Created
January 11, 2022 21:39
-
-
Save ioggstream/7f2adcafbee36ced17c07d52b927343a to your computer and use it in GitHub Desktop.
Spectral validation file for PDND APIs - Draft
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a custom API ruleset to accomodate the PDND APIs: | |
# see below the changes. | |
# It is based on the ruleset published by the API OAS Checker project. | |
extends: | |
- spectral:oas | |
- https://italia.github.io/api-oas-checker/spectral-full.yml | |
rules: | |
# The priority of the following rules is lowered to `hint` | |
# because they are not capable of checking whether a global | |
# `security` policy is defined. | |
sec-protection-get: hint | |
sec-protection-unsafe: hint | |
# The following experimental rule ensures that either a `#/security` policy | |
# is defined, or each operation defines its own policy. | |
# This rule can be tweaked! Please reach out roberto@teamdigitale.governo.it | |
# for further clarification. | |
sec-protection-global-security: | |
description: |- | |
Your API should be protected by a `security` rule either at | |
global or operation level. | |
All operations should be protected especially when they | |
not safe (methods that do not alter the state of the server) | |
HTTP methods like `POST`, `PUT`, `PATCH` and `DELETE`. | |
This is done with one or more non-empty `security` rules. | |
Security rules are defined in the `securityScheme` section. | |
An example of a security rule applied at global level. | |
``` | |
security: | |
- BasicAuth: [] | |
paths: | |
/books: {} | |
/users: {} | |
securitySchemes: | |
BasicAuth: | |
scheme: http | |
type: basic | |
``` | |
An example of a security rule applied at operation level, which | |
eventually overrides the global one | |
``` | |
paths: | |
/books: | |
post: | |
security: | |
- AccessToken: [] | |
securitySchemes: | |
BasicAuth: | |
scheme: http | |
type: basic | |
AccessToken: | |
scheme: http | |
type: bearer | |
bearerFormat: JWT | |
``` | |
# Note: this rule applies to the whole API specification. | |
given: "$" | |
then: | |
- function: schema | |
functionOptions: | |
schema: | |
anyOf: | |
- type: object | |
required: [security] | |
properties: | |
security: | |
type: array | |
minItems: 0 | |
items: | |
type: object | |
- type: object | |
properties: | |
paths: | |
type: object | |
additionalProperties: # /target-url | |
type: object | |
additionalProperties: # method | |
type: object | |
required: [security] | |
properties: | |
security: | |
type: array | |
minItems: 0 | |
items: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment