fix(specs): add ACL to missing endpoints (#5529)

Author: millotp

eslint/src/rules/validACL.ts

@@ -1,7 +1,7 @@
 // @ts-ignore
 import { createRule } from 'eslint-plugin-yml/lib/utils';
 
-import { isPairWithKey, isScalar } from '../utils.js';
+import { isPairWithKey, isPairWithValue, isScalar } from '../utils.js';
 
 const ACLs = [
   'search',
@@ -23,12 +23,13 @@ const ACLs = [
 export const validACL = createRule('validACL', {
   meta: {
     docs: {
-      description: 'x-acl enum must contains valid Algolia ACLs',
+      description: 'x-acl enum must be set and contain valid Algolia ACLs',
       categories: null,
       extensionRule: false,
       layout: false,
     },
     messages: {
+      missingACL: 'x-acl is missing',
       validString: 'is not a string',
       validACL: `{{entry}} is not a valid Algolia ACL, must be one of: ${ACLs.join(', ')}.`,
       validArray: 'is not an array of string',
@@ -43,6 +44,41 @@ export const validACL = createRule('validACL', {
 
     return {
       YAMLPair(node): void {
+        const spec = context.getFilename().match(/specs\/([a-z-]+?)\//)?.[1];
+        if (!spec) {
+          return;
+        }
+        if (spec === 'monitoring') {
+          // monitoring uses a special API key and doesn't need ACLs
+          return;
+        }
+
+        if (spec === 'crawler') {
+          // no clients are generated for the crawler API
+          return;
+        }
+
+        // if we find then prop operationId, there must be x-acl on the same level
+        if (isPairWithKey(node, 'operationId')) {
+          const hasACL = node.parent.pairs.some((item: any) => isPairWithKey(item, 'x-acl'));
+
+          // ignore custom helpers
+          if (isPairWithValue(node, 'customGet') || isPairWithValue(node, 'customPost') || isPairWithValue(node, 'customPut') || isPairWithValue(node, 'customDelete')) {
+            return;
+          }
+
+
+          if (!hasACL) {
+            context.report({
+              node: node as any,
+              messageId: 'missingACL',
+            });
+          }
+
+          return;
+        }
+
+        // check the validity of x-acl
         if (!isPairWithKey(node, 'x-acl')) {
           return;
         }

eslint/tests/validACL.test.ts

@@ -30,6 +30,16 @@ nested:
     ],
     invalid: [
       {
+       filename: 'api-client-automation/specs/search/path/test.yml',
+        code: `
+post:
+  operationId: test
+  description: Test endpoint without ACL
+`,
+        errors: [{ messageId: 'missingACL' }],
+      },
+      {
+        filename: 'api-client-automation/specs/search/path/test.yml',
         code: `
 x-acl:
   - notACL
@@ -38,6 +48,7 @@ x-acl:
         errors: [{ messageId: 'validACL' }],
       },
       {
+        filename: 'api-client-automation/specs/search/path/test.yml',
         code: `
 nested:
   inside:
@@ -48,12 +59,14 @@ nested:
         errors: [{ messageId: 'validACL' }],
       },
       {
+        filename: 'api-client-automation/specs/search/path/test.yml',
         code: `
 x-acl: notList
     `,
         errors: [{ messageId: 'validArray' }],
       },
       {
+        filename: 'api-client-automation/specs/search/path/test.yml',
         code: `
 x-acl:
   - ['search']

specs/common/helpers/setClientApiKey.yml

@@ -2,6 +2,7 @@ method:
   get:
     x-helper: true
     x-asynchronous-helper: false
+    x-acl: []
     tags:
       - Api Key
     operationId: setClientApiKey

specs/composition/helpers/waitForCompositionTask.yml

@@ -4,6 +4,12 @@ method:
     tags:
       - Records
     operationId: waitForCompositionTask
+    x-acl:
+      - editSettings
+      - settings
+      - addObject
+      - deleteObject
+      - deleteIndex
     summary: Wait for operation to complete
     description: |
       Wait for a task to complete to ensure synchronized composition updates.

specs/crawler/paths/crawler.yml

@@ -5,6 +5,8 @@ get:
     Retrieves details about the specified crawler, optionally with its configuration.
   tags:
     - crawlers
+  x-acl:
+    - settings
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
     - in: query
@@ -42,6 +44,8 @@ patch:
     description: Update configuration.
   tags:
     - crawlers
+  x-acl:
+    - editSettings
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
   requestBody:
@@ -70,6 +74,8 @@ delete:
   description: Delete the specified crawler.
   tags:
     - crawlers
+  x-acl:
+    - editSettings
   parameters:
     - $ref: '#/components/parameters/CrawlerIdParameter'
   responses:

specs/crawler/paths/crawlerConfig.yml

@@ -6,6 +6,8 @@ patch:
     Every time you update the configuration, a new version is created.
   tags:
     - config
+  x-acl:
+    - editSettings
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
   requestBody:

specs/crawler/paths/crawlerConfigVersion.yml

@@ -7,6 +7,8 @@ get:
     You can use this to restore a previous version of the configuration.
   tags:
     - config
+  x-acl:
+    - settings
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
     - $ref: '../common/parameters.yml#/CrawlerVersionParameter'

specs/crawler/paths/crawlerConfigVersions.yml

@@ -6,6 +6,8 @@ get:
     Every time you update a crawler's configuration, a new version is added.
   tags:
     - config
+  x-acl:
+    - settings
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
     - $ref: '../common/parameters.yml#/ItemsPerPage'

specs/crawler/paths/crawlerCrawl.yml

@@ -9,6 +9,7 @@ post:
     This operation is rate-limited to 500 requests every 24 hours.
   tags:
     - actions
+  x-acl: []
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
   requestBody:

specs/crawler/paths/crawlerPause.yml

@@ -4,6 +4,7 @@ post:
   description: Pauses the specified crawler.
   tags:
     - actions
+  x-acl: []
   parameters:
     - $ref: '../common/parameters.yml#/CrawlerIdParameter'
   responses: