: CONTEXT_URL\n\nDetection will be excluded for the request URL.\n - CONTEXT_URI: CONTEXT_URI\n","title":"Detection Context","enum":["CONTEXT_ANY","CONTEXT_BODY","CONTEXT_REQUEST","CONTEXT_RESPONSE","CONTEXT_PARAMETER","CONTEXT_HEADER","CONTEXT_COOKIE","CONTEXT_URL","CONTEXT_URI"],"default":"CONTEXT_ANY","x-displayname":"WAF Exclusion Context Options","x-ves-proto-enum":"ves.io.schema.policy.DetectionContext"},"policyHTMLPosition":{"type":"string","description":"x-displayName: \"HTML Position\"\nPosition of the HTML tag to insert in HTML document\n\n - BEGINNING: x-displayName: \"Beginning of HTML tag\"\nBeginning of HTML tag.\n - END: x-displayName: \"End of HTML tag\"\nEnd of HTML tag.\n - BEFORE: x-displayName: \"Before HTML tag\"\nBefore HTML tag.\n - AFTER: x-displayName: \"After HTML tag\"\nAfter HTML tag.","title":"HTMLPosition","enum":["BEGINNING","END","BEFORE","AFTER"],"default":"BEGINNING"},"policyHttpMethodMatcherType":{"type":"object","description":"A http method matcher specifies a list of methods to match an input HTTP method. The match is considered successful if the input method is a member of the list.\nThe result of the match based on the method list is inverted if invert_matcher is true.","title":"HttpMethodMatcherType","x-displayname":"HTTP Method Matcher","x-ves-proto-message":"ves.io.schema.policy.HttpMethodMatcherType","properties":{"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Method Matcher"},"methods":{"type":"array","description":" List of methods values to match against.\n\nExample: ` \"['GET', 'POST', 'DELETE']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.enum.defined_only: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"methods","maxItems":16,"items":{"$ref":"#/components/schemas/schemaHttpMethod"},"x-displayname":"Method List","x-ves-example":"['GET', 'POST', 'DELETE']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.enum.defined_only":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}}}},"policyIPThreatCategory":{"type":"string","description":"The IP threat categories to use when a policy based IP threat category is configured.\n\n - SPAM_SOURCES: SPAM_SOURCES\n\n - WINDOWS_EXPLOITS: WINDOWS_EXPLOITS\n\n - WEB_ATTACKS: WEB_ATTACKS\n\n - BOTNETS: BOTNETS\n\n - SCANNERS: SCANNERS\n\n - REPUTATION: REPUTATION\n\n - PHISHING: PHISHING\n\n - PROXY: PROXY\n\n - MOBILE_THREATS: MOBILE_THREATS\n\n - TOR_PROXY: TOR_PROXY\n\n - DENIAL_OF_SERVICE: DENIAL_OF_SERVICE\n\n - NETWORK: NETWORK\n","title":"IP Threat Category","enum":["SPAM_SOURCES","WINDOWS_EXPLOITS","WEB_ATTACKS","BOTNETS","SCANNERS","REPUTATION","PHISHING","PROXY","MOBILE_THREATS","TOR_PROXY","DENIAL_OF_SERVICE","NETWORK"],"default":"SPAM_SOURCES","x-displayname":"IP Threat Category","x-ves-proto-enum":"ves.io.schema.policy.IPThreatCategory"},"policyIpMatcherType":{"type":"object","description":"Match any ip prefix contained in the list of ip_prefix_sets.\nThe result of the match is inverted if invert_matcher is true.","title":"ip matcher type","x-displayname":"IP Prefix Matcher","x-ves-proto-message":"ves.io.schema.policy.IpMatcherType","properties":{"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert IP Matcher"},"prefix_sets":{"type":"array","description":" A list of references to ip_prefix_set objects.\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.max_items: 4\n","title":"prefix_sets","maxItems":4,"items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"IP Prefix Sets","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.max_items":"4"}}}},"policyJA4TlsFingerprintMatcherType":{"type":"object","description":"An extended version of JA3 that includes additional fields for more comprehensive fingerprinting of\nSSL/TLS clients and potentially has a different structure and length.","title":"JA4TlsFingerprintMatcherType","x-displayname":"JA4 TLS Fingerprint Matcher","x-ves-proto-message":"ves.io.schema.policy.JA4TlsFingerprintMatcherType","properties":{"exact_values":{"type":"array","description":" A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.len: 36\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"exact values","maxItems":16,"items":{"type":"string"},"x-displayname":"Exact Values","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.len":"36","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}}}},"policyJWTClaimMatcherType":{"type":"object","description":"A JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it.\nThe input has a list of actual values for each JWT claim name in the JWT payload.\nA JWT claim matcher can check for one of the following:\n* Presence or absence of the JWT Claim in the input\n* At least one of the values for the JWT Claim in the input satisfies the MatcherType item","title":"JWTClaimMatcherType","x-displayname":"JWT Claim Matcher","x-ves-displayorder":"1,2,6","x-ves-oneof-field-match":"[\"check_not_present\",\"check_present\",\"item\"]","x-ves-proto-message":"ves.io.schema.policy.JWTClaimMatcherType","properties":{"check_not_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"check_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Matcher"},"item":{"$ref":"#/components/schemas/policyMatcherType"},"name":{"type":"string","description":" JWT claim name.\n\nExample: ` \"user_id\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.max_bytes: 256\n","title":"name","maxLength":256,"x-displayname":"JWT Claim Name","x-ves-example":"user_id","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.max_bytes":"256"}}}},"policyKnownTlsFingerprintClass":{"type":"string","description":"Specifies known TLS fingerprint classes\n\n - TLS_FINGERPRINT_NONE: TLS_FINGERPRINT_NONE\n\nNo TLS fingerprint\n - ANY_MALICIOUS_FINGERPRINT: ANY_MALICIOUS_FINGERPRINT\n\nTLS fingerprints known to be associated with malicious clients\n - ADWARE: ADWARE\n\nTLS fingerprints known to be associated with adware\n - ADWIND: ADWIND\n\nTLS fingerprints known to be associated with adwind\n - DRIDEX: DRIDEX\n\nTLS fingerprints known to be associated with dridex\n - GOOTKIT: GOOTKIT\n\nTLS fingerprints known to be associated with gootkit\n - GOZI: GOZI\n\nTLS fingerprints known to be associated with gozi\n - JBIFROST: JBIFROST\n\nTLS fingerprints known to be associated with jbifrost\n - QUAKBOT: QUAKBOT\n\nTLS fingerprints known to be associated with quakbot\n - RANSOMWARE: RANSOMWARE\n\nTLS fingerprints known to be associated with ransomware\n - TROLDESH: TROLDESH\n\nTLS fingerprints known to be associated with troldesh\n - TOFSEE: TOFSEE\n\nTLS fingerprints known to be associated with tofsee\n - TORRENTLOCKER: TORRENTLOCKER\n\nTLS fingerprints known to be associated with torrentlocker\n - TRICKBOT: TRICKBOT\n\nTLS fingerprints known to be associated with trickbot","title":"TLS known fingerprint class","enum":["TLS_FINGERPRINT_NONE","ANY_MALICIOUS_FINGERPRINT","ADWARE","ADWIND","DRIDEX","GOOTKIT","GOZI","JBIFROST","QUAKBOT","RANSOMWARE","TROLDESH","TOFSEE","TORRENTLOCKER","TRICKBOT"],"default":"TLS_FINGERPRINT_NONE","x-displayname":"TLS known fingerprint class","x-ves-proto-enum":"ves.io.schema.policy.KnownTlsFingerprintClass"},"policyMatcherType":{"type":"object","description":"A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set\nof supported match criteria includes a list of exact values and a list of regular expressions.","title":"MatcherType","x-displayname":"Matcher","x-ves-proto-message":"ves.io.schema.policy.MatcherType","properties":{"exact_values":{"type":"array","description":" A list of exact values to match the input against.\n\nExample: ` \"['new york', 'london', 'sydney', 'tokyo', 'cairo']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"exact values","maxItems":64,"items":{"type":"string","maxLength":256},"x-displayname":"Exact Values","x-ves-example":"['new york', 'london', 'sydney', 'tokyo', 'cairo']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}},"regex_values":{"type":"array","description":" A list of regular expressions to match the input against.\n\nExample: ` \"['^new .*$', 'san f.*', '.* del .*']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.items.string.regex: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"regex values","maxItems":16,"items":{"type":"string","maxLength":256},"x-displayname":"Regex Values","x-ves-example":"['^new .*$', 'san f.*', '.* del .*']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.items.string.regex":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"transformers":{"type":"array","description":" An ordered list of transformers (starting from index 0) to be applied to the path before matching.\n\nExample: ` \"[BASE64_DECODE, LOWER_CASE]`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 9\n  ves.io.schema.rules.repeated.unique: true\n","title":"transformers","maxItems":9,"items":{"$ref":"#/components/schemas/policyTransformer"},"x-displayname":"Transformers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"9","ves.io.schema.rules.repeated.unique":"true"}}}},"policyMatcherTypeBasic":{"type":"object","description":"A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set\nof supported match criteria includes a list of exact values and a list of regular expressions.","title":"MatcherTypeBasic","x-displayname":"Matcher","x-ves-proto-message":"ves.io.schema.policy.MatcherTypeBasic","properties":{"exact_values":{"type":"array","description":" A list of exact values to match the input against.\n\nExample: ` \"['new york', 'london', 'sydney', 'tokyo', 'cairo']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"exact values","maxItems":64,"items":{"type":"string","maxLength":256},"x-displayname":"Exact Values","x-ves-example":"['new york', 'london', 'sydney', 'tokyo', 'cairo']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}},"regex_values":{"type":"array","description":" A list of regular expressions to match the input against.\n\nExample: ` \"['^new .*$', 'san f.*', '.* del .*']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.items.string.regex: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"regex values","maxItems":16,"items":{"type":"string","maxLength":256},"x-displayname":"Regex Values","x-ves-example":"['^new .*$', 'san f.*', '.* del .*']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.items.string.regex":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}}}},"policyMobileIdentifierMatcherAction":{"type":"object","description":"x-displayName: \"Mobile Identifier Matcher Action\"\nMobile Identifier Matcher Action","title":"Mobile Identifier Matcher Action","properties":{"mobile_identifier":{"type":"boolean","description":"x-displayName: \"Mobile Identifier\"\nIf request matches mobile identifier service policy, mobile identifier is true","title":"Mobile Identifier","format":"boolean"},"mobile_traffic":{"type":"boolean","description":"x-displayName: \"Mobile Traffic\"\nIf request matches mobile endpoint service policy, mobile traffic is true","title":"Mobile Traffic","format":"boolean"},"web_traffic":{"type":"boolean","description":"x-displayName: \"Web Traffic\"\nIf request matches web endpoint service policy, web traffic is true","title":"Web Traffic","format":"boolean"}}},"policyModifyAction":{"type":"object","description":"Modify behavior for a matching request. The modification could be to entirely skip processing.","title":"Select Modification Action","x-displayname":"Select Modification Action","x-ves-oneof-field-action_type":"[\"default\",\"skip_processing\"]","x-ves-proto-message":"ves.io.schema.policy.ModifyAction","properties":{"default":{"$ref":"#/components/schemas/ioschemaEmpty"},"skip_processing":{"$ref":"#/components/schemas/ioschemaEmpty"}}},"policyPrefixMatchList":{"type":"object","description":"List of IP Prefix strings to match against.","title":"IP Prefix Match List","x-displayname":"IP Prefix Match List","x-ves-proto-message":"ves.io.schema.policy.PrefixMatchList","properties":{"invert_match":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Match Result"},"ip_prefixes":{"type":"array","description":" List of IPv4 prefix strings.