CLI for API Governance

Use the governance commands to automate your API Governance processes. For more information about how to use these commands, refer to the API Governance documentation.

Command

Description

governance:api:evaluate

Evaluates filter criteria to determine which rulesets apply to APIs that meet that criteria

governance:api:inspect

Inspects an API specification and lists its schemas

governance:api:validate

Validates an API specification against a specified governance ruleset

governance:document

Creates the documentation file for a governance ruleset definition

governance:profile:create

Creates an active governance profile

governance:profile:delete

Deletes a governance profile

governance:profile:info

Lists information for a specific governance profile ID

governance:profile:list

Lists all governance profiles for an organization

governance:profile:update

Updates a governance profile

governance:ruleset:clone

Clones a governance ruleset and applies specified updates to rules

governance:ruleset:info

Lists ruleset rules

governance:ruleset:init

Initializes a governance ruleset definition based on a data schema

governance:ruleset:validate

Validates a governance ruleset definition’s format

governance:api:evaluate

> governance:api:evaluate [flags]

Evaluates specified filters to determine the rulesets that would be applied to your APIs that meet that criteria.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--api=<api>`	The API project against which you want to evaluate. The command uses the criteria in the project’s `exchange.json` file.
`--criteria <filtertype:filtervalue>,…`	Enables you to apply filters to select the list of APIs to which the profile rulesets apply. Specify a list of comma-separated filters where each filter has a type and value in the format `filtertype:filtervalue`. Available filters include: `scope`: API type. Supported values are: `async-api`, `http-api`, or `rest-api`. `tag`: Tag defined for APIs in Exchange. `category`: Category defined for APIs in Exchange, where the filter value is specified in two parts as `categoryName:value`. `env-type`: Environment type. Supported values are: `any`, `production`, or `sandbox`. `env-id`: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts. If `env-type` or `env-id` is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered. To deselect the API Instance filter in the profile using the CLI, update the profile using the `--criteria` flag with neither `env-type` nor `env-id`. Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production

--api=<api>

The API project against which you want to evaluate. The command uses the criteria in the project’s exchange.json file.

--criteria <filtertype:filtervalue>,…

Enables you to apply filters to select the list of APIs to which the profile rulesets apply. Specify a list of comma-separated filters where each filter has a type and value in the format filtertype:filtervalue.

Available filters include:

scope: API type. Supported values are: async-api, http-api, or rest-api.
tag: Tag defined for APIs in Exchange.
category: Category defined for APIs in Exchange, where the filter value is specified in two parts as categoryName:value.
env-type: Environment type. Supported values are: any, production, or sandbox.
env-id: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts.

If env-type or env-id is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered.

To deselect the API Instance filter in the profile using the CLI, update the profile using the --criteria flag with neither env-type nor env-id.

Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production

This command must be run with either the --criteria or the --api flag.

Example commands:

anypoint-cli-v4 governance:api:evaluate --criteria "tag:best,category:API Type:Experience API,scope:rest-api"

anypoint-cli-v4 governance:api:evaluate --api order-api-1.0.0-raml.zip
where order-api-1.0.0-raml.zip contains an API and its exchange.json file

Example output:

╔════════════════════════════════════════════════════════════════════╗
║ Ruleset GAV                                                        ║
╟────────────────────────────────────────────────────────────────────╢
║ 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.5.1 ║
╟────────────────────────────────────────────────────────────────────╢
║ 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.1 ║
╚════════════════════════════════════════════════════════════════════╝

governance:api:inspect

> governance:api:inspect [flags] <api-specification>

Inspects the API specification passed in api-specification and lists all its schemas, such as headers, requests, and response payloads. You can use this schema information in the governance:ruleset:init command. See governance:ruleset:init.

This command accepts the default flags.

