Solo.io · API Governance Rules

Solo.io API Rules

Spectral linting rules defining API design standards and conventions for Solo.io.

9 Rules error 2 warn 5 info 2
View Rules File View on GitHub

Rule Categories

solo

Rules

warn
solo-io-operation-summary-title-case
All operation summaries must use Title Case
$.paths[*][*].summary
error
solo-io-operation-id-required
All operations must have an operationId
$.paths[*][get,post,put,patch,delete,options,head]
warn
solo-io-tags-required
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]
info
solo-io-namespace-name-path-params
Resource paths should use namespace and name path parameters
$.paths
error
solo-io-200-response-required
All GET operations must have a 200 response
$.paths[*].get.responses
warn
solo-io-response-schema-required
Successful responses must include a schema
$.paths[*][get,post].responses[200,201].content
warn
solo-io-security-defined
Operations accessing user data must define security requirements
$.paths[*][get,post,put,patch,delete]
warn
solo-io-kebab-case-paths
Path segments must use kebab-case
$.paths
info
solo-io-bearer-auth-scheme
Authentication must use bearer token scheme consistent with Solo.io OIDC
$.components.securitySchemes

Spectral Ruleset

Raw ↑ 
rules:
  solo-io-operation-summary-title-case:
    description: All operation summaries must use Title Case
    message: Operation summary "{{value}}" must use Title Case
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-z]*(\\s[A-Z][a-z]*)*$"

  solo-io-operation-id-required:
    description: All operations must have an operationId
    message: Operation must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,options,head]"
    then:
      field: operationId
      function: truthy

  solo-io-tags-required:
    description: All operations must have at least one tag
    message: Operation must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  solo-io-namespace-name-path-params:
    description: Resource paths should use namespace and name path parameters
    message: >-
      Gloo resource paths should use {namespace}/{name} pattern for individual
      resource access
    severity: info
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: ".*"

  solo-io-200-response-required:
    description: All GET operations must have a 200 response
    message: GET operation must define a 200 response
    severity: error
    given: "$.paths[*].get.responses"
    then:
      field: "200"
      function: truthy

  solo-io-response-schema-required:
    description: Successful responses must include a schema
    message: Response 200/201 must include a content schema
    severity: warn
    given: "$.paths[*][get,post].responses[200,201].content"
    then:
      function: truthy

  solo-io-security-defined:
    description: Operations accessing user data must define security requirements
    message: Operation should define security requirements
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: security
      function: truthy

  solo-io-kebab-case-paths:
    description: Path segments must use kebab-case
    message: Path segment "{{value}}" must use kebab-case (lowercase with hyphens)
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^(\\/([a-z][a-z0-9-]*|\\{[a-zA-Z]+\\}))*$"

  solo-io-bearer-auth-scheme:
    description: Authentication must use bearer token scheme consistent with Solo.io OIDC
    message: Security scheme must be bearerAuth or apiKeyAuth
    severity: info
    given: "$.components.securitySchemes"
    then:
      function: truthy