RubyGems - package_protections - Versions diffs - 3.1.0 → 4.0.0 - Mend

package_protections 3.1.0 → 4.0.0

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +0 -20
data/lib/package_protections/private/configuration.rb +0 -1
data/lib/package_protections/private.rb +0 -1
data/lib/package_protections/protected_package.rb +0 -5
data/lib/package_protections/rspec/application_fixture_helper.rb +1 -7
data/lib/rubocop/cop/package_protections/namespaced_under_package_name.rb +0 -30
metadata +2 -3
data/lib/package_protections/private/visibility_protection.rb +0 -186

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 217ae8f6eee7f084ff39ce7c4cf0bb06a08c361abff49e411d730a3a79592b71
-  data.tar.gz: 21a4eea2876078f531a67d3705e7a0d38c11b3bf87cd265e552bda9e8661638a
+  metadata.gz: f7dcf5c2038b67566fabbec1bebb7f7e793552f912613449f88d5fa244959200
+  data.tar.gz: d067b4f72f24f52a8b37bb36da54ad0d3fb52549529b012a819ecd796231fedd
 SHA512:
-  metadata.gz: 1633812b257db230cf9f0244c8dd397197d4feb98f37abcd9906e5660adbfb7985c82fc6758254f99771726d49d3796c2e30438a54bd14a75c9ed3b64dbca1a0
-  data.tar.gz: e1aafb82c4a5a93425cbfc28135bae436b792681f6cbd8257f95e2d51d985a436e80d191313d2959a3e9c37423f970608109bca773a5ffe0ad01af3d6214b6da
+  metadata.gz: 406251f9227b31309c2d991ea9cee1119ccc581724877b3e8ff2b9b76a0dfa71147ddc900bedcbc0cf7dfc52857a180500f6bb15f6c418dd9801ebc29f9e14b7
+  data.tar.gz: 2cb074c305a57e514ca3f923b08bdeacb7a156e404bed441c4b169ad7b92cf86dc7f5d5ac76b0e47d97cb4ae26eba87699e06694660fabc824092ddeee08ec61

data/README.md CHANGED Viewed

@@ -10,7 +10,6 @@ This gem ships with the following checks
 2) Other packages are not using the private API of your package (via `packwerk` `enforce_privacy`)
 3) Your package has a typed public API (via the `rubocop` `PackageProtections/TypedPublicApi` cop)
 4) Your package only creates a single namespace (via the `rubocop` `PackageProtections/NamespacedUnderPackageName` cop)
-4) Your package is only visible to a select number of packages (via the `packwerk` `enforce_privacy` cop)
 ## Initial Configuration
 Package protections first requires that your application is using [`packwerk`](https://github.com/Shopify/packwerk), [`rubocop`](https://github.com/rubocop/rubocop), and [`rubocop-sorbet`](https://github.com/Shopify/rubocop-sorbet). Follow the regular setup instructions for those tools before proceeding.
@@ -63,25 +62,6 @@ end
 If you've worked through all of the TODOs for this cop and are able to set the value to `fail_on_any`, you can also set `automatic_pack_namespace` which will support your pack having one global namespace without extra subdirectories. That is, instead of `packs/foo/app/services/foo/bar.rb`, you can use `packs/foo/app/services/bar.rb` and still have it define `Foo::Bar`. [See the `stimpack` README.md](https://github.com/rubyatscale/stimpack#readme) for more information.
-### `prevent_other_packages_from_using_this_package_without_explicit_visibility`
-*This is only available if your package has `enforce_privacy` set to `true`!*
-This protection exists to help packages have control over who their clients are. When turning on this protection, only clients who are listed in your `visible_to` metadata will be allowed to consume your package. Here is an example in `packs/apples/package.yml`:
-```yml
-enforce_privacy: true
-enforce_dependencies: true
-metadata:
-  protections:
-    prevent_other_packages_from_using_this_package_without_explicit_visibility: fail_on_new
-    # ... other protections are the same
-  visible_to:
-    - packs/other_pack
-    - packs/another_pack
-```
-In this package, only `packs/other_pack` and `packs/another_pack` can use `packs/apples`. With both the `fail_on_new` and `fail_on_any` setting, only those packs can state a dependency on `packs/apples` in their `package.yml`. If any other packs state a dependency on `packs/apples`, the build will fail, even with violations. With the `fail_on_new` setting, a pack can create a dependency or privacy violation on `packs/apples` even if it's not listed. With `fail_on_any`, no violations are allowed.
-If `visible_to` is not set and the protection is turned on, then the package cannot be consumed by any package (a top-level package might be a good candidate for this).
-Note that this protection's default behavior is `fail_never`, so it can remain unset in the `package.yml`.
 ## Violation Behaviors
 #### `fail_on_any`
 If this behavior is selected, the build will fail if there is *any* issue, new or old.

data/lib/package_protections/private/configuration.rb CHANGED Viewed

@@ -34,7 +34,6 @@ module PackageProtections
           Private::IncomingPrivacyProtection.new,
           RuboCop::Cop::PackageProtections::TypedPublicApi.new,
           RuboCop::Cop::PackageProtections::NamespacedUnderPackageName.new,
-          Private::VisibilityProtection.new,
           RuboCop::Cop::PackageProtections::OnlyClassMethods.new,
           RuboCop::Cop::PackageProtections::RequireDocumentedPublicApis.new
         ]

data/lib/package_protections/private.rb CHANGED Viewed

@@ -6,7 +6,6 @@ require 'package_protections/private/output'
 require 'package_protections/private/incoming_privacy_protection'
 require 'package_protections/private/outgoing_dependency_protection'
 require 'package_protections/private/metadata_modifiers'
-require 'package_protections/private/visibility_protection'
 require 'package_protections/private/configuration'
 module PackageProtections

data/lib/package_protections/protected_package.rb CHANGED Viewed

@@ -66,11 +66,6 @@ module PackageProtections
       original_package.dependencies
     end
-    sig { returns(T::Set[String]) }
-    def visible_to
-      Set.new(metadata['visible_to'] || [])
-    end
     sig { returns(T::Array[ParsePackwerk::Violation]) }
     def violations
       deprecated_references.violations

data/lib/package_protections/rspec/application_fixture_helper.rb CHANGED Viewed

@@ -16,23 +16,17 @@ module ApplicationFixtureHelper
     dependencies: [],
     enforce_dependencies: true,
     enforce_privacy: true,
-    protections: {},
-    visible_to: []
+    protections: {}
   )
     defaults = {
       'prevent_this_package_from_violating_its_stated_dependencies' => 'fail_on_new',
       'prevent_other_packages_from_using_this_packages_internals' => 'fail_on_new',
       'prevent_this_package_from_exposing_an_untyped_api' => 'fail_on_new',
       'prevent_this_package_from_creating_other_namespaces' => 'fail_on_new',
-      'prevent_other_packages_from_using_this_package_without_explicit_visibility' => 'fail_never',
       'prevent_this_package_from_exposing_instance_method_public_apis' => 'fail_never'
     }
     protections_with_defaults = defaults.merge(protections)
     metadata = { 'protections' => protections_with_defaults }
-    if visible_to.any?
-      metadata.merge!('visible_to' => visible_to)
-    end
     package = ParsePackwerk::Package.new(
       name: pack_name,
       dependencies: dependencies,

data/lib/rubocop/cop/package_protections/namespaced_under_package_name.rb CHANGED Viewed

@@ -10,36 +10,6 @@ module RuboCop
         extend T::Sig
         include ::PackageProtections::RubocopProtectionInterface
-        # We override `cop_configs` for this protection.
-        # The default behavior disables cops when a package has turned off a protection.
-        # However: namespace violations can occur even when one package has TURNED OFF their namespace protection
-        # but another package has it turned on. Therefore, all packages must always be opted in no matter what.
-        #
-        sig do
-          params(packages: T::Array[::PackageProtections::ProtectedPackage])
-          .returns(T::Array[::PackageProtections::RubocopProtectionInterface::CopConfig])
-        end
-        def cop_configs(packages)
-          include_packs = T.let([], T::Array[String])
-          packages.each do |p|
-            enabled_for_pack = !p.violation_behavior_for(NamespacedUnderPackageName::IDENTIFIER).fail_never?
-            if enabled_for_pack
-              include_packs << p.name
-            end
-          end
-          [
-            ::PackageProtections::RubocopProtectionInterface::CopConfig.new(
-              name: cop_name,
-              enabled: include_packs.any?,
-              metadata: {
-                'IncludePacks' => include_packs,
-                'GloballyPermittedNamespaces' => ::RuboCop::Packs.config.globally_permitted_namespaces
-              }
-            )
-          ]
-        end
         sig { override.returns(T::Array[String]) }
         def included_globs_for_pack
           [

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package_protections
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Gusto Engineers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-01 00:00:00.000000000 Z
+date: 2022-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -197,7 +197,6 @@ files:
 - lib/package_protections/private/metadata_modifiers.rb
 - lib/package_protections/private/outgoing_dependency_protection.rb
 - lib/package_protections/private/output.rb
-- lib/package_protections/private/visibility_protection.rb
 - lib/package_protections/protected_package.rb
 - lib/package_protections/protection_interface.rb
 - lib/package_protections/rspec/application_fixture_helper.rb

