nginx · dhurley · Dec 6, 2024 · Dec 20, 2024 · Jan 22, 2025 · Jan 24, 2025
@@ -252,6 +252,8 @@ message InstanceMeta {
         INSTANCE_TYPE_NGINX_PLUS = 3;
         // NGINX Unit
         INSTANCE_TYPE_UNIT = 4;
+        // NGINX App Protect
+        INSTANCE_TYPE_NGINX_APP_PROTECT = 5;
     }
     // the types of instances possible
     InstanceType instance_type = 2;
@@ -275,13 +277,15 @@ message InstanceRuntime {
     // the binary path location
     string binary_path = 2 [(buf.validate.field).string.prefix = "/"];
     // the config path location
-    string config_path = 3 [(buf.validate.field).string.prefix = "/"];
+    optional string config_path = 3 [(buf.validate.field).string.prefix = "/"];
     // more detailed runtime objects
     oneof details {
         // NGINX runtime configuration settings like stub_status, usually read from the NGINX config or NGINX process
         NGINXRuntimeInfo nginx_runtime_info = 4;
         // NGINX Plus runtime configuration settings like api value, usually read from the NGINX config, NGINX process or NGINX Plus API
         NGINXPlusRuntimeInfo nginx_plus_runtime_info = 5;
+        // NGINX App Protect runtime information
+        NGINXAppProtectRuntimeInfo nginx_app_protect_runtime_info = 7;
     }
     // List of worker processes
     repeated InstanceChild instance_children = 6;
@@ -329,6 +333,16 @@ message APIDetails {
     string listen =  2;
 }
 
+// A set of runtime NGINX App Protect settings
+message NGINXAppProtectRuntimeInfo {
+    // NGINX App Protect Release 
+    string release = 1;
+    // Attack signature version
+    string attack_signature_version = 2;
+    // Threat campaign version
+    string threat_campaign_version = 3;
+}
+
 // A set of actions that can be performed on an instance
 message InstanceAction {}
 

@@ -63,6 +63,7 @@
     - [InstanceRuntime](#mpi-v1-InstanceRuntime)
     - [ManagementPlaneRequest](#mpi-v1-ManagementPlaneRequest)
     - [MetricsServer](#mpi-v1-MetricsServer)
+    - [NGINXAppProtectRuntimeInfo](#mpi-v1-NGINXAppProtectRuntimeInfo)
     - [NGINXPlusAction](#mpi-v1-NGINXPlusAction)
     - [NGINXPlusRuntimeInfo](#mpi-v1-NGINXPlusRuntimeInfo)
     - [NGINXRuntimeInfo](#mpi-v1-NGINXRuntimeInfo)
@@ -926,9 +927,10 @@ Meta-information relating to the reported instance
 | ----- | ---- | ----- | ----------- |
 | process_id | [int32](#int32) |  | the process identifier |
 | binary_path | [string](#string) |  | the binary path location |
-| config_path | [string](#string) |  | the config path location |
+| config_path | [string](#string) | optional | the config path location |
 | nginx_runtime_info | [NGINXRuntimeInfo](#mpi-v1-NGINXRuntimeInfo) |  | NGINX runtime configuration settings like stub_status, usually read from the NGINX config or NGINX process |
 | nginx_plus_runtime_info | [NGINXPlusRuntimeInfo](#mpi-v1-NGINXPlusRuntimeInfo) |  | NGINX Plus runtime configuration settings like api value, usually read from the NGINX config, NGINX process or NGINX Plus API |
+| nginx_app_protect_runtime_info | [NGINXAppProtectRuntimeInfo](#mpi-v1-NGINXAppProtectRuntimeInfo) |  | NGINX App Protect runtime information |
 | instance_children | [InstanceChild](#mpi-v1-InstanceChild) | repeated | List of worker processes |
 
 
@@ -967,6 +969,23 @@ The metrics settings associated with origins (sources) of the metrics and destin
 
 
 
+<a name="mpi-v1-NGINXAppProtectRuntimeInfo"></a>
+
+### NGINXAppProtectRuntimeInfo
+A set of runtime NGINX App Protect settings
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| release | [string](#string) |  | NGINX App Protect Release |
+| attack_signature_version | [string](#string) |  | Attack signature version |
+| threat_campaign_version | [string](#string) |  | Threat campaign version |
+
+
+
+
+
+
 <a name="mpi-v1-NGINXPlusAction"></a>
 
