RubyGems - flipper - Versions diffs - 0.28.3 → 1.0.0 - Mend

flipper 0.28.3 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

checksums.yaml +4 -4
data/.github/workflows/examples.yml +2 -2
data/Changelog.md +190 -165
data/Gemfile +5 -3
data/docs/images/flipper_cloud.png +0 -0
data/examples/cloud/app.ru +12 -0
data/examples/cloud/basic.rb +22 -0
data/examples/cloud/cloud_setup.rb +4 -0
data/examples/cloud/forked.rb +31 -0
data/examples/cloud/import.rb +17 -0
data/examples/cloud/threaded.rb +36 -0
data/examples/dsl.rb +0 -14
data/flipper-cloud.gemspec +19 -0
data/flipper.gemspec +3 -2
data/lib/flipper/cloud/configuration.rb +189 -0
data/lib/flipper/cloud/dsl.rb +27 -0
data/lib/flipper/cloud/instrumenter.rb +48 -0
data/lib/flipper/cloud/message_verifier.rb +95 -0
data/lib/flipper/cloud/middleware.rb +63 -0
data/lib/flipper/cloud/routes.rb +14 -0
data/lib/flipper/cloud.rb +53 -0
data/lib/flipper/dsl.rb +0 -46
data/lib/flipper/{railtie.rb → engine.rb} +19 -3
data/lib/flipper/metadata.rb +5 -1
data/lib/flipper/middleware/memoizer.rb +1 -1
data/lib/flipper/spec/shared_adapter_specs.rb +43 -43
data/lib/flipper/test/shared_adapter_test.rb +43 -43
data/lib/flipper/version.rb +1 -1
data/lib/flipper.rb +3 -5
data/spec/flipper/adapters/dual_write_spec.rb +2 -2
data/spec/flipper/adapters/instrumented_spec.rb +1 -1
data/spec/flipper/adapters/memoizable_spec.rb +6 -6
data/spec/flipper/adapters/operation_logger_spec.rb +2 -2
data/spec/flipper/adapters/read_only_spec.rb +6 -6
data/spec/flipper/cloud/configuration_spec.rb +269 -0
data/spec/flipper/cloud/dsl_spec.rb +82 -0
data/spec/flipper/cloud/message_verifier_spec.rb +104 -0
data/spec/flipper/cloud/middleware_spec.rb +289 -0
data/spec/flipper/cloud_spec.rb +180 -0
data/spec/flipper/dsl_spec.rb +0 -75
data/spec/flipper/engine_spec.rb +190 -0
data/spec/flipper_integration_spec.rb +12 -12
data/spec/flipper_spec.rb +0 -30
data/spec/spec_helper.rb +0 -12
data/spec/support/climate_control.rb +7 -0
metadata +54 -11
data/.tool-versions +0 -1
data/spec/flipper/railtie_spec.rb +0 -109

data/lib/flipper/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Flipper
-  VERSION = '0.28.3'.freeze
+  VERSION = '1.0.0'.freeze
 end

data/lib/flipper.rb CHANGED Viewed

@@ -56,13 +56,11 @@ module Flipper
   # Public: All the methods delegated to instance. These should match the
   # interface of Flipper::DSL.
   def_delegators :instance,
-                 :enabled?, :enable, :disable, :bool, :boolean,
-                 :enable_actor, :disable_actor, :actor,
+                 :enabled?, :enable, :disable,
+                 :enable_actor, :disable_actor,
                  :enable_group, :disable_group,
                  :enable_percentage_of_actors, :disable_percentage_of_actors,
-                 :actors, :percentage_of_actors,
                  :enable_percentage_of_time, :disable_percentage_of_time,
-                 :time, :percentage_of_time,
                  :features, :feature, :[], :preload, :preload_all,
                  :adapter, :add, :exist?, :remove, :import, :export,
                  :memoize=, :memoizing?,
@@ -167,4 +165,4 @@ require 'flipper/types/percentage_of_time'
 require 'flipper/typecast'
 require 'flipper/version'
-require "flipper/railtie" if defined?(Rails::Railtie)
+require "flipper/engine" if defined?(Rails)

data/spec/flipper/adapters/dual_write_spec.rb CHANGED Viewed

@@ -55,14 +55,14 @@ RSpec.describe Flipper::Adapters::DualWrite do
   it 'updates remote and local for #enable' do
     feature = sync[:search]
-    subject.enable feature, feature.gate(:boolean), local.boolean
+    subject.enable feature, feature.gate(:boolean), Flipper::Types::Boolean.new(true)
     expect(remote_adapter.count(:enable)).to be(1)
     expect(local_adapter.count(:enable)).to be(1)
   end
   it 'updates remote and local for #disable' do
     feature = sync[:search]
-    subject.disable feature, feature.gate(:boolean), local.boolean(false)
+    subject.disable feature, feature.gate(:boolean), Flipper::Types::Boolean.new(false)
     expect(remote_adapter.count(:disable)).to be(1)
     expect(local_adapter.count(:disable)).to be(1)
   end

data/spec/flipper/adapters/instrumented_spec.rb CHANGED Viewed

@@ -8,7 +8,7 @@ RSpec.describe Flipper::Adapters::Instrumented do
   let(:feature) { flipper[:stats] }
   let(:gate) { feature.gate(:percentage_of_actors) }
-  let(:thing) { flipper.actors(22) }
+  let(:thing) { Flipper::Types::PercentageOfActors.new(22) }
   subject do
     described_class.new(adapter, instrumenter: instrumenter)

data/spec/flipper/adapters/memoizable_spec.rb CHANGED Viewed

@@ -189,7 +189,7 @@ RSpec.describe Flipper::Adapters::Memoizable do
         feature = flipper[:stats]
         gate = feature.gate(:boolean)
         cache[described_class.key_for(feature.key)] = { some: 'thing' }
-        subject.enable(feature, gate, flipper.bool)
+        subject.enable(feature, gate, Flipper::Types::Boolean.new)
         expect(cache[described_class.key_for(feature.key)]).to be_nil
       end
     end
@@ -202,8 +202,8 @@ RSpec.describe Flipper::Adapters::Memoizable do
       it 'returns result' do
         feature = flipper[:stats]
         gate = feature.gate(:boolean)
-        result = subject.enable(feature, gate, flipper.bool)
-        adapter_result = adapter.enable(feature, gate, flipper.bool)
+        result = subject.enable(feature, gate, Flipper::Types::Boolean.new)
+        adapter_result = adapter.enable(feature, gate, Flipper::Types::Boolean.new)
         expect(result).to eq(adapter_result)
       end
     end
@@ -219,7 +219,7 @@ RSpec.describe Flipper::Adapters::Memoizable do
         feature = flipper[:stats]
         gate = feature.gate(:boolean)
         cache[described_class.key_for(feature.key)] = { some: 'thing' }
-        subject.disable(feature, gate, flipper.bool)
+        subject.disable(feature, gate, Flipper::Types::Boolean.new)
         expect(cache[described_class.key_for(feature.key)]).to be_nil
       end
     end
@@ -232,8 +232,8 @@ RSpec.describe Flipper::Adapters::Memoizable do
       it 'returns result' do
         feature = flipper[:stats]
         gate = feature.gate(:boolean)
-        result = subject.disable(feature, gate, flipper.bool)
-        adapter_result = adapter.disable(feature, gate, flipper.bool)
+        result = subject.disable(feature, gate, Flipper::Types::Boolean.new)
+        adapter_result = adapter.disable(feature, gate, Flipper::Types::Boolean.new)
         expect(result).to eq(adapter_result)
       end
     end

data/spec/flipper/adapters/operation_logger_spec.rb CHANGED Viewed

@@ -37,7 +37,7 @@ RSpec.describe Flipper::Adapters::OperationLogger do
     before do
       @feature = flipper[:stats]
       @gate = @feature.gate(:boolean)
-      @thing = flipper.bool
+      @thing = Flipper::Types::Boolean.new
       @result = subject.enable(@feature, @gate, @thing)
     end
@@ -54,7 +54,7 @@ RSpec.describe Flipper::Adapters::OperationLogger do
     before do
       @feature = flipper[:stats]
       @gate = @feature.gate(:boolean)
-      @thing = flipper.bool
+      @thing = Flipper::Types::Boolean.new
       @result = subject.disable(@feature, @gate, @thing)
     end

