Sonatype · API Governance Rules

Sonatype API Rules

Spectral linting rules defining API design standards and conventions for Sonatype.

8 Rules error 2 warn 6
View Rules File View on GitHub

Rule Categories

sonatype

Rules

warn
sonatype-path-version-prefix
$.paths[*]~
warn
sonatype-operation-summary-title-case
$.paths[*][*].summary
error
sonatype-operation-id-required
$.paths[*][get,post,put,delete,patch]
warn
sonatype-owner-type-param-naming
$.paths[*]~
warn
sonatype-operation-tags-required
$.paths[*][get,post,put,delete,patch]
error
sonatype-security-schemes-defined
$.components.securitySchemes
warn
sonatype-success-response-required
$.paths[*][get,post,put,delete,patch].responses
warn
sonatype-no-trailing-slash
$.paths[*]~

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:

  # Sonatype Lifecycle API uses /api/v2/ versioning prefix
  sonatype-path-version-prefix:
    message: "Paths must start with /api/v2/"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^/api/v2/"

  # All operation summaries should use Title Case
  sonatype-operation-summary-title-case:
    message: "Operation summaries should use Title Case"
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  # All operations should have an operationId
  sonatype-operation-id-required:
    message: "Operations must have an operationId"
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: operationId
      function: truthy

  # Owner type path parameters should follow {ownerType} convention
  sonatype-owner-type-param-naming:
    message: "Owner type parameters should use {ownerType}"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "\\{owner_type\\}|\\{ownertype\\}"

  # Operations must have at least one tag
  sonatype-operation-tags-required:
    message: "Operations must have at least one tag"
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: tags
      function: truthy

  # API must define security schemes
  sonatype-security-schemes-defined:
    message: "API must define security schemes"
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy

  # Responses must document at least a 2xx response
  sonatype-success-response-required:
    message: "Operations must document at least one success response"
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch].responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ["200"]
            - required: ["201"]
            - required: ["204"]

  # No trailing slashes on paths
  sonatype-no-trailing-slash:
    message: "Paths must not end with a trailing slash"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"