Remove visibility protection (#43)

Author: Alex Evanczuk

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    package_protections (3.2.0)
+    package_protections (4.0.0)
       activesupport
       parse_packwerk
       rubocop

README.md

@@ -10,7 +10,6 @@ This gem ships with the following checks
 2) Other packages are not using the private API of your package (via `packwerk` `enforce_privacy`)
 3) Your package has a typed public API (via the `rubocop` `PackageProtections/TypedPublicApi` cop)
 4) Your package only creates a single namespace (via the `rubocop` `PackageProtections/NamespacedUnderPackageName` cop)
-4) Your package is only visible to a select number of packages (via the `packwerk` `enforce_privacy` cop)
 
 ## Initial Configuration
 Package protections first requires that your application is using [`packwerk`](https://github.com/Shopify/packwerk), [`rubocop`](https://github.com/rubocop/rubocop), and [`rubocop-sorbet`](https://github.com/Shopify/rubocop-sorbet). Follow the regular setup instructions for those tools before proceeding.
@@ -63,25 +62,6 @@ end
 
 If you've worked through all of the TODOs for this cop and are able to set the value to `fail_on_any`, you can also set `automatic_pack_namespace` which will support your pack having one global namespace without extra subdirectories. That is, instead of `packs/foo/app/services/foo/bar.rb`, you can use `packs/foo/app/services/bar.rb` and still have it define `Foo::Bar`. [See the `stimpack` README.md](https://github.com/rubyatscale/stimpack#readme) for more information.
 
-### `prevent_other_packages_from_using_this_package_without_explicit_visibility`
-*This is only available if your package has `enforce_privacy` set to `true`!*
-This protection exists to help packages have control over who their clients are. When turning on this protection, only clients who are listed in your `visible_to` metadata will be allowed to consume your package. Here is an example in `packs/apples/package.yml`:
-```yml
-enforce_privacy: true
-enforce_dependencies: true
-metadata:
-  protections:
-    prevent_other_packages_from_using_this_package_without_explicit_visibility: fail_on_new
-    # ... other protections are the same
-  visible_to:
-    - packs/other_pack
-    - packs/another_pack
-```
-In this package, only `packs/other_pack` and `packs/another_pack` can use `packs/apples`. With both the `fail_on_new` and `fail_on_any` setting, only those packs can state a dependency on `packs/apples` in their `package.yml`. If any other packs state a dependency on `packs/apples`, the build will fail, even with violations. With the `fail_on_new` setting, a pack can create a dependency or privacy violation on `packs/apples` even if it's not listed. With `fail_on_any`, no violations are allowed.
-If `visible_to` is not set and the protection is turned on, then the package cannot be consumed by any package (a top-level package might be a good candidate for this).
-
-Note that this protection's default behavior is `fail_never`, so it can remain unset in the `package.yml`.
-
 ## Violation Behaviors
 #### `fail_on_any`
 If this behavior is selected, the build will fail if there is *any* issue, new or old.

lib/package_protections/private.rb

@@ -6,7 +6,6 @@
 require 'package_protections/private/incoming_privacy_protection'
 require 'package_protections/private/outgoing_dependency_protection'
 require 'package_protections/private/metadata_modifiers'
-require 'package_protections/private/visibility_protection'
 require 'package_protections/private/configuration'
 
 module PackageProtections

lib/package_protections/private/configuration.rb

@@ -34,7 +34,6 @@ def default_protections
           Private::IncomingPrivacyProtection.new,
           RuboCop::Cop::PackageProtections::TypedPublicApi.new,
           RuboCop::Cop::PackageProtections::NamespacedUnderPackageName.new,
-          Private::VisibilityProtection.new,
           RuboCop::Cop::PackageProtections::OnlyClassMethods.new,
           RuboCop::Cop::PackageProtections::RequireDocumentedPublicApis.new
         ]

lib/package_protections/private/visibility_protection.rb

@@ -66,11 +66,6 @@ def dependencies
       original_package.dependencies
     end
 
-    sig { returns(T::Set[String]) }
-    def visible_to
-      Set.new(metadata['visible_to'] || [])
-    end
-
     sig { returns(T::Array[ParsePackwerk::Violation]) }
     def violations
       deprecated_references.violations

lib/package_protections/protected_package.rb

@@ -16,23 +16,17 @@ def write_package_yml(
     dependencies: [],
     enforce_dependencies: true,
     enforce_privacy: true,
-    protections: {},
-    visible_to: []
+    protections: {}
   )
     defaults = {
       'prevent_this_package_from_violating_its_stated_dependencies' => 'fail_on_new',
       'prevent_other_packages_from_using_this_packages_internals' => 'fail_on_new',
       'prevent_this_package_from_exposing_an_untyped_api' => 'fail_on_new',
       'prevent_this_package_from_creating_other_namespaces' => 'fail_on_new',
-      'prevent_other_packages_from_using_this_package_without_explicit_visibility' => 'fail_never',
       'prevent_this_package_from_exposing_instance_method_public_apis' => 'fail_never'
     }
     protections_with_defaults = defaults.merge(protections)
     metadata = { 'protections' => protections_with_defaults }
-    if visible_to.any?
-      metadata.merge!('visible_to' => visible_to)
-    end
-
     package = ParsePackwerk::Package.new(
       name: pack_name,
       dependencies: dependencies,

lib/package_protections/rspec/application_fixture_helper.rb

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = 'package_protections'
-  spec.version       = '3.2.0'
+  spec.version       = '4.0.0'
   spec.authors       = ['Gusto Engineers']
   spec.email         = ['stephan.hagemann@gusto.com']
   spec.summary       = 'Package protections for Rails apps'

package_protections.gemspec

@@ -45,7 +45,7 @@
             someprotection: true
       YML
 
-      expect(PackageProtections.validate!).to include 'Invalid configuration for package `.`. The metadata keys ["someprotection"] are not a valid behavior under the `protection` metadata namespace. Valid keys are ["prevent_this_package_from_violating_its_stated_dependencies", "prevent_other_packages_from_using_this_packages_internals", "prevent_this_package_from_exposing_an_untyped_api", "prevent_this_package_from_creating_other_namespaces", "prevent_other_packages_from_using_this_package_without_explicit_visibility", "prevent_this_package_from_exposing_instance_method_public_apis", "prevent_this_package_from_exposing_undocumented_public_apis"]. See https://github.com/rubyatscale/package_protections#readme for more info'
+      expect(PackageProtections.validate!).to include 'Invalid configuration for package `.`. The metadata keys ["someprotection"] are not a valid behavior under the `protection` metadata namespace. Valid keys are ["prevent_this_package_from_violating_its_stated_dependencies", "prevent_other_packages_from_using_this_packages_internals", "prevent_this_package_from_exposing_an_untyped_api", "prevent_this_package_from_creating_other_namespaces", "prevent_this_package_from_exposing_instance_method_public_apis", "prevent_this_package_from_exposing_undocumented_public_apis"]. See https://github.com/rubyatscale/package_protections#readme for more info'
     end
   end