Example command:

anypoint-cli-v4 governance:api:inspect my-healthcare-api.yaml

Example schema

types:
  patientmultipleBirthBoolean:
    properties:
      multipleBirthBoolean:
        description: Whether patient is part of a multiple birth
        type: boolean
  patientmultipleBirthInteger:
    properties:
      multipleBirthInteger:
        description: Whether patient is part of a multiple birth
        type: integer

        .
        .
        .

  PatientEntry:
    type: FHIR_commons.Entry
    properties:
      resource: Patient

  PatientBundle:
    type: FHIR_commons.Bundle
    properties:
      entry?: PatientEntry[]

Example output:

  'patientmultipleBirthBoolean',
  'PatientBundle',
  'patientmultipleBirthInteger',
  'PatientEntry'

governance:api:validate

> governance:api:validate <api-specification> [flags]

Validates the API specification passed in api-specification against specified rulesets.

This command has multi-option flags. When using multi-option flags in a command, either put the parameter before the flags or use "-- " (two dashes followed by a space) before the parameter.

You can specify api-specification as one of the following:

An API project ZIP file
An API project folder
An asset identifier for an API project, if the --remote flag is specified. An asset identifier is a group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange.

You can specify rulesets against which to validate as follows:

To use an existing exchange.json file that defines your API project’s ruleset dependencies, ensure that the exchange.json file is included in the folder or ZIP file that you specify in api-specification. If the exchange.json file is present, the command downloads all of the ruleset dependencies and validates against those rulesets. The ruleset dependencies are present in the exchange.json file only if dependencies are defined for that API project in API Designer. See Add Rulesets to Your Project.
To validate directly against rulesets published in Exchange, use the --remote-rulesets flag.
To validate against local rulesets, use the --rulesets flag.

Duplicate rulesets are not detected, so if you use more than one of the preceding ways of identifying rulesets in the same command execution, some rulesets might be validated multiple times.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--rulesets <ruleset-yaml-file1> <ruleset-yaml-file2> …`	Local ruleset definitions. The `rulesets` flag is followed by a list of ruleset YAML files separated by spaces.
`--remote-rulesets <ruleset-asset-identifier> <ruleset-asset-identifier> …`	Remote ruleset definitions. The `remote-rulesets` flag is followed by a list of ruleset asset identifiers separated by spaces. An asset identifier is a group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: `<group_id>/<asset_id>/<version>,<group_id>/<asset_id>/<version>` See Get Exchange Asset Identifiers.
`--remote`	Flag to indicate that the validation should be done against a published API. The value passed in `api-specification` is the API’s asset identifier. An asset identifier is a group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: `<group_id>/<asset_id>/<version>` See Get Exchange Asset Identifiers.

--rulesets <ruleset-yaml-file1> <ruleset-yaml-file2> …

Local ruleset definitions. The rulesets flag is followed by a list of ruleset YAML files separated by spaces.

--remote-rulesets <ruleset-asset-identifier> <ruleset-asset-identifier> …

Remote ruleset definitions. The remote-rulesets flag is followed by a list of ruleset asset identifiers separated by spaces. An asset identifier is a group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: <group_id>/<asset_id>/<version>,<group_id>/<asset_id>/<version>

See Get Exchange Asset Identifiers.

--remote

Flag to indicate that the validation should be done against a published API. The value passed in api-specification is the API’s asset identifier. An asset identifier is a group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: <group_id>/<asset_id>/<version>

See Get Exchange Asset Identifiers.

