Configuring rulesets and enforcement type

Select the API and Product rulesets and the enforcement type that you want to use as part of product validation.

Before you begin

To define the governance enforcement type, you must have the Catalog Administrator permission.

About this task

When a product is published to the catalog, a governance validation task is automatically created depending on the enforcement type that you selected. After you add the API and Product rulesets that you want to use as part of enforcement, you can select the governance enforcement type policy. You can select one of the three types of enforcement policies:
Soft
In soft enforcement, APIs and Products are published even if it fails validation due to errors detected by the applied rulesets. A governance validation task is created under Tasks in Governance enforcement tasks tab of the Catalog. To view the enforcement results, select the corresponding task from the list. The soft enforcement type allows for a more flexible validation process, where errors are acknowledged but not necessarily addressed before publication.
Approval
In approval enforcement, the APIs and Products are not published if it fails validation due to errors detected by the applied rulesets. Instead, an approval request is sent to the administrator for review. The administrator must approve or reject the publication. A governance validation approval task is created under Tasks in Governance enforcement tasks tab of the Catalog. The administrator can view the enforcement results by selecting the corresponding task from the list. Only the organization members with the following permissions can view the governance approval tasks:
  • governance-enforcement-approval: view
  • governance-enforcement-approval: manage
The product remains in a staged state until the administrator approves or rejects the task. If the task is approved, the product is published. If the task is rejected, you must review and address the validation errors before the APIs and Products can be published again.
Strict
In strict enforcement, APIs and Products are not published if it fails validation due to errors detected by the applied rulesets. A governance validation task is created under Tasks in Governance enforcement tasks tab of the Catalog. To view the enforcement results, select the corresponding task from the list. If there are no validation errors, the API or Product is published.

Procedure

  1. Log in to API Manager.
  2. Click Manage and select the catalog to which you want to publish the API Product.
  3. On the Governance tab, click Enforcement.
  4. Click Add to add one or more enforcement rulesets.
  5. On the Select rulesets page, click one of the following tabs based on how you want to apply rulesets:
    • Click API rulesets to apply rulesets to an API file. API rulesets allow the validation of the API files with the rules of an API ruleset applied to an API file. By default, the API rulesets tab is selected.
    • Click Product rulesets if you want to apply rulesets to a Product file. Product rulesets allow the validation of the specification of the Product file to ensure the accuracy of the Product file. The rules of a Product ruleset are applied to the Product file.
    For more information about rulesets, see Configuring governance in the Cloud Manager.
  6. Select one or more rulesets from the list by selecting the corresponding check boxes.
  7. Click Next to set the enforcement policy.
  8. On the Select Enforcement rule page, select the enforcement type that you want to apply to the rulesets. For more information, see Enforcement types.
    Note: The enforcement rule that you select is applied to all the selected rulesets by default.
  9. Click Save.
    Follow the same steps to configure the governance enforcement rules when the spaces are enabled.

What to do next

Enable governance enforcement in the Catalog settings. For more information, see Enabling governance enforcement to validate APIs and Products before publishing to a Catalog.