data/lib/package_protections/private/visibility_protection.rb DELETED Viewed

@@ -1,186 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module PackageProtections
-  module Private
-    class VisibilityProtection
-      extend T::Sig
-      include ProtectionInterface
-      IDENTIFIER = 'prevent_other_packages_from_using_this_package_without_explicit_visibility'
-      sig { override.returns(String) }
-      def identifier
-        IDENTIFIER
-      end
-      sig { override.params(behavior: ViolationBehavior, package: ParsePackwerk::Package).returns(T.nilable(String)) }
-      def unmet_preconditions_for_behavior(behavior, package)
-        # This protection relies on seeing privacy violations in other packages.
-        # We also require that the other package enforces dependencies, as otherwise, if the client is using public API, it won't show up
-        # as a privacy OR dependency violation. For now, we don't have the system structure to support that requirement.
-        if behavior.enabled? && !package.enforces_privacy?
-          "Package #{package.name} must have `enforce_privacy: true` to use this protection"
-        elsif !behavior.enabled? && !package.metadata['visible_to'].nil?
-          "Invalid configuration for package `#{package.name}`. `#{identifier}` must be turned on to use `visible_to` configuration."
-        else
-          nil
-        end
-      end
-      #
-      # By default, this protection does not show up when creating a new package, and its default behavior is FailNever
-      # A package that uses this protection is not considered strictly better -- in general, we want to design packages that
-      # are consumable by all packages. Therefore, a package that is consumable by all packages is the happy path.
-      #
-      # If a user wants to turn on package visibility, they must do it explicitly.
-      #
-      sig { returns(ViolationBehavior) }
-      def default_behavior
-        ViolationBehavior::FailNever
-      end
-      sig { override.returns(String) }
-      def humanized_protection_name
-        'Visibility Violations'
-      end
-      sig { override.returns(String) }
-      def humanized_protection_description
-        <<~MESSAGE
-          These files are using a constant from a package that restricts its usage through the `visible_to` flag in its `package.yml`
-          To resolve these violations, work with the team who owns the package you are trying to use and to figure out the
-          preferred public API for the behavior you want.
-          See https://go/packwerk_cheatsheet_visibility for more info.
-        MESSAGE
-      end
-      sig do
-        override.params(
-          new_violations: T::Array[PerFileViolation]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_new_violations(new_violations)
-        new_violations.flat_map do |per_file_violation|
-          depended_on_package = Private.get_package_with_name(per_file_violation.constant_source_package)
-          violation_behavior = depended_on_package.violation_behavior_for(identifier)
-          visible_to = depended_on_package.visible_to
-          next [] if visible_to.include?(per_file_violation.reference_source_package.name)
-          case violation_behavior
-          when ViolationBehavior::FailNever
-            next []
-          when ViolationBehavior::FailOnNew
-            message = message_for_fail_on_new(per_file_violation)
-          when ViolationBehavior::FailOnAny
-            message = message_for_fail_on_any(per_file_violation)
-          else
-            T.absurd(violation_behavior)
-          end
-          Offense.new(
-            file: per_file_violation.filepath,
-            message: message,
-            violation_type: identifier,
-            package: depended_on_package.original_package
-          )
-        end
-      end
-      sig do
-        override.params(
-          protected_packages: T::Array[ProtectedPackage]
-        ).returns(T::Array[Offense])
-      end
-      def get_offenses_for_existing_violations(protected_packages)
-        all_offenses = T.let([], T::Array[Offense])
-        all_listed_violations = protected_packages.flat_map do |protected_package|
-          protected_package.violations.flat_map do |violation|
-            PerFileViolation.from(violation, protected_package.original_package)
-          end
-        end
-        #
-        # First we get offenses related to violations between packages, looking at all dependency and privacy
-        # violations between packages.
-        #
-        # We only care about looking at each edge once. Since an edge can show up twice if its both a privacy and dependency violation,
-        # we only look at each combination of class from package (A) that's referenced in package (B)
-        unique_per_file_violations = all_listed_violations.uniq do |per_file_violation|
-          [per_file_violation.reference_source_package.name, per_file_violation.constant_source_package, per_file_violation.class_name]
-        end
-        all_offenses += unique_per_file_violations.flat_map do |per_file_violation|
-          depended_on_package = Private.get_package_with_name(per_file_violation.constant_source_package)
-          violation_behavior = depended_on_package.violation_behavior_for(identifier)
-          visible_to = depended_on_package.visible_to
-          next [] if visible_to.include?(per_file_violation.reference_source_package.name)
-          case violation_behavior
-          when ViolationBehavior::FailNever, ViolationBehavior::FailOnNew
-            next []
-          when ViolationBehavior::FailOnAny
-            message = message_for_fail_on_any(per_file_violation)
-          else
-            T.absurd(violation_behavior)
-          end
-          Offense.new(
-            file: per_file_violation.filepath,
-            message: message,
-            violation_type: identifier,
-            package: depended_on_package.original_package
-          )
-        end
-        #
-        # Then we get offenses from stated dependencies
-        #
-        all_offenses += protected_packages.flat_map do |protected_package|
-          protected_package.dependencies.flat_map do |package_dependency_name|
-            depended_on_package = Private.get_package_with_name(package_dependency_name)
-            visible_to = depended_on_package.visible_to
-            next [] if visible_to.include?(protected_package.name)
-            violation_behavior = depended_on_package.violation_behavior_for(identifier)
-            case violation_behavior
-            when ViolationBehavior::FailNever
-              next []
-            when ViolationBehavior::FailOnAny, ViolationBehavior::FailOnNew
-              # continue
-            else
-              T.absurd(violation_behavior)
-            end
-            message = "`#{protected_package.name}` cannot state a dependency on `#{depended_on_package.name}`, as it violates package visibility in `#{depended_on_package.yml}`"
-            Offense.new(
-              file: protected_package.yml.to_s,
-              message: message,
-              violation_type: identifier,
-              package: depended_on_package.original_package
-            )
-          end
-        end
-        all_offenses
-      end
-      private
-      sig { params(per_file_violation: PerFileViolation).returns(String) }
-      def message_for_fail_on_any(per_file_violation)
-        "#{message_for_fail_on_new(per_file_violation)} (`#{per_file_violation.constant_source_package}` set to `fail_on_any`)"
-      end
-      sig { params(per_file_violation: PerFileViolation).returns(String) }
-      def message_for_fail_on_new(per_file_violation)
-        "`#{per_file_violation.filepath}` references non-visible `#{per_file_violation.class_name}` from `#{per_file_violation.constant_source_package}`"
-      end
-    end
-  end
-end