flipper 0.28.3 → 1.0.0.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32360e70231522c5c5b41e5e9e889fd0d4df13c59ba223dd5416433d904954e5
-  data.tar.gz: 5ec60d72b7b00d4d4bb5458d5746a4df4b89f3656fa9d4c7bfeddb27caae9c81
+  metadata.gz: 157649a8da61471fe5d0a9f88f739f72521a3d78d922650ab40cf36a5c5a6e22
+  data.tar.gz: 5ab348ba8ac11acc776324997f03ee95ee883e1544452ec1199657cac2ecc53c
 SHA512:
-  metadata.gz: 12e61dc74aa548fe5b266c1d909e650190416d8350adfd12c608a84b16b5ede9cce4b753d74c5fed472506bfb0dd9a3e0e768bcb193f6f751408f9550513774e
-  data.tar.gz: a2c0dc70d0fd50848fe9aedc2ed9f8f396dd51f5b604badc1477efd0249104e9fa7276d5161ac95e25992d8b1765eadd491e9a1a1d79640c6644e9fdd69442f2
+  metadata.gz: 36eacd774551b1b91d75c7db4978929820918253c05351068471b5f1c9221f0e0333b511715d4baf11191744476b79497d79ab074c2f9c344eaea2002f07a7fa
+  data.tar.gz: dfa622c2db1a7a9befce00f2e6ce0e12dcff8f32cfb2c8e0d24aa3d9b7daaa83157e2bc2162fe8e444a433dfbec369c6ec66f317f4b3d431a8118be4a60fc3ab

data/Changelog.md

@@ -2,6 +2,29 @@
 
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+### Additions/Changes
+
+* ui, api: Allow Rack 3 (https://github.com/jnunemaker/flipper/pull/670)
+* cloud: The `flipper-cloud` gem has been merged into the `flipper` and no longer needs to be added separately. Configure cloud by setting the `FLIPPER_CLOUD_TOKEN` environment variable. (https://github.com/jnunemaker/flipper/pull/743)
+    ```diff
+      # Gemfile
+      gem 'flipper'
+    - gem 'flipper-cloud'
+    ```
+
+### Breaking Changes
+
+* Removed `bool`, `actors`, `time`, `actor`, `percentage_of_actors`, and `percentage_of_time` methods on `Flipper` and `Flipper::DSL`. They are rarely if ever used and conflict with some upcoming features. If you are using them, you can migrate via a search and replace like so:
+  * Change `Flipper.bool` => `Flipper::Types::Boolean.new`
+  * Change `Flipper.boolean` => `Flipper::Types::Boolean.new`
+  * Change `Flipper.actor` => `Flipper::Types::Actor.new`
+  * Change `Flipper.percentage_of_actors` => `Flipper::Types::PercentageOfActors.new`
+  * Change `Flipper.actors` => `Flipper::Types::PercentageOfActors.new`
+  * Change `Flipper.percentage_of_time` => `Flipper::Types::PercentageOfTime.new`
+  * Change `Flipper.time` => `Flipper::Types::PercentageOfTime.new`
+
 ## 0.28.3
 
 * Updated cloud config to ensure that poll adapter ONLY syncs from cloud to local adapter (and never back to cloud). Shouldn't affect anyone other than making things more safe if an incorrect response is received from the cloud poll endpoint. (https://github.com/jnunemaker/flipper/pull/740)

