From 57976d142005cda6ce54ec215cafceebe4fc1aef Mon Sep 17 00:00:00 2001 From: phlax Date: Fri, 28 May 2021 04:36:11 +0100 Subject: [PATCH] extensions: Consolidate extension metadata (#16496) Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 5 - ci/format_pre.sh | 3 + docs/build.sh | 9 +- source/extensions/BUILD | 1 + source/extensions/access_loggers/file/BUILD | 2 - source/extensions/access_loggers/grpc/BUILD | 4 - .../access_loggers/open_telemetry/BUILD | 2 - source/extensions/access_loggers/stream/BUILD | 2 - source/extensions/access_loggers/wasm/BUILD | 3 - source/extensions/bootstrap/wasm/BUILD | 3 - source/extensions/clusters/aggregate/BUILD | 2 - .../clusters/dynamic_forward_proxy/BUILD | 2 - source/extensions/clusters/redis/BUILD | 2 - source/extensions/common/crypto/BUILD | 3 - .../compression/brotli/compressor/BUILD | 2 - .../compression/brotli/decompressor/BUILD | 2 - .../compression/gzip/compressor/BUILD | 2 - .../compression/gzip/decompressor/BUILD | 2 - .../filters/http/adaptive_concurrency/BUILD | 3 - .../filters/http/admission_control/BUILD | 8 +- .../extensions/filters/http/aws_lambda/BUILD | 3 - .../filters/http/aws_request_signing/BUILD | 3 - .../filters/http/bandwidth_limit/BUILD | 2 - source/extensions/filters/http/buffer/BUILD | 2 - source/extensions/filters/http/cache/BUILD | 3 - .../http/cache/simple_http_cache/BUILD | 3 - source/extensions/filters/http/cdn_loop/BUILD | 3 - .../extensions/filters/http/composite/BUILD | 2 - .../extensions/filters/http/compressor/BUILD | 2 - source/extensions/filters/http/cors/BUILD | 2 - source/extensions/filters/http/csrf/BUILD | 2 - .../filters/http/decompressor/BUILD | 2 - .../filters/http/dynamic_forward_proxy/BUILD | 2 - source/extensions/filters/http/dynamo/BUILD | 2 - .../extensions/filters/http/ext_authz/BUILD | 2 - source/extensions/filters/http/ext_proc/BUILD | 3 - source/extensions/filters/http/fault/BUILD | 2 - .../filters/http/grpc_http1_bridge/BUILD | 2 - .../http/grpc_http1_reverse_bridge/BUILD | 3 - .../filters/http/grpc_json_transcoder/BUILD | 2 - .../extensions/filters/http/grpc_stats/BUILD | 3 - source/extensions/filters/http/grpc_web/BUILD | 2 - source/extensions/filters/http/gzip/BUILD | 2 - .../filters/http/header_to_metadata/BUILD | 2 - .../filters/http/health_check/BUILD | 2 - .../extensions/filters/http/ip_tagging/BUILD | 2 - .../extensions/filters/http/jwt_authn/BUILD | 3 - .../filters/http/kill_request/BUILD | 2 - .../filters/http/local_ratelimit/BUILD | 2 - source/extensions/filters/http/lua/BUILD | 2 - source/extensions/filters/http/oauth2/BUILD | 3 - .../extensions/filters/http/on_demand/BUILD | 2 - .../filters/http/original_src/BUILD | 3 - .../extensions/filters/http/ratelimit/BUILD | 2 - source/extensions/filters/http/rbac/BUILD | 2 - source/extensions/filters/http/router/BUILD | 2 - .../filters/http/set_metadata/BUILD | 2 - source/extensions/filters/http/squash/BUILD | 2 - source/extensions/filters/http/tap/BUILD | 3 - source/extensions/filters/http/wasm/BUILD | 3 - .../filters/listener/http_inspector/BUILD | 2 - .../filters/listener/original_dst/BUILD | 2 - .../filters/listener/original_src/BUILD | 3 - .../filters/listener/proxy_protocol/BUILD | 2 - .../filters/listener/tls_inspector/BUILD | 2 - .../filters/network/client_ssl_auth/BUILD | 2 - .../filters/network/direct_response/BUILD | 2 - .../filters/network/dubbo_proxy/BUILD | 3 - source/extensions/filters/network/echo/BUILD | 2 - .../filters/network/ext_authz/BUILD | 2 - .../network/http_connection_manager/BUILD | 2 - source/extensions/filters/network/kafka/BUILD | 3 - .../filters/network/local_ratelimit/BUILD | 2 - .../filters/network/mongo_proxy/BUILD | 2 - .../filters/network/mysql_proxy/BUILD | 3 - .../filters/network/postgres_proxy/BUILD | 2 - .../filters/network/ratelimit/BUILD | 2 - source/extensions/filters/network/rbac/BUILD | 2 - .../filters/network/redis_proxy/BUILD | 2 - .../filters/network/rocketmq_proxy/BUILD | 3 - .../filters/network/sni_cluster/BUILD | 2 - .../network/sni_dynamic_forward_proxy/BUILD | 3 - .../filters/network/tcp_proxy/BUILD | 2 - .../filters/network/thrift_proxy/BUILD | 2 - .../thrift_proxy/filters/ratelimit/BUILD | 3 - .../filters/network/thrift_proxy/router/BUILD | 2 - source/extensions/filters/network/wasm/BUILD | 3 - .../filters/network/zookeeper_proxy/BUILD | 3 - .../extensions/filters/udp/dns_filter/BUILD | 3 - source/extensions/filters/udp/udp_proxy/BUILD | 2 - .../extensions/grpc_credentials/aws_iam/BUILD | 3 - .../file_based_metadata/BUILD | 3 - source/extensions/health_checkers/redis/BUILD | 2 - .../header_formatters/preserve_case/BUILD | 2 - .../original_ip_detection/custom_header/BUILD | 2 - .../http/original_ip_detection/xff/BUILD | 2 - .../allow_listed_routes/BUILD | 2 - .../internal_redirect/previous_routes/BUILD | 2 - .../internal_redirect/safe_cross_scheme/BUILD | 2 - source/extensions/io_socket/user_space/BUILD | 4 - .../common_inputs/environment_variable/BUILD | 2 - .../input_matchers/consistent_hashing/BUILD | 2 - .../rate_limit_descriptors/expr/BUILD | 2 - source/extensions/request_id/uuid/BUILD | 2 - .../resource_monitors/fixed_heap/BUILD | 3 - .../resource_monitors/injected_resource/BUILD | 3 - .../retry/host/omit_canary_hosts/BUILD | 2 - .../retry/host/omit_host_metadata/BUILD | 2 - .../retry/host/previous_hosts/BUILD | 2 - .../retry/priority/previous_priorities/BUILD | 2 - source/extensions/stat_sinks/dog_statsd/BUILD | 2 - source/extensions/stat_sinks/hystrix/BUILD | 2 - .../stat_sinks/metrics_service/BUILD | 2 - source/extensions/stat_sinks/statsd/BUILD | 2 - source/extensions/stat_sinks/wasm/BUILD | 3 - source/extensions/tracers/datadog/BUILD | 2 - source/extensions/tracers/dynamic_ot/BUILD | 2 - source/extensions/tracers/lightstep/BUILD | 2 - source/extensions/tracers/opencensus/BUILD | 2 - source/extensions/tracers/skywalking/BUILD | 3 - source/extensions/tracers/xray/BUILD | 2 - source/extensions/tracers/zipkin/BUILD | 2 - .../extensions/transport_sockets/alts/BUILD | 5 - .../transport_sockets/proxy_protocol/BUILD | 4 - .../transport_sockets/raw_buffer/BUILD | 5 - .../transport_sockets/starttls/BUILD | 5 - source/extensions/transport_sockets/tap/BUILD | 6 - source/extensions/transport_sockets/tls/BUILD | 5 - .../tls/cert_validator/spiffe/BUILD | 3 - source/extensions/upstreams/http/BUILD | 2 - .../extensions/upstreams/http/generic/BUILD | 2 - source/extensions/upstreams/http/http/BUILD | 2 - source/extensions/upstreams/http/tcp/BUILD | 2 - source/extensions/upstreams/tcp/generic/BUILD | 2 - source/extensions/wasm_runtime/null/BUILD | 3 - source/extensions/wasm_runtime/v8/BUILD | 3 - source/extensions/wasm_runtime/wasmtime/BUILD | 3 - source/extensions/wasm_runtime/wavm/BUILD | 3 - .../extensions/watchdog/profile_action/BUILD | 3 - .../filters/network/common/fuzz/BUILD | 4 + tools/extensions/BUILD | 2 + tools/extensions/validate_extensions.py | 121 +++--------------- 142 files changed, 32 insertions(+), 450 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index c6458f3b442b..30d5106edb8e 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -46,11 +46,6 @@ def envoy_basic_cc_library(name, deps = [], external_deps = [], **kargs): def envoy_cc_extension( name, - security_posture, - category = None, - # Only set this for internal, undocumented extensions. - undocumented = False, - status = "stable", tags = [], extra_visibility = [], visibility = EXTENSION_CONFIG_VISIBILITY, diff --git a/ci/format_pre.sh b/ci/format_pre.sh index 92df44517097..518294d648bd 100755 --- a/ci/format_pre.sh +++ b/ci/format_pre.sh @@ -46,6 +46,9 @@ bazel run "${BAZEL_BUILD_OPTIONS[@]}" //configs:example_configs_validation CURRENT=python bazel run "${BAZEL_BUILD_OPTIONS[@]}" //tools/code_format:python_check -- --diff-file="$DIFF_OUTPUT" --fix "$(pwd)" +CURRENT=extensions +bazel run "${BAZEL_BUILD_OPTIONS[@]}" //tools/extensions:validate_extensions + if [[ "${#FAILED[@]}" -ne "0" ]]; then echo "TESTS FAILED:" >&2 for failed in "${FAILED[@]}"; do diff --git a/docs/build.sh b/docs/build.sh index c774d8f09cd0..bca3935841fe 100755 --- a/docs/build.sh +++ b/docs/build.sh @@ -63,10 +63,7 @@ pip3 install --require-hashes -r "${SCRIPT_DIR}"/requirements.txt # files still. rm -rf bazel-bin/external/envoy_api_canonical -EXTENSION_DB_PATH="$(realpath "${BUILD_DIR}/extension_db.json")" -rm -rf "${EXTENSION_DB_PATH}" GENERATED_RST_DIR="$(realpath "${GENERATED_RST_DIR}")" -export EXTENSION_DB_PATH export GENERATED_RST_DIR # This is for local RBE setup, should be no-op for builds without RBE setting in bazelrc files. @@ -74,11 +71,7 @@ IFS=" " read -ra BAZEL_BUILD_OPTIONS <<< "${BAZEL_BUILD_OPTIONS:-}" BAZEL_BUILD_OPTIONS+=( "--remote_download_outputs=all" "--strategy=protodoc=sandboxed,local" - "--action_env=ENVOY_BLOB_SHA" - "--action_env=EXTENSION_DB_PATH") - -# TODO(phlax): move this to format_pre checks -bazel run "${BAZEL_BUILD_OPTIONS[@]}" //tools/extensions:validate_extensions + "--action_env=ENVOY_BLOB_SHA") # Generate RST for the lists of trusted/untrusted extensions in # intro/arch_overview/security docs. diff --git a/source/extensions/BUILD b/source/extensions/BUILD index 5e24d5c07b6a..5d4f6c8a9b74 100644 --- a/source/extensions/BUILD +++ b/source/extensions/BUILD @@ -2,4 +2,5 @@ licenses(["notice"]) # Apache 2 exports_files([ "extensions_metadata.yaml", + "extensions_build_config.bzl", ]) diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index 4fc1a97c8bfb..d053296f6a9b 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -15,12 +15,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.access_loggers", # TODO(#9953) determine if this is core or should be cleaned up. extra_visibility = [ "//test:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/config:config_provider_lib", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index ebffc533ba20..043c5dc898a1 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -97,13 +97,11 @@ envoy_cc_extension( name = "http_config", srcs = ["http_config.cc"], hdrs = ["http_config.h"], - category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", @@ -121,13 +119,11 @@ envoy_cc_extension( name = "tcp_config", srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], - category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", diff --git a/source/extensions/access_loggers/open_telemetry/BUILD b/source/extensions/access_loggers/open_telemetry/BUILD index 0c4c07a03696..cb85c6957fbf 100644 --- a/source/extensions/access_loggers/open_telemetry/BUILD +++ b/source/extensions/access_loggers/open_telemetry/BUILD @@ -61,13 +61,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/server:access_log_config_interface", "//source/common/common:assert_lib", diff --git a/source/extensions/access_loggers/stream/BUILD b/source/extensions/access_loggers/stream/BUILD index a35d7ba9cece..f78092b3aedb 100644 --- a/source/extensions/access_loggers/stream/BUILD +++ b/source/extensions/access_loggers/stream/BUILD @@ -12,11 +12,9 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.access_loggers", extra_visibility = [ "//test:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/config:config_provider_lib", diff --git a/source/extensions/access_loggers/wasm/BUILD b/source/extensions/access_loggers/wasm/BUILD index 0ed93bef9607..ebe064a25c6f 100644 --- a/source/extensions/access_loggers/wasm/BUILD +++ b/source/extensions/access_loggers/wasm/BUILD @@ -26,9 +26,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.access_loggers", - security_posture = "unknown", - status = "alpha", deps = [ ":wasm_access_log_lib", "//include/envoy/registry", diff --git a/source/extensions/bootstrap/wasm/BUILD b/source/extensions/bootstrap/wasm/BUILD index 279a436a5982..be38ee803f4a 100644 --- a/source/extensions/bootstrap/wasm/BUILD +++ b/source/extensions/bootstrap/wasm/BUILD @@ -16,9 +16,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.bootstrap", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//include/envoy/server:bootstrap_extension_config_interface", diff --git a/source/extensions/clusters/aggregate/BUILD b/source/extensions/clusters/aggregate/BUILD index 473f140b30da..38f702f15543 100644 --- a/source/extensions/clusters/aggregate/BUILD +++ b/source/extensions/clusters/aggregate/BUILD @@ -15,8 +15,6 @@ envoy_cc_extension( "cluster.h", "lb_context.h", ], - category = "envoy.clusters", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//source/common/upstream:cluster_factory_lib", "//source/common/upstream:upstream_includes", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index 3a6fdf9f1080..36d74421839a 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -12,8 +12,6 @@ envoy_cc_extension( name = "cluster", srcs = ["cluster.cc"], hdrs = ["cluster.h"], - category = "envoy.clusters", - security_posture = "robust_to_untrusted_downstream", deps = [ "//source/common/network:transport_socket_options_lib", "//source/common/upstream:cluster_factory_lib", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index 54577e1483e3..829f517516d2 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -42,8 +42,6 @@ envoy_cc_extension( "redis_cluster.cc", "redis_cluster.h", ], - category = "envoy.clusters", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ "redis_cluster_lb", "//include/envoy/api:api_interface", diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index d33b7986b519..4cd26ae3701a 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -18,7 +18,6 @@ envoy_cc_extension( "crypto_impl.h", "utility_impl.h", ], - category = "DELIBERATELY_OMITTED", external_deps = [ "ssl", ], @@ -27,8 +26,6 @@ envoy_cc_extension( "//test/common/config:__subpackages__", "//test/common/crypto:__subpackages__", ], - security_posture = "unknown", - undocumented = True, deps = [ "//include/envoy/buffer:buffer_interface", "//source/common/common:assert_lib", diff --git a/source/extensions/compression/brotli/compressor/BUILD b/source/extensions/compression/brotli/compressor/BUILD index cee2e36945f5..d19070906005 100644 --- a/source/extensions/compression/brotli/compressor/BUILD +++ b/source/extensions/compression/brotli/compressor/BUILD @@ -25,8 +25,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.compression.compressor", - security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_lib", "//source/common/http:headers_lib", diff --git a/source/extensions/compression/brotli/decompressor/BUILD b/source/extensions/compression/brotli/decompressor/BUILD index 3667300a8392..22ae257a84ab 100644 --- a/source/extensions/compression/brotli/decompressor/BUILD +++ b/source/extensions/compression/brotli/decompressor/BUILD @@ -27,8 +27,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.compression.decompressor", - security_posture = "robust_to_untrusted_downstream", deps = [ ":decompressor_lib", "//source/common/http:headers_lib", diff --git a/source/extensions/compression/gzip/compressor/BUILD b/source/extensions/compression/gzip/compressor/BUILD index 39a7e7c6e9d7..1274b4d8e6ea 100644 --- a/source/extensions/compression/gzip/compressor/BUILD +++ b/source/extensions/compression/gzip/compressor/BUILD @@ -26,8 +26,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.compression.compressor", - security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_lib", "//source/common/http:headers_lib", diff --git a/source/extensions/compression/gzip/decompressor/BUILD b/source/extensions/compression/gzip/decompressor/BUILD index 0a1d8766031b..541aa8bf8df9 100644 --- a/source/extensions/compression/gzip/decompressor/BUILD +++ b/source/extensions/compression/gzip/decompressor/BUILD @@ -29,8 +29,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.compression.decompressor", - security_posture = "robust_to_untrusted_downstream", deps = [ ":zlib_decompressor_impl_lib", "//source/common/http:headers_lib", diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index 7662d09bc1fd..8baef84564d7 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -30,9 +30,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 9bfd7c450536..f7b60baf0ef5 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -1,6 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", + "envoy_cc_library", "envoy_extension_package", ) @@ -11,7 +12,7 @@ licenses(["notice"]) # Apache 2 envoy_extension_package() -envoy_cc_extension( +envoy_cc_library( name = "admission_control_filter_lib", srcs = [ "admission_control.cc", @@ -21,8 +22,6 @@ envoy_cc_extension( "admission_control.h", "thread_local_controller.h", ], - category = "envoy.filters.http", - security_posture = "unknown", deps = [ "//include/envoy/http:filter_interface", "//include/envoy/runtime:runtime_interface", @@ -41,9 +40,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/common/common:enum_to_int", diff --git a/source/extensions/filters/http/aws_lambda/BUILD b/source/extensions/filters/http/aws_lambda/BUILD index 1001ba3d87cb..43544b5eccee 100644 --- a/source/extensions/filters/http/aws_lambda/BUILD +++ b/source/extensions/filters/http/aws_lambda/BUILD @@ -37,9 +37,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":aws_lambda_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/aws_request_signing/BUILD b/source/extensions/filters/http/aws_request_signing/BUILD index f0222a4b954b..b1bcf820a85e 100644 --- a/source/extensions/filters/http/aws_request_signing/BUILD +++ b/source/extensions/filters/http/aws_request_signing/BUILD @@ -29,9 +29,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":aws_request_signing_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/bandwidth_limit/BUILD b/source/extensions/filters/http/bandwidth_limit/BUILD index 437a2c679747..723e3aa158f3 100644 --- a/source/extensions/filters/http/bandwidth_limit/BUILD +++ b/source/extensions/filters/http/bandwidth_limit/BUILD @@ -36,8 +36,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", deps = [ ":bandwidth_limit_lib", "//include/envoy/http:filter_interface", diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index c38b84635d66..c691bc382862 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -37,8 +37,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", # Legacy test use. TODO(#9953) clean up. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/filters/http/cache/BUILD b/source/extensions/filters/http/cache/BUILD index 0023acfeefbe..bd205889fdfa 100644 --- a/source/extensions/filters/http/cache/BUILD +++ b/source/extensions/filters/http/cache/BUILD @@ -101,9 +101,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream_and_upstream", - status = "wip", deps = [ ":cache_filter_lib", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/cache/simple_http_cache/BUILD b/source/extensions/filters/http/cache/simple_http_cache/BUILD index a9a500e1f9b8..481380f23591 100644 --- a/source/extensions/filters/http/cache/simple_http_cache/BUILD +++ b/source/extensions/filters/http/cache/simple_http_cache/BUILD @@ -14,9 +14,6 @@ envoy_cc_extension( name = "config", srcs = ["simple_http_cache.cc"], hdrs = ["simple_http_cache.h"], - category = "envoy.filters.http.cache", - security_posture = "robust_to_untrusted_downstream_and_upstream", - status = "wip", deps = [ "//include/envoy/registry", "//include/envoy/runtime:runtime_interface", diff --git a/source/extensions/filters/http/cdn_loop/BUILD b/source/extensions/filters/http/cdn_loop/BUILD index 291f20b3a725..b42834465a14 100644 --- a/source/extensions/filters/http/cdn_loop/BUILD +++ b/source/extensions/filters/http/cdn_loop/BUILD @@ -45,9 +45,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ ":filter_lib", ":parser_lib", diff --git a/source/extensions/filters/http/composite/BUILD b/source/extensions/filters/http/composite/BUILD index 0d1493808765..63cb62a7c7b0 100644 --- a/source/extensions/filters/http/composite/BUILD +++ b/source/extensions/filters/http/composite/BUILD @@ -45,8 +45,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/compressor/BUILD b/source/extensions/filters/http/compressor/BUILD index cec12558d4a9..ad18a973c864 100644 --- a/source/extensions/filters/http/compressor/BUILD +++ b/source/extensions/filters/http/compressor/BUILD @@ -27,8 +27,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_filter_lib", "//include/envoy/compression/compressor:compressor_config_interface", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index 719af988af59..5eb4f63a5724 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -31,12 +31,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index 9b5af4e5a878..e8e88ea6fa49 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -33,8 +33,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/decompressor/BUILD b/source/extensions/filters/http/decompressor/BUILD index fb69254e476b..78f76c5573f8 100644 --- a/source/extensions/filters/http/decompressor/BUILD +++ b/source/extensions/filters/http/decompressor/BUILD @@ -33,8 +33,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":decompressor_filter_lib", "//include/envoy/compression/decompressor:decompressor_config_interface", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index 5b0768fe9d2d..33b202755ec4 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -29,8 +29,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index 4854329af55c..0abf478922ff 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -42,8 +42,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":dynamo_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index 766e09774d1e..6314f305e97f 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -40,8 +40,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ ":ext_authz", "//include/envoy/registry", diff --git a/source/extensions/filters/http/ext_proc/BUILD b/source/extensions/filters/http/ext_proc/BUILD index 1a0dbe8a05a5..6f4e7a9c4928 100644 --- a/source/extensions/filters/http/ext_proc/BUILD +++ b/source/extensions/filters/http/ext_proc/BUILD @@ -38,9 +38,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ ":client_lib", ":ext_proc", diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index db2a5a61ed97..3cfe5b8ee205 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -46,8 +46,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index 4a1154094c64..4685a8d07c9d 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -33,14 +33,12 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//source/exe:__pkg__", "//test/integration:__subpackages__", "//test/server:__subpackages__", ], - security_posture = "unknown", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index be9226b61f54..c4f65adb09a9 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -31,9 +31,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ ":filter_lib", "//include/envoy/http:filter_interface", diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 822264c252cf..c1ae930c7fc8 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -62,8 +62,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index 10c7558f549f..078b140e912e 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -14,9 +14,6 @@ envoy_cc_extension( name = "config", srcs = ["grpc_stats_filter.cc"], hdrs = ["grpc_stats_filter.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index 4a7089ca962e..f0f341b49708 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -32,8 +32,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index d2d9fc86479b..6503189c9e9d 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -30,8 +30,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/http:well_known_names", "//source/extensions/filters/http/common:factory_base_lib", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index aa13db4517e1..f0e7a6a1c3d0 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -30,8 +30,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index c54f3bf2ad17..52c1554da2e0 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -37,14 +37,12 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/filter/http:__subpackages__", "//test/integration:__subpackages__", "//test/server:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/http:header_utility_lib", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index 2c75ece83a99..443d168101f4 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -33,12 +33,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index e8d55bf9f3ee..d90c7cd27631 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -96,9 +96,6 @@ envoy_cc_extension( name = "config", srcs = ["filter_factory.cc"], hdrs = ["filter_factory.