Example commands:

anypoint-cli-v4 governance:api:validate /MyApis/order-api-1.0.0-raml.zip

anypoint-cli-v4 governance:api:validate /MyApis/order-api-1.0.0-raml

anypoint-cli-v4 governance:api:validate /MyApis/order-api-1.0.0-raml.zip --rulesets /MyRulesets/ruleset1.yaml /MyRulesets/ruleset2.yaml

anypoint-cli-v4 governance:api:validate /MyApis/order-api-1.0.0-raml.zip --remote-rulesets 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1

anypoint-cli-v4 governance:api:validate 8a840abd-e63a-4f8b-87ab-24052eda2017/order-api/1.0.0 --remote-rulesets 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1 --remote

Example output:

For a specification that is conformant to the ruleset:

 Spec conforms with Ruleset

For a specification that is nonconformant to the ruleset:

Conforms: false
Number of results: 3 (1)

Functional Validations
----------------------

Constraint: http://a.ml/vocabularies/amf/core#declaration-not-found
Severity: Violation
Message: not supported scalar for documentation
Target: null
Range: [(6,3)-(6,3)]
Location: file:///Users/myuser/Downloads/order-api-1.0.0-raml/order-api-1.0.0-raml

Conformance Validations (2)
-----------------------

Constraint: file:///exchange_modules/68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.0/ruleset.yaml#/encodes/validations/api-must-have-documentation (3)
Severity: Warning (4)
Message: Provide the documentation for the API. (5)
Target: amf://id#2 (6)
Range: [(2,0)-(6,4)] (7)
Location: file:///Users/myuser/Downloads/order-api-1.0.0-raml/order-api-1.0.0-raml (8)

Constraint: file:///exchange_modules/8a840abd-e63a-4f8b-87ab-24052eda2017/best-practices-ruleset/1.0.0/bestpractices.yaml#/encodes/validations/api-must-have-documentation
Severity: Violation
Message: Provide the documentation for the API
Target: amf://id#2
Range: [(2,0)-(6,4)]
Location: file:///Users/myuser/Downloads/order-api-1.0.0-raml/order-api-1.0.0-raml

1	Total of functional and conformance validation issues found
2	Conformance issues section
3	Ruleset and rule to which this set of issues applies
4	Severity level for the issue
5	Description of the issue
6	AMF model node ID; for information on the AMF model, see Creating Custom Governance Rulesets
7	Beginning line number and column and end line number and column in the API specification where the issue occurs, where column is the offset from the beginning of the line and numbering for the offset starts at 0
8	The file in which the issue occurs, either the main file or one of its dependencies

governance:document

> governance:document [flags] <ruleset> <doc-file>

Creates the documentation for the API Governance ruleset definition ZIP file specified in ruleset. It puts the documentation in the doc-file ZIP file for you to upload and publish to Exchange.

This command accepts the default flags.

Example command:

anypoint-cli-v4 governance:document /myrulesetfolder/mynewruleset.yaml /myrulesetfolder/ruleset.doc.zip

Example output:

validation name [ 'security-fields-operation-empty' ]
validation name [ 'access-tokens-oauth2-cleartext' ]
validation name [ 'insecure-oauth2-grants' ]
validation name [ 'api-keys-in-cookie' ]
validation name [ 'api-keys-in-query' ]
validation name [ 'api-keys-in-header' ]
validation name [ 'api-negotiates-authentication' ]
validation name [ 'insecure-basic-auth' ]
validation name [ 'bearer-token-cleartext' ]
validation name [ 'http-token-cleartext' ]
validation name [ 'oauth1-deprecated' ]
validation name [ 'oauth2-redirections-non-encrypted' ]
validation name [ 'unknown-security-scheme' ]
validation name [ 'valid-server-urltemplate' ]
validation name [ 'valid-oauth2-redirection-urls' ]
Saving to myRulesetFolder/ruleset.doc.zip

governance:profile:create

> governance:profile:create [flags] <profile-name> <ruleset-asset-identifiers>

Creates an active governance profile using a string value for the new governance profile name specified in profile-name.

You must include ruleset-asset-identifiers, a comma-separated list of ruleset asset identifiers, each of which is the group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: <group_id>/<asset_id>/<version>,<group_id>/<asset_id>/<version>, where <version> is a specific version or latest. If you use latest as the version, the profile automatically uses the latest version of the ruleset when versions are published after you create the profile. See Get Exchange Asset Identifiers.

You can use one of the notify flags to configure notifications for the profile you are creating. If you do not use a notify flag, no notifications are configured by the command. Notifications are off by default.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--criteria <filtertype:filtervalue>,…`	Enables you to apply filters to select the list of APIs to which the profile rulesets apply. Specify a list of comma-separated filters where each filter has a type and value in the format `filtertype:filtervalue`. Available filters include: `scope`: API type. Supported values are: `async-api`, `http-api`, or `rest-api`. `tag`: Tag defined for APIs in Exchange. `category`: Category defined for APIs in Exchange, where the filter value is specified in two parts as `categoryName:value`. `env-type`: Environment type. Supported values are: `any`, `production`, or `sandbox`. `env-id`: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts. If `env-type` or `env-id` is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered. To deselect the API Instance filter in the profile using the CLI, update the profile using the `--criteria` flag with neither `env-type` nor `env-id`. Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production
`--description <description>`	The `description` flag is followed by a string that is the new governance profile’s description.
`--notify-contact`	Enables notifications and sets the recipient to the contact set for the API.
`--notify-publisher`	Enables notifications and sets the recipient to the API publisher.
`--notify-others <email ID,email ID,…>`	Enables notifications and sets the recipient to the specified list of email IDs.

--criteria <filtertype:filtervalue>,…

Available filters include:

scope: API type. Supported values are: async-api, http-api, or rest-api.
tag: Tag defined for APIs in Exchange.
category: Category defined for APIs in Exchange, where the filter value is specified in two parts as categoryName:value.
env-type: Environment type. Supported values are: any, production, or sandbox.
env-id: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts.

If env-type or env-id is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered.

To deselect the API Instance filter in the profile using the CLI, update the profile using the --criteria flag with neither env-type nor env-id.

Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production

--description <description>

The description flag is followed by a string that is the new governance profile’s description.

--notify-contact

Enables notifications and sets the recipient to the contact set for the API.

--notify-publisher

Enables notifications and sets the recipient to the API publisher.

--notify-others <email ID,email ID,…>

Enables notifications and sets the recipient to the specified list of email IDs.

Example commands:

anypoint-cli-v4 governance:profile:create "OAS Best Practices" 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1 --criteria "tag:oas,category:API Type:Experience API,scope:rest-api" --description "Profile for OAS Best Practices"

anypoint-cli-v4 governance:profile:create "Open API Best Practices" 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1 --criteria "tag:oas,category:API Type:Experience API,scope:rest-api" --description "Profile for OAS Best Practices"

anypoint-cli-v4 governance:profile:create "Anypoint Best Practices" 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-api-best-practices/1.0.1 --criteria "tag:raml tag:oas category:API Type:Experience API,scope:rest-api" --description "Profile for REST API Best Practices" --notify-publisher  --notify-contact --notify-others a@a.a,b@b.com

anypoint-cli-v4 governance:profile:create "Primary API Standards" 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/latest,68ef9520-24e9-4cf2-b2f5-620025690913/myorg-best-practices/1.0.2 --criteria "tag:prim,category:API Type:Experience API,scope:rest-api" --description "Profile for Primary API Standards"

Example output:

 Profile Added
 Id         	4f98e59d-8efb-420f-ac95-9cd0af15bd45
 Name       	OAS Best Practices
 Description	Profile for OAS Best Practices
 Rulesets   	gav://68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1
 Filter     	tag:best

governance:profile:delete

> governance:profile:delete [flags] <profile-id>

Deletes a specific governance profile specified by profile-id. To get this ID, run the governance:profile:info or governance:profile:list command.

This command accepts the default flags.

Example command:

anypoint-cli-v4 governance:profile:delete 8ffd463f-86b2-4132-afc6-44d179209362

Example output:

 Profile with id 8ffd463f-86b2-4132-afc6-44d179209362 removed

governance:profile:info

> governance:profile:info [flags] <profile-id>

Lists all information for a governance profile ID

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--output <output-format>`	Format for the command output. Supported values are `table` (default) and `json`.

