OAS Update

stackit-pipeline · stackit-pipeline · commit 81965b57ccf4 · 2026-02-26T09:21:01.000Z
diff --git a/services/cdn/v1beta/cdn.json b/services/cdn/v1beta/cdn.json
@@ -430,6 +430,9 @@
           "timestamp": {
             "format": "date-time",
             "type": "string"
+          },
+          "wafViolation": {
+            "$ref": "#/components/schemas/WAFViolation"
           }
         },
         "required": [
@@ -611,7 +614,8 @@
             "enum": [
               "UNKNOWN",
               "CUSTOM_DOMAIN_CNAME_MISSING",
-              "INVALID_ARGUMENT"
+              "INVALID_ARGUMENT",
+              "LOG_SINK_INSTANCE_UNAVAILABLE"
             ],
             "minLength": 1,
             "type": "string"
@@ -1052,11 +1056,13 @@
         "properties": {
           "certificate": {
             "description": "base64-encoded PEM-encoded certificate",
-            "type": "string"
+            "type": "string",
+            "x-go-type": "secret.Secret"
           },
           "key": {
             "description": "base64-encoded PEM encoded key",
-            "type": "string"
+            "type": "string",
+            "x-go-type": "secret.Secret"
           },
           "type": {
             "type": "string"
@@ -1155,7 +1161,6 @@
           "SA",
           "ASIA"
         ],
-        "format": "enum",
         "type": "string"
       },
       "StatusError": {
@@ -1176,7 +1181,9 @@
               "UNKNOWN",
               "CUSTOM_DOMAIN_CNAME_MISSING",
               "CUSTOM_DOMAIN_ALREADY_IN_USE",
-              "PUBLIC_BETA_QUOTA_REACHED"
+              "PUBLIC_BETA_QUOTA_REACHED",
+              "LOG_SINK_INSTANCE_UNAVAILABLE",
+              "EXTERNAL_QUOTA_REACHED"
             ],
             "minLength": 1,
             "type": "string"
@@ -1207,6 +1214,15 @@
         ],
         "type": "object"
       },
+      "WAFRuleAction": {
+        "description": "The action a WAF rule can take based on a request",
+        "enum": [
+          "BLOCKED",
+          "LOGGED",
+          "ALLOWED"
+        ],
+        "type": "string"
+      },
       "WAFRuleCollection": {
         "properties": {
           "groups": {
@@ -1263,9 +1279,66 @@
         ],
         "type": "object"
       },
+      "WAFViolation": {
+        "description": "Information about a violated WAF rule in case the WAF is enabled and a rule was triggered (either in BLOCK or LOG_ONLY mode)",
+        "properties": {
+          "action": {
+            "$ref": "#/components/schemas/WAFRuleAction"
+          },
+          "asn": {
+            "description": "ASN for the request",
+            "type": "string"
+          },
+          "message": {
+            "description": "Rule specific message explaining the violation",
+            "type": "string"
+          },
+          "method": {
+            "description": "HTTP Method of the request that triggered the violation",
+            "type": "string"
+          },
+          "requestHeaders": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": "object"
+          },
+          "ruleId": {
+            "description": "ID of the WAF rule that was triggered",
+            "type": "string"
+          }
+        },
+        "required": [
+          "ruleId",
+          "method",
+          "message",
+          "asn",
+          "requestHeaders",
+          "action"
+        ],
+        "type": "object"
+      },
       "WafConfig": {
         "description": "Configuration of the WAF of a distribution",
         "properties": {
+          "allowedHttpMethods": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "allowedHttpVersions": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "allowedRequestContentTypes": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
           "enabledRuleIds": {
             "description": "IDs of the WAF rules that are **explicitly** enabled for this distribution. \nIf this rule is in a disabled / log Only RuleGroup or Collection,\nit will be enabled regardless as `enabledRuleIds` overrides those in specificity.\n\nDo note that rules can also be enabled because a Rulegroup or Collection is enabled. \n**DO NOT** use this property to find all active rules. Instead, pass `?withWafStatus=true` as a query parameter\nto `GetDistribution` or `ListDistributions`. This will expose the `waf` Property on distribution Level.\n\nFrom there you can `$.waf.enabledRules.map(e =\u003e e.id)` to get a list of all enabled rules.\n",
             "items": {
@@ -1276,6 +1349,9 @@
           "mode": {
             "$ref": "#/components/schemas/WafMode"
           },
+          "paranoiaLevel": {
+            "$ref": "#/components/schemas/WafParanoiaLevel"
+          },
           "type": {
             "$ref": "#/components/schemas/WafType"
           }
@@ -1289,9 +1365,30 @@
       },
       "WafConfigPatch": {
         "properties": {
+          "allowedHttpMethods": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "allowedHttpVersions": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
+          "allowedRequestContentTypes": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          },
           "mode": {
             "$ref": "#/components/schemas/WafMode"
           },
+          "paranoiaLevel": {
+            "$ref": "#/components/schemas/WafParanoiaLevel"
+          },
           "type": {
             "$ref": "#/components/schemas/WafType"
           }
@@ -1304,7 +1401,16 @@
           "ENABLED",
           "LOG_ONLY"
         ],
-        "format": "enum",
+        "type": "string"
+      },
+      "WafParanoiaLevel": {
+        "description": "The paranoia level defines how aggressively the WAF should action on requests.  \nIt ranges from `L1` (least strict, lowest chance of false positives) to `L4` (most strict, highest chance of false positives).\nA higher paranoia level is more effective at catching attacks but can also block legitimate traffic.\n",
+        "enum": [
+          "L1",
+          "L2",
+          "L3",
+          "L4"
+        ],
         "type": "string"
       },
       "WafType": {
@@ -1313,7 +1419,6 @@
           "FREE",
           "PREMIUM"
         ],
-        "format": "enum",
         "type": "string"
       }
     }
@@ -1383,7 +1488,6 @@
                 "status",
                 "originUrlRelated"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
@@ -1395,7 +1499,6 @@
                 "ascending",
                 "descending"
               ],
-              "format": "enum",
               "type": "string"
             }
           }
@@ -2937,6 +3040,14 @@
               "type": "string"
             }
           },
+          {
+            "description": "If this is set then only log entries with the chosen WAF rule action/outcome are returned.\nSpecifically, if `ALLOWED` then all requests with no violation are returned. If `BLOCKED` then those where\na WAF rule blocked a request and if `LOGGED` then only those requests where the WAF violation was only logged \nbut the request not blocked\n",
+            "in": "query",
+            "name": "wafAction",
+            "schema": {
+              "$ref": "#/components/schemas/WAFRuleAction"
+            }
+          },
           {
             "description": "Quantifies how many log entries should be returned on this \npage. Must be a natural number between 1 and 1000 (inclusive)\n",
             "in": "query",
@@ -2974,7 +3085,6 @@
                 "path",
                 "host"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
@@ -2986,7 +3096,6 @@
                 "ascending",
                 "descending"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
diff --git a/services/cdn/v1beta2/cdn.json b/services/cdn/v1beta2/cdn.json
@@ -1381,7 +1381,6 @@
           "SA",
           "ASIA"
         ],
-        "format": "enum",
         "type": "string"
       },
       "StatusError": {
@@ -1677,7 +1676,6 @@
           "ENABLED",
           "LOG_ONLY"
         ],
-        "format": "enum",
         "type": "string"
       },
       "WafParanoiaLevel": {
@@ -1688,7 +1686,6 @@
           "L3",
           "L4"
         ],
-        "format": "enum",
         "type": "string"
       },
       "WafRule": {
@@ -1887,7 +1884,6 @@
           "FREE",
           "PREMIUM"
         ],
-        "format": "enum",
         "type": "string"
       }
     }
@@ -1957,7 +1953,6 @@
                 "status",
                 "originUrlRelated"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
@@ -1969,7 +1964,6 @@
                 "ascending",
                 "descending"
               ],
-              "format": "enum",
               "type": "string"
             }
           }
@@ -3717,7 +3711,6 @@
                 "path",
                 "host"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
@@ -3729,7 +3722,6 @@
                 "ascending",
                 "descending"
               ],
-              "format": "enum",
               "type": "string"
             }
           },
