From da403fa7b67b9331ca1d129a4035950d2e23c752 Mon Sep 17 00:00:00 2001 From: alyssawilk Date: Fri, 31 Jul 2020 21:36:57 -0400 Subject: [PATCH] build: marking extensions as extension-only visible by default (#12337) Risk Level: medium (of build breakage) Testing: n/a Docs Changes: n/a Release Notes: n/a Part of #9953 Signed-off-by: Alyssa Wilk --- BUILD | 30 +++++++++++++++++++ bazel/README.md | 11 +++++++ bazel/envoy_build_system.bzl | 3 ++ bazel/envoy_library.bzl | 3 +- docs/root/version_history/current.rst | 2 ++ source/extensions/access_loggers/BUILD | 6 ++-- source/extensions/access_loggers/common/BUILD | 4 +-- source/extensions/access_loggers/file/BUILD | 11 +++++-- source/extensions/access_loggers/grpc/BUILD | 16 ++++++++-- source/extensions/clusters/BUILD | 6 ++-- source/extensions/clusters/aggregate/BUILD | 4 +-- .../clusters/dynamic_forward_proxy/BUILD | 4 +-- source/extensions/clusters/redis/BUILD | 4 +-- source/extensions/common/BUILD | 6 ++-- source/extensions/common/aws/BUILD | 4 +-- source/extensions/common/crypto/BUILD | 10 +++++-- .../common/dynamic_forward_proxy/BUILD | 4 +-- source/extensions/common/proxy_protocol/BUILD | 6 ++-- source/extensions/common/redis/BUILD | 4 +-- source/extensions/common/sqlutils/BUILD | 4 +-- source/extensions/common/tap/BUILD | 4 +-- source/extensions/common/wasm/BUILD | 4 +-- source/extensions/common/wasm/null/BUILD | 4 +-- source/extensions/common/wasm/v8/BUILD | 4 +-- .../compression/common/compressor/BUILD | 4 +-- .../compression/common/decompressor/BUILD | 4 +-- .../extensions/compression/gzip/common/BUILD | 4 +-- .../compression/gzip/compressor/BUILD | 4 +-- .../compression/gzip/decompressor/BUILD | 4 +-- source/extensions/extensions_build_config.bzl | 6 ++++ source/extensions/filters/common/expr/BUILD | 4 +-- .../extensions/filters/common/ext_authz/BUILD | 4 +-- source/extensions/filters/common/fault/BUILD | 4 +-- source/extensions/filters/common/lua/BUILD | 4 +-- .../filters/common/original_src/BUILD | 4 +-- .../extensions/filters/common/ratelimit/BUILD | 4 +-- source/extensions/filters/common/rbac/BUILD | 4 +-- source/extensions/filters/http/BUILD | 6 ++-- .../filters/http/adaptive_concurrency/BUILD | 4 +-- .../adaptive_concurrency/controller/BUILD | 4 +-- .../filters/http/admission_control/BUILD | 4 +-- .../http/admission_control/evaluators/BUILD | 4 +-- .../extensions/filters/http/aws_lambda/BUILD | 4 +-- .../filters/http/aws_request_signing/BUILD | 4 +-- source/extensions/filters/http/buffer/BUILD | 9 ++++-- source/extensions/filters/http/cache/BUILD | 4 +-- .../http/cache/simple_http_cache/BUILD | 4 +-- source/extensions/filters/http/common/BUILD | 14 +++++++-- .../filters/http/common/compressor/BUILD | 4 +-- .../extensions/filters/http/compressor/BUILD | 4 +-- source/extensions/filters/http/cors/BUILD | 9 ++++-- source/extensions/filters/http/csrf/BUILD | 4 +-- .../filters/http/decompressor/BUILD | 4 +-- .../filters/http/dynamic_forward_proxy/BUILD | 4 +-- source/extensions/filters/http/dynamo/BUILD | 4 +-- .../extensions/filters/http/ext_authz/BUILD | 4 +-- source/extensions/filters/http/fault/BUILD | 4 +-- .../filters/http/grpc_http1_bridge/BUILD | 11 +++++-- .../http/grpc_http1_reverse_bridge/BUILD | 4 +-- .../filters/http/grpc_json_transcoder/BUILD | 4 +-- .../extensions/filters/http/grpc_stats/BUILD | 4 +-- source/extensions/filters/http/grpc_web/BUILD | 4 +-- source/extensions/filters/http/gzip/BUILD | 4 +-- .../filters/http/header_to_metadata/BUILD | 4 +-- .../filters/http/health_check/BUILD | 11 +++++-- .../extensions/filters/http/ip_tagging/BUILD | 9 ++++-- .../extensions/filters/http/jwt_authn/BUILD | 4 +-- source/extensions/filters/http/lua/BUILD | 4 +-- .../extensions/filters/http/on_demand/BUILD | 10 +++++-- .../filters/http/original_src/BUILD | 4 +-- .../extensions/filters/http/ratelimit/BUILD | 4 +-- source/extensions/filters/http/rbac/BUILD | 9 ++++-- source/extensions/filters/http/router/BUILD | 6 ++-- source/extensions/filters/http/squash/BUILD | 4 +-- source/extensions/filters/http/tap/BUILD | 4 +-- source/extensions/filters/listener/BUILD | 6 ++-- .../filters/listener/http_inspector/BUILD | 4 +-- .../filters/listener/original_dst/BUILD | 9 ++++-- .../filters/listener/original_src/BUILD | 4 +-- .../filters/listener/proxy_protocol/BUILD | 10 +++++-- .../filters/listener/tls_inspector/BUILD | 14 +++++++-- source/extensions/filters/network/BUILD | 6 ++-- .../filters/network/client_ssl_auth/BUILD | 4 +-- .../extensions/filters/network/common/BUILD | 8 +++-- .../filters/network/common/redis/BUILD | 4 +-- .../filters/network/direct_response/BUILD | 4 +-- .../filters/network/dubbo_proxy/BUILD | 4 +-- .../filters/network/dubbo_proxy/filters/BUILD | 4 +-- .../filters/network/dubbo_proxy/router/BUILD | 4 +-- source/extensions/filters/network/echo/BUILD | 9 ++++-- .../filters/network/ext_authz/BUILD | 4 +-- .../network/http_connection_manager/BUILD | 6 ++-- source/extensions/filters/network/kafka/BUILD | 4 +-- .../filters/network/local_ratelimit/BUILD | 4 +-- .../filters/network/mongo_proxy/BUILD | 4 +-- .../filters/network/mysql_proxy/BUILD | 4 +-- .../filters/network/postgres_proxy/BUILD | 4 +-- .../filters/network/ratelimit/BUILD | 10 +++++-- source/extensions/filters/network/rbac/BUILD | 4 +-- .../filters/network/redis_proxy/BUILD | 9 ++++-- .../filters/network/rocketmq_proxy/BUILD | 4 +-- .../network/rocketmq_proxy/router/BUILD | 4 +-- .../filters/network/sni_cluster/BUILD | 4 +-- .../network/sni_dynamic_forward_proxy/BUILD | 4 +-- .../filters/network/tcp_proxy/BUILD | 6 ++-- .../filters/network/thrift_proxy/BUILD | 4 +-- .../network/thrift_proxy/filters/BUILD | 4 +-- .../thrift_proxy/filters/ratelimit/BUILD | 4 +-- .../filters/network/thrift_proxy/router/BUILD | 4 +-- .../filters/network/zookeeper_proxy/BUILD | 4 +-- .../extensions/filters/udp/dns_filter/BUILD | 4 +-- source/extensions/filters/udp/udp_proxy/BUILD | 4 +-- source/extensions/grpc_credentials/BUILD | 6 ++-- .../extensions/grpc_credentials/aws_iam/BUILD | 4 +-- .../extensions/grpc_credentials/example/BUILD | 10 +++++-- .../file_based_metadata/BUILD | 4 +-- source/extensions/health_checkers/BUILD | 6 ++-- source/extensions/health_checkers/redis/BUILD | 4 +-- source/extensions/internal_redirect/BUILD | 6 ++-- .../allow_listed_routes/BUILD | 9 ++++-- .../internal_redirect/previous_routes/BUILD | 9 ++++-- .../internal_redirect/safe_cross_scheme/BUILD | 9 ++++-- source/extensions/quic_listeners/quiche/BUILD | 10 +++++-- .../quic_listeners/quiche/platform/BUILD | 4 +-- source/extensions/resource_monitors/BUILD | 6 ++-- .../extensions/resource_monitors/common/BUILD | 6 ++-- .../resource_monitors/fixed_heap/BUILD | 4 +-- .../resource_monitors/injected_resource/BUILD | 9 ++++-- .../retry/host/omit_canary_hosts/BUILD | 4 +-- .../retry/host/omit_host_metadata/BUILD | 4 +-- .../retry/host/previous_hosts/BUILD | 4 +-- source/extensions/retry/priority/BUILD | 4 +-- .../retry/priority/previous_priorities/BUILD | 4 +-- source/extensions/stat_sinks/BUILD | 6 ++-- .../extensions/stat_sinks/common/statsd/BUILD | 4 +-- source/extensions/stat_sinks/dog_statsd/BUILD | 4 +-- source/extensions/stat_sinks/hystrix/BUILD | 4 +-- .../stat_sinks/metrics_service/BUILD | 4 +-- source/extensions/stat_sinks/statsd/BUILD | 9 ++++-- source/extensions/tracers/common/BUILD | 4 +-- source/extensions/tracers/common/ot/BUILD | 4 +-- source/extensions/tracers/datadog/BUILD | 4 +-- source/extensions/tracers/dynamic_ot/BUILD | 4 +-- source/extensions/tracers/lightstep/BUILD | 4 +-- source/extensions/tracers/opencensus/BUILD | 4 +-- source/extensions/tracers/xray/BUILD | 4 +-- source/extensions/tracers/zipkin/BUILD | 9 ++++-- source/extensions/transport_sockets/BUILD | 6 ++-- .../extensions/transport_sockets/alts/BUILD | 4 +-- .../extensions/transport_sockets/common/BUILD | 4 +-- .../transport_sockets/proxy_protocol/BUILD | 4 +-- .../transport_sockets/raw_buffer/BUILD | 6 ++-- source/extensions/transport_sockets/tap/BUILD | 10 +++++-- source/extensions/transport_sockets/tls/BUILD | 12 ++++++-- .../transport_sockets/tls/private_key/BUILD | 4 +-- .../extensions/upstreams/http/generic/BUILD | 4 +-- source/extensions/upstreams/http/http/BUILD | 4 +-- source/extensions/upstreams/http/tcp/BUILD | 4 +-- tools/code_format/envoy_build_fixer.py | 30 ++++++++++++------- 159 files changed, 586 insertions(+), 315 deletions(-) diff --git a/BUILD b/BUILD index 4dc2cadee42d..8518272d537f 100644 --- a/BUILD +++ b/BUILD @@ -1,6 +1,36 @@ +load( + "@envoy_build_config//:extensions_build_config.bzl", + "ADDITIONAL_VISIBILITY", +) + licenses(["notice"]) # Apache 2 exports_files([ "VERSION", ".clang-format", ]) + +# These two definitions exist to help reduce Envoy upstream core code depending on extensions. +# To avoid visibility problems, one can extend ADDITIONAL_VISIBILITY in source/extensions/extensions_build_config.bzl +# +# TODO(#9953) //test/config_test:__pkg__ should probably be split up and removed. +# TODO(#9953) the config fuzz tests should be moved somewhere local and //test/config_test and //test/server removed. +package_group( + name = "extension_config", + packages = [ + "//source/exe", + "//source/extensions/...", + "//test/config_test", + "//test/extensions/...", + "//test/server", + "//test/server/config_validation", + ] + ADDITIONAL_VISIBILITY, +) + +package_group( + name = "extension_library", + packages = [ + "//source/extensions/...", + "//test/extensions/...", + ] + ADDITIONAL_VISIBILITY, +) diff --git a/bazel/README.md b/bazel/README.md index 62d7b6e8f2c0..0c3e3f9abb9d 100644 --- a/bazel/README.md +++ b/bazel/README.md @@ -611,6 +611,17 @@ local_repository( ... ``` +## Extra extensions + +If you are building your own Envoy extensions or custom Envoy builds and encounter visibility +problems with, you may need to adjust the default visibility rules. +By default, Envoy extensions are set up to only be visible to code within the +[//source/extensions](../source/extensions/), or the Envoy server target. To adjust this, +add any additional targets you need to `ADDITIONAL_VISIBILITY` in +[extensions_build_config.bzl](../source/extensions/extensions_build_config.bzl). +See the instructions above about how to create your own custom version of +[extensions_build_config.bzl](../source/extensions/extensions_build_config.bzl). + # Release builds Release builds should be built in `opt` mode, processed with `strip` and have a diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl index 0f062cbfe8d8..a96a2cdabc0d 100644 --- a/bazel/envoy_build_system.bzl +++ b/bazel/envoy_build_system.bzl @@ -36,6 +36,9 @@ load( def envoy_package(): native.package(default_visibility = ["//visibility:public"]) +def envoy_extension_package(): + native.package(default_visibility = ["//:extension_library"]) + # A genrule variant that can output a directory. This is useful when doing things like # generating a fuzz corpus mechanically. def _envoy_directory_genrule_impl(ctx): diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index dd35bcac6f9a..63e4b963bb18 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -70,12 +70,13 @@ def envoy_cc_extension( undocumented = False, status = "stable", tags = [], + visibility = ["//:extension_config"], **kwargs): if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: fail("Unknown extension status: " + status) - envoy_cc_library(name, tags = tags, **kwargs) + envoy_cc_library(name, tags = tags, visibility = visibility, **kwargs) # Envoy C++ library targets should be specified with this function. def envoy_cc_library( diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 01c1f3dd56a0..f06045af222a 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -5,6 +5,8 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* +* build: added visibility rules for upstream. If these cause visibility related breakage, see notes in //BUILD. + Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* diff --git a/source/extensions/access_loggers/BUILD b/source/extensions/access_loggers/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/access_loggers/BUILD +++ b/source/extensions/access_loggers/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/access_loggers/common/BUILD b/source/extensions/access_loggers/common/BUILD index a4cf5294cf81..1afb1f270a42 100644 --- a/source/extensions/access_loggers/common/BUILD +++ b/source/extensions/access_loggers/common/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Base class for implementations of AccessLog::Instance. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "access_log_base", diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index 6e86f2e0a490..b95be9f7228c 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,12 +10,14 @@ licenses(["notice"]) # Apache 2 # Access log implementation that writes to a file. # Public docs: docs/root/configuration/access_log.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "file_access_log_lib", srcs = ["file_access_log_impl.cc"], hdrs = ["file_access_log_impl.h"], + # The file based access logger is core code. + visibility = ["//visibility:public"], deps = [ "//source/extensions/access_loggers/common:access_log_base", ], @@ -26,6 +28,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) determine if this is core or should be cleaned up. + visibility = [ + "//:extension_config", + "//test:__subpackages__", + ], deps = [ ":file_access_log_lib", "//include/envoy/registry", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index e92a44b24d6d..94683341a2f7 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Access log implementation that writes to a gRPC service. # Public docs: TODO(rodaine): Docs needed. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "config_utils", @@ -98,6 +98,12 @@ envoy_cc_extension( srcs = ["http_config.cc"], hdrs = ["http_config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/common/access_log:__subpackages__", + "//test/integration:__subpackages__", + ], deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", @@ -115,6 +121,12 @@ envoy_cc_extension( srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/common/access_log:__subpackages__", + "//test/integration:__subpackages__", + ], deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", diff --git a/source/extensions/clusters/BUILD b/source/extensions/clusters/BUILD index ee5bcf6bc186..46709ec0c238 100644 --- a/source/extensions/clusters/BUILD +++ b/source/extensions/clusters/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/config:well_known_names", "//source/common/singleton:const_singleton", diff --git a/source/extensions/clusters/aggregate/BUILD b/source/extensions/clusters/aggregate/BUILD index d6c7d4d1a515..d23dd525625a 100644 --- a/source/extensions/clusters/aggregate/BUILD +++ b/source/extensions/clusters/aggregate/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "cluster", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index 744f1e1bfca8..0dc4780118e1 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "cluster", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index 3edf4864852c..784103719061 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "crc16_lib", diff --git a/source/extensions/common/BUILD b/source/extensions/common/BUILD index 54a5bcddfc7f..abc0d81c2d50 100644 --- a/source/extensions/common/BUILD +++ b/source/extensions/common/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "utility_lib", hdrs = ["utility.h"], + # Legacy. TODO(#9953) clean up. + visibility = ["//visibility:public"], deps = [ "//include/envoy/runtime:runtime_interface", "//source/common/common:documentation_url_lib", diff --git a/source/extensions/common/aws/BUILD b/source/extensions/common/aws/BUILD index 4d610a59545f..621d60806d54 100644 --- a/source/extensions/common/aws/BUILD +++ b/source/extensions/common/aws/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "signer_interface", diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index 836c8320a523..ea1802a97570 