data/spec/flipper/adapters/read_only_spec.rb CHANGED Viewed

@@ -42,11 +42,11 @@ RSpec.describe Flipper::Adapters::ReadOnly do
   it 'can get feature' do
     actor22 = Flipper::Actor.new('22')
-    adapter.enable(feature, boolean_gate, flipper.boolean)
+    adapter.enable(feature, boolean_gate, Flipper::Types::Boolean.new)
     adapter.enable(feature, group_gate, flipper.group(:admins))
-    adapter.enable(feature, actor_gate, flipper.actor(actor22))
-    adapter.enable(feature, actors_gate, flipper.actors(25))
-    adapter.enable(feature, time_gate, flipper.time(45))
+    adapter.enable(feature, actor_gate, Flipper::Types::Actor.new(actor22))
+    adapter.enable(feature, actors_gate, Flipper::Types::PercentageOfActors.new(25))
+    adapter.enable(feature, time_gate, Flipper::Types::PercentageOfTime.new(45))
     expect(subject.get(feature)).to eq(boolean: 'true',
                                        groups: Set['admins'],
@@ -74,12 +74,12 @@ RSpec.describe Flipper::Adapters::ReadOnly do
   end
   it 'raises error on enable' do
-    expect { subject.enable(feature, boolean_gate, flipper.boolean) }
+    expect { subject.enable(feature, boolean_gate, Flipper::Types::Boolean.new) }
       .to raise_error(Flipper::Adapters::ReadOnly::WriteAttempted)
   end
   it 'raises error on disable' do
-    expect { subject.disable(feature, boolean_gate, flipper.boolean) }
+    expect { subject.disable(feature, boolean_gate, Flipper::Types::Boolean.new) }
       .to raise_error(Flipper::Adapters::ReadOnly::WriteAttempted)
   end
 end

