ChrisPhillips-cminion/appic-gp.yaml Secret

## appic-gp.yaml
type: ruleset
ruleset_type: custom
api_version: 2.0.0
id: 7a7383a5-b923-4343-9b10-790b815bb6ba
name: apic-good-practises
title: APIC Good Practises
description: Series of rules to determine if APIs meet good practice. Taken from https://chrisphillips-cminion.github.io/
ruleset_version: 1.0.0
ruleset_state: draft
rule_urls:
  - https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
  - https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e
created_at: 2024-03-28 10:52:52.109+00
updated_at: 2024-03-28T11:52:27.000Z
url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/7a7383a5-b923-4343-9b10-790b815bb6ba
rules:
  - api_version: 2.0.0
    id: 5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
    name: gateway-script
    version: 1.0.0
    title: Does GatewayScript v2 contain require apim
    description: It is recommended that GatewayScript files do not use the apim module when not running in v5 compatible mode. This role will highlight where apim is being used
    given:
      - $.x-ibm-configuration.assembly.execute[*].gatewayscript
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].gatewayscript
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].gatewayscript
    severity: warn
    created_at: 2024-03-28T10:52:52.000Z
    updated_at: 2024-03-28T11:52:27.000Z
    url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
    then:
      - field: source
        function: pattern
        functionOptions:
          notMatch: require\(.apim.\)
  - api_version: 2.0.0
    id: b5810ebb-576a-44ab-bd7b-6a3623a2159e
    name: have-policy-titles-been-updated
    version: 1.0.0
    title: Have policy titles been updated
    description: It is good practise to update the title of each policy being used on an assembly. By independently naming each policy it means the API logic is easier to understand and in Analytics when analyzing the API latency users can quickly understand the latency of each policy.
    message: Policy title has not been updated
    given:
      - $.x-ibm-configuration.assembly.execute[*].*
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*
      - $.x-ibm-configuration.assembly.execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*.case[*].execute[*].*
    severity: info
    created_at: 2024-03-28T11:36:42.000Z
    updated_at: 2024-03-28T11:52:27.000Z
    url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e
    then:
      - field: title
        function: pattern
        functionOptions:
          notMatch: operation-switch
      - field: title
        function: pattern
        functionOptions:
          notMatch: gatewayscript
      - field: title
        function: pattern
        functionOptions:
          notMatch: xslt
      - field: title
        function: pattern
        functionOptions:
          notMatch: xml-to-json
      - field: title
        function: pattern
        functionOptions:
          notMatch: redact
      - field: title
        function: pattern
        functionOptions:
          notMatch: parse
      - field: title
        function: pattern
        functionOptions:
          notMatch: map
      - field: title
        function: pattern
        functionOptions:
          notMatch: json-to-xml
      - field: title
        function: pattern
        functionOptions:
          notMatch: extract
      - field: title
        function: pattern
        functionOptions:
          notMatch: jwt-generate
      - field: title
        function: pattern
        functionOptions:
          notMatch: client-security
      - field: title
        function: pattern
        functionOptions:
          notMatch: user-security
      - field: title
        function: pattern
        functionOptions:
          notMatch: jwt-validate
      - field: title
        function: pattern
        functionOptions:
          notMatch: validate-usernametoken
      - field: title
        function: pattern
        functionOptions:
          notMatch: wsdl
      - field: title
        function: pattern
        functionOptions:
          notMatch: validate
      - field: title
        function: pattern
        functionOptions:
          notMatch: set-variable
      - field: title
        function: pattern
        functionOptions:
          notMatch: result
      - field: title
        function: pattern
        functionOptions:
          notMatch: ratelimitinfo
      - field: title
        function: pattern
        functionOptions:
          notMatch: ratelimit
      - field: title
        function: pattern
        functionOptions:
          notMatch: log
      - field: title
        function: pattern
        functionOptions:
          notMatch: invoke
      - field: title
        function: pattern
        functionOptions:
          notMatch: switch
      - field: title
        function: pattern
        functionOptions:
          notMatch: throw
      - field: title
