Aramark · API Governance Rules

Aramark API Rules

Spectral linting rules defining API design standards and conventions for Aramark.

21 Rules error 13 warn 6 info 2
View Rules File View on GitHub

Rule Categories

delete get info openapi operation parameter response schema security servers

Rules

error
info-title-aramark-prefix
API title must start with "Aramark"
$.info
warn
info-description-required
API must have a description
$.info
error
info-version-required
API must have a version
$.info
error
openapi-version-3
Use OpenAPI 3.0.x
$
error
servers-defined
Server URLs must be defined
$
error
servers-https
Server URLs must use HTTPS
$.servers[*]
error
operation-id-required
All operations must have an operationId
$.paths[*][get,post,put,delete,patch]
warn
operation-id-camel-case
OperationIds should use camelCase
$.paths[*][get,post,put,delete,patch]
error
operation-summary-required
All operations must have a summary
$.paths[*][get,post,put,delete,patch]
warn
operation-summary-aramark-prefix
Operation summaries should start with "Aramark"
$.paths[*][get,post,put,delete,patch]
warn
operation-description-required
All operations should have a description
$.paths[*][get,post,put,delete,patch]
error
operation-tags-required
All operations must have at least one tag
$.paths[*][get,post,put,delete,patch]
warn
parameter-description-required
All parameters must have a description
$.paths[*][*].parameters[*]
error
response-success-required
All operations must define a success response
$.paths[*][get,post,put,delete,patch].responses
warn
response-401-required
All secured operations should document 401 responses
$.paths[*][get,post,put,delete,patch].responses
error
response-description-required
All responses must have a description
$.paths[*][*].responses[*]
info
schema-properties-described
Schema properties should have descriptions
$.components.schemas[*].properties[*]
error
security-schemes-defined
Security schemes must be defined
$.components
error
security-api-key-header
API key should be passed in the header (not query)
$.components.securitySchemes[*][?(@.type=='apiKey')]
error
get-no-request-body
GET operations must not have a request body
$.paths[*].get
info
delete-returns-204
DELETE operations should return 204
$.paths[*].delete.responses

Spectral Ruleset

Raw ↑ 
rules:

  # INFO / METADATA
  info-title-aramark-prefix:
    description: API title must start with "Aramark"
    severity: error
    given: "$.info"
    then:
      field: title
      function: pattern
      functionOptions:
        match: "^Aramark"

  info-description-required:
    description: API must have a description
    severity: warn
    given: "$.info"
    then:
      field: description
      function: truthy

  info-version-required:
    description: API must have a version
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  # OPENAPI VERSION
  openapi-version-3:
    description: Use OpenAPI 3.0.x
    severity: error
    given: "$"
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\.0\\."

  # SERVERS
  servers-defined:
    description: Server URLs must be defined
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  servers-https:
    description: Server URLs must use HTTPS
    severity: error
    given: "$.servers[*]"
    then:
      field: url
      function: pattern
      functionOptions:
        match: "^https://"

  # OPERATIONS
  operation-id-required:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: operationId
      function: truthy

  operation-id-camel-case:
    description: OperationIds should use camelCase
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  operation-summary-required:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: summary
      function: truthy

  operation-summary-aramark-prefix:
    description: Operation summaries should start with "Aramark"
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: summary
      function: pattern
      functionOptions:
        match: "^Aramark"

  operation-description-required:
    description: All operations should have a description
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: description
      function: truthy

  operation-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: tags
      function: truthy

  # PARAMETERS
  parameter-description-required:
    description: All parameters must have a description
    severity: warn
    given: "$.paths[*][*].parameters[*]"
    then:
      field: description
      function: truthy

  # RESPONSES
  response-success-required:
    description: All operations must define a success response
    severity: error
    given: "$.paths[*][get,post,put,delete,patch].responses"
    then:
      function: truthy

  response-401-required:
    description: All secured operations should document 401 responses
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch].responses"
    then:
      field: "401"
      function: truthy

  response-description-required:
    description: All responses must have a description
    severity: error
    given: "$.paths[*][*].responses[*]"
    then:
      field: description
      function: truthy

  # SCHEMAS
  schema-properties-described:
    description: Schema properties should have descriptions
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  # SECURITY
  security-schemes-defined:
    description: Security schemes must be defined
    severity: error
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  security-api-key-header:
    description: API key should be passed in the header (not query)
    severity: error
    given: "$.components.securitySchemes[*][?(@.type=='apiKey')]"
    then:
      field: in
      function: enumeration
      functionOptions:
        values: [header]

  # HTTP METHODS
  get-no-request-body:
    description: GET operations must not have a request body
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  delete-returns-204:
    description: DELETE operations should return 204
    severity: info
    given: "$.paths[*].delete.responses"
    then:
      field: "204"
      function: truthy