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "utility_lib", @@ -23,6 +23,12 @@ envoy_cc_extension( ], security_posture = "unknown", undocumented = True, + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/common/config:__subpackages__", + "//test/common/crypto:__subpackages__", + ], deps = [ "//include/envoy/buffer:buffer_interface", "//source/common/common:assert_lib", diff --git a/source/extensions/common/dynamic_forward_proxy/BUILD b/source/extensions/common/dynamic_forward_proxy/BUILD index 4321013da9f9..19d613869618 100644 --- a/source/extensions/common/dynamic_forward_proxy/BUILD +++ b/source/extensions/common/dynamic_forward_proxy/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "dns_cache_interface", diff --git a/source/extensions/common/proxy_protocol/BUILD b/source/extensions/common/proxy_protocol/BUILD index fb0d2f74c09f..7a2b9bf66d03 100644 --- a/source/extensions/common/proxy_protocol/BUILD +++ b/source/extensions/common/proxy_protocol/BUILD @@ -1,17 +1,19 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_protocol_header_lib", srcs = ["proxy_protocol_header.cc"], hdrs = ["proxy_protocol_header.h"], + # This is used by the router, so considered core code. + visibility = ["//visibility:public"], deps = [ "//include/envoy/buffer:buffer_interface", "//include/envoy/network:address_interface", diff --git a/source/extensions/common/redis/BUILD b/source/extensions/common/redis/BUILD index 1d50b1cfc6fc..f7427e61ad2e 100644 --- a/source/extensions/common/redis/BUILD +++ b/source/extensions/common/redis/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # clusters. # Public docs: docs/root/configuration/network_filters/redis_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "cluster_refresh_manager_interface", diff --git a/source/extensions/common/sqlutils/BUILD b/source/extensions/common/sqlutils/BUILD index c0129c29cfc3..f477e6a42208 100644 --- a/source/extensions/common/sqlutils/BUILD +++ b/source/extensions/common/sqlutils/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "sqlutils_lib", diff --git a/source/extensions/common/tap/BUILD b/source/extensions/common/tap/BUILD index 480b2d05b6f3..8cf381c67dee 100644 --- a/source/extensions/common/tap/BUILD +++ b/source/extensions/common/tap/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "tap_interface", diff --git a/source/extensions/common/wasm/BUILD b/source/extensions/common/wasm/BUILD index c31b2deb485b..6e034dbda256 100644 --- a/source/extensions/common/wasm/BUILD +++ b/source/extensions/common/wasm/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", diff --git a/source/extensions/common/wasm/null/BUILD b/source/extensions/common/wasm/null/BUILD index 0d9d49510412..31a33d8f4d49 100644 --- a/source/extensions/common/wasm/null/BUILD +++ b/source/extensions/common/wasm/null/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "null_vm_plugin_interface", diff --git a/source/extensions/common/wasm/v8/BUILD b/source/extensions/common/wasm/v8/BUILD index 0e4f86d97a66..4ff62d112f2f 100644 --- a/source/extensions/common/wasm/v8/BUILD +++ b/source/extensions/common/wasm/v8/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "v8_lib", diff --git a/source/extensions/compression/common/compressor/BUILD b/source/extensions/compression/common/compressor/BUILD index 54843124ba79..db3d5c88ae16 100644 --- a/source/extensions/compression/common/compressor/BUILD +++ b/source/extensions/compression/common/compressor/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "compressor_factory_base_lib", diff --git a/source/extensions/compression/common/decompressor/BUILD b/source/extensions/compression/common/decompressor/BUILD index 27208bee530a..0d69c90a8acd 100644 --- a/source/extensions/compression/common/decompressor/BUILD +++ b/source/extensions/compression/common/decompressor/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "decompressor_factory_base_lib", diff --git a/source/extensions/compression/gzip/common/BUILD b/source/extensions/compression/gzip/common/BUILD index 8ec29af79ddb..5c301a6a9abe 100644 --- a/source/extensions/compression/gzip/common/BUILD +++ b/source/extensions/compression/gzip/common/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "zlib_base_lib", diff --git a/source/extensions/compression/gzip/compressor/BUILD b/source/extensions/compression/gzip/compressor/BUILD index 3f37d2524356..e8918d1fcbc8 100644 --- a/source/extensions/compression/gzip/compressor/BUILD +++ b/source/extensions/compression/gzip/compressor/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "compressor_lib", diff --git a/source/extensions/compression/gzip/decompressor/BUILD b/source/extensions/compression/gzip/decompressor/BUILD index 9c86b64ef61b..b4c6fb375d45 100644 --- a/source/extensions/compression/gzip/decompressor/BUILD +++ b/source/extensions/compression/gzip/decompressor/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "zlib_decompressor_impl_lib", diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index d69443ada6a0..0ae05caa57c0 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -198,3 +198,9 @@ EXTENSIONS = { } + +# This can be used to extend the visibility rules for Envoy extensions +# (//:extension_config and //:extension_library in //BUILD) +# if downstream Envoy builds need to directly reference envoy extensions. +ADDITIONAL_VISIBILITY = [ + ] diff --git