Cloudability · API Governance Rules

Cloudability API Rules

Spectral linting rules defining API design standards and conventions for Cloudability.

11 Rules error 4 warn 6 info 1
View Rules File View on GitHub

Rule Categories

cloudability

Rules

error
cloudability-info-contact
API contact information must be present.
$.info
warn
cloudability-info-license
API license must be declared.
$.info
error
cloudability-server-https
All server URLs must use HTTPS.
$.servers[*].url
warn
cloudability-server-versioned
API server URLs must include /v3.
$.servers[?(@.url && @.url.indexOf('cloudability.com') > -1)].url
error
cloudability-basic-auth
A basic-auth security scheme (API token) must be defined.
$.components.securitySchemes
warn
cloudability-operation-tags
Every operation must declare at least one tag.
$.paths[*][get,post,put,patch,delete]
warn
cloudability-operation-summary
Every operation must include a short summary.
$.paths[*][get,post,put,patch,delete]
error
cloudability-operation-id
Every operation must declare a unique operationId.
$.paths[*][get,post,put,patch,delete]
warn
cloudability-error-responses
Mutating operations should declare 4xx error responses.
$.paths[*][post,put,patch,delete].responses
info
cloudability-pagination-limit-offset
List endpoints should accept limit and offset query params.
$.paths[?(@property.match(/list$|reports$|recommendations$|anomalies$|business-mappings$/))].get.parameters[*].name
warn
cloudability-currency-iso
Currency parameters and properties should use ISO 4217 codes.
$..[?(@property === 'currency')].schema

Spectral Ruleset

cloudability-rules.yml Raw ↑ 
extends:
  - spectral:oas

# Spectral linting rules tuned for the Cloudability v3 REST API.
# Validates conventions described at
# https://www.ibm.com/docs/en/cloudability-commercial/cloudability-premium/saas
# — HTTPS only, HTTP basic auth with an API token, JSON responses,
# limit/offset pagination, and resource-oriented v3 paths.
rules:
  cloudability-info-contact:
    description: API contact information must be present.
    severity: error
    given: "$.info"
    then:
      field: contact
      function: truthy

  cloudability-info-license:
    description: API license must be declared.
    severity: warn
    given: "$.info"
    then:
      field: license
      function: truthy

  cloudability-server-https:
    description: All server URLs must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  cloudability-server-versioned:
    description: API server URLs must include /v3.
    severity: warn
    given: "$.servers[?(@.url && @.url.indexOf('cloudability.com') > -1)].url"
    then:
      function: pattern
      functionOptions:
        match: "/v3(/|$)"

  cloudability-basic-auth:
    description: A basic-auth security scheme (API token) must be defined.
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy

  cloudability-operation-tags:
    description: Every operation must declare at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  cloudability-operation-summary:
    description: Every operation must include a short summary.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  cloudability-operation-id:
    description: Every operation must declare a unique operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  cloudability-error-responses:
    description: Mutating operations should declare 4xx error responses.
    severity: warn
    given: "$.paths[*][post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["400"]
            - required: ["401"]
            - required: ["403"]
            - required: ["404"]
            - required: ["422"]

  cloudability-pagination-limit-offset:
    description: List endpoints should accept limit and offset query params.
    severity: info
    given: "$.paths[?(@property.match(/list$|reports$|recommendations$|anomalies$|business-mappings$/))].get.parameters[*].name"
    then:
      function: enumeration
      functionOptions:
        values:
          - limit
          - offset
          - sort
          - filters
          - dimensions
          - metrics
          - start_date
          - end_date

  cloudability-currency-iso:
    description: Currency parameters and properties should use ISO 4217 codes.
    severity: warn
    given: "$..[?(@property === 'currency')].schema"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            pattern:
              type: string
              enum:
                - "^[A-Z]{3}$"