rubocop-flexport 0.4.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0ad53cef118c00bda51659b577dd8a099fb46127d71d90df345a0eb2199aa06
-  data.tar.gz: e94a72b0ed1f9e9ca886b25ca2fa68538edf9b08874398f9fd4e7fe5e2c50f27
+  metadata.gz: 611e7d0841b96380210c5b9c0e69e1faa39714f485c7534a3c99f55a9567a854
+  data.tar.gz: 0300627c5f7459c722941ce9f7bf6bf594cbb8c6eb6a1e26791ceeeff8651f86
 SHA512:
-  metadata.gz: 73d6743b8da7bd0f7a325950dc312ab96c5a8eb2fd643b5fd1df8e419900996d14cddb3745ddbe204712c00d0e1dd2956ba477b95d08473ac9f977a84faf485d
-  data.tar.gz: d7c790e2a061b3ff32f7a447569d465903e28eb8c955a73841d60c2ae240d8212fef34d4ce496a3a098ca09aa2d1fbd777cb817c76173eef1b49fa1759ecaef9
+  metadata.gz: b23d6b05fe8ad73bd029a38b2fa9c5e957ac50433510e0b7f4b37ee94b1ac3148b8f477a4de297c194fc7f136d40168182f1c0a1442218e27aa9070b60c20e5c
+  data.tar.gz: 0b855624ddcfae29e8d211a2e05e54d401a0d06cbfd5e4a118ad6a3bccef1200e409d22f35380cbbf44ec3fc180ed99b34111978042437674675d30e864c651c

data/README.md

@@ -43,7 +43,7 @@ like below and then run `bundle install`:
 gem "rubocop-flexport", path: "/Users/<user>/rubocop-flexport"
 ```
 
-To release a new version, update the version number in `version.rb`, and then
+To release a new version, update the version number in `lib/rubocop/flexport/version.rb`, and then
 run `bundle exec rake release`, which will create a git tag for the version,
 push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 

data/config/default.yml

@@ -4,6 +4,7 @@ Flexport/EngineApiBoundary:
   VersionAdded: '0.3.0'
   EnginesPath: 'engines/'
   UnprotectedEngines: []
+  StronglyProtectedEngines: []
   EngineSpecificOverrides: []
 
 Flexport/GlobalModelAccessFromEngine:

data/lib/rubocop/cop/flexport/engine_api_boundary.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# rubocop:disable Metrics/ClassLength
 module RuboCop
   module Cop
     module Flexport
@@ -16,7 +17,7 @@ module RuboCop
       #   will be accessible outside your engine. For example, adding
       #   `api/foo_service.rb` will allow code outside your engine to
       #   invoke eg `MyEngine::Api::FooService.bar(baz)`.
-      # - Create a `_whitelist.rb` file in `api/`. Modules listed in
+      # - Create an `_allowlist.rb` or `_whitelist.rb` file in `api/`. Modules listed in
       #   this file are accessible to code outside the engine. The file
       #   must have this name and a particular format (see below).
       #
@@ -80,6 +81,36 @@ module RuboCop
       # end
       # ```
       #
+      # # "StronglyProtectedEngines" parameter
+      #
+      # The Engine API is not actually a network API surface. Method invocations
+      # may happen synchronously and assume they are part of the same
+      # transaction. So if your engine is using modules whitelisted by
+      # other engines, then you cannot extract your engine code into a
+      # separate network-isolated service (even though within a big Rails
+      # monolith using engines the cross-engine method call might have been
+      # acceptable).
+      #
+      # The "StronglyProtectedEngines" parameter helps in the case you want to
+      # extract your engine completely. If your engine is listed as a strongly
+      # protected engine, then the following additional restricts apply:
+      #
+      # (1) Any use of your engine's code by code outside your engine is
+      #     considered a violation, regardless of *your* _legacy_dependents.rb,
+      #     _whitelist.rb, or engine API module. (no inbound access)
+      # (2) Any use of other engines' code within your engine is considered
+      #     a violation, regardless of *their* _legacy_dependents.rb,
+      #     _whitelist.rb, or engine API module. (no outbound access)
+      #
+      # (Note: "EngineSpecificOverrides" parameter still has effect.)