 ### NGINXPlusAction
@@ -1165,6 +1184,7 @@ the types of instances possible
 | INSTANCE_TYPE_NGINX | 2 | NGINX |
 | INSTANCE_TYPE_NGINX_PLUS | 3 | NGINX Plus |
 | INSTANCE_TYPE_UNIT | 4 | NGINX Unit |
+| INSTANCE_TYPE_NGINX_APP_PROTECT | 5 | NGINX App Protect |
 
 
 

@@ -214,6 +214,7 @@ service:
     {{- end}}
   {{- end}}
   pipelines:
+    {{- if or (ne .Receivers.HostMetrics nil) (gt (len .Receivers.OtlpReceivers) 0) (gt (len .Receivers.NginxReceivers) 0) (gt (len .Receivers.NginxPlusReceivers) 0) }}
     metrics:
       receivers:
         {{- if ne .Receivers.HostMetrics nil }}
@@ -252,6 +253,7 @@ service:
         {{- if ne .Exporters.Debug nil }}
         - debug
         {{- end  }}
+    {{- end  }}
     {{- if ne .Receivers.TcplogReceivers nil }}
     logs:
       receivers:

@@ -37,13 +37,15 @@ import (
 func TestResource_Process(t *testing.T) {
 	ctx := context.Background()
 
+	configPath := protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetConfigPath()
+
 	updatedInstance := &mpi.Instance{
 		InstanceConfig: protos.GetNginxOssInstance([]string{}).GetInstanceConfig(),
 		InstanceMeta:   protos.GetNginxOssInstance([]string{}).GetInstanceMeta(),
 		InstanceRuntime: &mpi.InstanceRuntime{
 			ProcessId:  56789,
 			BinaryPath: protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetBinaryPath(),
-			ConfigPath: protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetConfigPath(),
+			ConfigPath: &configPath,
 			Details:    protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetDetails(),
 		},
 	}

@@ -68,14 +68,15 @@ func TestResourceService_AddInstance(t *testing.T) {
 
 func TestResourceService_UpdateInstance(t *testing.T) {
 	ctx := context.Background()
+	configPath := protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetConfigPath()
 
 	updatedInstance := &v1.Instance{
 		InstanceConfig: protos.GetNginxOssInstance([]string{}).GetInstanceConfig(),
 		InstanceMeta:   protos.GetNginxOssInstance([]string{}).GetInstanceMeta(),
 		InstanceRuntime: &v1.InstanceRuntime{
 			ProcessId:  56789,
 			BinaryPath: protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetBinaryPath(),
-			ConfigPath: protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetConfigPath(),
+			ConfigPath: &configPath,
 			Details:    protos.GetNginxOssInstance([]string{}).GetInstanceRuntime().GetDetails(),
 		},
 	}

@@ -59,7 +59,8 @@ func (hw *HealthWatcherService) AddHealthWatcher(instances []*mpi.Instance) {
 			hw.watchers[instance.GetInstanceMeta().GetInstanceId()] = watcher
 		case mpi.InstanceMeta_INSTANCE_TYPE_AGENT:
 		case mpi.InstanceMeta_INSTANCE_TYPE_UNSPECIFIED,
-			mpi.InstanceMeta_INSTANCE_TYPE_UNIT:
+			mpi.InstanceMeta_INSTANCE_TYPE_UNIT,
+			mpi.InstanceMeta_INSTANCE_TYPE_NGINX_APP_PROTECT:
 			fallthrough
 		default:
 			slog.Warn("Health watcher not implemented", "instance_type",

@@ -75,6 +75,7 @@ func NewInstanceWatcherService(agentConfig *config.Config) *InstanceWatcherServi
 		processOperator: process.NewProcessOperator(),
 		processParsers: []processParser{
 			NewNginxProcessParser(),
+			NewNginxAppProtectProcessParser(),
 		},
 		nginxConfigParser: NewNginxConfigParser(agentConfig),
 		instanceCache:     make(map[string]*mpi.Instance),
@@ -307,7 +308,7 @@ func (iw *InstanceWatcherService) agentInstance(ctx context.Context) *mpi.Instan
 		InstanceRuntime: &mpi.InstanceRuntime{
 			ProcessId:  iw.executer.ProcessID(),
 			BinaryPath: processPath,
-			ConfigPath: iw.agentConfig.Path,
+			ConfigPath: &iw.agentConfig.Path,
 			Details:    nil,
 		},
 	}