data/spec/flipper/cloud/configuration_spec.rb ADDED Viewed

@@ -0,0 +1,269 @@
+require 'flipper/cloud/configuration'
+require 'flipper/adapters/instrumented'
+RSpec.describe Flipper::Cloud::Configuration do
+  let(:required_options) do
+    { token: "asdf" }
+  end
+  it "can set token" do
+    instance = described_class.new(required_options)
+    expect(instance.token).to eq(required_options[:token])
+  end
+  it "can set token from ENV var" do
+    with_env "FLIPPER_CLOUD_TOKEN" => "from_env" do
+      instance = described_class.new(required_options.reject { |k, v| k == :token })
+      expect(instance.token).to eq("from_env")
+    end
+  end
+  it "can set instrumenter" do
+    instrumenter = Object.new
+    instance = described_class.new(required_options.merge(instrumenter: instrumenter))
+    expect(instance.instrumenter).to be(instrumenter)
+  end
+  it "can set read_timeout" do
+    instance = described_class.new(required_options.merge(read_timeout: 5))
+    expect(instance.read_timeout).to eq(5)
+  end
+  it "can set read_timeout from ENV var" do
+    with_env "FLIPPER_CLOUD_READ_TIMEOUT" => "9" do
+      instance = described_class.new(required_options.reject { |k, v| k == :read_timeout })
+      expect(instance.read_timeout).to eq(9)
+    end
+  end
+  it "can set open_timeout" do
+    instance = described_class.new(required_options.merge(open_timeout: 5))
+    expect(instance.open_timeout).to eq(5)
+  end
+  it "can set open_timeout from ENV var" do
+    with_env "FLIPPER_CLOUD_OPEN_TIMEOUT" => "9" do
+      instance = described_class.new(required_options.reject { |k, v| k == :open_timeout })
+      expect(instance.open_timeout).to eq(9)
+    end
+  end
+  it "can set write_timeout" do
+    instance = described_class.new(required_options.merge(write_timeout: 5))
+    expect(instance.write_timeout).to eq(5)
+  end
+  it "can set write_timeout from ENV var" do
+    with_env "FLIPPER_CLOUD_WRITE_TIMEOUT" => "9" do
+      instance = described_class.new(required_options.reject { |k, v| k == :write_timeout })
+      expect(instance.write_timeout).to eq(9)
+    end
+  end
+  it "can set sync_interval" do
+    instance = described_class.new(required_options.merge(sync_interval: 1))
+    expect(instance.sync_interval).to eq(1)
+  end
+  it "can set sync_interval from ENV var" do
+    with_env "FLIPPER_CLOUD_SYNC_INTERVAL" => "5" do
+      instance = described_class.new(required_options.reject { |k, v| k == :sync_interval })
+      expect(instance.sync_interval).to eq(5)
+    end
+  end
+  it "passes sync_interval into sync adapter" do
+    # The initial sync of http to local invokes this web request.
+    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
+    instance = described_class.new(required_options.merge(sync_interval: 1))
+    poller = instance.send(:poller)
+    expect(poller.interval).to eq(1)
+  end
+  it "can set debug_output" do
+    instance = described_class.new(required_options.merge(debug_output: STDOUT))
+    expect(instance.debug_output).to eq(STDOUT)
+  end
+  it "defaults adapter block" do
+    # The initial sync of http to local invokes this web request.
+    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
+    instance = described_class.new(required_options)
+    expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
+  end
+  it "can override adapter block" do
+    # The initial sync of http to local invokes this web request.
+    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
+    instance = described_class.new(required_options)
+    instance.adapter do |adapter|
+      Flipper::Adapters::Instrumented.new(adapter)
+    end
+    expect(instance.adapter).to be_instance_of(Flipper::Adapters::Instrumented)
+  end
+  it "defaults url" do
+    instance = described_class.new(required_options.reject { |k, v| k == :url })
+    expect(instance.url).to eq("https://www.flippercloud.io/adapter")
+  end
+  it "can override url using options" do
+    options = required_options.merge(url: "http://localhost:5000/adapter")
+    instance = described_class.new(options)
+    expect(instance.url).to eq("http://localhost:5000/adapter")
+    instance = described_class.new(required_options)
+    instance.url = "http://localhost:5000/adapter"
+    expect(instance.url).to eq("http://localhost:5000/adapter")
+  end
+  it "can override URL using ENV var" do
+    with_env "FLIPPER_CLOUD_URL" => "https://example.com" do
+      instance = described_class.new(required_options.reject { |k, v| k == :url })
+      expect(instance.url).to eq("https://example.com")
+    end
+  end
+  it "defaults sync_method to :poll" do
+    instance = described_class.new(required_options)
+    expect(instance.sync_method).to eq(:poll)
+  end
+  it "sets sync_method to :webhook if sync_secret provided" do
+    instance = described_class.new(required_options.merge({
+      sync_secret: "secret",
+    }))
+    expect(instance.sync_method).to eq(:webhook)
+    expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
+  end
+  it "sets sync_method to :webhook if FLIPPER_CLOUD_SYNC_SECRET set" do
+    with_env "FLIPPER_CLOUD_SYNC_SECRET" => "abc" do
+      instance = described_class.new(required_options)
+      expect(instance.sync_method).to eq(:webhook)
+      expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
+    end
+  end
+  it "can set sync_secret" do
+    instance = described_class.new(required_options.merge(sync_secret: "from_config"))
+      expect(instance.sync_secret).to eq("from_config")
+  end
+  it "can override sync_secret using ENV var" do
+    with_env "FLIPPER_CLOUD_SYNC_SECRET" => "from_env" do
+      instance = described_class.new(required_options.reject { |k, v| k == :sync_secret })
+      expect(instance.sync_secret).to eq("from_env")
+    end
+  end
+  it "can sync with cloud" do
+    body = JSON.generate({
+      "features": [
+        {
+          "key": "search",
+          "state": "on",
+          "gates": [
+            {
+              "key": "boolean",
+              "name": "boolean",
+              "value": true
+            },
+            {
+              "key": "groups",
+              "name": "group",
+              "value": []
+            },
+            {
+              "key": "actors",
+              "name": "actor",
+              "value": []
+            },
+            {
+              "key": "percentage_of_actors",
+              "name": "percentage_of_actors",
+              "value": 0
+            },
+            {
+              "key": "percentage_of_time",
+              "name": "percentage_of_time",
+              "value": 0
+            }
+          ]
+        },
+        {
+          "key": "history",
+          "state": "off",
+          "gates": [
+            {
+              "key": "boolean",
+              "name": "boolean",
+              "value": false
+            },
+            {
+              "key": "groups",
+              "name": "group",
+              "value": []
+            },
+            {
+              "key": "actors",
+              "name": "actor",
+              "value": []
+            },
+            {
+              "key": "percentage_of_actors",
+              "name": "percentage_of_actors",
+              "value": 0
+            },
+            {
+              "key": "percentage_of_time",
+              "name": "percentage_of_time",
+              "value": 0
+            }
+          ]
+        }
+      ]
+    })
+    stub = stub_request(:get, "https://www.flippercloud.io/adapter/features?exclude_gate_names=true").
+      with({
+        headers: {
+          'Flipper-Cloud-Token'=>'asdf',
+        },
+      }).to_return(status: 200, body: body, headers: {})
+    instance = described_class.new(required_options)
+    instance.sync
+    # Check that remote was fetched.
+    expect(stub).to have_been_requested
+    # Check that local adapter really did sync.
+    local_adapter = instance.local_adapter
+    all = local_adapter.get_all
+    expect(all.keys).to eq(["search", "history"])
+    expect(all["search"][:boolean]).to eq("true")
+    expect(all["history"][:boolean]).to eq(nil)
+  end
+  it "can setup brow to report events to cloud" do
+    # skip logging brow
+    Brow.logger = Logger.new(File::NULL)
+    brow = described_class.new(required_options).brow
+    stub = stub_request(:post, "https://www.flippercloud.io/adapter/events")
+      .with { |request|
+        data = JSON.parse(request.body)
+        data.keys == ["uuid", "messages"] && data["messages"] == [{"n" => 1}]
+      }
+      .to_return(status: 201, body: "{}", headers: {})
+    brow.push({"n" => 1})
+    brow.worker.stop
+    expect(stub).to have_been_requested.times(1)
+  end
+end