+      #
+      # # "EngineSpecificOverrides" parameter
+      #
+      # This parameter allows defining bi-lateral private "APIs" between
+      # engines. See example in global_model_access_from_engine_spec.rb.
+      # This may be useful if you plan to extract several engines into the
+      # same network-isolated service.
+      #
       # @example
       #
       #   # bad
@@ -109,25 +140,29 @@ module RuboCop
       #
       class EngineApiBoundary < Cop
         include EngineApi
+        include EngineNodeContext
+
+        MSG = 'Direct access of %<accessed_engine>s engine. ' \
+              'Only access engine via %<accessed_engine>s::Api.'
+
+        STRONGLY_PROTECTED_MSG = 'All direct access of ' \
+              '%<accessed_engine>s engine disallowed because ' \
+              'it is in StronglyProtectedEngines list.'
 
-        MSG = 'Direct access of %<engine>s engine. ' \
-              'Only access engine via %<engine>s::Api.'
+        STRONGLY_PROTECTED_CURRENT_MSG = 'Direct ' \
+              'access of %<accessed_engine>s is disallowed in this file ' \
+              'because it\'s in the %<current_engine>s engine, which ' \
+              'is in the StronglyProtectedEngines list.'
+
+        MAIN_APP_NAME = 'MainApp::EngineApi'
 
         def_node_matcher :rails_association_hash_args, <<-PATTERN
           (send _ {:belongs_to :has_one :has_many} sym $hash)
         PATTERN
 
         def on_const(node)
-          # Sometimes modules/class are declared with the same name as an
-          # engine. For example, you might have:
-          #
-          #   /engines/foo
-          #   /app/graph/types/foo
-          #
-          # We ignore instead of yielding false positive for the module
-          # declaration in the latter.
           return if in_module_or_class_declaration?(node)
-          # Similarly, you might have value objects that are named
+          # There might be value objects that are named
           # the same as engines like:
           #
           # Warehouse.new
@@ -135,11 +170,11 @@ module RuboCop
           # We don't want to warn on these cases either.
           return if sending_method_to_namespace_itself?(node)
 
-          engine = extract_engine(node)
-          return unless engine
-          return if valid_engine_access?(node, engine)
+          accessed_engine = extract_accessed_engine(node)
+          return unless accessed_engine
+          return if valid_engine_access?(node, accessed_engine)
 
-          add_offense(node, message: format(MSG, engine: engine))
+          add_offense(node, message: message(accessed_engine))
         end
 
         def on_send(node)
@@ -147,11 +182,11 @@ module RuboCop
             class_name_node = extract_class_name_node(assocation_hash_args)
             next if class_name_node.nil?
 
-            engine = extract_model_engine(class_name_node)
-            next if engine.nil?
-            next if valid_engine_access?(node, engine)
+            accessed_engine = extract_model_engine(class_name_node)
+            next if accessed_engine.nil?
+            next if valid_engine_access?(node, accessed_engine)
 
-            add_offense(class_name_node, message: format(MSG, engine: engine))
+            add_offense(class_name_node, message: message(accessed_engine))
           end
         end
 
@@ -161,12 +196,35 @@ module RuboCop
 
         private
 
-        def extract_engine(node)
+        def message(accessed_engine)
+          if strongly_protected_engine?(accessed_engine)
+            format(STRONGLY_PROTECTED_MSG, accessed_engine: accessed_engine)
+          elsif strongly_protected_engine?(current_engine)
+            format(
+              STRONGLY_PROTECTED_CURRENT_MSG,
+              accessed_engine: accessed_engine,
+              current_engine: current_engine
+            )
+          else
+            format(MSG, accessed_engine: accessed_engine)
+          end
+        end
+
+        def extract_accessed_engine(node)
+          return MAIN_APP_NAME if disallowed_main_app_access?(node)
           return nil unless protected_engines.include?(node.const_name)
 
           node.const_name
         end
 
+        def disallowed_main_app_access?(node)
+          strongly_protected_engine?(current_engine) && main_app_access?(node)
+        end
+
+        def main_app_access?(node)
+          node.const_name.start_with?(MAIN_APP_NAME)
+        end
+
         def engines_path
           path = cop_config['EnginesPath']
           path += '/' unless path.end_with?('/')
@@ -192,27 +250,25 @@ module RuboCop
           names.map { |n| ActiveSupport::Inflector.camelize(n) }
         end
 
-        def in_module_or_class_declaration?(node)
-          depth = 0
-          max_depth = 10
-          while node.const_type? && depth < max_depth
-            node = node.parent
-            depth += 1
-          end
-          node.module_type? || node.class_type?