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", - status = "alpha", deps = [ ":filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/kill_request/BUILD b/source/extensions/filters/http/kill_request/BUILD index 09faef093742..2a7a21ef355e 100644 --- a/source/extensions/filters/http/kill_request/BUILD +++ b/source/extensions/filters/http/kill_request/BUILD @@ -30,8 +30,6 @@ envoy_cc_extension( name = "kill_request_config", srcs = ["kill_request_config.cc"], hdrs = ["kill_request_config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/local_ratelimit/BUILD b/source/extensions/filters/http/local_ratelimit/BUILD index f60271193bc6..d409a424fd6b 100644 --- a/source/extensions/filters/http/local_ratelimit/BUILD +++ b/source/extensions/filters/http/local_ratelimit/BUILD @@ -36,8 +36,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", deps = [ ":local_ratelimit_lib", "//include/envoy/http:filter_interface", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index 9d6c381a0989..c4683e826353 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -55,8 +55,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/oauth2/BUILD b/source/extensions/filters/http/oauth2/BUILD index 7fc8a96a6cf3..d7ea3098c449 100644 --- a/source/extensions/filters/http/oauth2/BUILD +++ b/source/extensions/filters/http/oauth2/BUILD @@ -63,9 +63,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", - status = "alpha", deps = [ ":oauth_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/on_demand/BUILD b/source/extensions/filters/http/on_demand/BUILD index 72c5f6b33d56..5c6618788161 100644 --- a/source/extensions/filters/http/on_demand/BUILD +++ b/source/extensions/filters/http/on_demand/BUILD @@ -30,13 +30,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # TODO(#9953) classify and clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index 3181285fc50a..fe0c2adb6b64 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -35,9 +35,6 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", - status = "alpha", deps = [ ":config_lib", ":original_src_lib", diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index 78ec6694d2a5..bc845c26ed5a 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -45,8 +45,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", deps = [ ":ratelimit_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 9cd4d9cbedd8..a0ef997d5e73 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -13,12 +13,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index 3d78b2f303e0..8e268cff166c 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -15,8 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/filters/http/set_metadata/BUILD b/source/extensions/filters/http/set_metadata/BUILD index c598779c6413..d4ea191e892d 100644 --- a/source/extensions/filters/http/set_metadata/BUILD +++ b/source/extensions/filters/http/set_metadata/BUILD @@ -27,8 +27,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index e486d07f4a89..ef3c4ca805b8 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -37,8 +37,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 9379579d8b80..e1e0f6407e30 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -52,9 +52,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":tap_config_impl", ":tap_filter_lib", diff --git a/source/extensions/filters/http/wasm/BUILD b/source/extensions/filters/http/wasm/BUILD index e399e89290aa..db3a6d09196a 100644 --- a/source/extensions/filters/http/wasm/BUILD +++ b/source/extensions/filters/http/wasm/BUILD @@ -30,9 +30,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.http", - security_posture = "unknown", - status = "alpha", deps = [ ":wasm_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index 849277d618d1..8426d64e32bf 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -31,8 +31,6 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.listener", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":http_inspector_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index 62b0b88f001c..7ee4f6e013c3 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -29,12 +29,10 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ ":original_dst_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index 26df22093a3c..4b952500fa44 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -38,9 +38,6 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], - category = "envoy.filters.listener", - security_posture = "robust_to_untrusted_downstream", - status = "alpha", deps = [ ":config_lib", ":original_src_lib", diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 66c21a7b2768..6cff8506baed 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -40,12 +40,10 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index 3f6837524e2b..109d783b2c4f 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -35,12 +35,10 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index 184ef95404aa..de0b01ec4bab 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -40,8 +40,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", deps = [ ":client_ssl_auth", "//include/envoy/registry", diff --git a/source/extensions/filters/network/direct_response/BUILD b/source/extensions/filters/network/direct_response/BUILD index 7954de404211..5a4b40483b4f 100644 --- a/source/extensions/filters/network/direct_response/BUILD +++ b/source/extensions/filters/network/direct_response/BUILD @@ -28,8 +28,6 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.network", - security_posture = "unknown", deps = [ ":filter", "//include/envoy/registry", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index e051679a29b6..49ac684e2720 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -96,9 +96,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":conn_manager_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index 68270a5dd5e2..2352cb808953 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -28,12 +28,10 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.filters.network", # TODO(#9953) move echo integration test to extensions. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "unknown", deps = [ ":echo", "//include/envoy/registry", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 391fe6e21d72..7ceb93fa7b80 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -37,8 +37,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/config:utility_lib", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index c2c6a19c2e94..46867ac644bb 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -18,8 +18,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index 01c31e63cc9f..ccc2401ace47 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -18,9 +18,6 @@ envoy_cc_extension( name = "kafka_broker_config_lib", srcs = ["broker/config.cc"], hdrs = ["broker/config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", - status = "wip", deps = [ ":kafka_broker_filter_lib", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/local_ratelimit/BUILD b/source/extensions/filters/network/local_ratelimit/BUILD index 6e10aaff1de3..c0b757dc8c6e 100644 --- a/source/extensions/filters/network/local_ratelimit/BUILD +++ b/source/extensions/filters/network/local_ratelimit/BUILD @@ -33,8 +33,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:factory_base_lib", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index ab1956d777cb..04a32f072901 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -107,8 +107,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":proxy_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index d176bad30b97..43d66bdf11c5 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -107,9 +107,6 @@ envoy_cc_extension( name = "config", srcs = ["mysql_config.cc"], hdrs = ["mysql_config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":filter_lib", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index 