CLOUDP-271994: IPA-106: Validate Create methods accepts no query params (#485)

yelizhenden-mdb · web-flow · commit b3656385f2ca · 2025-03-06T13:05:15.000Z
diff --git a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js
@@ -0,0 +1,146 @@
+import testRule from './__helpers__/testRule';
+import { DiagnosticSeverity } from '@stoplight/types';
+
+const componentSchemas = {
+  schemas: {
+    Schema: {
+      type: 'object',
+    },
+  },
+  parameters: {
+    QueryParam: {
+      name: 'query-param',
+      in: 'query',
+      schema: {
+        type: 'string',
+      },
+    },
+    PathParam: {
+      name: 'resource-id',
+      in: 'path',
+      schema: {
+        type: 'string',
+      },
+    },
+  },
+};
+
+testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [
+  {
+    name: 'valid methods',
+    document: {
+      components: componentSchemas,
+      paths: {
+        '/resource': {
+          post: {
+            parameters: [
+              {
+                name: 'header-param',
+                in: 'header',
+                schema: { type: 'string' },
+              },
+              {
+                name: 'resource-id',
+                in: 'path',
+                schema: {
+                  $ref: '#/components/schemas/Schema',
+                },
+              },
+              {
+                $ref: '#/components/parameters/PathParam',
+              },
+            ],
+          },
+        },
+        '/resource2': {
+          post: {
+            parameters: [],
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+  {
+    name: 'invalid methods',
+    document: {
+      components: componentSchemas,
+      paths: {
+        '/resource': {
+          post: {
+            parameters: [
+              {
+                name: 'filter',
+                in: 'query',
+                schema: { type: 'string' },
+              },
+            ],
+          },
+        },
+        '/resource2': {
+          post: {
+            parameters: [
+              {
+                name: 'header-param',
+                in: 'header',
+                schema: { type: 'string' },
+              },
+              {
+                $ref: '#/components/parameters/QueryParam',
+              },
+            ],
+          },
+        },
+      },
+    },
+    errors: [
+      {
+        code: 'xgen-IPA-106-create-method-should-not-have-query-parameters',
+        message: 'Create operations should not have query parameters. http://go/ipa/106',
+        path: ['paths', '/resource', 'post'],
+        severity: DiagnosticSeverity.Warning,
+      },
+      {
+        code: 'xgen-IPA-106-create-method-should-not-have-query-parameters',
+        message: 'Create operations should not have query parameters. http://go/ipa/106',
+        path: ['paths', '/resource2', 'post'],
+        severity: DiagnosticSeverity.Warning,
+      },
+    ],
+  },
+  {
+    name: 'invalid methods with exceptions',
+    document: {
+      components: componentSchemas,
+      paths: {
+        '/resource': {
+          post: {
+            parameters: [
+              {
+                name: 'filter',
+                in: 'query',
+                schema: { type: 'string' },
+              },
+            ],
+            'x-xgen-IPA-exception': {
+              'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason',
+            },
+          },
+        },
+        '/resource2': {
+          post: {
+            parameters: [
+              {
+                $ref: '#/components/parameters/QueryParam',
+              },
+            ],
+            'x-xgen-IPA-exception': {
+              'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason',
+            },
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+]);
diff --git a/tools/spectral/ipa/rulesets/IPA-106.yaml b/tools/spectral/ipa/rulesets/IPA-106.yaml
@@ -3,6 +3,7 @@
 
 functions:
   - createMethodRequestBodyIsRequestSuffixedObject
+  - createMethodShouldNotHaveQueryParameters
 
 rules:
   xgen-IPA-106-create-method-request-body-is-request-suffixed-object:
@@ -13,3 +14,10 @@ rules:
     then:
       field: '@key'
       function: 'createMethodRequestBodyIsRequestSuffixedObject'
+  xgen-IPA-106-create-method-should-not-have-query-parameters:
+    description: 'Create operations should not use query parameters. http://go/ipa/xxx'
+    message: '{{error}} http://go/ipa/106'
+    severity: warn
+    given: '$.paths[*].post'
+    then:
+      function: 'createMethodShouldNotHaveQueryParameters'
diff --git a/tools/spectral/ipa/rulesets/README.md b/tools/spectral/ipa/rulesets/README.md
@@ -41,6 +41,7 @@ For rule definitions, see [IPA-106.yaml](https://github.com/mongodb/openapi/blob
 | Rule Name                                                          | Description                                                                      | Severity |
 | ------------------------------------------------------------------ | -------------------------------------------------------------------------------- | -------- |
 | xgen-IPA-106-create-method-request-body-is-request-suffixed-object | The Create method request should be a Request suffixed object. http://go/ipa/106 | warn     |
+| xgen-IPA-106-create-method-should-not-have-query-parameters        | Create operations should not use query parameters. http://go/ipa/xxx             | warn     |
 
 ### IPA-109
 
diff --git a/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js b/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js
@@ -0,0 +1,32 @@
+import { hasException } from './utils/exceptions.js';
+import { collectAdoption, collectAndReturnViolation, collectException } from './utils/collectionUtils.js';
+import { isCustomMethodIdentifier } from './utils/resourceEvaluation.js';
+
+const RULE_NAME = 'xgen-IPA-106-create-method-should-not-have-query-parameters';
+const ERROR_MESSAGE = 'Create operations should not have query parameters.';
+
+export default (input, _, { path }) => {
+  const resourcePath = path[1];
+
+  if (isCustomMethodIdentifier(resourcePath)) {
+    return;
+  }
+
+  const postMethod = input;
+  if (!postMethod.parameters || postMethod.parameters.length === 0) {
+    return;
+  }
+
+  if (hasException(postMethod, RULE_NAME)) {
+    collectException(postMethod, RULE_NAME, path);
+    return;
+  }
+
+  for (const parameter of postMethod.parameters) {
+    if (parameter.in === 'query') {
+      return collectAndReturnViolation(path, RULE_NAME, ERROR_MESSAGE);
+    }
+  }
+
+  collectAdoption(path, RULE_NAME);
+};