+        def sending_method_to_namespace_itself?(node)
+          node.parent&.send_type?
         end
 
-        def sending_method_to_namespace_itself?(node)
-          node.parent.send_type?
+        def valid_engine_access?(node, accessed_engine)
+          return true if in_engine_file?(accessed_engine)
+          return true if engine_specific_override?(node)
+
+          return false if strongly_protected_engine?(current_engine)
+          return false if strongly_protected_engine?(accessed_engine)
+
+          valid_engine_api_access?(node, accessed_engine)
         end
 
-        def valid_engine_access?(node, engine)
+        def valid_engine_api_access?(node, accessed_engine)
           (
-            in_engine_file?(engine) ||
-            in_legacy_dependent_file?(engine) ||
+            in_legacy_dependent_file?(accessed_engine) ||
             through_api?(node) ||
-            whitelisted?(node, engine) ||
-            engine_specific_override?(node)
+            allowlisted?(node, accessed_engine)
           )
         end
 
@@ -250,12 +306,12 @@ module RuboCop
           end
         end
 
-        def in_engine_file?(engine)
-          current_engine == engine
+        def in_engine_file?(accessed_engine)
+          current_engine == accessed_engine
         end
 
-        def in_legacy_dependent_file?(engine)
-          legacy_dependents = read_api_file(engine, :legacy_dependents)
+        def in_legacy_dependent_file?(accessed_engine)
+          legacy_dependents = read_api_file(accessed_engine, :legacy_dependents)
           # The file names are strings so we need to remove the escaped quotes
           # on either side from the source code.
           legacy_dependents = legacy_dependents.map do |source|
@@ -270,15 +326,16 @@ module RuboCop
           node.parent&.const_type? && node.parent.children.last == :Api
         end
 
-        def whitelisted?(node, engine)
-          whitelist = read_api_file(engine, :whitelist)
-          return false if whitelist.empty?
+        def allowlisted?(node, engine)
+          allowlist = read_api_file(engine, :allowlist)
+          allowlist = read_api_file(engine, :whitelist) if allowlist.empty?
+          return false if allowlist.empty?
 
           depth = 0
           max_depth = 5
           while node.const_type? && depth < max_depth
             full_const_name = remove_leading_colons(node.source)
-            return true if whitelist.include?(full_const_name)
+            return true if allowlist.include?(full_const_name)
 
             node = node.parent
             depth += 1
@@ -302,19 +359,42 @@ module RuboCop
 
           raw_overrides.each do |raw_override|
             engine = ActiveSupport::Inflector.camelize(raw_override['Engine'])
-            overrides_by_engine[engine] = raw_override['AllowedModels']
+            overrides_by_engine[engine] = raw_override['AllowedModules']
           end
           overrides_by_engine
         end
 
         def engine_specific_override?(node)
-          model_name = node.parent.source
-          model_names_allowed_by_override = overrides_by_engine[current_engine]
-          return false unless model_names_allowed_by_override
+          return false unless overrides_for_current_engine
+
+          depth = 0
+          max_depth = 5
+          while node&.const_type? && depth < max_depth
+            module_name = node.source
+            return true if overrides_for_current_engine.include?(module_name)
+
+            node = node.parent
+            depth += 1
+          end
+          false
+        end
+
+        def overrides_for_current_engine
+          overrides_by_engine[current_engine]
+        end
+
+        def strongly_protected_engines
+          @strongly_protected_engines ||= begin
+            strongly_protected = cop_config['StronglyProtectedEngines'] || []
+            camelize_all(strongly_protected)
+          end
+        end
 
-          model_names_allowed_by_override.include?(model_name)
+        def strongly_protected_engine?(engine)
+          strongly_protected_engines.include?(engine)
         end
       end
     end
   end
 end
+# rubocop:enable Metrics/ClassLength

data/lib/rubocop/cop/flexport/global_model_access_from_engine.rb

@@ -46,6 +46,8 @@ module RuboCop
       #   end
       #
       class GlobalModelAccessFromEngine < Cop
+        include EngineNodeContext
+
         MSG = 'Direct access of global model `%<model>s` ' \
               'from within Rails Engine.'