398fa80cc67d..1367aa5c048a 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -44,9 +44,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", repository = "@envoy", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":filter", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 2ab3b5ac6787..35694dc418b8 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -39,8 +39,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/config:utility_lib", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index f5a4f38fdc0e..be7137d0f8d5 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -13,8 +13,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", deps = [ ":rbac_filter", "//include/envoy/registry", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index 7cf695e2a513..3d70b7f7c350 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -120,12 +120,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/upstream:upstream_interface", "//source/extensions/common/redis:cluster_refresh_manager_lib", diff --git a/source/extensions/filters/network/rocketmq_proxy/BUILD b/source/extensions/filters/network/rocketmq_proxy/BUILD index 4dd07abc6225..fe9ba3ab5022 100644 --- a/source/extensions/filters/network/rocketmq_proxy/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/BUILD @@ -122,9 +122,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":conn_manager_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index 310bf058c192..f730bd9c49ca 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -26,8 +26,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "unknown", deps = [ ":sni_cluster", "//include/envoy/registry", diff --git a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD index bed8252554bb..ae0181f77f7f 100644 --- a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD @@ -28,9 +28,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "unknown", - status = "alpha", deps = [ ":proxy_filter_lib", "//source/extensions/common/dynamic_forward_proxy:dns_cache_manager_impl", diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index e1a22d965da9..ea7360966c41 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -15,8 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index 47439e4c53ea..37defe986a91 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -36,8 +36,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":app_exception_lib", ":auto_protocol_lib", diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index b27da3987272..0d8f61fe19f8 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -32,9 +32,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.thrift_proxy.filters", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":ratelimit_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index e63f180ecc9e..a16abad3aeb9 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -13,8 +13,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.thrift_proxy.filters", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":router_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/wasm/BUILD b/source/extensions/filters/network/wasm/BUILD index 2023fd1f48d8..e8a47db2acc8 100644 --- a/source/extensions/filters/network/wasm/BUILD +++ b/source/extensions/filters/network/wasm/BUILD @@ -28,9 +28,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "unknown", - status = "alpha", deps = [ ":wasm_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index 10d14b23ae88..9c72e9961dfe 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -43,9 +43,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.network", - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":proxy_lib", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/udp/dns_filter/BUILD b/source/extensions/filters/udp/dns_filter/BUILD index 210d68496d0d..ab44521fdd40 100644 --- a/source/extensions/filters/udp/dns_filter/BUILD +++ b/source/extensions/filters/udp/dns_filter/BUILD @@ -52,9 +52,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.udp_listener", - security_posture = "robust_to_untrusted_downstream", - status = "alpha", deps = [ ":dns_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/udp/udp_proxy/BUILD b/source/extensions/filters/udp/udp_proxy/BUILD index b939347604fa..bd8fa7e6b355 100644 --- a/source/extensions/filters/udp/udp_proxy/BUILD +++ b/source/extensions/filters/udp/udp_proxy/BUILD @@ -45,8 +45,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.filters.udp_listener", - security_posture = "robust_to_untrusted_downstream", deps = [ ":udp_proxy_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index 01e4dccfe528..fa66cc235399 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -14,10 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.grpc_credentials", external_deps = ["grpc"], - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ "//include/envoy/grpc:google_grpc_creds_interface", "//include/envoy/registry", diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index b23ec1c766bf..5ffe31ce30b0 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -14,10 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.grpc_credentials", external_deps = ["grpc"], - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ "//include/envoy/grpc:google_grpc_creds_interface", "//include/envoy/registry", diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index e1a9372473b4..58d1ad4812a3 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -31,8 +31,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.health_checkers", - security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":redis", ":utility", diff --git a/source/extensions/http/header_formatters/preserve_case/BUILD b/source/extensions/http/header_formatters/preserve_case/BUILD index 6fde9d6725f3..fffdd69fbf5e 100644 --- a/source/extensions/http/header_formatters/preserve_case/BUILD +++ b/source/extensions/http/header_formatters/preserve_case/BUILD @@ -12,8 +12,6 @@ envoy_cc_extension( name = "preserve_case_formatter", srcs = ["preserve_case_formatter.cc"], hdrs = ["preserve_case_formatter.h"], - category = "envoy.http.stateful_header_formatters", - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ "//include/envoy/registry", "@envoy_api//envoy/extensions/http/header_formatters/preserve_case/v3:pkg_cc_proto", diff --git a/source/extensions/http/original_ip_detection/custom_header/BUILD b/source/extensions/http/original_ip_detection/custom_header/BUILD index 13f1a2000999..53c86cdc4afb 100644 --- a/source/extensions/http/original_ip_detection/custom_header/BUILD +++ b/source/extensions/http/original_ip_detection/custom_header/BUILD @@ -26,8 +26,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.http.original_ip_detection", - security_posture = "robust_to_untrusted_downstream", # This extension is used from core tests. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/http/original_ip_detection/xff/BUILD b/source/extensions/http/original_ip_detection/xff/BUILD index a247f485a1f5..546ba7442166 100644 --- a/source/extensions/http/original_ip_detection/xff/BUILD +++ b/source/extensions/http/original_ip_detection/xff/BUILD @@ -26,8 +26,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.http.original_ip_detection", - security_posture = "robust_to_untrusted_downstream", # This extension is core code. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/internal_redirect/allow_listed_routes/BUILD b/source/extensions/internal_redirect/allow_listed_routes/BUILD index f3186dde09df..3e5edbe96012 100644 --- a/source/extensions/internal_redirect/allow_listed_routes/BUILD +++ b/source/extensions/internal_redirect/allow_listed_routes/BUILD @@ -24,12 +24,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":allow_listed_routes_lib", "//include/envoy/registry", diff --git a/source/extensions/internal_redirect/previous_routes/BUILD b/source/extensions/internal_redirect/previous_routes/BUILD index ada41e1ed237..d208998603f6 100644 --- a/source/extensions/internal_redirect/previous_routes/BUILD +++ b/source/extensions/internal_redirect/previous_routes/BUILD @@ -24,12 +24,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":previous_routes_lib", "//include/envoy/registry", diff --git a/source/extensions/internal_redirect/safe_cross_scheme/BUILD b/source/extensions/internal_redirect/safe_cross_scheme/BUILD index 5936010fed94..13fb41de556f 100644 --- a/source/extensions/internal_redirect/safe_cross_scheme/BUILD +++ b/source/extensions/internal_redirect/safe_cross_scheme/BUILD @@ -23,12 +23,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":safe_cross_scheme_lib", "//include/envoy/registry", diff --git a/source/extensions/io_socket/user_space/BUILD b/source/extensions/io_socket/user_space/BUILD index 18a01f6e1eae..c430f9598941 100644 --- a/source/extensions/io_socket/user_space/BUILD +++ b/source/extensions/io_socket/user_space/BUILD @@ -12,10 +12,6 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.h"], - category = "envoy.io_socket", - security_posture = "unknown", - status = "wip", - undocumented = True, deps = [ ], ) diff --git a/source/extensions/matching/common_inputs/environment_variable/BUILD b/source/extensions/matching/common_inputs/environment_variable/BUILD index cf54b92130a8..2dacd62538db 100644 --- a/source/extensions/matching/common_inputs/environment_variable/BUILD +++ b/source/extensions/matching/common_inputs/environment_variable/BUILD @@ -22,8 +22,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.matching.common_inputs", - security_posture = "robust_to_untrusted_downstream", deps = [ ":input_lib", "//include/envoy/matcher:matcher_interface", diff --git a/source/extensions/matching/input_matchers/consistent_hashing/BUILD b/source/extensions/matching/input_matchers/consistent_hashing/BUILD index 753f6ae6756a..0e72af550db3 100644 --- a/source/extensions/matching/input_matchers/consistent_hashing/BUILD +++ b/source/extensions/matching/input_matchers/consistent_hashing/BUILD @@ -23,8 +23,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.matching.input_matchers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":consistent_hashing_lib", "//include/envoy/matcher:matcher_interface", diff --git a/source/extensions/rate_limit_descriptors/expr/BUILD b/source/extensions/rate_limit_descriptors/expr/BUILD index 088dd84be9c7..a1f4dc89d881 100644 --- a/source/extensions/rate_limit_descriptors/expr/BUILD +++ b/source/extensions/rate_limit_descriptors/expr/BUILD @@ -12,14 +12,12 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.rate_limit_descriptors", copts = select({ "//bazel:windows_x86_64": [], # TODO: fix the windows ANTLR build "//conditions:default": [ "-DUSE_CEL_PARSER", ], }), - security_posture = "unknown", deps = [ "//include/envoy/ratelimit:ratelimit_interface", "//include/envoy/registry", diff --git a/source/extensions/request_id/uuid/BUILD b/source/extensions/request_id/uuid/BUILD index 2c09ede8b559..feb49f7a3901 100644 --- a/source/extensions/request_id/uuid/BUILD +++ b/source/extensions/request_id/uuid/BUILD @@ -16,8 +16,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.request_id", - security_posture = "robust_to_untrusted_downstream_and_upstream", visibility = ["//visibility:public"], deps = [ "//include/envoy/http:request_id_extension_interface", diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 1e856a6b06d7..f1ce7fa60025 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -25,9 +25,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.resource_monitors", - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ ":fixed_heap_monitor", "//include/envoy/registry", diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index a84b00fbd76b..50453d2a1bdc 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -26,14 +26,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.resource_monitors", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", "//test/common/quic/integration:__subpackages__", ], - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ ":injected_resource_monitor", "//include/envoy/registry", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index 734c5df84736..8e3f446d0848 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -21,8 +21,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.retry_host_predicates", - security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_canary_hosts_predicate_lib", "//include/envoy/registry", diff --git a/source/extensions/retry/host/omit_host_metadata/BUILD b/source/extensions/retry/host/omit_host_metadata/BUILD index 51813ad4a4b8..92a916dfa28f 100644 --- a/source/extensions/retry/host/omit_host_metadata/BUILD +++ b/source/extensions/retry/host/omit_host_metadata/BUILD @@ -23,8 +23,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.retry_host_predicates", - security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_host_metadata_predicate_lib", "//include/envoy/registry", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index 81842e7a6788..ae6e4dd7859b 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -21,8 +21,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.retry_host_predicates", - security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_hosts_predicate_lib", "//include/envoy/registry", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index 1d2bf066efca..9867c5903fe6 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -23,8 +23,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.retry_priorities", - security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_priorities_lib", "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index a9a269862dd3..7105afc19f24 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -15,8 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", - security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/network:address_lib", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 1566d97c6de1..58fa5ed5ea4b 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -15,8 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", - security_posture = "data_plane_agnostic", deps = [ ":hystrix_lib", "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index 28afad7f25ac..9b95a7760ae4 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -43,8 +43,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", - security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/common:assert_lib", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index 8d4c70c3131a..cdfaddf114db 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -14,8 +14,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", - security_posture = "data_plane_agnostic", # Legacy test use. TODO(#9953) clean up. deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/wasm/BUILD b/source/extensions/stat_sinks/wasm/BUILD index 6c6b6523bb80..e8ee99ab1f29 100644 --- a/source/extensions/stat_sinks/wasm/BUILD +++ b/source/extensions/stat_sinks/wasm/BUILD @@ -15,9 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ ":wasm_stat_sink_lib", "//include/envoy/registry", diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index 164a1d73c1f9..0c314374f968 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -34,8 +34,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", "//source/extensions/tracers/common:factory_base_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index c7ce76f3267f..8a3bb1937ed3 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -29,8 +29,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", "//source/extensions/tracers/common:factory_base_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 72f4ff80f146..3c9cf3c57e0d 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -35,8 +35,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", "//source/common/config:datasource_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index a1c414cca9d7..f661bed6ddf6 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -16,8 +16,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", "//source/extensions/tracers/common:factory_base_lib", diff --git a/source/extensions/tracers/skywalking/BUILD b/source/extensions/tracers/skywalking/BUILD index 41da2c3f61f3..1265cd752cfa 100644 --- a/source/extensions/tracers/skywalking/BUILD +++ b/source/extensions/tracers/skywalking/BUILD @@ -67,9 +67,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", - status = "wip", deps = [ ":skywalking_tracer_lib", "//source/common/config:datasource_lib", diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index 797e8a84e407..8048e35897e5 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -58,8 +58,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", - security_posture = "robust_to_untrusted_downstream", deps = [ ":xray_lib", "//source/common/config:datasource_lib", diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index 34e00329e121..0c39a41bf535 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -67,12 +67,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.tracers", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/server:__subpackages__", ], - security_posture = "robust_to_untrusted_downstream", deps = [ ":zipkin_lib", "//source/extensions/tracers/common:factory_base_lib", diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index 587e9a2ecf29..3e393a3781cc 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -34,14 +34,9 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = ( - "envoy.transport_sockets.downstream", - "envoy.transport_sockets.upstream", - ), external_deps = [ "abseil_node_hash_set", ], - security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":tsi_handshaker", ":tsi_socket", diff --git a/source/extensions/transport_sockets/proxy_protocol/BUILD b/source/extensions/transport_sockets/proxy_protocol/BUILD index e268b828524c..403fb996e900 100644 --- a/source/extensions/transport_sockets/proxy_protocol/BUILD +++ b/source/extensions/transport_sockets/proxy_protocol/BUILD @@ -13,10 +13,6 @@ envoy_cc_extension( name = "upstream_config", srcs = ["config.cc"], hdrs = ["config.h"], - category = ( - "envoy.transport_sockets.upstream", - ), - security_posture = "robust_to_untrusted_downstream_and_upstream", # header generated in Envoy, so can't be faked deps = [ ":upstream_proxy_protocol", "//include/envoy/network:transport_socket_interface", diff --git a/source/extensions/transport_sockets/raw_buffer/BUILD b/source/extensions/transport_sockets/raw_buffer/BUILD index 94a2bee0a980..9c9ad99107d7 100644 --- a/source/extensions/transport_sockets/raw_buffer/BUILD +++ b/source/extensions/transport_sockets/raw_buffer/BUILD @@ -14,11 +14,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = ( - "envoy.transport_sockets.downstream", - "envoy.transport_sockets.upstream", - ), - security_posture = "requires_trusted_downstream_and_upstream", # This is core Envoy config. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/transport_sockets/starttls/BUILD b/source/extensions/transport_sockets/starttls/BUILD index f3414c9837e3..31b016d9d97c 100644 --- a/source/extensions/transport_sockets/starttls/BUILD +++ b/source/extensions/transport_sockets/starttls/BUILD @@ -15,11 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = ( - "envoy.transport_sockets.downstream", - "envoy.transport_sockets.upstream", - ), - security_posture = "robust_to_untrusted_downstream_and_upstream", visibility = ["//visibility:public"], deps = [ ":starttls_socket_lib", diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index e97cb4f1255c..6875dfe77b82 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -51,17 +51,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = ( - "envoy.transport_sockets.downstream", - "envoy.transport_sockets.upstream", - ), # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", "//test/integration:__subpackages__", ], - security_posture = "requires_trusted_downstream_and_upstream", - status = "alpha", deps = [ ":tap_config_impl", ":tap_lib", diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 29dfa2be2a9d..766ba6ff3491 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -15,11 +15,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = ( - "envoy.transport_sockets.downstream", - "envoy.transport_sockets.upstream", - ), - security_posture = "robust_to_untrusted_downstream_and_upstream", # TLS is core functionality. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/transport_sockets/tls/cert_validator/spiffe/BUILD b/source/extensions/transport_sockets/tls/cert_validator/spiffe/BUILD index d6f74254f3a0..812d2f17b7d1 100644 --- a/source/extensions/transport_sockets/tls/cert_validator/spiffe/BUILD +++ b/source/extensions/transport_sockets/tls/cert_validator/spiffe/BUILD @@ -16,14 +16,11 @@ envoy_cc_extension( hdrs = [ "spiffe_validator.h", ], - category = "envoy.tls.cert_validator", external_deps = [ "ssl", "abseil_base", "abseil_hash", ], - security_posture = "unknown", - status = "wip", visibility = ["//visibility:public"], deps = [ "//include/envoy/ssl:context_config_interface", diff --git a/source/extensions/upstreams/http/BUILD b/source/extensions/upstreams/http/BUILD index 198a0b12b4fc..247274b2fa85 100644 --- a/source/extensions/upstreams/http/BUILD +++ b/source/extensions/upstreams/http/BUILD @@ -12,8 +12,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.upstreams", - security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD index 1e2c0d2119e7..759f4626f205 100644 --- a/source/extensions/upstreams/http/generic/BUILD +++ b/source/extensions/upstreams/http/generic/BUILD @@ -16,8 +16,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.upstreams", - security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ "//source/extensions/upstreams/http/http:upstream_request_lib", diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD index 132d065cabb3..4a4bd1be575f 100644 --- a/source/extensions/upstreams/http/http/BUILD +++ b/source/extensions/upstreams/http/http/BUILD @@ -17,8 +17,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.upstreams", - security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ ":upstream_request_lib", diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD index 46169ea4b14c..95b2d94dbae4 100644 --- a/source/extensions/upstreams/http/tcp/BUILD +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -17,8 +17,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.upstreams", - security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ ":upstream_request_lib", diff --git a/source/extensions/upstreams/tcp/generic/BUILD b/source/extensions/upstreams/tcp/generic/BUILD index 2320d1ea51ef..673d44aeae31 100644 --- a/source/extensions/upstreams/tcp/generic/BUILD +++ b/source/extensions/upstreams/tcp/generic/BUILD @@ -16,8 +16,6 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "envoy.upstreams", - security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ "//source/common/http:codec_client_lib", diff --git a/source/extensions/wasm_runtime/null/BUILD b/source/extensions/wasm_runtime/null/BUILD index e66dce75d6f3..1dbb4846e20b 100644 --- a/source/extensions/wasm_runtime/null/BUILD +++ b/source/extensions/wasm_runtime/null/BUILD @@ -11,9 +11,6 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.wasm.runtime", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/common/wasm:wasm_runtime_factory_interface", diff --git a/source/extensions/wasm_runtime/v8/BUILD b/source/extensions/wasm_runtime/v8/BUILD index 8024375f6446..45dd6833558f 100644 --- a/source/extensions/wasm_runtime/v8/BUILD +++ b/source/extensions/wasm_runtime/v8/BUILD @@ -12,9 +12,6 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.wasm.runtime", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/common/wasm:wasm_runtime_factory_interface", diff --git a/source/extensions/wasm_runtime/wasmtime/BUILD b/source/extensions/wasm_runtime/wasmtime/BUILD index 47923bd0caa3..83ee6552fe39 100644 --- a/source/extensions/wasm_runtime/wasmtime/BUILD +++ b/source/extensions/wasm_runtime/wasmtime/BUILD @@ -12,9 +12,6 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.wasm.runtime", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/common/wasm:wasm_runtime_factory_interface", diff --git a/source/extensions/wasm_runtime/wavm/BUILD b/source/extensions/wasm_runtime/wavm/BUILD index f2b8c69ae785..cca25e7aaace 100644 --- a/source/extensions/wasm_runtime/wavm/BUILD +++ b/source/extensions/wasm_runtime/wavm/BUILD @@ -12,9 +12,6 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "envoy.wasm.runtime", - security_posture = "unknown", - status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/common/wasm:wasm_runtime_factory_interface", diff --git a/source/extensions/watchdog/profile_action/BUILD b/source/extensions/watchdog/profile_action/BUILD index 8da916b007ad..6c0ab2f392d6 100644 --- a/source/extensions/watchdog/profile_action/BUILD +++ b/source/extensions/watchdog/profile_action/BUILD @@ -33,9 +33,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.guarddog_actions", - security_posture = "data_plane_agnostic", - status = "alpha", deps = [ ":profile_action_lib", "//include/envoy/registry", diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 41b2869c3d84..c27cea334c5a 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -12,6 +12,10 @@ load( licenses(["notice"]) # Apache 2 +exports_files([ + "uber_per_readfilter.cc", +]) + envoy_package() envoy_proto_library( diff --git a/tools/extensions/BUILD b/tools/extensions/BUILD index 1c246dd8306e..4054af1a4d2c 100644 --- a/tools/extensions/BUILD +++ b/tools/extensions/BUILD @@ -12,6 +12,8 @@ py_binary( data = [ "@com_github_bazelbuild_buildtools//buildozer:buildozer", "//source/extensions:extensions_metadata.yaml", + "//source/extensions:extensions_build_config.bzl", + "//test/extensions/filters/network/common/fuzz:uber_per_readfilter.cc", ] + envoy_all_extensions(), ) diff --git a/tools/extensions/validate_extensions.py b/tools/extensions/validate_extensions.py index d349b13d33f3..8140c3e56f67 100644 --- a/tools/extensions/validate_extensions.py +++ b/tools/extensions/validate_extensions.py @@ -5,17 +5,18 @@ # This script expects a copy of the envoy source to be located at /source # Alternatively, you can specify a path to the source dir with `ENVOY_SRCDIR` -import ast -import os import pathlib import re -import subprocess import sys from importlib.util import spec_from_loader, module_from_spec from importlib.machinery import SourceFileLoader import yaml +BUILTIN_EXTENSIONS = ( + "envoy.request_id.uuid", "envoy.upstreams.tcp.generic", "envoy.transport_sockets.tls", + "envoy.upstreams.http.http_protocol_options", "envoy.upstreams.http.generic") + # All Envoy extensions must be tagged with their security hardening stance with # respect to downstream and upstream data plane threats. These are verbose # labels intended to make clear the trust that operators may place in @@ -86,43 +87,18 @@ "wip", ] -# TODO(phlax): remove this -BUILDOZER_PATH = os.path.abspath( - "external/com_github_bazelbuild_buildtools/buildozer/buildozer_/buildozer") - -# TODO(phlax): remove this -ENVOY_SRCDIR = os.getenv('ENVOY_SRCDIR', '/source') - -# TODO(phlax): remove this -if not os.path.exists(ENVOY_SRCDIR): - raise SystemExit( - "Envoy source must either be located at /source, or ENVOY_SRCDIR env var must be set") - # source/extensions/extensions_build_config.bzl must have a .bzl suffix for Starlark # import, so we are forced to do this workaround. _extensions_build_config_spec = spec_from_loader( 'extensions_build_config', - SourceFileLoader( - 'extensions_build_config', - os.path.join(ENVOY_SRCDIR, 'source/extensions/extensions_build_config.bzl'))) + SourceFileLoader('extensions_build_config', 'source/extensions/extensions_build_config.bzl')) extensions_build_config = module_from_spec(_extensions_build_config_spec) _extensions_build_config_spec.loader.exec_module(extensions_build_config) -class ExtensionDbError(Exception): - pass - - -# TODO(phlax): remove this -def is_missing(value): - return value == '(missing)' - - def num_read_filters_fuzzed(): data = pathlib.Path( - os.path.join( - ENVOY_SRCDIR, - 'test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc')).read_text() + 'test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc').read_text() # Hack-ish! We only search the first 50 lines to capture the filters in filterNames(). return len(re.findall('NetworkFilterNames::get()', ''.join(data.splitlines()[:50]))) @@ -135,83 +111,24 @@ def num_robust_to_downstream_network_filters(db): ]) -# TODO(phlax): remove this -def get_extension_metadata(target): - if not BUILDOZER_PATH: - raise ExtensionDbError('Buildozer not found!') - r = subprocess.run( - [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented category', target], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - rout = r.stdout.decode('utf-8').strip().split(' ') - security_posture, status, undocumented = rout[:3] - categories = ' '.join(rout[3:]) - # evaluate tuples/lists - # wrap strings in a list - categories = list( - ast.literal_eval(categories) if ('[' in categories or '(' in categories) else [categories]) - return { - 'security_posture': security_posture, - 'undocumented': False if is_missing(undocumented) else bool(undocumented), - 'status': 'stable' if is_missing(status) else status, - 'categories': categories, - } - - -# TODO(phlax): remove this -def compare_old_and_new(old_db, new_db): +# TODO(phlax): move this to a checker class, and add pytests +def validate_extensions(): returns = 0 - if sorted(old_db.keys()) != sorted(new_db.keys()): - old_only = set(old_db.keys()) - set(new_db.keys()) - new_only = set(new_db.keys()) - set(old_db.keys()) - extra_old = (f"only old {old_only}" if old_only else "") - extra_new = (f"only new {new_only}" if new_only else "") - raise ExtensionDbError(f"Extensions list does not match - {extra_old} {extra_new}") + with open("source/extensions/extensions_metadata.yaml") as f: + metadata = yaml.safe_load(f.read()) - for k in new_db: - new_db[k]["undocumented"] = new_db[k].get("undocumented", False) - if old_db[k] != new_db[k]: - returns = 1 - print( - f"ERROR: extension metadata in `source/extensions/extensions_metadata.yaml` does not match `BUILD` for {k}" - ) - print(old_db[k]) - print(new_db[k]) - return returns + all_extensions = set(extensions_build_config.EXTENSIONS.keys()) | set(BUILTIN_EXTENSIONS) + only_metadata = set(metadata.keys()) - all_extensions + missing_metadata = all_extensions - set(metadata.keys()) + if only_metadata: + returns = 1 + print(f"Metadata for unused extensions found: {only_metadata}") -# TODO(phlax): remove this -def generate_old_extension_db(): - extension_db = {} - # Include all extensions from source/extensions/extensions_build_config.bzl - all_extensions = {} - all_extensions.update(extensions_build_config.EXTENSIONS) - for extension, target in all_extensions.items(): - extension_db[extension] = get_extension_metadata(target) - # The TLS and generic upstream extensions are hard-coded into the build, so - # not in source/extensions/extensions_build_config.bzl - # TODO(mattklein123): Read these special keys from all_extensions.bzl or a shared location to - # avoid duplicate logic. - extension_db['envoy.transport_sockets.tls'] = get_extension_metadata( - '//source/extensions/transport_sockets/tls:config') - extension_db['envoy.upstreams.http.generic'] = get_extension_metadata( - '//source/extensions/upstreams/http/generic:config') - extension_db['envoy.upstreams.tcp.generic'] = get_extension_metadata( - '//source/extensions/upstreams/tcp/generic:config') - extension_db['envoy.upstreams.http.http_protocol_options'] = get_extension_metadata( - '//source/extensions/upstreams/http:config') - extension_db['envoy.request_id.uuid'] = get_extension_metadata( - '//source/extensions/request_id/uuid:config') - return extension_db - - -# TODO(phlax): move this to a checker class, remove `compare_old_and_new` and add pytests -def validate_extensions(): - returns = 0 - with open("source/extensions/extensions_metadata.yaml") as f: - metadata = yaml.safe_load(f.read()) - returns = compare_old_and_new(generate_old_extension_db(), metadata) + if missing_metadata: + returns = 1 + print(f"Metadata missing for extensions: {missing_metadata}") if num_robust_to_downstream_network_filters(metadata) != num_read_filters_fuzzed(): returns = 1