data/spec/flipper/cloud/dsl_spec.rb ADDED Viewed

@@ -0,0 +1,82 @@
+require 'flipper/cloud/configuration'
+require 'flipper/cloud/dsl'
+require 'flipper/adapters/operation_logger'
+require 'flipper/adapters/instrumented'
+RSpec.describe Flipper::Cloud::DSL do
+  it 'delegates everything to flipper instance' do
+    cloud_configuration = Flipper::Cloud::Configuration.new({
+      token: "asdf",
+      sync_secret: "tasty",
+    })
+    dsl = described_class.new(cloud_configuration)
+    expect(dsl.features).to eq(Set.new)
+    expect(dsl.enabled?(:foo)).to be(false)
+  end
+  it 'delegates sync to cloud configuration' do
+    stub = stub_request(:get, "https://www.flippercloud.io/adapter/features?exclude_gate_names=true").
+      with({
+        headers: {
+          'Flipper-Cloud-Token'=>'asdf',
+        },
+      }).to_return(status: 200, body: '{"features": {}}', headers: {})
+    cloud_configuration = Flipper::Cloud::Configuration.new({
+      token: "asdf",
+      sync_secret: "tasty",
+    })
+    dsl = described_class.new(cloud_configuration)
+    dsl.sync
+    expect(stub).to have_been_requested
+  end
+  it 'delegates sync_secret to cloud configuration' do
+    cloud_configuration = Flipper::Cloud::Configuration.new({
+      token: "asdf",
+      sync_secret: "tasty",
+    })
+    dsl = described_class.new(cloud_configuration)
+    expect(dsl.sync_secret).to eq("tasty")
+  end
+  context "when sync_method is webhook" do
+    let(:local_adapter) do
+      Flipper::Adapters::OperationLogger.new Flipper::Adapters::Memory.new
+    end
+    let(:cloud_configuration) do
+      cloud_configuration = Flipper::Cloud::Configuration.new({
+        token: "asdf",
+        sync_secret: "tasty",
+        local_adapter: local_adapter
+      })
+    end
+    subject do
+      described_class.new(cloud_configuration)
+    end
+    it "sends reads to local adapter" do
+      subject.features
+      subject.enabled?(:foo)
+      expect(local_adapter.count(:features)).to be(1)
+      expect(local_adapter.count(:get)).to be(1)
+    end
+    it "sends writes to cloud and local" do
+      add_stub = stub_request(:post, "https://www.flippercloud.io/adapter/features").
+        with({headers: {'Flipper-Cloud-Token'=>'asdf'}}).
+        to_return(status: 200, body: '{}', headers: {})
+      enable_stub = stub_request(:post, "https://www.flippercloud.io/adapter/features/foo/boolean").
+        with(headers: {'Flipper-Cloud-Token'=>'asdf'}).
+        to_return(status: 200, body: '{}', headers: {})
+      subject.enable(:foo)
+      expect(local_adapter.count(:add)).to be(1)
+      expect(local_adapter.count(:enable)).to be(1)
+      expect(add_stub).to have_been_requested
+      expect(enable_stub).to have_been_requested
+    end
+  end
+end

