Skip to content

Commit

Permalink
Add filterSuppressions model transform
Browse files Browse the repository at this point in the history
This commit adds support for filtering suppressions by removing
unused suppressions, removing the reason from suppressions,
removing suppressions based on an event ID allow/deny list,
and removing suppressions based on a namespace allow/deny list.

This model transform is useful for projecting models with
internal information for external customers so that suppressions
can be retained in the model without exposing internal information.

To support this change, a Suppression abstraction had to be exposed
in smithy-model that was previously never exposed. However, for now,
the abstraction is as bare-bones as possible, and the concrete
suppression types are package-private. ModelValidator was also
significantly refactored to adapt to these Suppression changes, but
remains package-private until we have a compelling reason to expose
it outside of just using ModelAssembler for validation.

smithy-build required a significant refactor to support passing in
the encountered validation events of a projection to ModelTransformers
via the TransformContext object. This gave the FilterSuppressions
transform that ability to access ValidationEvents without needing to
do another expensive round of validation. Only the validation events
encountered for the model at the start of each projection, including
loaded imports, are passed to transforms (that is, intermediate
transforms of the model are not re-validated). However,
FilterSuppressions performs a diff of the validators defined in the
original model and validators defined in the projected model up to
that point to determine if suppressions for any removed validators
should also be removed.

The implementation of the apply transform in smithy-build was also
technically changed in a backward-incompatible way, though this
change will likely not impact any code other than that in the
smithy-build package itself. The transform still works in the same
way, it was just refactored to be implemented just like any other
transform.
  • Loading branch information
mtdowling committed Oct 19, 2021
1 parent be7ddcc commit 3a6a9a6
Show file tree
Hide file tree
Showing 39 changed files with 1,664 additions and 265 deletions.
205 changes: 205 additions & 0 deletions docs/source/1.0/guides/building-models/build-config.rst
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,211 @@ orphaned shapes.
This transformer does not remove shapes from the prelude.


.. _filterSuppressions-transform:

filterSuppressions
------------------

Removes and modifies suppressions found in :ref:`metadata <suppression-definition>`
and the :ref:`suppress-trait`.

.. list-table::
:header-rows: 1
:widths: 10 20 70

* - Property
- Type
- Description
* - removeUnused
- ``boolean``
- Set to true to remove suppressions that have no effect.

Shapes and validators are often removed when creating a filtered
version of model. After removing shapes and validators, suppressions
could be left in the model that no longer have any effect. These
suppressions could inadvertently disclose information about private
or unreleased features.

If a validation event ID is never emitted, then ``@suppress`` traits
will be updated to no longer refer to the ID and removed if they no
longer refer to any event. Metadata suppressions are also removed if
they have no effect.
* - removeReasons
- ``boolean``
- Set to true to remove the ``reason`` property from metadata suppressions.
The reason for a suppression could reveal internal or sensitive
information. Removing the "reason" from metadata suppressions is an
extra step teams can take to ensure they do not leak internal
information when publishing models outside of their organization.
* - eventIdAllowList
- ``[string]``
- Sets a list of event IDs that can be referred to in suppressions.
Suppressions that refer to any other event ID will be updated to
no longer refer to them, or removed if they no longer refer to any
events.

This setting cannot be used in tandem with ``eventIdDenyList``.
* - eventIdDenyList
- ``[string]``
- Sets a list of event IDs that cannot be referred to in suppressions.
Suppressions that refer to any of these event IDs will be updated to
no longer refer to them, or removed if they no longer refer to any
events.

This setting cannot be used in tandem with ``eventIdAllowList``.
* - namespaceAllowList
- ``[string]``
- Sets a list of namespaces that can be referred to in metadata
suppressions. Metadata suppressions that refer to namespaces
outside of this list, including "*", will be removed.

This setting cannot be used in tandem with ``namespaceDenyList``.
* - namespaceDenyList
- ``[string]``
- Sets a list of namespaces that cannot be referred to in metadata
suppressions. Metadata suppressions that refer to namespaces
in this list, including "*", will be removed.

This setting cannot be used in tandem with ``namespaceAllowList``.

The following example removes suppressions that have no effect in the
``exampleProjection``:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"removeUnused": true
}
}
]
}
}
}

The following example removes suppressions from metadata that refer to
deny-listed namespaces:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"namespaceDenyList": ["com.internal"]
}
}
]
}
}
}

The following example removes suppressions from metadata that refer to
namespaces outside of the allow-listed namespaces:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"namespaceAllowList": ["com.external"]
}
}
]
}
}
}

The following example removes suppressions that refer to deny-listed event IDs:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"eventIdDenyList": ["MyInternalValidator"]
}
}
]
}
}
}

The following example removes suppressions that refer to event IDs outside
of the event ID allow list:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"eventIdAllowList": ["A", "B", "C"]
}
}
]
}
}
}

The following example removes the ``reason`` property from metadata
suppressions:

.. tabs::

.. code-tab:: json

{
"version": "1.0",
"projections": {
"exampleProjection": {
"transforms": [
{
"name": "filterSuppressions",
"args": {
"removeReasons": true
}
}
]
}
}
}


.. _includeTags-transform:

includeTags
Expand Down
Loading

0 comments on commit 3a6a9a6

Please sign in to comment.