data/Gemfile

@@ -7,15 +7,16 @@ Dir['flipper-*.gemspec'].each do |gemspec|
 end
 
 gem 'debug'
-gem 'rake', '~> 12.3.3'
+gem 'rake'
 gem 'statsd-ruby', '~> 1.2.1'
 gem 'rspec', '~> 3.0'
 gem 'rack-test'
+gem 'rackup'
 gem 'sqlite3', "~> #{ENV['SQLITE3_VERSION'] || '1.4.1'}"
-gem 'rails', "~> #{ENV['RAILS_VERSION'] || '7.0.0'}"
+gem 'rails', "~> #{ENV['RAILS_VERSION'] || '7.0.4'}"
 gem 'minitest', '~> 5.18'
 gem 'minitest-documentation'
-gem 'webmock', '~> 3.0'
+gem 'webmock'
 gem 'ice_age'
 gem 'redis-namespace'
 gem 'webrick'
@@ -23,6 +24,7 @@ gem 'stackprof'
 gem 'benchmark-ips'
 gem 'stackprof-webnav'
 gem 'flamegraph'
+gem 'climate_control'
 
 group(:guard) do
   gem 'guard', '~> 2.15'

data/examples/cloud/app.ru

@@ -0,0 +1,12 @@
+# Usage (from the repo root):
+#   env FLIPPER_CLOUD_TOKEN=<token> FLIPPER_CLOUD_SYNC_SECRET=<secret> bundle exec rackup examples/cloud/app.ru -p 9999
+#   http://localhost:9999/
+
+require 'bundler/setup'
+require 'flipper/cloud'
+
+Flipper.configure do |config|
+  config.default { Flipper::Cloud.new }
+end
+
+run Flipper::Cloud.app

data/examples/cloud/basic.rb

@@ -0,0 +1,22 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/basic.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+
+Flipper[:stats].enable
+
+if Flipper[:stats].enabled?
+  puts 'Enabled!'
+else
+  puts 'Disabled!'
+end
+
+Flipper[:stats].disable
+
+if Flipper[:stats].enabled?
+  puts 'Enabled!'
+else
+  puts 'Disabled!'
+end

data/examples/cloud/cloud_setup.rb

@@ -0,0 +1,4 @@
+if ENV["FLIPPER_CLOUD_TOKEN"].nil? || ENV["FLIPPER_CLOUD_TOKEN"].empty?
+  warn "FLIPPER_CLOUD_TOKEN missing so skipping cloud example."
+  exit
+end

data/examples/cloud/forked.rb

@@ -0,0 +1,31 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/threaded.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+
+pids = 5.times.map do |n|
+  fork {
+    # Check every second to see if the feature is enabled
+    threads = []
+    5.times do
+      threads << Thread.new do
+        loop do
+          sleep rand
+
+          if Flipper[:stats].enabled?
+            puts "#{Process.pid} #{Time.now.to_i} Enabled!"
+          else
+            puts "#{Process.pid} #{Time.now.to_i} Disabled!"
+          end
+        end
+      end
+    end
+    threads.map(&:join)
+  }
+end
+
+pids.each do |pid|
+  Process.waitpid pid, 0
+end

data/examples/cloud/import.rb

@@ -0,0 +1,17 @@
+# Usage (from the repo root):
+#   env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/import.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper'
+require 'flipper/cloud'
+
+Flipper.enable(:test)
+Flipper.enable(:search)
+Flipper.enable_actor(:stats, Flipper::Actor.new("jnunemaker"))
+Flipper.enable_percentage_of_time(:logging, 5)
+
+cloud = Flipper::Cloud.new
+
+# makes cloud identical to memory flipper
+cloud.import(Flipper)

data/examples/cloud/threaded.rb

@@ -0,0 +1,36 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/threaded.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+require "active_support/notifications"
+require "active_support/isolated_execution_state"
+
+ActiveSupport::Notifications.subscribe(/poller\.flipper/) do |*args|
+  p args: args
+end
+
+Flipper.configure do |config|
+  config.default {
+    Flipper::Cloud.new(local_adapter: config.adapter, instrumenter: ActiveSupport::Notifications)
+  }
+end
+
+# Check every second to see if the feature is enabled
+threads = []
+10.times do
+  threads << Thread.new do
+    loop do
+      sleep rand
+
+      if Flipper[:stats].enabled?
+        puts "#{Time.now.to_i} Enabled!"
+      else
+        puts "#{Time.now.to_i} Disabled!"
+      end
+    end
+  end
+end
+
+threads.map(&:join)

data/examples/dsl.rb

@@ -47,20 +47,6 @@ puts "stats.enabled?: #{stats.enabled?}"
 puts "stats.enabled? person: #{stats.enabled? person}"
 puts
 