\n\nExample: ` \"192.168.20.0/24\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.ipv4_prefix: true\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 128\n  ves.io.schema.rules.repeated.unique: true\n","title":"ip prefixes","maxItems":128,"items":{"type":"string"},"x-displayname":"IPv4 Prefix List","x-ves-example":"192.168.20.0/24","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.ipv4_prefix":"true","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"128","ves.io.schema.rules.repeated.unique":"true"}}}},"policyRequestConstraintType":{"type":"object","title":"RequestConstraintType","x-displayname":"Request Constraints","x-ves-oneof-field-max_cookie_count_choice":"[\"max_cookie_count_exceeds\",\"max_cookie_count_none\"]","x-ves-oneof-field-max_cookie_key_size_choice":"[\"max_cookie_key_size_exceeds\",\"max_cookie_key_size_none\"]","x-ves-oneof-field-max_cookie_value_size_choice":"[\"max_cookie_value_size_exceeds\",\"max_cookie_value_size_none\"]","x-ves-oneof-field-max_header_count_choice":"[\"max_header_count_exceeds\",\"max_header_count_none\"]","x-ves-oneof-field-max_header_key_size_choice":"[\"max_header_key_size_exceeds\",\"max_header_key_size_none\"]","x-ves-oneof-field-max_header_value_size_choice":"[\"max_header_value_size_exceeds\",\"max_header_value_size_none\"]","x-ves-oneof-field-max_parameter_count_choice":"[\"max_parameter_count_exceeds\",\"max_parameter_count_none\"]","x-ves-oneof-field-max_parameter_name_size_choice":"[\"max_parameter_name_size_exceeds\",\"max_parameter_name_size_none\"]","x-ves-oneof-field-max_parameter_value_size_choice":"[\"max_parameter_value_size_exceeds\",\"max_parameter_value_size_none\"]","x-ves-oneof-field-max_query_size_choice":"[\"max_query_size_exceeds\",\"max_query_size_none\"]","x-ves-oneof-field-max_request_line_size_choice":"[\"max_request_line_size_exceeds\",\"max_request_line_size_none\"]","x-ves-oneof-field-max_request_size_choice":"[\"max_request_size_exceeds\",\"max_request_size_none\"]","x-ves-oneof-field-max_url_size_choice":"[\"max_url_size_exceeds\",\"max_url_size_none\"]","x-ves-proto-message":"ves.io.schema.policy.RequestConstraintType","properties":{"max_cookie_count_exceeds":{"type":"integer","description":"Exclusive with [max_cookie_count_none]\n\nExample: ` \"40\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1024\n","title":"max_cookie_count_exceeds","format":"int64","x-displayname":"Match on the Count for all Cookies that exceed this value","x-ves-example":"40","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1024"}},"max_cookie_count_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_cookie_key_size_exceeds":{"type":"integer","description":"Exclusive with [max_cookie_key_size_none]\n\nExample: ` \"64\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1024\n","title":"max_cookie_key_size_exceeds","format":"int64","x-displayname":"Match on the Name Size per Cookie that exceed this value","x-ves-example":"64","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1024"}},"max_cookie_key_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_cookie_value_size_exceeds":{"type":"integer","description":"Exclusive with [max_cookie_value_size_none]\n\nExample: ` \"4096\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 32768\n","title":"max_cookie_value_size_exceeds","format":"int64","x-displayname":"Match on the Value Size per Cookie that exceed this value","x-ves-example":"4096","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"32768"}},"max_cookie_value_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_header_count_exceeds":{"type":"integer","description":"Exclusive with [max_header_count_none]\n\nExample: ` \"20\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 40\n","title":"max_header_count_exceeds","format":"int64","x-displayname":"Match on the Count for all Headers that exceed this value","x-ves-example":"20","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"40"}},"max_header_count_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_header_key_size_exceeds":{"type":"integer","description":"Exclusive with [max_header_key_size_none]\n\nExample: ` \"32\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1024\n","title":"max_header_key_size_exceeds","format":"int64","x-displayname":"Match on the Name Size per Header that exceed this value","x-ves-example":"32","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1024"}},"max_header_key_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_header_value_size_exceeds":{"type":"integer","description":"Exclusive with [max_header_value_size_none]\n\nExample: ` \"1024\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 64000\n","title":"max_header_value_size_exceeds","format":"int64","x-displayname":"Match on the Value Size per Header that exceed this value","x-ves-example":"1024","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"64000"}},"max_header_value_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_parameter_count_exceeds":{"type":"integer","description":"Exclusive with [max_parameter_count_none]\n\nExample: ` \"4\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1024\n","title":"max_parameter_count_exceeds","format":"int64","x-displayname":"Match on the Parameter Count that exceed this value","x-ves-example":"4","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1024"}},"max_parameter_count_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_parameter_name_size_exceeds":{"type":"integer","description":"Exclusive with [max_parameter_name_size_none]\n\nExample: ` \"64\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1024\n","title":"max_parameter_name_size_exceeds","format":"int64","x-displayname":"Match on the Parameter Name Size that exceed this value","x-ves-example":"64","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1024"}},"max_parameter_name_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_parameter_value_size_exceeds":{"type":"integer","description":"Exclusive with [max_parameter_value_size_none]\n\nExample: ` \"1000\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 1073741824\n","title":"max_parameter_value_size_exceeds","format":"int64","x-displayname":"Match on the Parameter Value Size that exceed this value","x-ves-example":"1000","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"1073741824"}},"max_parameter_value_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_query_size_exceeds":{"type":"integer","description":"Exclusive with [max_query_size_none]\n\nExample: ` \"4096\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 60000\n","title":"max_query_size_exceeds","format":"int64","x-displayname":"Match on the URL Query Size that exceed this value","x-ves-example":"4096","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"60000"}},"max_query_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_request_line_size_exceeds":{"type":"integer","description":"Exclusive with [max_request_line_size_none]\n\nExample: ` \"4096\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 65536\n","title":"max_query_size_exceeds","format":"int64","x-displayname":"Match on the Request Line Size that exceed this value","x-ves-example":"4096","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"65536"}},"max_request_line_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_request_size_exceeds":{"type":"integer","description":"Exclusive with [max_request_size_none]\n\nExample: ` \"32768\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 65536\n","title":"max_request_size_exceeds","format":"int64","x-displayname":"Match on the Request Size that exceed this value","x-ves-example":"32768","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"65536"}},"max_request_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"},"max_url_size_exceeds":{"type":"integer","description":"Exclusive with [max_url_size_none]\n\nExample: ` \"4096\"`\n\nValidation Rules:\n  ves.io.schema.rules.uint32.gte: 1\n  ves.io.schema.rules.uint32.lte: 128000\n","title":"max_url_size_exceeds","format":"int64","x-displayname":"Match on the URL Size that exceed this value","x-ves-example":"4096","x-ves-validation-rules":{"ves.io.schema.rules.uint32.gte":"1","ves.io.schema.rules.uint32.lte":"128000"}},"max_url_size_none":{"$ref":"#/components/schemas/ioschemaEmpty"}}},"policyRoleMatcherType":{"type":"object","description":"x-displayName: \"Role Matcher\"\nA role matcher specifies a single value for matching an input list of roles. The match is considered successful if the specified value is present in the input\nlist.","title":"RoleMatcherType","properties":{"match":{"type":"string","description":"x-displayName: \"Role\"\nx-required\nx-example: \"ves-io-monitor-role\"\nx-example: \"ves-io-uam-role\"\nx-example: \"custom-role-security-czar'\"\nValue of the expected role.","title":"match"}}},"policyRuleAction":{"type":"string","description":"The rule action determines the disposition of the input request API. If a policy matches a rule with an ALLOW action, the processing of the request proceeds\nforward. If it matches a rule with a DENY action, the processing of the request is terminated and an appropriate message/code returned to the originator. If\nit matches a rule with a NEXT_POLICY_SET action, evaluation of the current policy set terminates and evaluation of the next policy set in the chain begins.\n\n - DENY: DENY\n\nDeny the request.\n - ALLOW: ALLOW\n\nAllow the request to proceed.\n - NEXT_POLICY_SET: NEXT_POLICY_SET\n\nTerminate evaluation of the current policy set and begin evaluating the next policy set in the chain. Note that the evaluation of any remaining policies\nin the current policy set is skipped.\n - NEXT_POLICY: NEXT_POLICY\n\nTerminate evaluation of the current policy and begin evaluating the next policy in the policy set. Note that the evaluation of any remaining rules in the\ncurrent policy is skipped.\n - LAST_POLICY: LAST_POLICY\n\nTerminate evaluation of the current policy and begin evaluating the last policy in the policy set. Note that the evaluation of any remaining rules in the\ncurrent policy is skipped.\n - GOTO_POLICY: GOTO_POLICY\n\nTerminate evaluation of the current policy and begin evaluating a specific policy in the policy set. The policy is specified using the goto_policy field in\nthe rule and must be after the current policy in the policy set.","title":"Rule Action","enum":["DENY","ALLOW","NEXT_POLICY"],"default":"DENY","x-displayname":"Rule Action","x-ves-proto-enum":"ves.io.schema.policy.RuleAction"},"policySegmentPolicyType":{"type":"object","description":"Configure source and destination segment for policy","title":"Segment Choice","x-displayname":"Configure Segments","x-ves-oneof-field-dst_segment_choice":"[\"dst_any\",\"dst_segments\",\"intra_segment\"]","x-ves-oneof-field-src_segment_choice":"[\"src_any\",\"src_segments\"]","x-ves-proto-message":"ves.io.schema.policy.SegmentPolicyType","properties":{"dst_any":{"$ref":"#/components/schemas/ioschemaEmpty"},"dst_segments":{"$ref":"#/components/schemas/viewsSegmentRefList"},"intra_segment":{"$ref":"#/components/schemas/ioschemaEmpty"},"src_any":{"$ref":"#/components/schemas/ioschemaEmpty"},"src_segments":{"$ref":"#/components/schemas/viewsSegmentRefList"}}},"policyShapeBotBlockMitigationActionType":{"type":"object","description":"x-displayName: \"Block bot mitigation\"\nBlock request and respond with custom content.","title":"ShapeBotBlockMitigationActionType","properties":{"body":{"type":"string","description":"x-displayName: \"Body\"\nx-example: \"string://LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==\"\nCustom body message is of type uri_ref. Currently supported URL schemes is string:///.\nFor string:/// scheme, message needs to be encoded in Base64 format.\nYou can specify this message as base64 encoded plain text message e.g. \"Your request was blocked\"\nor it can be HTML paragraph or a body string encoded as base64 string\nE.g. \"<p> Your request was blocked </p>\". Base64 encoded string for this html is \"LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==\"","title":"body"},"body_hash":{"type":"string","description":"x-displayName: \"Body Hash\"\nx-example: \"92959a96fd69146c5fe7cbde6e5720f2\"\nRepresents the corresponding MD5 Hash for the body message.","title":"body_hash"},"status":{"$ref":"#/components/schemas/schemaHttpStatusCode"}}},"policyShapeBotFlagMitigationActionChoiceType":{"type":"object","description":"x-displayName: \"Select Flag Bot Mitigation Action\"\nFlag mitigation action.","title":"ShapeBotFlagMitigationActionChoiceType","properties":{"append_headers":{"$ref":"#/components/schemas/policyShapeBotFlagMitigationActionType"},"no_headers":{"$ref":"#/components/schemas/ioschemaEmpty"}}},"policyShapeBotFlagMitigationActionType":{"type":"object","description":"x-displayName: \"Append Flag Mitigation Headers\"\nAppend flag mitigation headers to forwarded request.","title":"ShapeBotFlagMitigationActionType","properties":{"auto_type_header_name":{"type":"string","description":"x-displayName: \"Automation Type Header Name\"\nx-example: \"Bot-Automation-Type\"\nx-required\nA case-insensitive HTTP header name.","title":"auto_type_header_name"},"inference_header_name":{"type":"string","description":"x-displayName: \"Inference Header Name\"\nx-example: \"Bot-Inference\"\nx-required\nA case-insensitive HTTP header name.","title":"inference_header_name"}}},"policyShapeBotMitigationAction":{"type":"object","description":"x-displayName: \"Bot Mitigation Action\"\nModify Bot Defense behavior for a matching request.","title":"ShapeBotMitigationAction","properties":{"block":{"$ref":"#/components/schemas/policyShapeBotBlockMitigationActionType"},"flag":{"$ref":"#/components/schemas/policyShapeBotFlagMitigationActionChoiceType"},"none":{"$ref":"#/components/schemas/ioschemaEmpty"},"redirect":{"$ref":"#/components/schemas/policyShapeBotRedirectMitigationActionType"}}},"policyShapeBotRedirectMitigationActionType":{"type":"object","description":"x-displayName: \"Redirect bot mitigation\"\nRedirect request to a custom URI.","title":"ShapeBotRedirectMitigationTypeAction","properties":{"uri":{"type":"string","description":"x-displayName: \"URI\"\nx-example: \"Enter URI\"\nx-required\nURI location for redirect may be relative or absolute.","title":"URI"}}},"policyShapeProtectedEndpointAction":{"type":"object","description":"x-displayName: \"Protected Endpoint Action\"\nProtected Endpoint Action","title":"ShapeProtectedEndpointAction","properties":{"allow_goodbot":{"type":"boolean","description":"x-displayName: \"Good bot\"\nx-required\nGood bot","title":"GoodBot","format":"boolean"},"app_traffic_type":{"$ref":"#/components/schemas/policyAppTrafficType"},"flow_label":{"type":"string","description":"x-displayName: \"Flow Label\"\nx-example: \"Flight.CheckIn\"\nx-required\nFlow label","title":"Flow label"},"mitigation":{"$ref":"#/components/schemas/policyShapeBotMitigationAction"},"transaction_result":{"$ref":"#/components/schemas/schemaBotDefenseTransactionResultType"},"web_scraping":{"type":"boolean","description":"x-displayName: \"Web scraping\"\nx-required\nWeb scraping protection enabled for protected endpoint","title":"Web scraping","format":"boolean"}}},"policyStringMatcherType":{"type":"object","description":"A matcher specifies a list of values for matching an input string. The match is considered successful if the input value is present in the list. The result of\nthe match is inverted if invert_matcher is true.","title":"StringMatcherType","x-displayname":"String Matcher","x-ves-proto-message":"ves.io.schema.policy.StringMatcherType","properties":{"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert String Matcher"},"match":{"type":"array","description":" A list of exact values to match the input against.\n\nExample: ` \"['new york', 'london', 'sydney', 'tokyo', 'cairo']\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.items.string.max_bytes: 63\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"match","maxItems":64,"items":{"type":"string","maxLength":63},"x-displayname":"Exact Values","x-ves-example":"['new york', 'london', 'sydney', 'tokyo', 'cairo']","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.items.string.max_bytes":"63","ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}}}},"policyTlsFingerprintMatcherType":{"type":"object","description":"A TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint. The set of supported positve match criteria includes a list of known\nclasses of TLS fingerprints and a list of exact values. The match is considered successful if either of these positive criteria are satisfied and the input\nfingerprint is not one of the excluded values.","title":"TlsFingerprintMatcherType","x-displayname":"TLS Fingerprint Matcher","x-ves-proto-message":"ves.io.schema.policy.TlsFingerprintMatcherType","properties":{"classes":{"type":"array","description":" A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.\n\nExample: ` \"['ADWARE', 'TRICKBOT']`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"classes","maxItems":16,"items":{"$ref":"#/components/schemas/policyKnownTlsFingerprintClass"},"x-displayname":"TLS fingerprint classes","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"exact_values":{"type":"array","description":" A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.\n\nExample: ` \"['ed6dfd54b01ebe31b7a65b88abfa7297', '16efcf0e00504ddfedde13bfea997952', 'de364c46b0dfc283b5e38c79ceae3f8f']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.len: 32\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"exact values","maxItems":16,"items":{"type":"string"},"x-displayname":"Exact Values","x-ves-example":"['ed6dfd54b01ebe31b7a65b88abfa7297', '16efcf0e00504ddfedde13bfea997952', 'de364c46b0dfc283b5e38c79ceae3f8f']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.len":"32","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"excluded_values":{"type":"array","description":" A list of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one\n or more known TLS fingerprint classes in the enclosing matcher.\n\nExample: ` \"['fb00055a1196aeea8d1bc609885ba953', 'b386946a5a44d1ddcc843bc75336dfce']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.len: 32\n  ves.io.schema.rules.repeated.max_items: 32\n  ves.io.schema.rules.repeated.unique: true\n","title":"excluded values","maxItems":32,"items":{"type":"string"},"x-displayname":"Excluded Values","x-ves-example":"['fb00055a1196aeea8d1bc609885ba953', 'b386946a5a44d1ddcc843bc75336dfce']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.len":"32","ves.io.schema.rules.repeated.max_items":"32","ves.io.schema.rules.repeated.unique":"true"}}}},"policyTransformer":{"type":"string","description":"Transformers to be applied on the part of the request before matching.\n\n - TRANSFORMER_NONE: transformer none\n\nNo transformers enabled\n - LOWER_CASE: lower case\n\nConvert string to lower case\n - UPPER_CASE: upper case\n\nConvert string to upper case\n - BASE64_DECODE: base64 decode\n\nDecode string assuming base64 encoding\n - NORMALIZE_PATH: normalize path\n\nNormalize URL path so that /a/b/../c will be transformed to /a/c\n - REMOVE_WHITESPACE: remove whitespace\n\nRemove whitespaces\n - URL_DECODE: URL decode\n\nDecode string assuming URL encoding as per rfc1738\n - TRIM_LEFT: trim left\n\nRemove whitespace from the left side of the input string\n - TRIM_RIGHT: trim right\n\nRemove whitespace from the right side of the input string\n - TRIM: trim\n\nRemove whitespace from the both sides of the input string","title":"Transformer","enum":["LOWER_CASE","UPPER_CASE","BASE64_DECODE","NORMALIZE_PATH","REMOVE_WHITESPACE","URL_DECODE","TRIM_LEFT","TRIM_RIGHT","TRIM"],"default":"TRANSFORMER_NONE","x-displayname":"Transformer","x-ves-proto-enum":"ves.io.schema.policy.Transformer"},"policyURLItem":{"type":"object","description":"x-displayName: \"URL Item\"\nA URL item specifies exact or regular expression match criteria for the domain and path.","title":"url item","properties":{"domain_regex":{"type":"string","description":"x-displayName: \"Domain Regex\"\nx-example: \"*.mybloggingwebsite.org\"\nA regular expression to match the domain against.","title":"domain regex"},"domain_value":{"type":"string","description":"x-displayName: \"Domain Value\"\nx-example: \"www.mybloggingwebsite.org\"\nAn exact value to match the domain against.","title":"domain value"},"path_prefix":{"type":"string","description":"x-displayName: \"Path Prefix\"\nx-example: \"/api/web/namespaces/project179/users/\"\nAn prefix value to match the path against.","title":"path prefix"},"path_regex":{"type":"string","description":"x-displayName: \"Path Regex\"\nx-example: \"^/api/web/namespaces/abc/users/([a-z]([-a-z0-9]*[a-z0-9])?)$\"\nA regular expression to match the path against.","title":"path regex"},"path_value":{"type":"string","description":"x-displayName: \"Path Value\"\nx-example: \"/api/web/namespaces/project179/users/user1\"\nAn exact value to match the path against.","title":"path value"}}},"policyURLMatcherType":{"type":"object","description":"x-displayName: \"URL Matcher\"\nA URL matcher specifies a list of URL items as match criteria. The match is considered successful if the input domain and path match any of the URL items.\nThe result of the match is inverted if invert_matcher is true.","title":"url matcher type","properties":{"invert_matcher":{"type":"boolean","description":"x-displayName: \"Invert URL Matcher\"\nInvert the match result.","title":"invert_matcher","format":"boolean"},"url_items":{"type":"array","description":"x-displayName: \"URL Items\"\nx-required\nA list of URL items used as match criteria. The match is considered successful if the domain and path match any of the URL items.","title":"url items","items":{"$ref":"#/components/schemas/policyURLItem"}}}},"policyWafAction":{"type":"object","description":"Modify App Firewall behavior for a matching request. The modification could either be to entirely skip firewall processing or to customize the firewall rules\nto be applied as defined by App Firewall Rule Control settings.","title":"App Firewall Action","x-displayname":"App Firewall Action","x-ves-oneof-field-action_type":"[\"app_firewall_detection_control\",\"none\",\"waf_skip_processing\"]","x-ves-proto-message":"ves.io.schema.policy.WafAction","properties":{"app_firewall_detection_control":{"$ref":"#/components/schemas/policyAppFirewallDetectionControl"},"none":{"$ref":"#/components/schemas/ioschemaEmpty"},"waf_skip_processing":{"$ref":"#/components/schemas/ioschemaEmpty"}}},"protobufAny":{"type":"object","description":"`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n    Foo foo = ...;\n    Any any;\n    any.PackFrom(foo);\n    ...\n    if (any.UnpackTo(&foo)) {\n      ...\n    }\n\nExample 2: Pack and unpack a message in Java.\n\n    Foo foo = ...;\n    Any any = Any.pack(foo);\n    ...\n    if (any.is(Foo.class)) {\n      foo = any.unpack(Foo.class);\n    }\n\n Example 3: Pack and unpack a message in Python.\n\n    foo = Foo(...)\n    any = Any()\n    any.Pack(foo)\n    ...\n    if any.Is(Foo.DESCRIPTOR):\n      any.Unpack(foo)\n      ...\n\n Example 4: Pack and unpack a message in Go\n\n     foo := &pb.Foo{...}\n     any, err := ptypes.MarshalAny(foo)\n     ...\n     foo := &pb.Foo{}\n     if err := ptypes.UnmarshalAny(any, foo); err != nil {\n       ...\n     }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n    package google.profile;\n    message Person {\n      string first_name = 1;\n      string last_name = 2;\n    }\n\n    {\n      \"@type\": \"type.googleapis.com/google.profile.Person\",\n      \"firstName\": <string>,\n      \"lastName\": <string>\n    }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n    {\n      \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n      \"value\": \"1.212s\"\n    }","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized\nprotocol buffer message. This string must contain at least\none \"/\" character. The last segment of the URL's path must represent\nthe fully qualified name of the type (as in\n`path/google.protobuf.Duration`). The name should be in a canonical form\n(e.g., leading \".\" is not accepted).\n\nIn practice, teams usually precompile into the binary all types that they\nexpect it to use in the context of Any. However, for URLs which use the\nscheme `http`, `https`, or no scheme, one can optionally set up a type\nserver that maps type URLs to message definitions as follows:\n\n* If no scheme is provided, `https` is assumed.\n* An HTTP GET on the URL must yield a [google.protobuf.Type][]\n  value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n  URL, or have them precompiled into a binary to avoid any\n  lookup. Therefore, binary compatibility needs to be preserved\n  on changes to types. (Use versioned type names to manage\n  breaking changes.)\n\nNote: this functionality is not currently available in the official\nprotobuf release, and it is not used for type URLs beginning with\ntype.googleapis.com.\n\nSchemes other than `http`, `https` (or the empty scheme) might be\nused with implementation specific semantics."},"value":{"type":"string","description":"Must be a valid serialized protocol buffer of the above specified type.","format":"byte"}}},"schemaBotDefenseTransactionResultCondition":{"type":"object","description":"x-displayName: \"Bot Defense Transaction Result Condition\"\nBot Defense Transaction Result Condition","title":"BotDefenseTransactionResultCondition","properties":{"name":{"type":"string","description":"x-displayName: \"Header Name\"\nx-example: \"Accept-Encoding\"\nA case-insensitive HTTP header name.","title":"name"},"regex_values":{"type":"array","description":"x-displayName: \"Regex Values\"\nx-example: \"['^new .*$', 'san f.*', '.* del .*']\"\nA list of regular expressions to match the input against.","title":"regex values","items":{"type":"string"}},"status":{"$ref":"#/components/schemas/schemaHttpStatusCode"}}},"schemaBotDefenseTransactionResultType":{"type":"object","description":"x-displayName: \"Bot Defense Transaction Result Type\"\nBot Defense Transaction ResultType","title":"BotDefenseTransactionResultType","properties":{"failure_conditions":{"type":"array","description":"x-displayName: \"Failure Conditions\"\nFailure Conditions","title":"Failure Conditions","items":{"$ref":"#/components/schemas/schemaBotDefenseTransactionResultCondition"}},"success_conditions":{"type":"array","description":"x-displayName: \"Success Conditions\"\nSuccess Conditions","title":"Success Conditions","items":{"$ref":"#/components/schemas/schemaBotDefenseTransactionResultCondition"}}}},"schemaConditionType":{"type":"object","description":"Conditions are used in the object status to describe the current state of the\nobject, e.g. Ready, Succeeded, etc.","title":"ConditionType","x-displayname":"Status Condition","x-ves-proto-message":"ves.io.schema.ConditionType","properties":{"hostname":{"type":"string","description":" Hostname of the instance of the site that sent the status","title":"hostname","x-displayname":"Hostname"},"last_update_time":{"type":"string","description":" Last time the condition was updated","title":"last_update_time","format":"date-time","x-displayname":"Last Updated"},"reason":{"type":"string","description":" x-reason: \"Insufficient memory in data plane\"\n A human readable string explaining the reason for reaching this condition\n\nExample: ` \"value\"`","title":"reason","x-displayname":"Reason","x-ves-example":"value"},"service_name":{"type":"string","description":" Name of the service that sent the status","title":"service name","x-displayname":"Service Name"},"status":{"type":"string","description":" Status of the condition\n \"Success\" Validtion has succeded. Requested operation was successful.\n \"Failed\"  Validation has failed.\n \"Incomplete\" Validation of configuration has failed due to missing configuration.\n \"Installed\" Validation has passed and configuration has been installed in data path or K8s\n \"Down\" Configuration is operationally down. e.g. down interface\n \"Disabled\" Configuration is administratively disabled i.e. ObjectMetaType.Disable = true.\n \"NotApplicable\" Configuration is not applicable e.g. tenant service_policy_set(s) in system namespace are not applicable on REs\n\nExample: ` \"Failed\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.in: [\\\"Success\\\",\\\"Failed\\\",\\\"Incomplete\\\",\\\"Installed\\\",\\\"Down\\\",\\\"Disabled\\\",\\\"NotApplicable\\\"]\n","title":"status","x-displayname":"Status","x-ves-example":"Failed","x-ves-validation-rules":{"ves.io.schema.rules.string.in":"[\\\"Success\\\",\\\"Failed\\\",\\\"Incomplete\\\",\\\"Installed\\\",\\\"Down\\\",\\\"Disabled\\\",\\\"NotApplicable\\\"]"}},"type":{"type":"string","description":" Type of the condition\n \"Validation\" represents validation user given configuration object\n \"Operational\" represents operational status of a given configuration object\n\nExample: ` \"Operational\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.in: [\\\"Validation\\\",\\\"Operational\\\"]\n","title":"type","x-displayname":"Type","x-ves-example":"Operational","x-ves-validation-rules":{"ves.io.schema.rules.string.in":"[\\\"Validation\\\",\\\"Operational\\\"]"}}}},"schemaErrorCode":{"type":"string","description":"Union of all possible error-codes from system\n\n - EOK: No error\n - EPERMS: Permissions error\n - EBADINPUT: Input is not correct\n - ENOTFOUND: Not found\n - EEXISTS: Already exists\n - EUNKNOWN: Unknown/catchall error\n - ESERIALIZE: Error in serializing/de-serializing\n - EINTERNAL: Server error\n - EPARTIAL: Partial error","title":"ErrorCode","enum":["EOK","EPERMS","EBADINPUT","ENOTFOUND","EEXISTS","EUNKNOWN","ESERIALIZE","EINTERNAL","EPARTIAL"],"default":"EOK","x-displayname":"Error Code","x-ves-proto-enum":"ves.io.schema.ErrorCode"},"schemaErrorType":{"type":"object","description":"Information about a error in API operation","title":"ErrorType","x-displayname":"Error Type","x-ves-proto-message":"ves.io.schema.ErrorType","properties":{"code":{"$ref":"#/components/schemas/schemaErrorCode"},"error_obj":{"$ref":"#/components/schemas/protobufAny"},"message":{"type":"string","description":" A human readable string of the error\n\nExample: ` \"value\"`","title":"message","x-displayname":"Message","x-ves-example":"value"}}},"schemaHttpMethod":{"type":"string","description":"Specifies the HTTP method used to access a resource.\n\nAny HTTP Method","title":"HttpMethod","enum":["ANY","GET","HEAD","POST","PUT","DELETE","CONNECT","OPTIONS","TRACE","PATCH","COPY"],"default":"ANY","x-displayname":"HTTP Method","x-ves-proto-enum":"ves.io.schema.HttpMethod"},"schemaHttpStatusCode":{"type":"string","description":"x-displayName: \"HTTP Status Code\"\nHTTP response status codes\n\n - EmptyStatusCode: x-displayName: \"0 Empty Status Code\"\nEmptyStatusCode response codes means it is not specified\n - Continue: x-displayName: \"100 Continue\"\nContinue status code\n - OK: x-displayName: \"200 OK\"\nOK status code\n - Created: x-displayName: \"201 Created\"\nCreated status code\n - Accepted: x-displayName: \"202 Accepted\"\nAccepted status code\n - NonAuthoritativeInformation: x-displayName: \"203 Non Authoritative Information\"\nNon Authoritative Information status code\n - NoContent: x-displayName: \"204 No Content\"\nNo Content status code\n - ResetContent: x-displayName: \"205 Reset Content\"\nReset Content status code\n - PartialContent: x-displayName: \"206 Partial Content\"\nPartial Content status code\n - MultiStatus: x-displayName: \"207 Multi Status\"\nMulti Status status code\n - AlreadyReported: x-displayName: \"208 Already Reported\"\nAlready Reported status code\n - IMUsed: x-displayName: \"226 Im Used\"\nIm Used status code\n - MultipleChoices: x-displayName: \"300 Multiple Choices\"\nMultiple Choices status code\n - MovedPermanently: x-displayName: \"301 Moved Permanently\"\nMoved Permanently status code\n - Found: x-displayName: \"302 Found\"\nFound status code\n - SeeOther: x-displayName: \"303 See Other\"\nSee Other status code\n - NotModified: x-displayName: \"304 Not Modified\"\nNot Modified status code\n - UseProxy: x-displayName: \"305 Use Proxy\"\nUse Proxy status code\n - TemporaryRedirect: x-displayName: \"307 Temporary Redirect\"\nTemporary Redirect status code\n - PermanentRedirect: x-displayName: \"308 Permanent Redirect\"\nPermanent Redirect status code\n - BadRequest: x-displayName: \"400 Bad Request\"\nBad Request status code\n - Unauthorized: x-displayName: \"401 Unauthorized\"\nUnauthorized status code\n - PaymentRequired: x-displayName: \"402 Payment Required\"\nPayment Required status code\n - Forbidden: x-displayName: \"403 Forbidden\"\nForbidden status code\n - NotFound: x-displayName: \"404 Not Found\"\nNot Found status code\n - MethodNotAllowed: x-displayName: \"405 Method Not Allowed\"\nMethod Not Allowed status code\n - NotAcceptable: x-displayName: \"406 Not Acceptable\"\nNot Acceptable status code\n - ProxyAuthenticationRequired: x-displayName: \"407 Proxy Authentication Required\"\nProxy Authentication Required status code\n - RequestTimeout: x-displayName: \"408 Request Timeout\"\nRequest Timeout status code\n - Conflict: x-displayName: \"409 Conflict\"\nConflict status code\n - Gone: x-displayName: \"410 Gone\"\nGone status code\n - LengthRequired: x-displayName: \"411 Length Required\"\nLength Required status code\n - PreconditionFailed: x-displayName: \"412 Precondition Failed\"\nPrecondition Failed status code\n - PayloadTooLarge: x-displayName: \"413 Payload Too Large\"\nPayload Too Large status code\n - URITooLong: x-displayName: \"414 Uri Too Long\"\nUri Too Long status code\n - UnsupportedMediaType: x-displayName: \"415 Unsupported Media Type\"\nUnsupported Media Type status code\n - RangeNotSatisfiable: x-displayName: \"416 Range Not Satisfiable\"\nRange Not Satisfiable status code\n - ExpectationFailed: x-displayName: \"417 Expectation Failed\"\nExpectation Failed status code\n - MisdirectedRequest: x-displayName: \"421 Misdirected Request\"\nMisdirected Request status code\n - UnprocessableEntity: x-displayName: \"422 Unprocessable Entity\"\nUnprocessable Entity status code\n - Locked: x-displayName: \"423 Locked\"\nLocked status code\n - FailedDependency: x-displayName: \"424 Failed Dependency\"\nFailed Dependency status code\n - UpgradeRequired: x-displayName: \"426 Upgrade Required\"\nUpgrade Required status code\n - PreconditionRequired: x-displayName: \"428 Precondition Required\"\nPrecondition Required status code\n - TooManyRequests: x-displayName: \"429 Too Many Requests\"\nToo Many Requests status code\n - RequestHeaderFieldsTooLarge: x-displayName: \"431 Request Header Fields Too Large\"\nRequest Header Fields Too Large status code\n - InternalServerError: x-displayName: \"500 Internal Server Error\"\nInternal Server Error status code\n - NotImplemented: x-displayName: \"501 Not Implemented\"\nNot Implemented status code\n - BadGateway: x-displayName: \"502 Bad Gateway\"\nBad Gateway status code\n - ServiceUnavailable: x-displayName: \"503 Service Unavailable\"\nService Unavailable status code\n - GatewayTimeout: x-displayName: \"504 Gateway Timeout\"\nGateway Timeout status code\n - HTTPVersionNotSupported: x-displayName: \"505 Http Version Not Supported\"\nHttp Version Not Supported status code\n - VariantAlsoNegotiates: x-displayName: \"506 Variant Also Negotiates\"\nVariant Also Negotiates status code\n - InsufficientStorage: x-displayName: \"507 Insufficient Storage\"\nInsufficient Storage status code\n - LoopDetected: x-displayName: \"508 Loop Detected\"\nLoop Detected status code\n - NotExtended: x-displayName: \"510 Not Extended\"\nNot Extended status code\n - NetworkAuthenticationRequired: x-displayName: \"511 Network Authentication Required\"\nNetwork Authentication Required status code","title":"HttpStatusCode","enum":["EmptyStatusCode","Continue","OK","Created","Accepted","NonAuthoritativeInformation","NoContent","ResetContent","PartialContent","MultiStatus","AlreadyReported","IMUsed","MultipleChoices","MovedPermanently","Found","SeeOther","NotModified","UseProxy","TemporaryRedirect","PermanentRedirect","BadRequest","Unauthorized","PaymentRequired","Forbidden","NotFound","MethodNotAllowed","NotAcceptable","ProxyAuthenticationRequired","RequestTimeout","Conflict","Gone","LengthRequired","PreconditionFailed","PayloadTooLarge","URITooLong","UnsupportedMediaType","RangeNotSatisfiable","ExpectationFailed","MisdirectedRequest","UnprocessableEntity","Locked","FailedDependency","UpgradeRequired","PreconditionRequired","TooManyRequests","RequestHeaderFieldsTooLarge","InternalServerError","NotImplemented","BadGateway","ServiceUnavailable","GatewayTimeout","HTTPVersionNotSupported","VariantAlsoNegotiates","InsufficientStorage","LoopDetected","NotExtended","NetworkAuthenticationRequired"],"default":"EmptyStatusCode"},"schemaInitializerType":{"type":"object","description":"Initializer is information about an initializer that has not yet completed.","title":"InitializerType","x-displayname":"Initializer","x-ves-proto-message":"ves.io.schema.InitializerType","properties":{"name":{"type":"string","description":" name of the service that is responsible for initializing this object.","title":"name","x-displayname":"Name"}}},"schemaInitializersType":{"type":"object","description":"Initializers tracks the progress of initialization of a configuration object","title":"InitializersType","x-displayname":"Initializers","x-ves-proto-message":"ves.io.schema.InitializersType","properties":{"pending":{"type":"array","description":" Pending is a list of initializers that must execute in order before this object is initialized.\n When the last pending initializer is removed, and no failing result is set, the initializers\n struct will be set to nil and the object is considered as initialized and visible to all\n clients.","title":"pending","items":{"$ref":"#/components/schemas/schemaInitializerType"},"x-displayname":"Pending"},"result":{"$ref":"#/components/schemas/schemaStatusType"}}},"schemaLabelMatcherType":{"type":"object","description":"A label matcher specifies a list of label keys whose values need to match for\nsource/client and destination/server. Note that the actual label values are not\nspecified and do not matter. This allows an ability to scope grouping by the\nlabel key name.","title":"LabelMatcherType","x-displayname":"Label Matcher","x-ves-proto-message":"ves.io.schema.LabelMatcherType","properties":{"keys":{"type":"array","description":" The list of label key names that have to match\n\nExample: ` \"['environment', 'location', 'deployment']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_len: 64\n  ves.io.schema.rules.repeated.items.string.min_len: 1\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"keys","maxItems":16,"items":{"type":"string","minLength":1,"maxLength":64},"x-displayname":"Keys","x-ves-example":"['environment', 'location', 'deployment']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_len":"64","ves.io.schema.rules.repeated.items.string.min_len":"1","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}}}},"schemaLabelSelectorType":{"type":"object","description":"This type can be used to establish a 'selector reference' from one object(called selector) to\na set of other objects(called selectees) based on the value of expresssions.\nA label selector is a label query over a set of resources. An empty label selector matches all objects.\nA null label selector matches no objects. Label selector is immutable.\nexpressions is a list of strings of label selection expression.\nEach string has \",\" separated values which are \"AND\" and all strings are logically \"OR\".\nBNF for expression string\n<selector-syntax>         ::= <requirement> | <requirement> \",\" <selector-syntax>\n<requirement>             ::= [!] KEY [ <set-based-restriction> | <exact-match-restriction> ]\n<set-based-restriction>   ::= \"\" | <inclusion-exclusion> <value-set>\n<inclusion-exclusion>     ::= <inclusion> | <exclusion>\n<exclusion>               ::= \"notin\"\n<inclusion>               ::= \"in\"\n<value-set>               ::= \"(\" <values> \")\"\n<values>                  ::= VALUE | VALUE \",\" <values>\n<exact-match-restriction> ::= [\"=\"|\"==\"|\"!=\"] VALUE","title":"LabelSelectorType","x-displayname":"Label Selector","x-ves-proto-message":"ves.io.schema.LabelSelectorType","properties":{"expressions":{"type":"array","description":" expressions contains the kubernetes style label expression for selections.\n\nExample: ` \"region in (us-west1, us-west2),tier in (staging)\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.items.string.k8s_label_selector: true\n  ves.io.schema.rules.repeated.items.string.max_len: 4096\n  ves.io.schema.rules.repeated.items.string.min_len: 1\n  ves.io.schema.rules.repeated.max_items: 1\n","title":"expressions","maxItems":1,"items":{"type":"string","minLength":1,"maxLength":4096},"x-displayname":"Selector Expression","x-ves-example":"region in (us-west1, us-west2),tier in (staging)","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.items.string.k8s_label_selector":"true","ves.io.schema.rules.repeated.items.string.max_len":"4096","ves.io.schema.rules.repeated.items.string.min_len":"1","ves.io.schema.rules.repeated.max_items":"1"}}}},"schemaObjectCreateMetaType":{"type":"object","description":"ObjectCreateMetaType is metadata that can be specified in Create request of an object.","title":"ObjectCreateMetaType","x-displayname":"Create Metadata","x-ves-proto-message":"ves.io.schema.ObjectCreateMetaType","properties":{"annotations":{"type":"object","description":" Annotations is an unstructured key value map stored with a resource that may be\n set by external tools to store and retrieve arbitrary metadata. They are not\n queryable and should be preserved when modifying objects.