Cloud Storage · API Governance Rules

Cloud Storage API Rules

Spectral linting rules defining API design standards and conventions for Cloud Storage.

9 Rules error 4 warn 4 info 1

View Rules File View on GitHub

Rule Categories

Rules

error

cs-info-contact

API contact information must be present.

$.info

warn

cs-info-license

API license must be declared.

$.info

error

cs-server-https

All server URLs must use HTTPS.

$.servers[*].url

error

cs-security-required

A security scheme must be defined (signed requests or token).

$.components.securitySchemes

warn

cs-operation-tags

Every operation must declare at least one tag.

$.paths[*][get,post,put,patch,delete]

warn

cs-operation-summary

Every operation must include a short summary.

$.paths[*][get,post,put,patch,delete]

error

cs-operation-id

Every operation must declare a unique operationId.

$.paths[*][get,post,put,patch,delete]

warn

cs-error-responses

Mutating operations should declare 4xx error responses.

$.paths[*][post,put,patch,delete].responses

info

cs-list-pagination

List-objects endpoints should support pagination markers.

$.paths[?(@property.match(/list$|objects$|buckets$|volumes$|snapshots$/))].get.parameters[*].name

Spectral Ruleset

extends:
  - spectral:oas

# Spectral linting rules for any Cloud Storage API in this topic
# profile. These rules apply to S3-compatible and native object,
# file, and block storage APIs.
rules:
  cs-info-contact:
    description: API contact information must be present.
    severity: error
    given: "$.info"
    then:
      field: contact
      function: truthy

  cs-info-license:
    description: API license must be declared.
    severity: warn
    given: "$.info"
    then:
      field: license
      function: truthy

  cs-server-https:
    description: All server URLs must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  cs-security-required:
    description: A security scheme must be defined (signed requests or token).
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy

  cs-operation-tags:
    description: Every operation must declare at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  cs-operation-summary:
    description: Every operation must include a short summary.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  cs-operation-id:
    description: Every operation must declare a unique operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  cs-error-responses:
    description: Mutating operations should declare 4xx error responses.
    severity: warn
    given: "$.paths[*][post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["400"]
            - required: ["401"]
            - required: ["403"]
            - required: ["404"]
            - required: ["409"]

  cs-list-pagination:
    description: List-objects endpoints should support pagination markers.
    severity: info
    given: "$.paths[?(@property.match(/list$|objects$|buckets$|volumes$|snapshots$/))].get.parameters[*].name"
    then:
      function: enumeration
      functionOptions:
        values:
          - marker
          - continuation-token
          - max-keys
          - maxResults
          - pageToken
          - prefix
          - delimiter
          - start-after