-# get an instance of the percentage of time type set to 5
-puts Flipper.time(5).inspect
-
-# get an instance of the percentage of actors type set to 15
-puts Flipper.actors(15).inspect
-
-# get an instance of an actor using an object that responds to flipper_id
-responds_to_flipper_id = Struct.new(:flipper_id).new(10)
-puts Flipper.actor(responds_to_flipper_id).inspect
-
-# get an instance of an actor using an object
-actor = Struct.new(:flipper_id).new(22)
-puts Flipper.actor(actor).inspect
-
 # register a top level group
 admins = Flipper.register(:admins) { |actor|
   actor.respond_to?(:admin?) && actor.admin?

data/flipper-cloud.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/flipper/version', __FILE__)
+require File.expand_path('../lib/flipper/metadata', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ['John Nunemaker']
+  gem.email         = 'support@flippercloud.io'
+  gem.summary       = '[DEPRECATED] This gem has been merged into the `flipper` gem'
+  gem.license       = 'MIT'
+  gem.homepage      = 'https://www.flippercloud.io'
+
+  gem.files         = [ 'lib/flipper-cloud.rb', 'lib/flipper/version.rb' ]
+  gem.name          = 'flipper-cloud'
+  gem.require_paths = ['lib']
+  gem.version       = Flipper::VERSION
+  gem.metadata      = Flipper::METADATA
+
+  gem.add_dependency 'flipper', "~> #{Flipper::VERSION}"
+end

data/flipper.gemspec

@@ -22,9 +22,9 @@ ignored_test_files.flatten!.uniq!
 
 Gem::Specification.new do |gem|
   gem.authors       = ['John Nunemaker']
-  gem.email         = ['nunemaker@gmail.com']
+  gem.email         = 'support@flippercloud.io'
   gem.summary       = 'Feature flipper for ANYTHING'
-  gem.homepage      = 'https://github.com/jnunemaker/flipper'
+  gem.homepage      = 'https://www.flippercloud.io/docs'
   gem.license       = 'MIT'
 
   gem.files         = `git ls-files`.split("\n") - ignored_files + ['lib/flipper/version.rb']
@@ -35,4 +35,5 @@ Gem::Specification.new do |gem|
   gem.metadata      = Flipper::METADATA
 
   gem.add_dependency 'concurrent-ruby', '< 2'
+  gem.add_dependency 'brow', '~> 0.4.1'
 end