\n\nExample: ` \"value\"`\n\nValidation Rules:\n  ves.io.schema.rules.map.keys.string.max_len: 64\n  ves.io.schema.rules.map.keys.string.min_len: 1\n  ves.io.schema.rules.map.values.string.max_len: 1024\n  ves.io.schema.rules.map.values.string.min_len: 1\n","title":"annotations","x-displayname":"Annotation","x-ves-validation-rules":{"ves.io.schema.rules.map.keys.string.max_len":"64","ves.io.schema.rules.map.keys.string.min_len":"1","ves.io.schema.rules.map.values.string.max_len":"1024","ves.io.schema.rules.map.values.string.min_len":"1"}},"description":{"type":"string","description":" Human readable description for the object\n\nExample: ` \"Virtual Host for acmecorp website\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 1200\n","title":"description","maxLength":1200,"x-displayname":"Description","x-ves-example":"Virtual Host for acmecorp website","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"1200"}},"disable":{"type":"boolean","description":" A value of true will administratively disable the object\n\nExample: ` \"true\"`","title":"disable","format":"boolean","x-displayname":"Disable"},"labels":{"type":"object","description":" Map of string keys and values that can be used to organize and categorize\n (scope and select) objects as chosen by the user. Values specified here will be used\n by selector expression\n\nExample: ` \"value\"`","title":"labels","x-displayname":"Labels"},"name":{"type":"string","description":" This is the name of configuration object. It has to be unique within the namespace.\n It can only be specified during create API and cannot be changed during replace API.\n The value of name has to follow DNS-1035 format.\n\nExample: ` \"acmecorp-web\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n","title":"name","x-displayname":"Name","x-ves-example":"acmecorp-web","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true"}},"namespace":{"type":"string","description":" This defines the workspace within which each the configuration object is to be created.\n Must be a DNS_LABEL format. For a namespace object itself, namespace value will be \"\"\n\nExample: ` \"staging\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"staging"}}},"schemaObjectGetMetaType":{"type":"object","description":"ObjectGetMetaType is metadata that can be specified in Get/Create response of an object.","title":"ObjectGetMetaType","x-displayname":"Get Metadata","x-ves-proto-message":"ves.io.schema.ObjectGetMetaType","properties":{"annotations":{"type":"object","description":" Annotations is an unstructured key value map stored with a resource that may be\n set by external tools to store and retrieve arbitrary metadata. They are not\n queryable and should be preserved when modifying objects.\n\nExample: ` \"value\"`\n\nValidation Rules:\n  ves.io.schema.rules.map.keys.string.max_len: 64\n  ves.io.schema.rules.map.keys.string.min_len: 1\n  ves.io.schema.rules.map.values.string.max_len: 1024\n  ves.io.schema.rules.map.values.string.min_len: 1\n","title":"annotations","x-displayname":"Annotation","x-ves-example":"value","x-ves-validation-rules":{"ves.io.schema.rules.map.keys.string.max_len":"64","ves.io.schema.rules.map.keys.string.min_len":"1","ves.io.schema.rules.map.values.string.max_len":"1024","ves.io.schema.rules.map.values.string.min_len":"1"}},"description":{"type":"string","description":" Human readable description for the object\n\nExample: ` \"Virtual Host for acmecorp website\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 1200\n","title":"description","maxLength":1200,"x-displayname":"Description","x-ves-example":"Virtual Host for acmecorp website","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"1200"}},"disable":{"type":"boolean","description":" A value of true will administratively disable the object\n\nExample: ` \"true\"`","title":"disable","format":"boolean","x-displayname":"Disable","x-ves-example":"true"},"labels":{"type":"object","description":" Map of string keys and values that can be used to organize and categorize\n (scope and select) objects as chosen by the user. Values specified here will be used\n by selector expression\n\nExample: ` \"value\"`","title":"labels","x-displayname":"Labels","x-ves-example":"value"},"name":{"type":"string","description":" This is the name of configuration object. It has to be unique within the namespace.\n It can only be specified during create API and cannot be changed during replace API.\n The value of name has to follow DNS-1035 format.\n\nExample: ` \"acmecorp-web\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n","title":"name","x-displayname":"Name","x-ves-example":"acmecorp-web","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true"}},"namespace":{"type":"string","description":" This defines the workspace within which each the configuration object is to be created.\n Must be a DNS_LABEL format. For a namespace object itself, namespace value will be \"\"\n\nExample: ` \"staging\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"staging"}}},"schemaObjectReplaceMetaType":{"type":"object","description":"ObjectReplaceMetaType is metadata that can be specified in Replace request of an object.","title":"ObjectReplaceMetaType","x-displayname":"Replace Metadata","x-ves-proto-message":"ves.io.schema.ObjectReplaceMetaType","properties":{"annotations":{"type":"object","description":" Annotations is an unstructured key value map stored with a resource that may be\n set by external tools to store and retrieve arbitrary metadata. They are not\n queryable and should be preserved when modifying objects.\n\nExample: ` \"value\"`\n\nValidation Rules:\n  ves.io.schema.rules.map.keys.string.max_len: 64\n  ves.io.schema.rules.map.keys.string.min_len: 1\n  ves.io.schema.rules.map.values.string.max_len: 1024\n  ves.io.schema.rules.map.values.string.min_len: 1\n","title":"annotations","x-displayname":"Annotations","x-ves-example":"value","x-ves-validation-rules":{"ves.io.schema.rules.map.keys.string.max_len":"64","ves.io.schema.rules.map.keys.string.min_len":"1","ves.io.schema.rules.map.values.string.max_len":"1024","ves.io.schema.rules.map.values.string.min_len":"1"}},"description":{"type":"string","description":" Human readable description for the object\n\nExample: ` \"Virtual Host for acmecorp website\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 1200\n","title":"description","maxLength":1200,"x-displayname":"Description","x-ves-example":"Virtual Host for acmecorp website","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"1200"}},"disable":{"type":"boolean","description":" A value of true will administratively disable the object\n\nExample: ` \"true\"`","title":"disable","format":"boolean","x-displayname":"Disable"},"labels":{"type":"object","description":" Map of string keys and values that can be used to organize and categorize\n (scope and select) objects as chosen by the user. Values specified here will be used\n by selector expression\n\nExample: ` \"value\"`","title":"labels","x-displayname":"Labels","x-ves-example":"value"},"name":{"type":"string","description":" This is the name of configuration object. It has to be unique within the namespace.\n It can only be specified during create API and cannot be changed during replace API.\n The value of name has to follow DNS-1035 format.\n\nExample: ` \"acmecorp-web\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n","title":"name","x-displayname":"Name","x-ves-example":"acmecorp-web","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true"}},"namespace":{"type":"string","description":" This defines the workspace within which each the configuration object is to be created.\n Must be a DNS_LABEL format. For a namespace object itself, namespace value will be \"\"\n\nExample: ` \"staging\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"staging"}}},"schemaStatusMetaType":{"type":"object","description":"StatusMetaType is metadata that all status must have.","title":"StatusMetaType","x-displayname":"Metadata","x-ves-proto-message":"ves.io.schema.StatusMetaType","properties":{"creation_timestamp":{"type":"string","description":" creation_timestamp is when the status object was created. It is used to find/tie-break\n for latest status object from same origin","title":"creation_timestamp","format":"date-time","x-displayname":"Creation Timestamp"},"creator_class":{"type":"string","description":" Class of creator which created this StatusObject. This will be service's DNS FQDN.\n This will be set by the system based on client certificate information.\n\nExample: ` \"ver.re1.int.ves.io\"`","title":"creator_class","x-displayname":"Creator Class","x-ves-example":"ver.re1.int.ves.io"},"creator_id":{"type":"string","description":" ID of creator which created this StatusObject. This will be a concrete identifier for service (e.g.\n identifying the environment also). This will be set by the system based on client certificate\n information\n\nExample: ` \"ver-instance-1\"`","title":"creator_id","x-displayname":"Creator ID","x-ves-example":"ver-instance-1"},"publish":{"$ref":"#/components/schemas/schemaStatusPublishType"},"status_id":{"type":"string","description":" status_id is a field used by the generator to distinguish (if necessary) between two status\n objects for the same config object from the same site and same service and potentially same\n daemon(creator-id)","title":"status_id","x-displayname":"Status ID"},"uid":{"type":"string","description":" uid is the unique in time and space value for a StatusObject.\n\nExample: ` \"d15f1fad-4d37-48c0-8706-df1824d76d31\"`","title":"uid","x-displayname":"UID","x-ves-example":"d15f1fad-4d37-48c0-8706-df1824d76d31"},"vtrp_id":{"type":"string","description":" Origin of this status exchanged by VTRP.","title":"vtrp_id","x-displayname":"VTRP ID"},"vtrp_stale":{"type":"boolean","description":" Indicate whether mars deems this object to be stale via graceful restart timer information","title":"vtrp_stale","format":"boolean","x-displayname":"VTRP Stale"}}},"schemaStatusPublishType":{"type":"string","description":"StatusPublishType is all possible publish operations on a StatusObject\n\n - STATUS_DO_NOT_PUBLISH: Do Not Publish\n\nDo not propagate this status to user. This could be because status is only informational\n - STATUS_PUBLISH: Publish\n\nPropagate this status up to user as it might be actionable","title":"StatusPublishType","enum":["STATUS_DO_NOT_PUBLISH","STATUS_PUBLISH"],"default":"STATUS_DO_NOT_PUBLISH","x-displayname":"Status Publish Type","x-ves-proto-enum":"ves.io.schema.StatusPublishType"},"schemaStatusType":{"type":"object","description":"Status is a return value for calls that don't return other objects.","title":"StatusType","x-displayname":"Status","x-ves-proto-message":"ves.io.schema.StatusType","properties":{"code":{"type":"integer","description":" Suggested HTTP return code for this status, 0 if not set.\n\nExample: ` \"0\"`","title":"code","format":"int32","x-displayname":"Code","x-ves-example":"0"},"reason":{"type":"string","description":" A human-readable description of why this operation is in the\n \"Failure\" status. If this value is empty there\n is no information available.\n\nExample: ` \"value\"`","title":"reason","x-displayname":"Reason","x-ves-example":"value"},"status":{"type":"string","description":" Status of the operation.\n One of: \"Success\" or \"Failure\".\n\nExample: ` \"value\"`","title":"status","x-displayname":"Status","x-ves-example":"value"}}},"schemaSystemObjectGetMetaType":{"type":"object","description":"SystemObjectGetMetaType is metadata generated or populated by the system for all persisted objects and\ncannot be updated directly by users.","title":"SystemObjectGetMetaType","x-displayname":"System Metadata","x-ves-proto-message":"ves.io.schema.SystemObjectGetMetaType","properties":{"creation_timestamp":{"type":"string","description":" CreationTimestamp is a timestamp representing the server time when this object was\n created. It is not guaranteed to be set in happens-before order across separate operations.\n Clients may not set this value. It is represented in RFC3339 form and is in UTC.","title":"creation_timestamp","format":"date-time","x-displayname":"Creation Timestamp"},"creator_class":{"type":"string","description":" A value identifying the class of the user or service which created this configuration object.\n\nExample: ` \"value\"`","title":"creator_class","x-displayname":"Creator Class","x-ves-example":"prism"},"creator_id":{"type":"string","description":" A value identifying the exact user or service that created this configuration object\n\nExample: ` \"value\"`","title":"creator_id","x-displayname":"Creator ID","x-ves-example":"admin@acmecorp.com"},"deletion_timestamp":{"type":"string","description":" DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This\n field is set by the server when a graceful deletion is requested by the user, and is not\n directly settable by a client. The resource is expected to be deleted (no longer visible\n from resource lists, and not reachable by name) after the time in this field, once the\n finalizers list is empty. As long as the finalizers list contains items, deletion is blocked.\n Once the deletionTimestamp is set, this value may not be unset or be set further into the\n future, although it may be shortened or the resource may be deleted prior to this time.\n For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react\n by sending a graceful termination signal to the containers in the pod. After that 30 seconds,\n the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup,\n remove the pod from the API. In the presence of network partitions, this object may still\n exist after this timestamp, until an administrator or automated process can determine the\n resource is fully terminated.\n If not set, graceful deletion of the object has not been requested.\n\n Populated by the system when a graceful deletion is requested.\n Read-only.","title":"deletion_timestamp","format":"date-time","x-displayname":"Deletion Timestamp"},"finalizers":{"type":"array","description":" Must be empty before the object is deleted from the registry. Each entry\n is an identifier for the responsible component that will remove the entry\n from the list. If the deletionTimestamp of the object is non-nil, entries\n in this list can only be removed.\n\nExample: ` \"value\"`","title":"finalizers","items":{"type":"string"},"x-displayname":"Finalizers","x-ves-example":"value"},"initializers":{"$ref":"#/components/schemas/schemaInitializersType"},"labels":{"type":"object","description":" Map of string keys and values that can be used to organize and categorize\n (scope and select) objects as chosen by the operator or software. Values here can be interpreted\n by software(backend or frontend) to enable certain behavior e.g. things marked as soft-deleted(restorable).\n\nExample: ` \"'ves.io/soft-deleted''true'\"`","title":"labels","x-displayname":"Labels","x-ves-example":"'ves.io/soft-deleted': 'true'"},"modification_timestamp":{"type":"string","description":" ModificationTimestamp is a timestamp representing the server time when this object was\n last modified.","title":"modification_timestamp","format":"date-time","x-displayname":"Modification Timestamp"},"object_index":{"type":"integer","description":" Unique index for the object. Some objects need a unique integer index to be allocated\n for each object type. This field will be populated for all objects that need it and will\n be zero otherwise.\n\nExample: ` \"0\"`","title":"object_index","format":"int64","x-displayname":"Object Index","x-ves-example":"0"},"owner_view":{"$ref":"#/components/schemas/schemaViewRefType"},"tenant":{"type":"string","description":" Tenant to which this configuration object belongs to. The value for this is found from\n presented credentials.\n\nExample: ` \"acmecorp\"`","title":"tenant","x-displayname":"Tenant","x-ves-example":"acmecorp"},"uid":{"type":"string","description":" uid is the unique in time and space value for this object. It is generated by\n the server on successful creation of an object and is not allowed to change on Replace\n API. The value of is taken from uid field of ObjectMetaType, if provided.\n\nExample: ` \"d15f1fad-4d37-48c0-8706-df1824d76d31\"`","title":"uid","x-displayname":"UID","x-ves-example":"d15f1fad-4d37-48c0-8706-df1824d76d31"}}},"schemaViewRefType":{"type":"object","description":"ViewRefType represents a reference to a view","title":"ViewRefType","x-displayname":"View Reference","x-ves-proto-message":"ves.io.schema.ViewRefType","properties":{"kind":{"type":"string","description":" Kind of the view object\n\nExample: ` \"http_proxy\"`","title":"kind","x-displayname":"Kind","x-ves-example":"http_proxy"},"name":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then name will hold the referred object's(e.g. route's) name.\n\nExample: ` \"contactus-route\"`","title":"name","x-displayname":"Name","x-ves-example":"contactus-route"},"namespace":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then namespace will hold the referred object's(e.g. route's) namespace.\n\nExample: ` \"ns1\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"ns1"},"uid":{"type":"string","description":" UID of the view object\n\nExample: ` \"f3744323-1adf-4aaa-a5dc-0707c1d1bd82\"`","title":"uid","x-displayname":"UID","x-ves-example":"f3744323-1adf-4aaa-a5dc-0707c1d1bd82"}}},"schemapolicyBotAction":{"type":"object","description":"Modify Bot protection behavior for a matching request. The modification could be to entirely skip Bot processing.","title":"Bot Action","x-displayname":"Bot Action","x-ves-oneof-field-action_type":"[\"bot_skip_processing\",\"none\"]","x-ves-proto-message":"ves.io.schema.policy.BotAction","properties":{"bot_skip_processing":{"$ref":"#/components/schemas/ioschemaEmpty"},"none":{"$ref":"#/components/schemas/ioschemaEmpty"}}},"schemapolicyHeaderMatcherType":{"type":"object","description":"A header matcher specifies the name of a single HTTP header and the criteria for the input request to match it. The input has a list of actual values for each\nheader name in the original HTTP request.\nA header matcher can check for one of the following:\n* Presence or absence of the header in the input\n* At least one of the values for the header in the input satisfies the MatcherType item","title":"HeaderMatcherType","x-displayname":"Header Matcher","x-ves-displayorder":"1,6,4","x-ves-oneof-field-match":"[\"check_not_present\",\"check_present\",\"item\"]","x-ves-proto-message":"ves.io.schema.policy.HeaderMatcherType","properties":{"check_not_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"check_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Header Matcher"},"item":{"$ref":"#/components/schemas/policyMatcherType"},"name":{"type":"string","description":" A case-insensitive HTTP header name.\n\nExample: ` \"Accept-Encoding\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.http_header_field: true\n  ves.io.schema.rules.string.max_bytes: 256\n","title":"name","maxLength":256,"x-displayname":"Header Name","x-ves-example":"Accept-Encoding","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.http_header_field":"true","ves.io.schema.rules.string.max_bytes":"256"}}}},"schemapolicyPathMatcherType":{"type":"object","description":"A path matcher specifies multiple criteria for matching an HTTP path string. The match is considered successful if any of the criteria are satisfied. The set\nof supported match criteria includes a list of path prefixes, a list of exact path values and a list of regular expressions.","title":"PathMatcherType","x-displayname":"Path Matcher","x-ves-proto-message":"ves.io.schema.policy.PathMatcherType","properties":{"exact_values":{"type":"array","description":" A list of exact path values to match the input HTTP path against.\n\nExample: ` \"['/api/web/namespaces/project179/users/user1', '/api/config/namespaces/accounting/bgps', '/api/data/namespaces/project443/virtual_host_101']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.http_path: true\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"exact values","maxItems":16,"items":{"type":"string","maxLength":256},"x-displayname":"Exact Values","x-ves-example":"['/api/web/namespaces/project179/users/user1', '/api/config/namespaces/accounting/bgps', '/api/data/namespaces/project443/virtual_host_101']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.http_path":"true","ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Path Matcher"},"prefix_values":{"type":"array","description":" A list of path prefix values to match the input HTTP path against.\n\nExample: ` \"['/api/web/namespaces/project179/users/', '/api/config/namespaces/', '/api/data/namespaces/']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.http_path: true\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"prefix values","maxItems":16,"items":{"type":"string","maxLength":256},"x-displayname":"Prefix Values","x-ves-example":"['/api/web/namespaces/project179/users/', '/api/config/namespaces/', '/api/data/namespaces/']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.http_path":"true","ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"regex_values":{"type":"array","description":" A list of regular expressions to match the input HTTP path against.\n\nExample: ` \"['^/api/web/namespaces/abc/users/([a-z]([-a-z0-9]*[a-z0-9])?)$', '/api/data/namespaces/proj404/virtual_hosts/([a-z]([-a-z0-9]*[a-z0-9])?)$']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 256\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.items.string.regex: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"regex values","maxItems":16,"items":{"type":"string","maxLength":256},"x-displayname":"Regex Values","x-ves-example":"['^/api/web/namespaces/abc/users/([a-z]([-a-z0-9]*[a-z0-9])?)$', '/api/data/namespaces/proj404/virtual_hosts/([a-z]([-a-z0-9]*[a-z0-9])?)$']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"256","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.items.string.regex":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}},"suffix_values":{"type":"array","description":" A list of path suffix values to match the input HTTP path against.\n\nExample: ` \"['.exe', '.shtml', '.wmz']\"`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.items.string.max_bytes: 64\n  ves.io.schema.rules.repeated.items.string.not_empty: true\n  ves.io.schema.rules.repeated.max_items: 64\n  ves.io.schema.rules.repeated.unique: true\n","title":"Suffix values","maxItems":64,"items":{"type":"string","maxLength":64},"x-displayname":"Suffix Values","x-ves-example":"['.exe', '.shtml', '.wmz']","x-ves-validation-rules":{"ves.io.schema.rules.repeated.items.string.max_bytes":"64","ves.io.schema.rules.repeated.items.string.not_empty":"true","ves.io.schema.rules.repeated.max_items":"64","ves.io.schema.rules.repeated.unique":"true"}},"transformers":{"type":"array","description":" An ordered list of transformers (starting from index 0) to be applied to the path before matching.\n\nExample: ` \"[BASE64_DECODE, LOWER_CASE]`\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 9\n  ves.io.schema.rules.repeated.unique: true\n","title":"transformers","maxItems":9,"items":{"$ref":"#/components/schemas/policyTransformer"},"x-displayname":"Transformers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"9","ves.io.schema.rules.repeated.unique":"true"}}}},"schemapolicyPortMatcherType":{"type":"object","description":"A port matcher specifies a list of port ranges as match criteria. The match is considered successful if the input port falls within any of the port ranges.\nThe result of the match is inverted if invert_matcher is true.","title":"port matcher type","x-displayname":"Port Matcher","x-ves-proto-message":"ves.io.schema.policy.PortMatcherType","properties":{"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Port Matcher"},"ports":{"type":"array","description":" A list of strings, each of which is a single port value or a tuple of start and end port values separated by \"-\". The start and end values are considered\n to be part of the range.\n\nExample: ` \"8000-8191\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.items.string.port_range: true\n  ves.io.schema.rules.repeated.max_items: 16\n  ves.io.schema.rules.repeated.unique: true\n","title":"port ranges","maxItems":16,"items":{"type":"string"},"x-displayname":"Port Ranges","x-ves-example":"8000-8191","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.items.string.port_range":"true","ves.io.schema.rules.repeated.max_items":"16","ves.io.schema.rules.repeated.unique":"true"}}}},"schemapolicyQueryParameterMatcherType":{"type":"object","description":"A query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it. The input has a list of actual\nvalues for each query parameter name in the original HTTP request.\nA query parameter matcher can check for one of the following:\n* Presence or absence of the query parameter in the input\n* At least one of the values for the query parameter in the input satisfies the MatcherType item","title":"QueryParameterMatcherType","x-displayname":"Query Parameter Matcher","x-ves-displayorder":"1,6,4","x-ves-oneof-field-match":"[\"check_not_present\",\"check_present\",\"item\"]","x-ves-proto-message":"ves.io.schema.policy.QueryParameterMatcherType","properties":{"check_not_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"check_present":{"$ref":"#/components/schemas/ioschemaEmpty"},"invert_matcher":{"type":"boolean","description":" Invert the match result.","title":"invert_matcher","format":"boolean","x-displayname":"Invert Query Parameter Matcher"},"item":{"$ref":"#/components/schemas/policyMatcherType"},"key":{"type":"string","description":" A case-sensitive HTTP query parameter name.\n\nExample: ` \"sourceid\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.max_bytes: 256\n","title":"key","maxLength":256,"x-displayname":"Query Parameter Name","x-ves-example":"sourceid","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.max_bytes":"256"}}}},"schemaservice_policy_ruleCreateSpecType":{"type":"object","description":"Create service_policy_rule creates a new object in the storage backend for metadata.namespace.","title":"Create service policy rule","x-displayname":"Create Service Policy Rule","x-ves-oneof-field-asn_choice":"[\"any_asn\",\"asn_list\",\"asn_matcher\"]","x-ves-oneof-field-client_choice":"[\"any_client\",\"client_name\",\"client_name_matcher\",\"client_selector\",\"ip_threat_category_list\"]","x-ves-oneof-field-dst_asn_choice":"[]","x-ves-oneof-field-dst_ip_choice":"[]","x-ves-oneof-field-ip_choice":"[\"any_ip\",\"ip_matcher\",\"ip_prefix_list\"]","x-ves-oneof-field-tls_fingerprint_choice":"[\"ja4_tls_fingerprint\",\"tls_fingerprint_matcher\"]","x-ves-proto-message":"ves.io.schema.service_policy_rule.CreateSpecType","properties":{"action":{"$ref":"#/components/schemas/policyRuleAction"},"any_asn":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_client":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_ip":{"$ref":"#/components/schemas/ioschemaEmpty"},"api_group_matcher":{"$ref":"#/components/schemas/policyStringMatcherType"},"arg_matchers":{"type":"array","description":" A list of predicates for all POST args that need to be matched. The criteria for matching each arg are described in individual instances\n of ArgMatcherType. The actual arg values are extracted from the request API as a list of strings for each arg selector name.