        function: pattern
        functionOptions:
          notMatch: graphql-introspect
      - field: title
        function: pattern
        functionOptions:
          notMatch: graphql-cost-analysis
	type: ruleset
	ruleset_type: custom
	api_version: 2.0.0
	id: 7a7383a5-b923-4343-9b10-790b815bb6ba
	name: apic-good-practises
	title: APIC Good Practises
	description: Series of rules to determine if APIs meet good practice. Taken from https://chrisphillips-cminion.github.io/
	ruleset_version: 1.0.0
	ruleset_state: draft
	rule_urls:
	- https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
	- https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e
	created_at: 2024-03-28 10:52:52.109+00
	updated_at: 2024-03-28T11:52:27.000Z
	url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/7a7383a5-b923-4343-9b10-790b815bb6ba
	rules:
	- api_version: 2.0.0
	id: 5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
	name: gateway-script
	version: 1.0.0
	title: Does GatewayScript v2 contain require apim
	description: It is recommended that GatewayScript files do not use the apim module when not running in v5 compatible mode. This role will highlight where apim is being used
	given:
	- $.x-ibm-configuration.assembly.execute[*].gatewayscript
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[].gatewayscript
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[*].gatewayscript
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[]..case[].execute[].gatewayscript
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[]..case[].execute[]..case[].execute[*].gatewayscript
	severity: warn
	created_at: 2024-03-28T10:52:52.000Z
	updated_at: 2024-03-28T11:52:27.000Z
	url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/5e249b7b-cfa5-4c10-9fb9-88fe350d6f1f
	then:
	- field: source
	function: pattern
	functionOptions:
	notMatch: require\(.apim.\)
	- api_version: 2.0.0
	id: b5810ebb-576a-44ab-bd7b-6a3623a2159e
	name: have-policy-titles-been-updated
	version: 1.0.0
	title: Have policy titles been updated
	description: It is good practise to update the title of each policy being used on an assembly. By independently naming each policy it means the API logic is easier to understand and in Analytics when analyzing the API latency users can quickly understand the latency of each policy.
	message: Policy title has not been updated
	given:
	- $.x-ibm-configuration.assembly.execute[].
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[].*
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[].
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[]..case[].execute[].*
	- $.x-ibm-configuration.assembly.execute[]..case[].execute[]..case[].execute[]..case[].execute[]..case[].execute[].
	severity: info
	created_at: 2024-03-28T11:36:42.000Z
	updated_at: 2024-03-28T11:52:27.000Z
	url: https://small-mgmt-compliance-service.apic2.svc:3077/governance/orgs/80d916dc-dad1-41fb-b019-f7890c136bad/rulesets/1.0.0-denis/rules/b5810ebb-576a-44ab-bd7b-6a3623a2159e
	then:
	- field: title
	function: pattern
	functionOptions:
	notMatch: operation-switch
	- field: title
	function: pattern
	functionOptions:
	notMatch: gatewayscript
	- field: title
	function: pattern
	functionOptions:
	notMatch: xslt
	- field: title
	function: pattern
	functionOptions:
	notMatch: xml-to-json
	- field: title
	function: pattern
	functionOptions:
	notMatch: redact
	- field: title
	function: pattern
	functionOptions:
	notMatch: parse
	- field: title
	function: pattern
	functionOptions:
	notMatch: map
	- field: title
	function: pattern
	functionOptions:
	notMatch: json-to-xml
	- field: title
	function: pattern
	functionOptions:
	notMatch: extract
	- field: title
	function: pattern
	functionOptions:
	notMatch: jwt-generate
	- field: title
	function: pattern
	functionOptions:
	notMatch: client-security
	- field: title
	function: pattern
	functionOptions:
	notMatch: user-security
	- field: title
	function: pattern
	functionOptions:
	notMatch: jwt-validate
	- field: title
	function: pattern
	functionOptions:
	notMatch: validate-usernametoken
	- field: title
	function: pattern
	functionOptions:
	notMatch: wsdl
	- field: title
	function: pattern
	functionOptions:
	notMatch: validate
	- field: title
	function: pattern
	functionOptions:
	notMatch: set-variable
	- field: title
	function: pattern
	functionOptions:
	notMatch: result
	- field: title
	function: pattern
	functionOptions:
	notMatch: ratelimitinfo
	- field: title
	function: pattern
	functionOptions:
	notMatch: ratelimit
	- field: title
	function: pattern
	functionOptions:
	notMatch: log
	- field: title
	function: pattern
	functionOptions:
	notMatch: invoke
	- field: title
	function: pattern
	functionOptions:
	notMatch: switch
	- field: title
	function: pattern
	functionOptions:
	notMatch: throw
	- field: title
	function: pattern
	functionOptions:
	notMatch: graphql-introspect
	- field: title
	function: pattern
	functionOptions:
	notMatch: graphql-cost-analysis