 
@@ -58,6 +60,7 @@ module RuboCop
           return unless global_model_const?(node)
           # The cop allows access to e.g. MyGlobalModel::MY_CONST.
           return if child_of_const?(node)
+          return if in_module_or_class_declaration?(node)
 
           add_offense(node, message: message(node.source))
         end
@@ -124,7 +127,9 @@ module RuboCop
 
         def in_disabled_engine?(file_path)
           disabled_engines.any? do |e|
-            file_path.include?(File.join(engines_path, e))
+            # Add trailing / to engine path to avoid incorrectly
+            # matching engines with similar names
+            file_path.include?(File.join(engines_path, e, ''))
           end
         end
 

data/lib/rubocop/cop/flexport_cops.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'mixin/engine_api'
+require_relative 'mixin/engine_node_context'
 
 require_relative 'flexport/engine_api_boundary'
 require_relative 'flexport/global_model_access_from_engine'

data/lib/rubocop/cop/mixin/engine_api.rb

@@ -10,9 +10,13 @@ module RuboCop
       extend NodePattern::Macros
 
       API_FILE_DETAILS = {
+        allowlist: {
+          file_basename: '_allowlist.rb',
+          array_matcher: :allowlist_array
+        },
         whitelist: {
           file_basename: '_whitelist.rb',
-          array_matcher: :whitelist_array
+          array_matcher: :allowlist_array
         },
         legacy_dependents: {
           file_basename: '_legacy_dependents.rb',
@@ -108,7 +112,7 @@ module RuboCop
         end
       end
 
-      def_node_matcher :whitelist_array, <<-PATTERN
+      def_node_matcher :allowlist_array, <<-PATTERN
           (casgn nil? {:PUBLIC_MODULES :PUBLIC_SERVICES :PUBLIC_CONSTANTS :PUBLIC_TYPES} {$array (send $array ...)})
       PATTERN
 

data/lib/rubocop/cop/mixin/engine_node_context.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    # Helpers for determining the context of a node for engine violations.
+    module EngineNodeContext
+      # Sometimes modules/class are declared with the same name as an
+      # engine or global model. For example, you might have both:
+      #
+      #   /engines/foo
+      #   /app/graph/types/foo
+      #
+      # We ignore instead of yielding false positive for the module
+      # declaration in the latter.
+      def in_module_or_class_declaration?(node)
+        depth = 0
+        max_depth = 10
+        while node.const_type? && node.parent && depth < max_depth
+          node = node.parent
+          depth += 1
+        end
+        node.module_type? || node.class_type?
+      end
+    end
+  end
+end

data/lib/rubocop/flexport/version.rb

@@ -2,6 +2,6 @@
 
 module RuboCop
   module Flexport
-    VERSION = '0.4.0'
+    VERSION = '0.9.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-flexport
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Flexport Engineering
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-12-09 00:00:00.000000000 Z
+date: 2020-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -56,6 +56,7 @@ files:
 - lib/rubocop/cop/flexport/new_global_model.rb
 - lib/rubocop/cop/flexport_cops.rb
 - lib/rubocop/cop/mixin/engine_api.rb
+- lib/rubocop/cop/mixin/engine_node_context.rb
 - lib/rubocop/flexport.rb
 - lib/rubocop/flexport/inject.rb
 - lib/rubocop/flexport/version.rb