-
-
Save ChrisPhillips-cminion/fc200d73ecc4c1232a164df474bc41b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
type: ruleset | |
ruleset_type: custom | |
api_version: 2.0.0 | |
id: 7a7383a5-b923-4343-9b10-790b815bb6ba | |
name: apic-good-practises | |
title: APIC Good Practises | |
description: Series of rules to determine if APIs meet good practice. Taken from https://chrisphillips-cminion.github.io/ | |
ruleset_version: 1.0.0 | |
ruleset_state: draft | |
rule_urls: | |
- https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f | |
- https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e | |
created_at: 2024-03-28 10:52:52.109+00 | |
updated_at: 2024-03-28T11:52:27.000Z | |
url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/7a7383a5-b923-4343-9b10-790b815bb6ba | |
rules: | |
- api_version: 2.0.0 | |
id: 5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f | |
name: gateway-script | |
version: 1.0.0 | |
title: Does GatewayScript v2 contain require apim | |
description: It is recommended that GatewayScript files do not use the apim module when not running in v5 compatible mode. This role will highlight where apim is being used | |
given: | |
- $.x-ibm-configuration.assembly.execute[*].gatewayscript | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].gatewayscript | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript | |
severity: warn | |
created_at: 2024-03-28T10:52:52.000Z | |
updated_at: 2024-03-28T11:52:27.000Z | |
url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f | |
then: | |
- field: source | |
function: pattern | |
functionOptions: | |
notMatch: require\(.apim.\) | |
- api_version: 2.0.0 | |
id: b5810ebb-576a-44ab-bd7b-6a3623a2159e | |
name: have-policy-titles-been-updated | |
version: 1.0.0 | |
title: Have policy titles been updated | |
description: It is good practise to update the title of each policy being used on an assembly. By independently naming each policy it means the API logic is easier to understand and in Analytics when analyzing the API latency users can quickly understand the latency of each policy. | |
message: Policy title has not been updated | |
given: | |
- $.x-ibm-configuration.assembly.execute[*].* | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].* | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].* | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].* | |
- $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].* | |
severity: info | |
created_at: 2024-03-28T11:36:42.000Z | |
updated_at: 2024-03-28T11:52:27.000Z | |
url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e | |
then: | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: operation-switch | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: gatewayscript | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: xslt | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: xml-to-json | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: redact | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: parse | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: map | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: json-to-xml | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: extract | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: jwt-generate | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: client-security | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: user-security | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: jwt-validate | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: validate-usernametoken | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: wsdl | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: validate | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: set-variable | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: result | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: ratelimitinfo | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: ratelimit | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: log | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: invoke | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: switch | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: throw | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: graphql-introspect | |
- field: title | |
function: pattern | |
functionOptions: | |
notMatch: graphql-cost-analysis |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment