Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce restrictions on dependency relationships between packages #8284

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Enforce restrictions on dependency relationships between packages #8284

wants to merge 8 commits into from

Conversation

zjs
Copy link
Member

@zjs zjs commented Sep 20, 2018
edited
Loading

Enforce whitelist-based restrictions on the dependency relationship between packages. This allows us to ensure that undesirable dependency relationships are not introduced.

The enforcement works by enumerating the go packages, finding the applicable .godeps_rules file (looking first in the package's directory, then looking recursively in parent directories, and finally falling back to /dev/null — essentially "default deny"). Each rules file is a list of regular expressions to be evaluated by grep (with support for full-line #-prefixed comments).

The enforcement script leverages the existing go-deps.sh script, including its caching logic (enabled by setting VIC_CACHE_DEPS, purged via make cleandeps).

Careful review of PRs that introduce or modify rule files will be necessary for this enforcement to be as effective as possible.

Fixes #8203

I've created #8294 to track resolution of existing undesirable dependency relationships.

Please review both the enforcement script itself and the initial dependency rules, which are written by hand based on my understanding of the codebase and may have errors as a result.

@zjs
Follow bash best practices in go-deps.sh
aff544b 
Address warnings from shellcheck (e.g., properly quoting expressions
and combining conditionals) to better follow bash best practices.

Additionally, introduce our standard set line to catch errors earlier
and conditionally provide debugging output.
@zjs
Introduce script to enforce dependency rules
6bb2ff7 
Introduce a script to enforce rules about dependency relationships
between packages in the project.

This script leverages the existing go-deps.sh script, including its
caching logic (enabled by setting VIC_CACHE_DEPS).
@zjs zjs self-assigned this Sep 20, 2018
@zjs zjs requested review from wjun and hickeng September 20, 2018 17:03
@zjs zjs requested a review from a team as a code owner September 20, 2018 17:03
hickeng
hickeng reviewed Sep 20, 2018
View reviewed changes
Copy link
Member

@hickeng hickeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've reviewed the mechanism and changes - I've not reviewed all of the deps files. I assume they are both sufficient and minimal at this time and I do not want to get distracted trying to track down why some of the odd dependencies exist in this PR.

lib/apiservers/engine/.godeps_rules Outdated Show resolved Hide resolved
@zjs
Define initial dependency enforcement rules
96f14be 
Define an initial set of dependency enforcement rules based on the
current state of the codebase.

Some problematic relationships were identified and annotated.
@zjs
Avoid removing rules files during cleanup
c024d31
@zjs
Enforce dependency relationships during build
e182fb2 
Add dependency relationship enforcement to the checks stage of the
build process so that it runs as a part of CI.
@zjs
Warn about unused rules
aaa8fc3
@zjs zjs mentioned this pull request Sep 24, 2018
Open
@zjs
fixup! Define initial dependency enforcement rules
a317d1e 
Add TODOs to track bad dependencies
@zjs zjs added this to the Sprint 36 milestone Oct 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renmaosheng renmaosheng renmaosheng approved these changes

@hickeng hickeng hickeng approved these changes

@wjun wjun Awaiting requested review from wjun

Assignees

@zjs zjs

Labels
cla-not-required
Projects
None yet
Milestone
Sprint 36
Development

Successfully merging this pull request may close these issues.

Enforce dependency restrictions
4 participants
@zjs @hickeng @renmaosheng @vmwclabot