a/source/extensions/filters/common/expr/BUILD b/source/extensions/filters/common/expr/BUILD index d9abedc88404..fbbcd725ba43 100644 --- a/source/extensions/filters/common/expr/BUILD +++ b/source/extensions/filters/common/expr/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "evaluator_lib", diff --git a/source/extensions/filters/common/ext_authz/BUILD b/source/extensions/filters/common/ext_authz/BUILD index 45d4fb01d96f..977560fefb20 100644 --- a/source/extensions/filters/common/ext_authz/BUILD +++ b/source/extensions/filters/common/ext_authz/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ext_authz_interface", diff --git a/source/extensions/filters/common/fault/BUILD b/source/extensions/filters/common/fault/BUILD index d64605085fc4..bf05af548e01 100644 --- a/source/extensions/filters/common/fault/BUILD +++ b/source/extensions/filters/common/fault/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "fault_config_lib", diff --git a/source/extensions/filters/common/lua/BUILD b/source/extensions/filters/common/lua/BUILD index 0095b156c4b6..769784c89092 100644 --- a/source/extensions/filters/common/lua/BUILD +++ b/source/extensions/filters/common/lua/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) load("//bazel:envoy_internal.bzl", "envoy_external_dep_path") load("@bazel_skylib//rules:common_settings.bzl", "bool_flag") licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() bool_flag( name = "moonjit", diff --git a/source/extensions/filters/common/original_src/BUILD b/source/extensions/filters/common/original_src/BUILD index 76662376ee0c..0c4b4832e2e3 100644 --- a/source/extensions/filters/common/original_src/BUILD +++ b/source/extensions/filters/common/original_src/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Helprs for filters for mirroring the downstream remote address on the upstream's source. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "original_src_socket_option_lib", diff --git a/source/extensions/filters/common/ratelimit/BUILD b/source/extensions/filters/common/ratelimit/BUILD index 726bdf338f9a..e98dc90a8916 100644 --- a/source/extensions/filters/common/ratelimit/BUILD +++ b/source/extensions/filters/common/ratelimit/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ratelimit_lib", diff --git a/source/extensions/filters/common/rbac/BUILD b/source/extensions/filters/common/rbac/BUILD index 9a9bbc105749..14c649ca4340 100644 --- a/source/extensions/filters/common/rbac/BUILD +++ b/source/extensions/filters/common/rbac/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "utility_lib", diff --git a/source/extensions/filters/http/BUILD b/source/extensions/filters/http/BUILD index ee5bcf6bc186..790ddc806157 100644 --- a/source/extensions/filters/http/BUILD +++ b/source/extensions/filters/http/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # Well known names are public. + visibility = ["//visibility:public"], deps = [ "//source/common/config:well_known_names", "//source/common/singleton:const_singleton", diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index c6a7a2d4e95f..9cef1214ab36 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -11,7 +11,7 @@ licenses(["notice"]) # Apache 2 # requests based on sampled latencies. # Public docs: docs/root/configuration/http_filters/adaptive_concurrency_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "adaptive_concurrency_filter_lib", diff --git a/source/extensions/filters/http/adaptive_concurrency/controller/BUILD b/source/extensions/filters/http/adaptive_concurrency/controller/BUILD index ae74e71c6b35..b9f4475d7af7 100644 --- a/source/extensions/filters/http/adaptive_concurrency/controller/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/controller/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # requests based on sampled latencies. # Public docs: TODO (tonya11en) -envoy_package() +envoy_extension_package() envoy_cc_library( name = "controller_lib", diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 2bfdfb9912a6..07acbda5fe58 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -9,7 +9,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that probabilistically rejects requests based on upstream success-rate. # Public docs: docs/root/configuration/http_filters/admission_control.rst -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "admission_control_filter_lib", diff --git a/source/extensions/filters/http/admission_control/evaluators/BUILD b/source/extensions/filters/http/admission_control/evaluators/BUILD index 79910a264e7e..c5c72ee2db5c 100644 --- a/source/extensions/filters/http/admission_control/evaluators/BUILD +++ b/source/extensions/filters/http/admission_control/evaluators/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # HTTP L7 filter that probabilistically rejects requests based on upstream success-rate. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "response_evaluator_lib", diff --git a/source/extensions/filters/http/aws_lambda/BUILD b/source/extensions/filters/http/aws_lambda/BUILD index 1e3d6006293a..86e2cc553f78 100644 --- a/source/extensions/filters/http/aws_lambda/BUILD +++ b/source/extensions/filters/http/aws_lambda/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", "envoy_proto_library", ) @@ -11,7 +11,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP AWS Lambda filter # Public docs: docs/root/configuration/http_filters/aws_lambda_filter.rst -envoy_package() +envoy_extension_package() envoy_proto_library( name = "request_response", diff --git a/source/extensions/filters/http/aws_request_signing/BUILD b/source/extensions/filters/http/aws_request_signing/BUILD index a83efef61e98..01b83ecf6865 100644 --- a/source/extensions/filters/http/aws_request_signing/BUILD +++ b/source/extensions/filters/http/aws_request_signing/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP AWS request signing filter # Public docs: docs/root/configuration/http_filters/aws_request_signing_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "aws_request_signing_filter_lib", diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index eeb4a403931e..9f9364576031 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Request buffering and timeout L7 HTTP filter # Public docs: docs/root/configuration/http_filters/buffer_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "buffer_filter_lib", @@ -38,6 +38,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/cache/BUILD b/source/extensions/filters/http/cache/BUILD index ee97d6f0a9a8..159fd3e80253 100644 --- a/source/extensions/filters/http/cache/BUILD +++ b/source/extensions/filters/http/cache/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", "envoy_proto_library", ) @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 ## Pluggable HTTP cache filter -envoy_package() +envoy_extension_package() envoy_cc_library( name = "cache_filter_lib", diff --git a/source/extensions/filters/http/cache/simple_http_cache/BUILD b/source/extensions/filters/http/cache/simple_http_cache/BUILD index b38c273b2601..f9484060aa97 100644 --- a/source/extensions/filters/http/cache/simple_http_cache/BUILD +++ b/source/extensions/filters/http/cache/simple_http_cache/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", "envoy_proto_library", ) @@ -9,7 +9,7 @@ licenses(["notice"]) # Apache 2 ## WIP: Simple in-memory cache storage plugin. Not ready for deployment. -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "simple_http_cache_lib", diff --git a/source/extensions/filters/http/common/BUILD b/source/extensions/filters/http/common/BUILD index 7a3ccda3d2c1..39da5c48c58e 100644 --- a/source/extensions/filters/http/common/BUILD +++ b/source/extensions/filters/http/common/BUILD @@ -1,16 +1,21 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "pass_through_filter_lib", hdrs = ["pass_through_filter.h"], + # A thin shim used by test and prod filters. + visibility = [ + "//source:__subpackages__", + "//test:__subpackages__", + ], deps = [ "//include/envoy/server:filter_config_interface", ], @@ -41,6 +46,11 @@ envoy_cc_library( envoy_cc_library( name = "utility_lib", hdrs = ["utility.h"], + # Used by the router filter. TODO(#9953) clean up. + visibility = [ + "//source:__subpackages__", + "//test:__subpackages__", + ], deps = [ "//include/envoy/runtime:runtime_interface", "//source/common/common:macros", diff --git a/source/extensions/filters/http/common/compressor/BUILD b/source/extensions/filters/http/common/compressor/BUILD index 56468881c8f2..a1c67b984a5e 100644 --- a/source/extensions/filters/http/common/compressor/BUILD +++ b/source/extensions/filters/http/common/compressor/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() # TODO(rojkov): move this library to source/extensions/filters/http/compressor/. envoy_cc_library( diff --git a/source/extensions/filters/http/compressor/BUILD b/source/extensions/filters/http/compressor/BUILD index ea1d38801a5e..01855f8eb64a 100644 --- a/source/extensions/filters/http/compressor/BUILD +++ b/source/extensions/filters/http/compressor/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that performs compression with configurable compression libraries # Public docs: docs/root/configuration/http_filters/compressor_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "compressor_filter_lib", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index 0685c0e41f27..903fa5599ff0 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter which implements CORS processing (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) # Public docs: docs/root/configuration/http_filters/cors_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "cors_filter_lib", @@ -32,6 +32,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index c82dbf9764e2..47bea6f6bbf2 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter which implements CSRF processing (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) # Public docs: docs/root/configuration/http_filters/csrf_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "csrf_filter_lib", diff --git a/source/extensions/filters/http/decompressor/BUILD b/source/extensions/filters/http/decompressor/BUILD index b4665ca09b7b..08d224b8b284 100644 --- a/source/extensions/filters/http/decompressor/BUILD +++ b/source/extensions/filters/http/decompressor/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that performs decompression with configurable decompression libraries # Public docs: docs/root/configuration/http_filters/decompressor_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "decompressor_filter_lib", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index 56d4ff9be0b6..dc15f124ed78 