Extract privacy validations from ApplicationValidator

[alexevanczuk]

Commits

• Move ApplicationValidator::Result to its own file
• Move check_package_manifests_for_privacy to its own file
• Move tests to own class
• move more privacy things into the privacy specific checker
• move tests to test/unit/validators/check_package_manifests_for_privacy_test.rb

What are you trying to accomplish?

This is one step in the direction of #219
To extract privacy checking, one thing we need to extract is validation conceptually coupled to privacy.
In this PR, I pull ApplicationValidator concerns related to privacy into their own class.

What approach did you choose and why?

• I made it a class name namespaced under ApplicationValidator, for now, to make it as easy as possible to change references to defined constants
• I used a method name "call" for the privacy validation. After extracting the remaining validations, this can be maintained via a sorbet interface that ensures a single API for validation. This would allow users to plugin their own validation that runs automatically with bin/packwerk validate. This is necessary so folks can easily continue to use privacy validation as expected without needing to change what APIs they call.
• When there was a function in ApplicationValidator that no one else used, I made it a private function of the privacy validation.
• When there was a function that many validations used, I extracted it to a shared, but explicitly private constant called Private. Later, when the rest of the validations are in their own class and we see what functions they all depend on, we can see what APIs make sense to expose to client-injected validations.
• Rather than have each validation maintain its own instance state, I decided to pass in necessary dependencies, such as configuration, through to the privacy validation. This way it can be easy to see what input parameters are necessary for the hypothetical validation interface.
• I moved tests into their own class in a later commit so its easy to see what changed about tests (nothing besides references to the API used to invoke the validation).

Note: The plan here is to extract the rest of the validations into ApplicationValidator so each validation is in its own class. This doesn't mean each validation would be extracted from the codebase or available as its own indepenent API (we should mark them with private_constant).

What should reviewers focus on?

Does this make sense as a plan to extract privacy while moving towards allowing client-injected validations?

Type of Change

• Bugfix
• New feature
• Non-breaking change (a change that doesn't alter functionality - i.e., code refactor, configs, etc.)

Checklist

• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• It is safe to rollback this change.

[alexevanczuk]

We won't want the main validator knowing anything about enforce_privacy, so this can become a plugin concern.

I was thinking that a plugin can implement one or both interfaces – a checker interface or a validator interface (or just a single Plugin interface which is both of these). The validator would load those and allow top-level keys that plugins can specify.

[alexevanczuk]

This is quite a lot of validation logic that we'll be able to extract out of packwerk!

[gmcgibbon]

Why is this a class if we never instantiate it?

[alexevanczuk]

This is going to need to be merged in with the privacy stuff soon and implement the Packwerk::PluginInterface. Only a class can implement a sorbet interface. This is also all code that will soon be deleted from packwerk and moved out.

[gmcgibbon]

Similar to #233 (comment) it is difficult to see the end result when all I can see in this change is just moving functions around. Have we thought thought the extraction end-to-end already, or is the end result still a work in progress?

[alexevanczuk]

Hey -- let me know if the chat we had over slack helped resolve this or if there are any specific changes you'd like me to make to this PR.

[gmcgibbon]

I would change it at that time. Right now there's no need to be a class.

[alexevanczuk]

Sounds good – making it a module now.

[alexevanczuk]

@gmcgibbon Responded to all your feedback and pushed up changes!

[alexevanczuk]

@gmcgibbon Could you take another look?

[gmcgibbon]

I would change it at that time. Right now there's no need to be a class.

[gmcgibbon]

I'm not 100% sold on placing helpers in one big module. I think it would be more useful to define a subclass that extensions like the privacy checker can extend from. However, this is good enough for now as long as it stays private.

[alexevanczuk]

Yep I agree with ya... I think once we have a stronger sense of which parts of Helpers should be supported public API for checkers/validators we can pull that into some public subclass 👍

[mclark]

This is a nice improvement 👍

[mclark]

Suggested change

	# This API would likely just be `PackageSet.load_all_from(configruation)`, but we might want to clean
	# This API would likely just be `PackageSet.load_all_from(configuration)`, but we might want to clean

[mclark]

I wonder if this method would be better hung off Configuration instead as that's a non-null argument anyway? 🤔

[mclark]

This also feels like a method that might better belong to Configuration too.

[mclark]

Yeah I'm feeling like we have a missing abstraction here that the name "Helpers" is sort of hinting at. I'm not sure yet what it might be but I think something hanging off Configuration is feeling likely. Configuration#package_manifests(glob_pattern = nil) which returns T::Array[PackageManifest] maybe. Mostly just typing and thinking now, I think putting stuff in Helpers for now should be fine.