data/lib/flipper/cloud/configuration.rb

@@ -0,0 +1,189 @@
+require "socket"
+require "flipper/adapters/http"
+require "flipper/adapters/poll"
+require "flipper/poller"
+require "flipper/adapters/memory"
+require "flipper/adapters/dual_write"
+require "flipper/adapters/sync/synchronizer"
+require "flipper/cloud/instrumenter"
+require "brow"
+
+module Flipper
+  module Cloud
+    class Configuration
+      # The set of valid ways that syncing can happpen.
+      VALID_SYNC_METHODS = Set[
+        :poll,
+        :webhook,
+      ].freeze
+
+      DEFAULT_URL = "https://www.flippercloud.io/adapter".freeze
+
+      # Private: Keeps track of brow instances so they can be shared across
+      # threads.
+      def self.brow_instances
+        @brow_instances ||= Concurrent::Map.new
+      end
+
+      # Public: The token corresponding to an environment on flippercloud.io.
+      attr_accessor :token
+
+      # Public: The url for http adapter. Really should only be customized for
+       #        development work. Feel free to forget you ever saw this.
+      attr_reader :url
+
+      # Public: net/http read timeout for all http requests (default: 5).
+      attr_accessor :read_timeout
+
+      # Public: net/http open timeout for all http requests (default: 5).
+      attr_accessor :open_timeout
+
+      # Public: net/http write timeout for all http requests (default: 5).
+      attr_accessor :write_timeout
+
+      # Public: IO stream to send debug output too. Off by default.
+      #
+      #  # for example, this would send all http request information to STDOUT
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.debug_output = STDOUT
+      attr_accessor :debug_output
+
+      # Public: Instrumenter to use for the Flipper instance returned by
+      #         Flipper::Cloud.new (default: Flipper::Instrumenters::Noop).
+      #
+      #  # for example, to use active support notifications you could do:
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.instrumenter = ActiveSupport::Notifications
+      attr_accessor :instrumenter
+
+      # Public: Local adapter that all reads should go to in order to ensure
+      # latency is low and resiliency is high. This adapter is automatically
+      # kept in sync with cloud.
+      #
+      #  # for example, to use active record you could do:
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.local_adapter = Flipper::Adapters::ActiveRecord.new
+      attr_accessor :local_adapter
+
+      # Public: The Integer or Float number of seconds between attempts to bring
+      # the local in sync with cloud (default: 10).
+      attr_accessor :sync_interval
+
+      # Public: The secret used to verify if syncs in the middleware should
+      # occur or not.
+      attr_accessor :sync_secret
+
+      def initialize(options = {})
+        @token = options.fetch(:token) { ENV["FLIPPER_CLOUD_TOKEN"] }
+
+        if @token.nil?
+          raise ArgumentError, "Flipper::Cloud token is missing. Please set FLIPPER_CLOUD_TOKEN or provide the token (e.g. Flipper::Cloud.new(token: 'token'))."
+        end
+
+        @read_timeout = options.fetch(:read_timeout) { ENV.fetch("FLIPPER_CLOUD_READ_TIMEOUT", 5).to_f }
+        @open_timeout = options.fetch(:open_timeout) { ENV.fetch("FLIPPER_CLOUD_OPEN_TIMEOUT", 5).to_f }
+        @write_timeout = options.fetch(:write_timeout) { ENV.fetch("FLIPPER_CLOUD_WRITE_TIMEOUT", 5).to_f }
+        @sync_interval = options.fetch(:sync_interval) { ENV.fetch("FLIPPER_CLOUD_SYNC_INTERVAL", 10).to_f }
+        @sync_secret = options.fetch(:sync_secret) { ENV["FLIPPER_CLOUD_SYNC_SECRET"] }
+        @local_adapter = options.fetch(:local_adapter) { Adapters::Memory.new }
+        @debug_output = options[:debug_output]
+        @adapter_block = ->(adapter) { adapter }
+        self.url = options.fetch(:url) { ENV.fetch("FLIPPER_CLOUD_URL", DEFAULT_URL) }
+
+        instrumenter = options.fetch(:instrumenter, Instrumenters::Noop)
+
+        # This is alpha. Don't use this unless you are me. And you are not me.
+        cloud_instrument = options.fetch(:cloud_instrument) { ENV["FLIPPER_CLOUD_INSTRUMENT"] == "1" }
+        @instrumenter = if cloud_instrument
+          Instrumenter.new(brow: brow, instrumenter: instrumenter)
+        else
+          instrumenter
+        end
+      end
+
+      # Public: Read or customize the http adapter. Calling without a block will
+      # perform a read. Calling with a block yields the cloud adapter
+      # for customization.
+      #
+      #   # for example, to instrument the http calls, you can wrap the http
+      #   # adapter with the intsrumented adapter
+      #   configuration = Flipper::Cloud::Configuration.new
+      #   configuration.adapter do |adapter|
+      #     Flipper::Adapters::Instrumented.new(adapter)
+      #   end
+      #
+      def adapter(&block)
+        if block_given?
+          @adapter_block = block
+        else
+          @adapter_block.call app_adapter
+        end
+      end
+
+      # Public: Set url for the http adapter.
+      attr_writer :url
+
+      def sync
+        Flipper::Adapters::Sync::Synchronizer.new(local_adapter, http_adapter, {
+          instrumenter: instrumenter,
+        }).call
+      end
+
+      def brow
+        self.class.brow_instances.compute_if_absent(url + token) do
+          uri = URI.parse(url)
+          uri.path = "#{uri.path}/events".squeeze("/")
+
+          Brow::Client.new({
+            url: uri.to_s,
+            headers: {
+              "Accept" => "application/json",
+              "Content-Type" => "application/json",
+              "User-Agent" => "Flipper v#{VERSION} via Brow v#{Brow::VERSION}",
+              "Flipper-Cloud-Token" => @token,
+            }
+          })
+        end
+      end
+
+      # Public: The method that will be used to synchronize local adapter with
+      # cloud. (default: :poll, will be :webhook if sync_secret is set).
+      def sync_method
+        sync_secret ? :webhook : :poll
+      end
+
+      private
+
+      def app_adapter
+        read_adapter = sync_method == :webhook ? local_adapter : poll_adapter
+        Flipper::Adapters::DualWrite.new(read_adapter, http_adapter)
+      end
+
+      def poller
+        Flipper::Poller.get(@url + @token, {
+          interval: sync_interval,
+          remote_adapter: http_adapter,
+          instrumenter: instrumenter,
+        }).tap(&:start)
+      end
+
+      def poll_adapter
+        Flipper::Adapters::Poll.new(poller, local_adapter)
+      end
+
+      def http_adapter
+        Flipper::Adapters::Http.new({
+          url: @url,
+          read_timeout: @read_timeout,
+          open_timeout: @open_timeout,
+          write_timeout: @write_timeout,
+          max_retries: 0, # we'll handle retries ourselves
+          debug_output: @debug_output,
+          headers: {
+            "Flipper-Cloud-Token" => @token,
+          },
+        })
+      end
+    end
+  end
+end

