Skip to content

Instantly share code, notes, and snippets.

@bhatikuldeep

bhatikuldeep/.spectral.yaml

Last active January 5, 2022 15:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bhatikuldeep/84e30ba2b9529c0f3957f143c3129b4b to your computer and use it in GitHub Desktop.
Save bhatikuldeep/84e30ba2b9529c0f3957f143c3129b4b to your computer and use it in GitHub Desktop.
Download ZIP
.spectral.yaml
Raw
.spectral.yaml
extends:
- "spectral:oas"
rules:
operation-tag-defined: true
operation-success-response: true
oas3-server-trailing-slash: true
#Path must not end with Slash.
path-keys-no-trailing-slash:
message: "Path must not end with slash."
severity: error
given: "$.paths[*]~"
then:
function: pattern
functionOptions:
notMatch: ".+\\/$"
# Require 3-part Semantic Versions as the spec versions.
semver:
severity: error
recommended: true
message: Specs should follow semantic versioning. {{value}} is not a valid version.
given: $.info.version
then:
function: pattern
functionOptions:
match: "^([0-9]+.[0-9]+.[0-9]+)$"
# Input Request should only be of Type - application/json
content-type-application-json-specific:
description: Every request SHOULD support `application/json` media type
severity: error
message: "{{description}}"
given:
- $.paths[*][*][requestBody].content
then:
field: "application/json"
function: truthy
# Path Parameters should always be lowercase and should be in kebab-case
paths-kebab-case:
description: "Path Should paths be kebab-case."
message: "{{property}} should be kebab-case (lower case and separated with hyphens)"
severity: error
given: $.paths[*]~
then:
function: pattern
functionOptions:
match: "^(\/|[a-z-.]+|{[a-z-]+})+$"
# Security must be applied to "write" endpoints
security-must-be-enforced-for-unsafe-endpoints:
message: Security must be applied to "write" endpoints
severity: error
given: "$.paths.*[?(@property == 'post' || @property == 'put' || @property == 'patch' || @property == 'delete')]"
then:
- field: security
function: truthy
# Get Method should not have Body Parameters
request-GET-no-body:
message: GET operations cannot have a requestBody.
description: A `GET` request MUST NOT accept a `body` parameter
severity: error
given: $.paths..get.requestBody
then:
- field: requestBody
function: truthy
# Defined Query parameter should be Snake_Case
query-parameter-snake-case:
description: "Query parameters should be snake case"
severity: error
given: "$..parameters.[?(@.in === 'query')].name"
then:
function: casing
functionOptions:
type: snake
# Only Https Protocol is Allowed
oas3-protocol-https-only:
description: "ALL requests MUST go through `https` protocol only"
severity: error
message: "Servers MUST be https and no other protocol is allowed."
given: $.servers..url
then:
function: pattern
functionOptions:
match: "/^https:/"
# Defined Field Name should be snake_case
field-name-snake-case:
description: "Field name should be snake case"
severity: warn
message: '"{{property}}" is not snake_case: {{error}}'
given: $.components..properties[*]~
then:
function: casing
functionOptions:
type: snake
# custom Spectral rule to ensure request bodies and non-204 responses provide content object
content-entry-provided:
description: Request bodies and non-204 responses should define a content object
given:
- $.paths[*][*].responses[?(@property != '204')]
- $.paths[*][*].requestBody
severity: warn
formats: ["oas3"]
resolved: true
then:
field: content
function: truthy
# Operation Id must be kebab-case
operationid-must-be-kebab-cased:
description: "operationIds must be kebab cased and lowercase (e.g. kebab-case)"
type: style
given: "$..operationId"
severity: error
message: "{{description}}; {{value}} incorrect"
then:
function: casing
functionOptions:
type: kebab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment