Creating Custom Rulesets by Modifying Published Rulesets
If a published ruleset meets most of your needs, consider using it as an example to base your custom ruleset on.
To create a custom ruleset by modifying a published ruleset:
-
Download the published ruleset ("before" ruleset) from Exchange using the Anypoint Platform UI.
-
Optionally list the rules in the "before" ruleset using Anypoint CLI.
-
Clone the ruleset and modify the rules using Anypoint CLI or manually ("after" ruleset).
-
Optionally list the rules in the "after" ruleset using Anypoint CLI.
-
Validate, generate the documentation for, and publish the custom ruleset using Anypoint CLI. See Validating and Publishing Custom Rulesets.
Change Rule Severity or Enable or Disable Rules Using Anypoint CLI
Watch this video to see how to clone and customize an example ruleset using Anypoint CLI. Use this video along with the documentation to get started downloading an example ruleset, modifying rules using Anypoint CLI, and publishing your customized ruleset.
Clone and Modify a Ruleset Using Anypoint CLI
To create a custom ruleset using Anypoint CLI, use the governance:ruleset:clone command.
governance:ruleset:clone
> governance:ruleset:clone [flags] <ruleset> <new_title> <new_description>
Clones a governance ruleset to create a new custom ruleset and applies specified updates to rules based on the flags. The new ruleset is written to standard output.
The new-title parameter gives the title for the new ruleset.
The new description parameter gives the description for the new ruleset.
Run the governance:ruleset:info command before running this command to get the rule ID information to use in this command.
|
In addition to the default flags, this command accepts the following flags:
| Flag | Description |
|---|---|
|
Indicates that the ruleset to clone is published in Exchange and that the |
|
The |
|
The |
|
The |
|
The |
Example commands:
anypoint-cli-v4 governance:ruleset:clone ~/Downloads/ruleset.yaml 'New Ruleset from Clone' 'Cloned from ruleset.yaml' --warning=operation-default-response,operation-operationId > mynewruleset.yaml
anypoint-cli-v4 governance:ruleset:clone 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.2 'Custom Anypoint Best Practices' 'Cloned from MuleSoft Anypoint Best Practices' --remote --remove=openapi-tags,operation-tags > my-anypoint-best-practices.yamlList Ruleset Rules Using Anypoint CLI
Optionally use Anypoint CLI to list the rules:
-
Before you modify the ruleset to help determine what you want to change (the "before" list)
-
After you change the ruleset (the "after" list) to compare to the "before" list and ensure you changed what you meant to change
Use the redirection operator (> to overwrite or >> to append) to write the output of the info command to a file for easier comparison.
|
To list the rules in a ruleset, use the governance:ruleset:info command.
governance:ruleset:info
> governance:ruleset:info <governance-ruleset> [flags]
Lists the ruleset rules in the ruleset definition passed in the governance-ruleset parameter.
| This command has multi-option flags. When using multi-option flags in a command, either put the parameter before the flags or use "-- " (two dashes followed by a space) before the parameter. |
In addition to the default flags, this command accepts the following flags:
| Flag | Description |
|---|---|
|
Indicates that the ruleset for which to get information is published in Exchange and that the |
Example commands:
anypoint-cli-v4 governance:ruleset:info myrulesetfolder/myruleset.yaml
anypoint-cli-v4 governance:ruleset:info 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.2 --remote
anypoint-cli-v4 governance:ruleset:info 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/latest --remoteExample output:
Ruleset myrulesetfolder/myruleset.yaml Ruleset conforms with Dialect ╔═══════════╤═══════════════════════════════════╗ ║ Violation │ security-fields-operation-empty ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ access-tokens-oauth2-cleartext ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ insecure-oauth2-grants ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ api-keys-in-cookie ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ api-keys-in-query ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ api-keys-in-header ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ api-negotiates-authentication ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ insecure-basic-auth ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ bearer-token-cleartext ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ http-token-cleartext ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ oauth2-redirections-non-encrypted ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ unknown-security-scheme ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ valid-server-urltemplate ║ ╟───────────┼───────────────────────────────────╢ ║ Violation │ valid-oauth2-redirection-urls ║ ╟───────────┼───────────────────────────────────╢ ║ Warning │ unknown-security-scheme ║ ╟───────────┼───────────────────────────────────╢ ║ Warning │ oauth1-deprecated ║ ╚═══════════╧═══════════════════════════════════╝
Get Exchange Asset Identifiers
To get the full asset identifier (group ID/asset ID/version) for Exchange assets:
-
If you are using Anypoint CLI, run the
exchange:asset:listcommand. -
If you are using the Anypoint Platform web UI, select the asset in Exchange and copy the group ID and asset ID from the URL. Then, add the version node for the version you are viewing. For example, the asset identifier for the OpenAPI Best Practices ruleset in Exchange is
68ef9520-24e9-4cf2-b2f5-620025690913/open-api-best-practices/1.0.1.
Example Command Sequence to Modify a Ruleset
Use the following example sequence to get started modifying a ruleset. Replace the details, such as the folder name, ruleset file name, and ruleset documentation ZIP file name, with your own.
anypoint-cli-v4 governance ruleset info 68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-practices/1.0.2 --remote > before-rules-list (1)
anypoint-cli-v4 governance ruleset clone ~/MyRulesetFolder/myruleset.yaml 'New Ruleset from Clone' 'Cloned from myruleset.yaml' --warning=operation-default-response,operation-operationId > mynewruleset.yaml (2)
anypoint-cli-v4 governance ruleset info ~/MyRulesetFolder/mynewruleset.yaml > after-rules-list (3)| 1 | Lists the rules in the published version of a published ruleset that you want to modify to create a custom version. |
| 2 | Clones the downloaded ruleset, myruleset.yaml, to create a new custom ruleset, mynewruleset. Puts the operation-default-response and operation-operationId rules in the warning section in mynewruleset. |
| 3 | Lists the rules in the modified version of the ruleset, mynewruleset.yaml, to verify that the rules are the way you want them. |
Next Steps
After you modify the ruleset, see Validating and Publishing Custom Rulesets.