data/spec/flipper/cloud/message_verifier_spec.rb ADDED Viewed

@@ -0,0 +1,104 @@
+require 'flipper/cloud/message_verifier'
+RSpec.describe Flipper::Cloud::MessageVerifier do
+  let(:payload) { "some payload" }
+  let(:secret) { "secret" }
+  let(:timestamp) { Time.now }
+  describe "#generate" do
+    it "generates signature that can be verified" do
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
+      signature = message_verifier.generate(payload, timestamp)
+      header = generate_header(timestamp: timestamp, signature: signature)
+      expect(message_verifier.verify(payload, header)).to be(true)
+    end
+  end
+  describe "#header" do
+    it "generates a header in valid format" do
+      version = "v1"
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret, version: version)
+      signature = message_verifier.generate(payload, timestamp)
+      header = message_verifier.header(signature, timestamp)
+      expect(header).to eq("t=#{timestamp.to_i},#{version}=#{signature}")
+    end
+  end
+  describe ".header" do
+    it "generates a header in valid format" do
+      version = "v1"
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret, version: version)
+      signature = message_verifier.generate(payload, timestamp)
+      header = Flipper::Cloud::MessageVerifier.header(signature, timestamp, version)
+      expect(header).to eq("t=#{timestamp.to_i},#{version}=#{signature}")
+    end
+  end
+  describe "#verify" do
+    it "raises a InvalidSignature when the header does not have the expected format" do
+      header = "i'm not even a real signature header"
+      expect {
+        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
+        message_verifier.verify(payload, header)
+      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, "Unable to extract timestamp and signatures from header")
+    end
+    it "raises a InvalidSignature when there are no signatures with the expected version" do
+      header = generate_header(version: "v0")
+      expect {
+        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
+        message_verifier.verify(payload, header)
+      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, /No signatures found with expected version/)
+    end
+    it "raises a InvalidSignature when there are no valid signatures for the payload" do
+      header = generate_header(signature: "bad_signature")
+      expect {
+        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
+        message_verifier.verify(payload, header)
+      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, "No signatures found matching the expected signature for payload")
+    end
+    it "raises a InvalidSignature when the timestamp is not within the tolerance" do
+      header = generate_header(timestamp: Time.now - 15)
+      expect {
+        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
+        message_verifier.verify(payload, header, tolerance: 10)
+      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, /Timestamp outside the tolerance zone/)
+    end
+    it "returns true when the header contains a valid signature and the timestamp is within the tolerance" do
+      header = generate_header
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
+      expect(message_verifier.verify(payload, header, tolerance: 10)).to be(true)
+    end
+    it "returns true when the header contains at least one valid signature" do
+      header = generate_header + ",v1=bad_signature"
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
+      expect(message_verifier.verify(payload, header, tolerance: 10)).to be(true)
+    end
+    it "returns true when the header contains a valid signature and the timestamp is off but no tolerance is provided" do
+      header = generate_header(timestamp: Time.at(12_345))
+      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
+      expect(message_verifier.verify(payload, header)).to be(true)
+    end
+  end
+  private
+  def generate_header(options = {})
+    options[:secret] ||= secret
+    options[:version] ||= "v1"
+    message_verifier = Flipper::Cloud::MessageVerifier.new(secret: options[:secret], version: options[:version])
+    options[:timestamp] ||= timestamp
+    options[:payload] ||= payload
+    options[:signature] ||= message_verifier.generate(options[:payload], options[:timestamp])
+    Flipper::Cloud::MessageVerifier.header(options[:signature], options[:timestamp], options[:version])
+  end
+end