data/lib/flipper/cloud/dsl.rb

@@ -0,0 +1,27 @@
+require 'forwardable'
+
+module Flipper
+  module Cloud
+    class DSL < SimpleDelegator
+      attr_reader :cloud_configuration
+
+      def initialize(cloud_configuration)
+        @cloud_configuration = cloud_configuration
+        super Flipper.new(@cloud_configuration.adapter, instrumenter: @cloud_configuration.instrumenter)
+      end
+
+      def sync
+        @cloud_configuration.sync
+      end
+
+      def sync_secret
+        @cloud_configuration.sync_secret
+      end
+
+      def inspect
+        inspect_id = ::Kernel::format "%x", (object_id * 2)
+        %(#<#{self.class}:0x#{inspect_id} @cloud_configuration=#{cloud_configuration.inspect}, flipper=#{__getobj__.inspect}>)
+      end
+    end
+  end
+end

data/lib/flipper/cloud/instrumenter.rb

@@ -0,0 +1,48 @@
+require "delegate"
+require "flipper/instrumenters/noop"
+
+module Flipper
+  module Cloud
+    class Instrumenter < SimpleDelegator
+      def initialize(options = {})
+        @brow = options.fetch(:brow)
+        @instrumenter = options.fetch(:instrumenter, Instrumenters::Noop)
+        super @instrumenter
+      end
+
+      def instrument(name, payload = {}, &block)
+        result = @instrumenter.instrument(name, payload, &block)
+        push name, payload
+        result
+      end
+
+      private
+
+      def push(name, payload)
+        return unless name == Flipper::Feature::InstrumentationName
+        return unless :enabled? == payload[:operation]
+
+        dimensions = {
+          "feature" => payload[:feature_name].to_s,
+          "result" => payload[:result].to_s,
+        }
+
+        if (thing = payload[:thing])
+          dimensions["flipper_id"] = thing.value.to_s
+        end
+
+        if (actors = payload[:actors])
+          dimensions["flipper_ids"] = actors.map { |actor| actor.value.to_s }
+        end
+
+        event = {
+          type: "enabled",
+          dimensions: dimensions,
+          measures: {},
+          ts: Time.now.utc,
+        }
+        @brow.push event
+      end
+    end
+  end
+end