\n Note that all specified arg matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyArgMatcherType"},"x-displayname":"Argument Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"asn_list":{"$ref":"#/components/schemas/policyAsnMatchList"},"asn_matcher":{"$ref":"#/components/schemas/policyAsnMatcherType"},"body_matcher":{"$ref":"#/components/schemas/policyMatcherType"},"bot_action":{"$ref":"#/components/schemas/schemapolicyBotAction"},"client_name":{"type":"string","description":"Exclusive with [any_client client_name_matcher client_selector ip_threat_category_list]\n The expected name of the client invoking the request API.\n The predicate evaluates to true if any of the actual names is the same as the expected client name.\n\nExample: ` \"backend.production.customer.volterra.us\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 256\n","maxLength":256,"x-displayname":"Client Name","x-ves-example":"backend.production.customer.volterra.us","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"256"}},"client_name_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"client_selector":{"$ref":"#/components/schemas/schemaLabelSelectorType"},"cookie_matchers":{"type":"array","description":" A list of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances\n of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name.\n Note that all specified cookie matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyCookieMatcherType"},"x-displayname":"Cookie Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"domain_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"expiration_timestamp":{"type":"string","description":" The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in\n the configuration but is not applied anymore.\n\nExample: ` \"2019-12-31:44:34.171543432Z\"`","format":"date-time","x-displayname":"Expiration Timestamp","x-ves-example":"2019-12-31:44:34.171543432Z"},"headers":{"type":"array","description":" A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType\n instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type.\n Note that all specified header predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyHeaderMatcherType"},"x-displayname":"HTTP Headers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"http_method":{"$ref":"#/components/schemas/policyHttpMethodMatcherType"},"ip_matcher":{"$ref":"#/components/schemas/policyIpMatcherType"},"ip_prefix_list":{"$ref":"#/components/schemas/policyPrefixMatchList"},"ip_threat_category_list":{"$ref":"#/components/schemas/schemaservice_policy_ruleIPThreatCategoryListType"},"ja4_tls_fingerprint":{"$ref":"#/components/schemas/policyJA4TlsFingerprintMatcherType"},"jwt_claims":{"type":"array","description":" A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType\n instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.\n Note that all specified JWT claim predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyJWTClaimMatcherType"},"x-displayname":"JWT Claims","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"label_matcher":{"$ref":"#/components/schemas/schemaLabelMatcherType"},"mum_action":{"$ref":"#/components/schemas/policyModifyAction"},"path":{"$ref":"#/components/schemas/schemapolicyPathMatcherType"},"port_matcher":{"$ref":"#/components/schemas/schemapolicyPortMatcherType"},"query_params":{"type":"array","description":" A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances\n of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name.\n Note that all specified query parameter predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyQueryParameterMatcherType"},"x-displayname":"HTTP Query Parameters","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"request_constraints":{"$ref":"#/components/schemas/policyRequestConstraintType"},"segment_policy":{"$ref":"#/components/schemas/policySegmentPolicyType"},"tls_fingerprint_matcher":{"$ref":"#/components/schemas/policyTlsFingerprintMatcherType"},"waf_action":{"$ref":"#/components/schemas/policyWafAction"}}},"schemaservice_policy_ruleGetSpecType":{"type":"object","description":"Get service_policy_rule reads a given object from storage backend for metadata.namespace.","title":"Get service policy rule","x-displayname":"Get Service Policy Rule","x-ves-oneof-field-asn_choice":"[\"any_asn\",\"asn_list\",\"asn_matcher\"]","x-ves-oneof-field-client_choice":"[\"any_client\",\"client_name\",\"client_name_matcher\",\"client_selector\",\"ip_threat_category_list\"]","x-ves-oneof-field-dst_asn_choice":"[]","x-ves-oneof-field-dst_ip_choice":"[]","x-ves-oneof-field-ip_choice":"[\"any_ip\",\"ip_matcher\",\"ip_prefix_list\"]","x-ves-oneof-field-tls_fingerprint_choice":"[\"ja4_tls_fingerprint\",\"tls_fingerprint_matcher\"]","x-ves-proto-message":"ves.io.schema.service_policy_rule.GetSpecType","properties":{"action":{"$ref":"#/components/schemas/policyRuleAction"},"any_asn":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_client":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_ip":{"$ref":"#/components/schemas/ioschemaEmpty"},"api_group_matcher":{"$ref":"#/components/schemas/policyStringMatcherType"},"arg_matchers":{"type":"array","description":" A list of predicates for all POST args that need to be matched. The criteria for matching each arg are described in individual instances\n of ArgMatcherType. The actual arg values are extracted from the request API as a list of strings for each arg selector name.\n Note that all specified arg matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyArgMatcherType"},"x-displayname":"Argument Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"asn_list":{"$ref":"#/components/schemas/policyAsnMatchList"},"asn_matcher":{"$ref":"#/components/schemas/policyAsnMatcherType"},"body_matcher":{"$ref":"#/components/schemas/policyMatcherType"},"bot_action":{"$ref":"#/components/schemas/schemapolicyBotAction"},"client_name":{"type":"string","description":"Exclusive with [any_client client_name_matcher client_selector ip_threat_category_list]\n The expected name of the client invoking the request API.\n The predicate evaluates to true if any of the actual names is the same as the expected client name.\n\nExample: ` \"backend.production.customer.volterra.us\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 256\n","maxLength":256,"x-displayname":"Client Name","x-ves-example":"backend.production.customer.volterra.us","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"256"}},"client_name_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"client_selector":{"$ref":"#/components/schemas/schemaLabelSelectorType"},"cookie_matchers":{"type":"array","description":" A list of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances\n of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name.\n Note that all specified cookie matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyCookieMatcherType"},"x-displayname":"Cookie Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"domain_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"expiration_timestamp":{"type":"string","description":" The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in\n the configuration but is not applied anymore.\n\nExample: ` \"2019-12-31:44:34.171543432Z\"`","format":"date-time","x-displayname":"Expiration Timestamp","x-ves-example":"2019-12-31:44:34.171543432Z"},"headers":{"type":"array","description":" A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType\n instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type.\n Note that all specified header predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyHeaderMatcherType"},"x-displayname":"HTTP Headers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"http_method":{"$ref":"#/components/schemas/policyHttpMethodMatcherType"},"ip_matcher":{"$ref":"#/components/schemas/policyIpMatcherType"},"ip_prefix_list":{"$ref":"#/components/schemas/policyPrefixMatchList"},"ip_threat_category_list":{"$ref":"#/components/schemas/schemaservice_policy_ruleIPThreatCategoryListType"},"ja4_tls_fingerprint":{"$ref":"#/components/schemas/policyJA4TlsFingerprintMatcherType"},"jwt_claims":{"type":"array","description":" A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType\n instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.\n Note that all specified JWT claim predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyJWTClaimMatcherType"},"x-displayname":"JWT Claims","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"label_matcher":{"$ref":"#/components/schemas/schemaLabelMatcherType"},"mum_action":{"$ref":"#/components/schemas/policyModifyAction"},"path":{"$ref":"#/components/schemas/schemapolicyPathMatcherType"},"port_matcher":{"$ref":"#/components/schemas/schemapolicyPortMatcherType"},"query_params":{"type":"array","description":" A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances\n of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name.\n Note that all specified query parameter predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyQueryParameterMatcherType"},"x-displayname":"HTTP Query Parameters","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"request_constraints":{"$ref":"#/components/schemas/policyRequestConstraintType"},"segment_policy":{"$ref":"#/components/schemas/policySegmentPolicyType"},"tls_fingerprint_matcher":{"$ref":"#/components/schemas/policyTlsFingerprintMatcherType"},"waf_action":{"$ref":"#/components/schemas/policyWafAction"}}},"schemaservice_policy_ruleIPThreatCategoryListType":{"type":"object","description":"List of ip threat categories","title":"IP Threat Category List Type","x-displayname":"IP Threat Category List Type","x-ves-proto-message":"ves.io.schema.service_policy_rule.IPThreatCategoryListType","properties":{"ip_threat_categories":{"type":"array","description":" The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.repeated.max_items: 32\n  ves.io.schema.rules.repeated.unique: true\n","title":"IP Threat Categories","maxItems":32,"items":{"$ref":"#/components/schemas/policyIPThreatCategory"},"x-displayname":"List of IP Threat Categories to choose","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.repeated.max_items":"32","ves.io.schema.rules.repeated.unique":"true"}}}},"schemaservice_policy_ruleReplaceSpecType":{"type":"object","description":"Replace service_policy_rule replaces an existing object in the storage backend for metadata.namespace.","title":"Replace service policy rule","x-displayname":"Replace Service Policy Rule","x-ves-oneof-field-asn_choice":"[\"any_asn\",\"asn_list\",\"asn_matcher\"]","x-ves-oneof-field-client_choice":"[\"any_client\",\"client_name\",\"client_name_matcher\",\"client_selector\",\"ip_threat_category_list\"]","x-ves-oneof-field-dst_asn_choice":"[]","x-ves-oneof-field-dst_ip_choice":"[]","x-ves-oneof-field-ip_choice":"[\"any_ip\",\"ip_matcher\",\"ip_prefix_list\"]","x-ves-oneof-field-tls_fingerprint_choice":"[\"ja4_tls_fingerprint\",\"tls_fingerprint_matcher\"]","x-ves-proto-message":"ves.io.schema.service_policy_rule.ReplaceSpecType","properties":{"action":{"$ref":"#/components/schemas/policyRuleAction"},"any_asn":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_client":{"$ref":"#/components/schemas/ioschemaEmpty"},"any_ip":{"$ref":"#/components/schemas/ioschemaEmpty"},"api_group_matcher":{"$ref":"#/components/schemas/policyStringMatcherType"},"arg_matchers":{"type":"array","description":" A list of predicates for all POST args that need to be matched. The criteria for matching each arg are described in individual instances\n of ArgMatcherType. The actual arg values are extracted from the request API as a list of strings for each arg selector name.\n Note that all specified arg matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyArgMatcherType"},"x-displayname":"Argument Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"asn_list":{"$ref":"#/components/schemas/policyAsnMatchList"},"asn_matcher":{"$ref":"#/components/schemas/policyAsnMatcherType"},"body_matcher":{"$ref":"#/components/schemas/policyMatcherType"},"bot_action":{"$ref":"#/components/schemas/schemapolicyBotAction"},"client_name":{"type":"string","description":"Exclusive with [any_client client_name_matcher client_selector ip_threat_category_list]\n The expected name of the client invoking the request API.\n The predicate evaluates to true if any of the actual names is the same as the expected client name.\n\nExample: ` \"backend.production.customer.volterra.us\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 256\n","maxLength":256,"x-displayname":"Client Name","x-ves-example":"backend.production.customer.volterra.us","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"256"}},"client_name_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"client_selector":{"$ref":"#/components/schemas/schemaLabelSelectorType"},"cookie_matchers":{"type":"array","description":" A list of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances\n of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name.\n Note that all specified cookie matcher predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyCookieMatcherType"},"x-displayname":"Cookie Matchers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"domain_matcher":{"$ref":"#/components/schemas/policyMatcherTypeBasic"},"expiration_timestamp":{"type":"string","description":" The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in\n the configuration but is not applied anymore.