-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.workleap.rules.yaml
130 lines (119 loc) · 5.21 KB
/
.workleap.rules.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
extends: [[spectral:oas, off]]
documentationUrl: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets
rules:
duplicated-entry-in-enum: true
no-eval-in-markdown: true
no-script-tags-in-markdown: true
openapi-tags-uniqueness: true
operation-operationId: true
operation-operationId-valid-in-url: true
operation-operationId-unique: true
operation-success-response: true
path-keys-no-trailing-slash: true
path-params: true
typed-enum: true
oas3-schema: true
oas3-operation-security-defined: true
schema-ids-must-have-alphanumeric-characters-only:
description: 'All schema ids must only contain alphanumeric characters. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#schema-ids-must-have-alphanumeric-characters-only'
given: "$.components.schemas"
severity: error
then:
field: "@key"
function: pattern
functionOptions:
match: '^[a-zA-Z0-9]+$'
schemas-properties-must-have-a-type:
description: "All schemas properties must have a type. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#schemas-properties-must-have-a-type-and-path-schema-properties-must-have-a-type"
recommended: true
severity: warn
given: $..schemas.*.properties.*
then:
field: type
function: truthy
path-schema-properties-must-have-a-type:
description: "All path schema properties must have a type. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#schemas-properties-must-have-a-type-and-path-schema-properties-must-have-a-type"
recommended: true
severity: warn
given: $..schema.properties.*
then:
field: type
function: truthy
schema-object-must-have-a-type:
description: "All properties must have a type. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#schema-object-must-have-a-type"
recommended: true
severity: warn
given: $.components.schemas.*
then:
field: type
function: truthy
items-must-have-a-type:
description: "All items must have a type. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#items-must-have-a-type"
recommended: true
severity: warn
given: $.components.schemas..items
then:
field: type
function: truthy
schema-name-length-must-be-short:
description: "Schema name must not be too long to support client generation. Current limitation comes from Ruby packages which uses tar and has a limit of 100 characters. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#schema-name-length-must-be-short"
given: $.components.schemas[*]~
then:
function: length
functionOptions:
max: 95
must-not-use-base-server-url:
description: "Must not use base server url in spec to be able to generate a single client compatible with multiple environments. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#must-not-use-base-server-url"
severity: warn
given: $.servers[*].url
then:
function: falsy
must-accept-content-types:
description: "All endpoint bodies MUST accept the header with (one of) Content-Type: application/json, multipart/form-data, application/octet-stream. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#must-accept-content-types"
message: "{{description}}"
severity: warn
given: $.paths[*].*.requestBody.content
then:
field: "@key"
function: enumeration
functionOptions:
values:
- application/json
- multipart/form-data
- application/octet-stream
must-return-content-types:
description: "Endpoint bodies for 200 responses MUST return the header with (one of) Content-Type: application/json, image/png, application/octet-stream. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#must-return-content-types"
message: "{{description}}"
severity: warn
given: $.paths[*].*.responses['200'].content
then:
field: "@key"
function: enumeration
functionOptions:
values:
- application/json
- image/png
- application/octet-stream
must-support-client-credentials-oauth2:
description: "Contract must support client credentials with oauth2. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#must-support-client-credentials-oauth2"
recommended: true
severity: warn
given: $.components.securitySchemes.*
then:
field: type
function: enumeration
functionOptions:
values:
- oauth2
must-use-get-post-methods:
description: "BFF API endpoints must only use GET or POST methods. Refer to: https://gsoftdev.atlassian.net/wiki/spaces/TEC/pages/3858235678/IDP+OpenAPI+Rulesets#must-use-get-post-methods"
recommended: true
severity: error
given: $.paths[*]
then:
field: "@key"
function: enumeration
functionOptions:
values:
- get
- post