--output <output-format>

Format for the command output. Supported values are table (default) and json.

Example command:

anypoint-cli-v4 governance:profile:info 19fb211b-8775-43cc-865a-46228921d6ed

Example output:

Id         	        19fb211b-8775-43cc-865a-46228921d6ed
Name       	        Best Practices
Description	        Best Practices Profile
Rulesets   	        68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.0 8a840abd-e63a-4f8b-87ab-24052eda2017/best-practices-ruleset/1.0.0 68ef9520-24e9-4cf2-b2f5-620025690913/required-examples/1.0.0
Criteria   	        tag:best,category:API Type:Experience API,scope:rest-api
NotificationConfig  Contact,Publisher

governance:profile:list

> governance:profile:list [flags]

Lists information for all governance profiles for an organization. You need this information when updating a governance profile.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--output <output-format>`	Format for the command output. Supported values are `table` (default) and `json`.

--output <output-format>

Format for the command output. Supported values are table (default) and json.

Example command:

anypoint-cli-v4 governance:profile:list

Example output:

Profile Name                 	Profile Id

Minimum Security Requirements	1f418cf4-b870-4b31-8734-f55f28d45f8f
Best Practices               	19fb211b-8775-43cc-865a-46228921d6ed
New Best Practices           	4eaf9176-3ef9-4021-a67c-6e4bc10d3763
OAS Standards                	51ae8795-2278-407e-942f-becba29af986

governance:profile:update

> governance:profile:update [flags] <profile-id>

Updates the governance profile specified in profile-id. To get this ID, run the governance:profile:info or governance:profile:list command.

You can update the governance profile’s general information, rulesets, filter criteria, and notification configuration. You can use one of the notify flags to update the notification configuration or turn off notifications. Any changes override existing notification configurations. If you do not use a notify flag, no changes are made to the notification configuration.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--profile-name <profile-name>`	The `profile-name` flag is followed by a string that is the new governance profile name.
`--ruleset-gavs <ruleset-gavs>`	The `ruleset-gavs` flag is followed by a list with the asset identifier for each ruleset, formatted as follows: `<group_id>/<asset_id>/<version>,<group_id>/<asset_id>/<version>`, where `<version>` is a specific version or `latest`. An asset identifier is a unique group ID, asset ID, and version (GAV) that identifies each asset in Exchange. If you use `latest` as the version, the profile automatically uses the latest version of the ruleset when versions are published after you create the profile. See Get Exchange Asset Identifiers.
`--criteria <filtertype:filtervalue>,…`	Enables you to apply filters to select the list of APIs to which the profile rulesets apply. Specify a list of comma-separated filters where each filter has a type and value in the format `filtertype:filtervalue`. Available filters include: `scope`: API type. Supported values are: `async-api`, `http-api`, or `rest-api`. `tag`: Tag defined for APIs in Exchange. `category`: Category defined for APIs in Exchange, where the filter value is specified in two parts as `categoryName:value`. `env-type`: Environment type. Supported values are: `any`, `production`, or `sandbox`. `env-id`: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts. If `env-type` or `env-id` is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered. To deselect the API Instance filter in the profile using the CLI, update the profile using the `--criteria` flag with neither `env-type` nor `env-id`. Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production
`--description <description>`	The `description` flag is followed by a string that is the new governance profile description.
`--notify-off`	Disables notifications.
`--notify-contact`	Enables notifications and sets the recipient to the contact set for the API.
`--notify-publisher`	Enables notifications and sets the recipient to the API publisher.
`--notify-others <email ID,email ID,…>`	Enables notifications and sets the recipient to the specified list of email IDs.

--profile-name <profile-name>

The profile-name flag is followed by a string that is the new governance profile name.

--ruleset-gavs <ruleset-gavs>

The ruleset-gavs flag is followed by a list with the asset identifier for each ruleset, formatted as follows: <group_id>/<asset_id>/<version>,<group_id>/<asset_id>/<version>, where <version> is a specific version or latest. An asset identifier is a unique group ID, asset ID, and version (GAV) that identifies each asset in Exchange. If you use latest as the version, the profile automatically uses the latest version of the ruleset when versions are published after you create the profile.

See Get Exchange Asset Identifiers.

--criteria <filtertype:filtervalue>,…

Available filters include:

scope: API type. Supported values are: async-api, http-api, or rest-api.
tag: Tag defined for APIs in Exchange.
category: Category defined for APIs in Exchange, where the filter value is specified in two parts as categoryName:value.
env-type: Environment type. Supported values are: any, production, or sandbox.
env-id: The ID for the environment name in API Manager. You can get this value using API Manager > Environment information. See Reviewing Environment Concepts.

If env-type or env-id is used, the API Instance filter is set in the profile, so that only APIs that have instances are filtered.

To deselect the API Instance filter in the profile using the CLI, update the profile using the --criteria flag with neither env-type nor env-id.

Example: tag:tag1,category:category1:value,category:category2:value2,scope:rest-api,scope:async-api,env-type:production

--description <description>

The description flag is followed by a string that is the new governance profile description.

--notify-off

Disables notifications.

--notify-contact

Enables notifications and sets the recipient to the contact set for the API.

--notify-publisher

Enables notifications and sets the recipient to the API publisher.

--notify-others <email ID,email ID,…>

Enables notifications and sets the recipient to the specified list of email IDs.

Example commands:

anypoint-cli-v4 governance:profile:update 4eaf9176-3ef9-4021-a67c-6e4bc10d3763 --profile-name "MyOrg Best Practices"

anypoint-cli-v4 governance:profile:update 19fb211b-8775-43cc-865a-46228921d6ed --criteria `tag:best,category:API Type:Experience API,scope:rest-api`

anypoint-cli-v4 governance profile update 67eff44a-28a3-43d4-93d9-bddedb92c711 --notify-publisher  --notify-contact --notify-others a@a.a,b@b.com

anypoint-cli-v4 governance profile update 67eff44a-28a3-43d4-93d9-bddedb92c711 --notify-off

anypoint-cli-v4 governance profile update 19fb211b-8775-43cc-865a-46228921d6ed --criteria `tag:best,category:API Type:Experience API,scope:rest-api,env-type:production` --ruleset-gavs 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/latest,68ef9520-24e9-4cf2-b2f5-620025690913/myorg-best-practices/latest

Example output:

 Profile updated 51f9f94c-fb0c-43d4-9895-22c9e64f1537

governance:ruleset:clone

> governance:ruleset:clone [flags] <ruleset> <new_title> <new_description>

Clones a governance ruleset to create a new custom ruleset and applies specified updates to rules based on the flags. The new ruleset is written to standard output.

The new-title parameter gives the title for the new ruleset.

The new description parameter gives the description for the new ruleset.

Run the governance:ruleset:info command before running this command to get the rule ID information to use in this command.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--remote`	Indicates that the ruleset to clone is published in Exchange and that the `ruleset` parameter is the asset identifier for the ruleset. An asset identifier is the group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: `<group_id>/<asset_id>/<version>` See Get Exchange Asset Identifiers.
`--error=<list_rules_to_move_to_error>`	The `error` flag is followed by the rule IDs for the rules to move to the error severity level section of the ruleset YAML.
`--warning=<list_rules_to_move_to_warning>`	The `warning` flag is followed by the rule IDs for the rules to move to the warning severity level section of the ruleset YAML.
`--info=<list_rules_to_move_to_info>`	The `info` flag is followed by the rule IDs for the rules to move to the info severity level section of the ruleset YAML.
`--remove=<list_rules_to_disable>`	The `remove` flag is followed by the rule IDs for the rules to comment out, and therefore effectively disable, in the ruleset YAML.