\n\nExample: ` \"2019-12-31:44:34.171543432Z\"`","format":"date-time","x-displayname":"Expiration Timestamp","x-ves-example":"2019-12-31:44:34.171543432Z"},"headers":{"type":"array","description":" A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType\n instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type.\n Note that all specified header predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyHeaderMatcherType"},"x-displayname":"HTTP Headers","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"http_method":{"$ref":"#/components/schemas/policyHttpMethodMatcherType"},"ip_matcher":{"$ref":"#/components/schemas/policyIpMatcherType"},"ip_prefix_list":{"$ref":"#/components/schemas/policyPrefixMatchList"},"ip_threat_category_list":{"$ref":"#/components/schemas/schemaservice_policy_ruleIPThreatCategoryListType"},"ja4_tls_fingerprint":{"$ref":"#/components/schemas/policyJA4TlsFingerprintMatcherType"},"jwt_claims":{"type":"array","description":" A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType\n instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.\n Note that all specified JWT claim predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/policyJWTClaimMatcherType"},"x-displayname":"JWT Claims","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"label_matcher":{"$ref":"#/components/schemas/schemaLabelMatcherType"},"mum_action":{"$ref":"#/components/schemas/policyModifyAction"},"path":{"$ref":"#/components/schemas/schemapolicyPathMatcherType"},"port_matcher":{"$ref":"#/components/schemas/schemapolicyPortMatcherType"},"query_params":{"type":"array","description":" A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances\n of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name.\n Note that all specified query parameter predicates must evaluate to true.\n\nValidation Rules:\n  ves.io.schema.rules.repeated.max_items: 16\n","maxItems":16,"items":{"$ref":"#/components/schemas/schemapolicyQueryParameterMatcherType"},"x-displayname":"HTTP Query Parameters","x-ves-validation-rules":{"ves.io.schema.rules.repeated.max_items":"16"}},"request_constraints":{"$ref":"#/components/schemas/policyRequestConstraintType"},"segment_policy":{"$ref":"#/components/schemas/policySegmentPolicyType"},"tls_fingerprint_matcher":{"$ref":"#/components/schemas/policyTlsFingerprintMatcherType"},"waf_action":{"$ref":"#/components/schemas/policyWafAction"}}},"schemaviewsObjectRefType":{"type":"object","description":"This type establishes a direct reference from one object(the referrer) to another(the referred).\nSuch a reference is in form of tenant/namespace/name","title":"ObjectRefType","x-displayname":"Object reference","x-ves-proto-message":"ves.io.schema.views.ObjectRefType","properties":{"name":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then name will hold the referred object's(e.g. route's) name.\n\nExample: ` \"contacts-route\"`\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n  ves.io.schema.rules.string.max_bytes: 128\n  ves.io.schema.rules.string.min_bytes: 1\n","title":"name","minLength":1,"maxLength":128,"x-displayname":"Name","x-ves-example":"contacts-route","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true","ves.io.schema.rules.string.max_bytes":"128","ves.io.schema.rules.string.min_bytes":"1"}},"namespace":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then namespace will hold the referred object's(e.g. route's) namespace.\n\nExample: ` \"ns1\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 64\n","title":"namespace","maxLength":64,"x-displayname":"Namespace","x-ves-example":"ns1","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"64"}},"tenant":{"type":"string","description":" When a configuration object(e.g. virtual_host) refers to another(e.g route)\n then tenant will hold the referred object's(e.g. route's) tenant.\n\nExample: ` \"acmecorp\"`\n\nValidation Rules:\n  ves.io.schema.rules.string.max_bytes: 64\n","title":"tenant","maxLength":64,"x-displayname":"Tenant","x-ves-example":"acmecorp","x-ves-validation-rules":{"ves.io.schema.rules.string.max_bytes":"64"}}}},"service_policy_ruleCreateRequest":{"type":"object","description":"This is the input message of the 'Create' RPC","title":"CreateRequest is used to create an instance of service_policy_rule","x-displayname":"Create Request","x-ves-proto-message":"ves.io.schema.service_policy_rule.CreateRequest","properties":{"metadata":{"$ref":"#/components/schemas/schemaObjectCreateMetaType"},"spec":{"$ref":"#/components/schemas/schemaservice_policy_ruleCreateSpecType"}}},"service_policy_ruleCreateResponse":{"type":"object","x-ves-proto-message":"ves.io.schema.service_policy_rule.CreateResponse","properties":{"metadata":{"$ref":"#/components/schemas/schemaObjectGetMetaType"},"spec":{"$ref":"#/components/schemas/schemaservice_policy_ruleGetSpecType"},"system_metadata":{"$ref":"#/components/schemas/schemaSystemObjectGetMetaType"}}},"service_policy_ruleDeleteRequest":{"type":"object","description":"This is the input message of the 'Delete' RPC.","title":"DeleteRequest is used to delete a service_policy_rule","x-displayname":"Delete Request","x-ves-proto-message":"ves.io.schema.service_policy_rule.DeleteRequest","properties":{"fail_if_referred":{"type":"boolean","description":" Fail the delete operation if this object is being referred by other objects","title":"fail_if_referred","format":"boolean","x-displayname":"Fail-If-Referred"},"name":{"type":"string","description":" Name of the configuration object\n\nExample: ` \"name\"`","title":"name","x-displayname":"Name","x-ves-example":"name"},"namespace":{"type":"string","description":" Namespace in which the configuration object is present\n\nExample: ` \"ns1\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"ns1"}}},"service_policy_ruleGetResponse":{"type":"object","description":"This is the output message of the 'Get' RPC","title":"GetResponse is the shape of a read service_policy_rule","x-displayname":"Get Response","x-ves-proto-message":"ves.io.schema.service_policy_rule.GetResponse","properties":{"create_form":{"$ref":"#/components/schemas/service_policy_ruleCreateRequest"},"deleted_referred_objects":{"type":"array","description":"The set of deleted objects that are referred by this object","title":"deleted_referred_objects","items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"Deleted Referred Objects"},"disabled_referred_objects":{"type":"array","description":"The set of deleted objects that are referred by this object","title":"disabled_referred_objects","items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"Disabled Referred Objects"},"metadata":{"$ref":"#/components/schemas/schemaObjectGetMetaType"},"referring_objects":{"type":"array","description":"The set of objects that are referring to this object in their spec","title":"referring_objects","items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"Referring Objects"},"replace_form":{"$ref":"#/components/schemas/service_policy_ruleReplaceRequest"},"spec":{"$ref":"#/components/schemas/schemaservice_policy_ruleGetSpecType"},"status":{"type":"array","description":"The status reported by different services for this configuration object","title":"status","items":{"$ref":"#/components/schemas/service_policy_ruleStatusObject"},"x-displayname":"Status"},"system_metadata":{"$ref":"#/components/schemas/schemaSystemObjectGetMetaType"}}},"service_policy_ruleGetResponseFormatCode":{"type":"string","description":"x-displayName: \"Get Response Format\"\nThis is the various forms that can be requested to be sent in the GetResponse\n\n - GET_RSP_FORMAT_DEFAULT: x-displayName: \"Default Format\"\nDefault format of returned resource\n - GET_RSP_FORMAT_FOR_CREATE: x-displayName: \"Create request Format\"\nResponse should be in CreateRequest format\n - GET_RSP_FORMAT_FOR_REPLACE: x-displayName: \"Replace request format\"\nResponse should be in ReplaceRequest format\n - GET_RSP_FORMAT_STATUS: x-displayName: \"Status format\"\nResponse should be in StatusObject(s) format\n - GET_RSP_FORMAT_READ: x-displayName: \"GetSpecType format\"\nResponse should be in format of GetSpecType\n - GET_RSP_FORMAT_REFERRING_OBJECTS: x-displayName: \"Referring Objects\"\nResponse should have other objects referring to this object\n - GET_RSP_FORMAT_BROKEN_REFERENCES: x-displayName: \"Broken Referred Objects\"\nResponse should have deleted and disabled objects referrred by this object","title":"GetResponseFormatCode","enum":["GET_RSP_FORMAT_DEFAULT","GET_RSP_FORMAT_FOR_CREATE","GET_RSP_FORMAT_FOR_REPLACE","GET_RSP_FORMAT_STATUS","GET_RSP_FORMAT_READ","GET_RSP_FORMAT_REFERRING_OBJECTS","GET_RSP_FORMAT_BROKEN_REFERENCES"],"default":"GET_RSP_FORMAT_DEFAULT"},"service_policy_ruleListResponse":{"type":"object","description":"This is the output message of 'List' RPC.","title":"ListResponse is the collection of service_policy_rule","x-displayname":"List Response","x-ves-proto-message":"ves.io.schema.service_policy_rule.ListResponse","properties":{"errors":{"type":"array","description":" Errors(if any) while listing items from collection","title":"errors","items":{"$ref":"#/components/schemas/schemaErrorType"},"x-displayname":"Errors"},"items":{"type":"array","description":" items represents the collection in response","title":"items","items":{"$ref":"#/components/schemas/service_policy_ruleListResponseItem"},"x-displayname":"Items"}}},"service_policy_ruleListResponseItem":{"type":"object","description":"By default a summary of service_policy_rule is returned in 'List'. By setting\n'report_fields' in the ListRequest more details of each item can be got.","title":"ListResponseItem is an individual item in a collection of service_policy_rule","x-displayname":"List Item","x-ves-proto-message":"ves.io.schema.service_policy_rule.ListResponseItem","properties":{"annotations":{"type":"object","description":" The set of annotations present on this service_policy_rule","title":"annotations","x-displayname":"Annotations"},"description":{"type":"string","description":" The description set for this service_policy_rule","title":"description","x-displayname":"Description"},"disabled":{"type":"boolean","description":" A value of true indicates service_policy_rule is administratively disabled","title":"disabled","format":"boolean","x-displayname":"Disabled"},"get_spec":{"$ref":"#/components/schemas/schemaservice_policy_ruleGetSpecType"},"labels":{"type":"object","description":" The set of labels present on this service_policy_rule","title":"labels","x-displayname":"Labels"},"metadata":{"$ref":"#/components/schemas/schemaObjectGetMetaType"},"name":{"type":"string","description":" The name of this service_policy_rule\n\nExample: ` \"name\"`","title":"name","x-displayname":"Name","x-ves-example":"name"},"namespace":{"type":"string","description":" The namespace this item belongs to\n\nExample: ` \"ns1\"`","title":"namespace","x-displayname":"Namespace","x-ves-example":"ns1"},"owner_view":{"$ref":"#/components/schemas/schemaViewRefType"},"status_set":{"type":"array","description":" The status reported by different services for this configuration object","title":"status","items":{"$ref":"#/components/schemas/service_policy_ruleStatusObject"},"x-displayname":"Status"},"system_metadata":{"$ref":"#/components/schemas/schemaSystemObjectGetMetaType"},"tenant":{"type":"string","description":" The tenant this item belongs to\n\nExample: ` \"acmecorp\"`","title":"tenant","x-displayname":"Tenant","x-ves-example":"acmecorp"},"uid":{"type":"string","description":" The unique uid of this service_policy_rule\n\nExample: ` \"d27938ba-967e-40a7-9709-57b8627f9f75\"`","title":"uid","x-displayname":"UID","x-ves-example":"d27938ba-967e-40a7-9709-57b8627f9f75"}}},"service_policy_ruleReplaceRequest":{"type":"object","description":"This is the input message of the 'Replace' RPC","title":"ReplaceRequest is used to replace contents of a service_policy_rule","x-displayname":"Replace Request","x-ves-proto-message":"ves.io.schema.service_policy_rule.ReplaceRequest","properties":{"metadata":{"$ref":"#/components/schemas/schemaObjectReplaceMetaType"},"spec":{"$ref":"#/components/schemas/schemaservice_policy_ruleReplaceSpecType"}}},"service_policy_ruleReplaceResponse":{"type":"object","x-ves-proto-message":"ves.io.schema.service_policy_rule.ReplaceResponse"},"service_policy_ruleStatusObject":{"type":"object","description":"Most recently observed status of object","title":"Status for service policy rule","x-displayname":"Status","x-ves-proto-message":"ves.io.schema.service_policy_rule.StatusObject","properties":{"conditions":{"type":"array","description":" Conditions reported by various component of the system","title":"conditions","items":{"$ref":"#/components/schemas/schemaConditionType"},"x-displayname":"Conditions"},"metadata":{"$ref":"#/components/schemas/schemaStatusMetaType"},"object_refs":{"type":"array","description":" Object reference","title":"object_refs","items":{"$ref":"#/components/schemas/ioschemaObjectRefType"},"x-displayname":"Config Object"}}},"viewsSegmentRefList":{"type":"object","description":"List of references to Segments","title":"Segment List","x-displayname":"Segment List","x-ves-proto-message":"ves.io.schema.views.SegmentRefList","properties":{"segments":{"type":"array","description":" Select list of segments\n\nRequired: YES\n\nValidation Rules:\n  ves.io.schema.rules.message.required: true\n","title":"Segments","items":{"$ref":"#/components/schemas/schemaviewsObjectRefType"},"x-displayname":"Segments","x-ves-required":"true","x-ves-validation-rules":{"ves.io.schema.rules.message.required":"true"}}}}}}}