data/lib/flipper/cloud/message_verifier.rb

@@ -0,0 +1,95 @@
+require "openssl"
+require "digest/sha2"
+
+module Flipper
+  module Cloud
+    class MessageVerifier
+      class InvalidSignature < StandardError; end
+
+      DEFAULT_VERSION = "v1"
+
+      def self.header(signature, timestamp, version = DEFAULT_VERSION)
+        raise ArgumentError, "timestamp should be an instance of Time" unless timestamp.is_a?(Time)
+        raise ArgumentError, "signature should be a string" unless signature.is_a?(String)
+        "t=#{timestamp.to_i},#{version}=#{signature}"
+      end
+
+      def initialize(secret:, version: DEFAULT_VERSION)
+        @secret = secret
+        @version = version || DEFAULT_VERSION
+
+        raise ArgumentError, "secret should be a string" unless @secret.is_a?(String)
+        raise ArgumentError, "version should be a string" unless @version.is_a?(String)
+      end
+
+      def generate(payload, timestamp)
+        raise ArgumentError, "timestamp should be an instance of Time" unless timestamp.is_a?(Time)
+        raise ArgumentError, "payload should be a string" unless payload.is_a?(String)
+
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), @secret, "#{timestamp.to_i}.#{payload}")
+      end
+
+      def header(signature, timestamp)
+        self.class.header(signature, timestamp, @version)
+      end
+
+      # Public: Verifies the signature header for a given payload.
+      #
+      # Raises a InvalidSignature in the following cases:
+      # - the header does not match the expected format
+      # - no signatures found with the expected scheme
+      # - no signatures matching the expected signature
+      # - a tolerance is provided and the timestamp is not within the
+      #   tolerance
+      #
+      # Returns true otherwise.
+      def verify(payload, header, tolerance: nil)
+        begin
+          timestamp, signatures = get_timestamp_and_signatures(header)
+        rescue StandardError
+          raise InvalidSignature, "Unable to extract timestamp and signatures from header"
+        end
+
+        if signatures.empty?
+          raise InvalidSignature, "No signatures found with expected version #{@version}"
+        end
+
+        expected_sig = generate(payload, timestamp)
+        unless signatures.any? { |s| secure_compare(expected_sig, s) }
+          raise InvalidSignature, "No signatures found matching the expected signature for payload"
+        end
+
+        if tolerance && timestamp < Time.now - tolerance
+          raise InvalidSignature, "Timestamp outside the tolerance zone (#{Time.at(timestamp)})"
+        end
+
+        true
+      end
+
+      private
+
+      # Extracts the timestamp and the signature(s) with the desired version
+      # from the header
+      def get_timestamp_and_signatures(header)
+        list_items = header.split(/,\s*/).map { |i| i.split("=", 2) }
+        timestamp = Integer(list_items.select { |i| i[0] == "t" }[0][1])
+        signatures = list_items.select { |i| i[0] == @version }.map { |i| i[1] }
+        [Time.at(timestamp), signatures]
+      end
+
+      # Private
+      def fixed_length_secure_compare(a, b)
+        raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+        l = a.unpack "C#{a.bytesize}"
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
+
+      # Private
+      def secure_compare(a, b)
+        fixed_length_secure_compare(::Digest::SHA256.digest(a), ::Digest::SHA256.digest(b)) && a == b
+      end
+    end
+  end
+end