--remote

Indicates that the ruleset to clone is published in Exchange and that the ruleset parameter is the asset identifier for the ruleset. An asset identifier is the group ID, asset ID, and version (GAV) that uniquely identifies each asset in Exchange. For example: <group_id>/<asset_id>/<version>

See Get Exchange Asset Identifiers.

--error=<list_rules_to_move_to_error>

The error flag is followed by the rule IDs for the rules to move to the error severity level section of the ruleset YAML.

--warning=<list_rules_to_move_to_warning>

The warning flag is followed by the rule IDs for the rules to move to the warning severity level section of the ruleset YAML.

--info=<list_rules_to_move_to_info>

The info flag is followed by the rule IDs for the rules to move to the info severity level section of the ruleset YAML.

--remove=<list_rules_to_disable>

The remove flag is followed by the rule IDs for the rules to comment out, and therefore effectively disable, in the ruleset YAML.

Example commands:

anypoint-cli-v4 governance:ruleset:clone ~/Downloads/ruleset.yaml 'New Ruleset from Clone' 'Cloned from ruleset.yaml' --warning=operation-default-response,operation-operationId > mynewruleset.yaml

anypoint-cli-v4 governance:ruleset:clone 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.2 'Custom Anypoint Best Practices' 'Cloned from MuleSoft Anypoint Best Practices' --remote --remove=openapi-tags,operation-tags > my-anypoint-best-practices.yaml

governance:ruleset:info

> governance:ruleset:info <governance-ruleset> [flags]

Lists the ruleset rules in the ruleset definition passed in the governance-ruleset parameter.

This command has multi-option flags. When using multi-option flags in a command, either put the parameter before the flags or use "-- " (two dashes followed by a space) before the parameter.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--remote`	Indicates that the ruleset for which to get information is published in Exchange and that the `ruleset` parameter is the asset identifier for the ruleset. An asset identifier is the group ID, asset ID, and version (GAV) that uniquely identifies an asset in Exchange. For example: `<group_id>/<asset_id>/<version>`, where `<version>` is a specific version or `latest`. If you use `latest` as the version, the profile automatically uses the latest version of the ruleset when versions are published after you create the profile. See Get Exchange Asset Identifiers.

--remote

Indicates that the ruleset for which to get information is published in Exchange and that the ruleset parameter is the asset identifier for the ruleset. An asset identifier is the group ID, asset ID, and version (GAV) that uniquely identifies an asset in Exchange. For example: <group_id>/<asset_id>/<version>, where <version> is a specific version or latest. If you use latest as the version, the profile automatically uses the latest version of the ruleset when versions are published after you create the profile.

See Get Exchange Asset Identifiers.

Example commands:

anypoint-cli-v4 governance:ruleset:info myrulesetfolder/myruleset.yaml

anypoint-cli-v4 governance:ruleset:info 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.2 --remote

anypoint-cli-v4  governance:ruleset:info 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/latest --remote

Example output:

Ruleset myrulesetfolder/myruleset.yaml
Ruleset conforms with Dialect
╔═══════════╤═══════════════════════════════════╗
║ Violation │ security-fields-operation-empty   ║
╟───────────┼───────────────────────────────────╢
║ Violation │ access-tokens-oauth2-cleartext    ║
╟───────────┼───────────────────────────────────╢
║ Violation │ insecure-oauth2-grants            ║
╟───────────┼───────────────────────────────────╢
║ Violation │ api-keys-in-cookie                ║
╟───────────┼───────────────────────────────────╢
║ Violation │ api-keys-in-query                 ║
╟───────────┼───────────────────────────────────╢
║ Violation │ api-keys-in-header                ║
╟───────────┼───────────────────────────────────╢
║ Violation │ api-negotiates-authentication     ║
╟───────────┼───────────────────────────────────╢
║ Violation │ insecure-basic-auth               ║
╟───────────┼───────────────────────────────────╢
║ Violation │ bearer-token-cleartext            ║
╟───────────┼───────────────────────────────────╢
║ Violation │ http-token-cleartext              ║
╟───────────┼───────────────────────────────────╢
║ Violation │ oauth2-redirections-non-encrypted ║
╟───────────┼───────────────────────────────────╢
║ Violation │ unknown-security-scheme           ║
╟───────────┼───────────────────────────────────╢
║ Violation │ valid-server-urltemplate          ║
╟───────────┼───────────────────────────────────╢
║ Violation │ valid-oauth2-redirection-urls     ║
╟───────────┼───────────────────────────────────╢
║ Warning   │ unknown-security-scheme           ║
╟───────────┼───────────────────────────────────╢
║ Warning   │ oauth1-deprecated                 ║
╚═══════════╧═══════════════════════════════════╝

governance:ruleset:init

> governance:ruleset:init [flags] <schema>

Initializes a ruleset based on the data schema passed in the schema parameter.

In addition to the default flags, this command accepts the following flags:

Flag Description

Flag	Description
`--types <types>`	The `types` flag gives the target types to export as rules. You can use the `governance:api:inspect` command to identify the types to specify for this flag. See governance:api:inspect.
`--name <name>`	The `name` flag is the name of the ruleset. This defaults to `GeneratedRuleset`.

--types <types>

The types flag gives the target types to export as rules. You can use the governance:api:inspect command to identify the types to specify for this flag. See governance:api:inspect.

--name <name>

The name flag is the name of the ruleset. This defaults to GeneratedRuleset.

Example command:

anypoint-cli-v4 governance:ruleset:init --types patientmultipleBirthBoolean,patientBundle,patientmultipleBirthInteger --name=my-ruleset mydataschema

governance:ruleset:validate

> governance:ruleset:validate [flags] <governance-ruleset>

Validates the ruleset definitions passed using the governance-ruleset parameter. You can pass one of the following as the governance-ruleset parameter:

A ruleset definition YAML file
A ZIP file that contains an API project with an exchange.json file that specifies the ruleset as the main file
A folder that contains an API project with an exchange.json file that specifies the ruleset as the main file

This command accepts the default flags.

Example commands:

anypoint-cli-v4 governance:ruleset:validate ~/myrulesetfolder/myruleset.yaml

anypoint-cli-v4 governance:ruleset:validate ~/myrulesetfolder/myruleset.zip

anypoint-cli-v4 governance:ruleset:validate ~/myrulesetfolder/myrulesetfolder

Example output for a valid ruleset:

Ruleset User/myuser/myrulesetfolder/myruleset.yaml
Ruleset conforms with Dialect

Example output for a nonvalid ruleset:

Ruleset does not conform with Dialect
ModelId: file:///Users/myuser/myrulesetfolder/prof-1-bad.yaml
Profile: Validation Profile 1.0
Conforms: false
Number of results: 1

Level: Violation

- Constraint: http://a.ml/amf/default_document#/declarations/profileNode_profile_required_validation
  Message: Property 'profile' is mandatory
  Severity: Violation
  Target: file:///Users/myuser/myrulesetfolder/prof-1-bad.yaml#/encodes
  Property: http://schema.org/name
  Range: [(3,0)-(11,19)]
  Location: file:///Users/myuser/myrulesetfolder/prof-1-bad.yaml

Get Exchange Asset Identifiers

To get the full asset identifier (group ID/asset ID/version) for Exchange assets:

If you are using Anypoint CLI, run the exchange:asset:list command.
If you are using the Anypoint Platform web UI, select the asset in Exchange and copy the group ID and asset ID from the URL. Then, add the version node for the version you are viewing. For example, the asset identifier for the OpenAPI Best Practices ruleset in Exchange is 68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1.