Automatically enforce constraints across all workspaces (gardener#991)

* added workspace constraints

* add spdx header to constraints

.yarnrc.yml

@@ -1,11 +1,14 @@
-# SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Gardener contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-
 enableTelemetry: false
 
 enableTransparentWorkspaces: false
 
+immutablePatterns:
+  - .pnp.*
+
+logFilters:
+  - code: YN0005
+    level: discard
+
 packageExtensions:
   "@babel/plugin-syntax-jsx@*":
     dependencies:
@@ -42,9 +45,7 @@ plugins:
     spec: "https://gitlab.com/holgerkoser/yarn-contrib/-/raw/1.0.0-beta.2/packages/plugin-production-install/bundles/@yarnpkg/plugin-production-install.js"
   - path: .yarn/plugins/@yarnpkg/plugin-version.cjs
     spec: "@yarnpkg/plugin-version"
+  - path: .yarn/plugins/@yarnpkg/plugin-constraints.cjs
+    spec: "@yarnpkg/plugin-constraints"
 
 yarnPath: .yarn/releases/yarn-2.4.1.cjs
-
-logFilters:
-  - code: "YN0005"
-    level: "discard"

Dockerfile

@@ -13,6 +13,9 @@ COPY . .
 RUN yarn config set enableNetwork false
 RUN yarn install --immutable --immutable-cache
 
+# check that the constraints are met
+RUN yarn constraints
+
 # run lint in all workspaces
 RUN yarn workspace @gardener-dashboard/logger      run lint
 RUN yarn workspace @gardener-dashboard/request     run lint

backend/lib/services/infrastructureSecrets.js

@@ -115,37 +115,36 @@ function resolveQuotas (secretBinding) {
 }
 
 async function getInfrastructureSecrets ({ secretBindings, cloudProfileList, secretList, namespace }) {
-  return _
-    .chain(secretBindings)
-    .map(secretBinding => {
-      try {
-        const cloudProfileName = _.get(secretBinding, ['metadata', 'labels', 'cloudprofile.garden.sapcloud.io/name'])
-        const cloudProfile = _.find(cloudProfileList, ['metadata.name', cloudProfileName])
-        const cloudProviderKind = _.get(cloudProfile, 'metadata.cloudProviderKind')
-        const name = _.get(secretBinding, 'metadata.name')
-        const secretName = _.get(secretBinding, 'secretRef.name')
-        const secretNamespace = _.get(secretBinding, 'secretRef.namespace', namespace)
-        const projectInfo = getProjectNameAndHasCostObject(secretNamespace)
-        if (!cloudProviderKind) {
-          throw new Error(fmt('Could not determine cloud provider kind for cloud profile name %s. Skipping infrastructure secret with name %s', cloudProfileName, name))
-        }
-        const secret = _.find(secretList, ['metadata.name', secretName]) // pragma: whitelist secret
-        if (isOwnSecret(secretBinding) && !secret) {
-          throw new Error(fmt('Secret missing for secretbinding in own namespace. Skipping infrastructure secret with name %s', secretName))
-        }
-        return fromResource({
-          secretBinding,
-          cloudProviderKind,
-          secret,
-          quotas: resolveQuotas(secretBinding),
-          ...projectInfo
-        })
-      } catch (err) {
-        logger.info(err.message)
+  const infrastructureSecrets = []
+  for (const secretBinding of secretBindings) {
+    try {
+      const cloudProfileName = _.get(secretBinding, ['metadata', 'labels', 'cloudprofile.garden.sapcloud.io/name'])
+      const cloudProfile = _.find(cloudProfileList, ['metadata.name', cloudProfileName])
+      const cloudProviderKind = _.get(cloudProfile, 'metadata.cloudProviderKind')
+      const name = _.get(secretBinding, 'metadata.name')
+      const secretName = _.get(secretBinding, 'secretRef.name')
+      const secretNamespace = _.get(secretBinding, 'secretRef.namespace', namespace)
+      const projectInfo = getProjectNameAndHasCostObject(secretNamespace)
+      if (!cloudProviderKind) {
+        throw new Error(fmt('Could not determine cloud provider kind for cloud profile name %s. Skipping infrastructure secret with name %s', cloudProfileName, name))
       }
-    })
-    .compact()
-    .value()
+      const secret = _.find(secretList, ['metadata.name', secretName]) // pragma: whitelist secret
+      if (isOwnSecret(secretBinding) && !secret) {
+        throw new Error(fmt('Secret missing for secretbinding in own namespace. Skipping infrastructure secret with name %s', secretName))
+      }
+      const infrastructureSecret = fromResource({
+        secretBinding,
+        cloudProviderKind,
+        secret,
+        quotas: resolveQuotas(secretBinding),
+        ...projectInfo
+      })
+      infrastructureSecrets.push(infrastructureSecret)
+    } catch (err) {
+      logger.info(err.message)
+    }
+  }
+  return infrastructureSecrets
 }
 
 async function getCloudProviderKind (user, name) {

backend/package.json

@@ -52,14 +52,14 @@
     "js-yaml": "^3.13.1",
     "jsonwebtoken": "^8.5.1",
     "lodash": "^4.17.19",
-    "moment": "^2.24.0",
+    "moment": "^2.29.1",
     "morgan": "^1.9.1",
-    "object-hash": "^2.0.0",
+    "object-hash": "^2.0.3",
     "openid-client": "^3.1.1",
     "p-retry": "^4.2.0",
     "p-timeout": "^3.2.0",
     "sanitize-html": "^2.1.1",
-    "semver": "^7.1.2",
+    "semver": "^7.2.1",
     "showdown": "^1.9.1",
     "socket.io": "^2.3.0",
     "swagger-parser": "^8.0.1",
@@ -68,13 +68,12 @@
   "devDependencies": {
     "abort-controller": "^3.0.0",
     "dockerfile-ast": "^0.0.19",
-    "eslint": "^7.7.0",
-    "eslint-config-standard": "^14.1.1",
-    "eslint-plugin-import": "^2.22.0",
-    "eslint-plugin-jest": "^23.20.0",
+    "eslint": "^7.23.0",
+    "eslint-config-standard": "^16.0.2",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-jest": "^24.3.2",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
+    "eslint-plugin-promise": "^4.3.1",
     "fast-json-patch": "^3.0.0-1",
     "jest": "^26.6.3",
     "nodemon": "^2.0.2",
@@ -88,7 +87,7 @@
     "env": {
       "browser": true,
       "commonjs": true,
-      "es2020": true,
+      "es2021": true,
       "node": true,
       "jest/globals": true
     },
@@ -104,13 +103,14 @@
       "fixtures": true
     },
     "parserOptions": {
-      "ecmaVersion": 11
+      "ecmaVersion": 12
     },
     "rules": {
       "no-console": "error",
       "no-debugger": "error"
     },
     "ignorePatterns": [
+      "public",
       "my*.js"
     ],
     "overrides": [

backend/test/hooks.spec.js

@@ -128,11 +128,7 @@ describe('hooks', () => {
           expect(watch).toBeCalledTimes(1)
           expect(watch.mock.calls[0]).toHaveLength(2)
           expect(watch.mock.calls[0][0]).toBe(ioInstance)
-          if (key === 'tickets') {
-            expect(watch.mock.calls[0][1]).toBe(ticketCache)
-          } else {
-            expect(watch.mock.calls[0][1]).toBe(informers[key])
-          }
+          expect(watch.mock.calls[0][1]).toBe(key === 'tickets' ? ticketCache : informers[key])
         }
       })
     })

backend/test/services.members.spec.js

@@ -420,7 +420,7 @@ describe('services', function () {
         })
       })
 
-      describe('#updateServiceAccount ', function () {
+      describe('#updateServiceAccount', function () {
         it('should not update a serviceaccount from a different namespace', async function () {
           const id = 'system:serviceaccount:garden-foreign:robot-foreign-namespace'
           const item = memberManager.subjectList.get(id)

backend/test/services.terminals.spec.js

@@ -264,7 +264,7 @@ describe('services', function () {
           await expect(getGardenTerminalHostClusterSecretRef(client)).rejects.toThrow(AssertionError)
         })
 
-        it('should throw a no seed error ', async function () {
+        it('should throw a no seed error', async function () {
           const gardenTerminalHost = {
             seedRef: 'none'
           }

charts/package.json

@@ -28,20 +28,19 @@
     "lodash": "^4.17.19"
   },
   "devDependencies": {
-    "eslint": "^7.7.0",
-    "eslint-config-standard": "^14.1.1",
-    "eslint-plugin-import": "^2.22.0",
-    "eslint-plugin-jest": "^23.20.0",
+    "eslint": "^7.23.0",
+    "eslint-config-standard": "^16.0.2",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-jest": "^24.3.2",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
+    "eslint-plugin-promise": "^4.3.1",
     "jest": "^26.6.3"
   },
   "eslintConfig": {
     "env": {
       "browser": true,
       "commonjs": true,
-      "es2020": true,
+      "es2021": true,
       "node": true,
       "jest/globals": true
     },
@@ -56,7 +55,7 @@
       "helmTemplate": true
     },
     "parserOptions": {
-      "ecmaVersion": 11
+      "ecmaVersion": 12
     },
     "rules": {
       "no-console": "error"

constraints.pro

@@ -0,0 +1,28 @@
+/**
+ * SPDX-FileCopyrightText: 2020 SAP SE or an SAP affiliate company and Gardener contributors
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+constraints_min_version(1).
+
+% This rule will enforce that a workspace MUST depend on the same version of a dependency as the one used by the other workspaces
+gen_enforced_dependency(WorkspaceCwd, DependencyIdent, DependencyRange2, DependencyType) :-
+    workspace_has_dependency(WorkspaceCwd, DependencyIdent, DependencyRange, DependencyType),
+    workspace_has_dependency(OtherWorkspaceCwd, DependencyIdent, DependencyRange2, DependencyType2),
+    DependencyRange \= DependencyRange2,
+    \+ (
+      (WorkspaceCwd = 'frontend'; OtherWorkspaceCwd = 'frontend'),
+      member(DependencyIdent, ['eslint'])
+    ).
+
+% This rule will enforce that all packages must have a "Apache-2.0" license field
+gen_enforced_field(WorkspaceCwd, 'license', 'Apache-2.0').
+
+% This rule will enforce that all packages must have certain engines fields
+gen_enforced_field(WorkspaceCwd, 'engines.node', '^15.11.0').
+gen_enforced_field(WorkspaceCwd, 'engines.yarn', '^2.4.1').
+
+% Required to make the package work with the GitHub Package Registry
+gen_enforced_field(WorkspaceCwd, 'repository.type', 'git').
+gen_enforced_field(WorkspaceCwd, 'repository.url', 'git+https://github.com/gardener/dashboard.git').
+gen_enforced_field(WorkspaceCwd, 'repository.directory', WorkspaceCwd).

frontend/package.json

@@ -79,9 +79,9 @@
     "@vue/test-utils": "^1.0.3",
     "babel-eslint": "^10.1.0",
     "eslint": "^6.7.2",
-    "eslint-plugin-import": "^2.20.2",
+    "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
+    "eslint-plugin-promise": "^4.3.1",
     "eslint-plugin-standard": "^4.0.0",
     "eslint-plugin-vue": "^6.2.2",
     "eslint-plugin-vuetify": "^1.0.0-beta.7",

package.json

@@ -11,7 +11,8 @@
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
-    "url": "git://github.com/gardener/dashboard"
+    "url": "git+https://github.com/gardener/dashboard.git",
+    "directory": "."
   },
   "contributors": [
     "Gross, Lukas <[email protected]>",
@@ -27,7 +28,7 @@
     }
   },
   "devDependencies": {
-    "eslint": "^6.8.0",
+    "eslint": "^7.23.0",
     "jest": "^26.6.3",
     "node-gyp": "latest"
   },

packages/kube-client/__tests__/cache.store.test.js

@@ -56,7 +56,7 @@ describe('kube-client', () => {
         expect(store.listKeys()).toHaveLength(0)
       })
 
-      it('should find an element ', async () => {
+      it('should find an element', async () => {
         const a = { uid: 1, bool: false, num: 1, str: 'a' }
         const b = { uid: 2, bool: true, num: 2, str: 'b' }
         const c = { uid: 3, bool: true, num: 3, str: 'c' }

packages/kube-client/__tests__/cache.test.js

@@ -208,7 +208,7 @@ describe('kube-client', () => {
         try {
           await listPager.list(options)
         } catch (err) {
-          // eslint-disable-next-line jest/no-try-expect
+          // eslint-disable-next-line jest/no-conditional-expect, jest/no-try-expect
           expect(ApiErrors.isExpiredError(err)).toBe(true)
         }
         listPager.fullListIfExpired = true
@@ -286,7 +286,7 @@ describe('kube-client', () => {
           try {
             await reflector.watchHandler(stream)
           } catch (err) {
-            // eslint-disable-next-line jest/no-try-expect
+            // eslint-disable-next-line jest/no-conditional-expect, jest/no-try-expect
             expect(ApiErrors.isExpiredError(err)).toBe(true)
           }
 

packages/kube-client/package.json

@@ -32,28 +32,27 @@
     "jsonwebtoken": "^8.5.1",
     "lodash": "^4.17.19",
     "mixwith": "^0.1.1",
-    "moment": "^2.24.0",
+    "moment": "^2.29.1",
     "node-forge": "^0.10.0",
     "uuid": "^8.3.0"
   },
   "devDependencies": {
     "@gardener-dashboard/test-utils": "workspace:*",
     "abort-controller": "^3.0.0",
-    "eslint": "^7.7.0",
-    "eslint-config-standard": "^14.1.1",
-    "eslint-plugin-import": "^2.22.0",
-    "eslint-plugin-jest": "^23.20.0",
+    "eslint": "^7.23.0",
+    "eslint-config-standard": "^16.0.2",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-jest": "^24.3.2",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
+    "eslint-plugin-promise": "^4.3.1",
     "express": "^4.17.1",
     "jest": "^26.6.3"
   },
   "eslintConfig": {
     "env": {
       "browser": true,
       "commonjs": true,
-      "es2020": true,
+      "es2021": true,
       "node": true,
       "jest/globals": true
     },
@@ -68,7 +67,7 @@
       "fixtures": true
     },
     "parserOptions": {
-      "ecmaVersion": 11
+      "ecmaVersion": 12
     },
     "rules": {
       "no-console": "error"