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_filter_lib", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index ad5f2fc3b97e..c152863819ed 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # AWS DynamoDB L7 HTTP filter (observability): https://aws.amazon.com/dynamodb/ # Public docs: docs/root/configuration/http_filters/dynamodb_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "dynamo_filter_lib", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index 559363edcf7b..0d789c30c048 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # External authorization L7 HTTP filter # Public docs: TODO(saumoh): Docs needed in docs/root/configuration/http_filters -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ext_authz", diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index 726cda5785d0..a518d60f37e1 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that injects faults into the request flow # Public docs: docs/root/configuration/http_filters/fault_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "fault_filter_lib", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index 486904e2f8a5..1a978232aa06 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter that bridges HTTP/1.1 unary "gRPC" to compliant HTTP/2 gRPC. # Public docs: docs/root/configuration/http_filters/grpc_http1_bridge_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "http1_bridge_filter_lib", @@ -34,6 +34,13 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "unknown", + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//source/exe:__pkg__", + "//test/integration:__subpackages__", + "//test/server:__subpackages__", + ], deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index 1a80fefdb45c..852c3c368a5f 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "filter_lib", diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 3b7ab0a09d22..88429fc0bfc7 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter that implements binary gRPC to JSON transcoding # Public docs: docs/root/configuration/http_filters/grpc_json_transcoder_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "json_transcoder_filter_lib", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index 62bc49e8be01..ac38af975136 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # L7 HTTP filter that implements gRPC telemetry -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index 1f6910590907..d18eb56ed01d 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter that implements the grpc-web protocol (https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-WEB.md) # Public docs: docs/root/configuration/http_filters/grpc_web_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "grpc_web_filter_lib", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index 3844addc83b6..39b1459d45be 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that performs gzip compression # Public docs: docs/root/configuration/http_filters/gzip_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "gzip_filter_lib", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index e0232d4d8d1c..1bbe574312e6 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that transforms request data into dynamic metadata # Public docs: docs/root/configuration/http_filters/header_to_metadata_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "header_to_metadata_filter_lib", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index f0841d388b48..dd4fa02f30b3 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter that implements health check responses # Public docs: docs/root/configuration/http_filters/health_check_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "health_check_lib", @@ -38,6 +38,13 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/common/filter/http:__subpackages__", + "//test/integration:__subpackages__", + "//test/server:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/common/http:header_utility_lib", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index cbcf98b1d516..5e27f10bb15c 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter that writes an IP tagging header based on IP trie data # Public docs: docs/root/configuration/http_filters/ip_tagging_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ip_tagging_filter_lib", @@ -34,6 +34,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index a2967b990132..f0249b014ea1 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "extractor_lib", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index 657e3472a88f..2e08db0ad563 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Lua scripting L7 HTTP filter (https://www.lua.org/, http://luajit.org/) # Public docs: docs/root/configuration/http_filters/lua_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "lua_filter_lib", diff --git a/source/extensions/filters/http/on_demand/BUILD b/source/extensions/filters/http/on_demand/BUILD index 3f4ef02c1dba..86b029ca21d3 100644 --- a/source/extensions/filters/http/on_demand/BUILD +++ b/source/extensions/filters/http/on_demand/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # On-demand RDS update HTTP filter -envoy_package() +envoy_extension_package() envoy_cc_library( name = "on_demand_update_lib", @@ -31,6 +31,12 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) classify and clean up. + visibility = [ + "//:extension_config", + "//test/common/access_log:__subpackages__", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index eff7f4cf9679..b88a1d8df9ff 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # A filter for mirroring the downstream remote address on the upstream's source. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "config_lib", diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index 4a8c7a8c35d5..9119aa35a26d 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Ratelimit L7 HTTP filter # Public docs: docs/root/configuration/http_filters/rate_limit_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ratelimit_lib", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 9554a910a16c..1f7802394c70 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -2,18 +2,23 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index ab7487d00b6a..6402dc14c880 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -9,13 +9,15 @@ licenses(["notice"]) # Apache 2 # HTTP L7 filter responsible for routing to upstream connection pools # Public docs: docs/root/configuration/http_filters/router_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # This is core Envoy config. + visibility = ["//visibility:public"], deps = [ "//include/envoy/registry", "//source/common/router:router_lib", diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index 8579d7a2860a..ea2bdcd1242b 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP filter that implements the Squash microservice debugger # Public docs: docs/root/configuration/http_filters/squash_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "squash_filter_lib", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 62a8d2f36f5a..73d4237cd019 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # L7 HTTP Tap filter # Public docs: docs/root/configuration/http_filters/tap_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "tap_config_interface", diff --git a/source/extensions/filters/listener/BUILD b/source/extensions/filters/listener/BUILD index 06456dbbcb5e..9a2ee9ad75cb 100644 --- a/source/extensions/filters/listener/BUILD +++ b/source/extensions/filters/listener/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # Well known names are public. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index 87e808230bd1..0f3c7f50eb40 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # HTTP inspector filter for sniffing HTTP protocol and setting HTTP version to a FilterChain. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "http_inspector_lib", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index a940d212c987..78c09f58155c 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # ORIGINAL_DST iptables redirection listener filter # Public docs: docs/root/configuration/listener_filters/original_dst_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "original_dst_lib", @@ -29,6 +29,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":original_dst_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index 4bed07cc6619..4240bb61f28a 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # A filter for mirroring the downstream remote address on the upstream's source. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "config_lib", diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 407d05e43468..810c99d4021f 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Proxy protocol listener filter: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_protocol_lib", @@ -18,6 +18,7 @@ envoy_cc_library( "proxy_protocol.h", "proxy_protocol_header.h", ], + visibility = ["//visibility:public"], deps = [ "//include/envoy/event:dispatcher_interface", "//include/envoy/network:filter_interface", @@ -39,6 +40,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index c751c53156a4..35a163b26b99 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,13 +10,18 @@ licenses(["notice"]) # Apache 2 # TLS inspector filter for examining various TLS parameters before routing to a FilterChain. # Public docs: docs/root/configuration/listener_filters/tls_inspector.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "tls_inspector_lib", srcs = ["tls_inspector.cc"], hdrs = ["tls_inspector.h"], external_deps = ["ssl"], + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/event:dispatcher_interface", "//include/envoy/event:timer_interface", @@ -33,6 +38,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], security_posture = "robust_to_untrusted_downstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/network/BUILD b/source/extensions/filters/network/BUILD index ee5bcf6bc186..790ddc806157 100644 --- a/source/extensions/filters/network/BUILD +++ b/source/extensions/filters/network/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # Well known names are public. + visibility = ["//visibility:public"], deps = [ "//source/common/config:well_known_names", "//source/common/singleton:const_singleton", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index 2a120e030866..d77c4abae594 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Client SSL authorization L4 network filter # Public docs: docs/root/configuration/network_filters/client_ssl_auth_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "client_ssl_auth", diff --git a/source/extensions/filters/network/common/BUILD b/source/extensions/filters/network/common/BUILD index 4e70e2aa414d..09249e400050 100644 --- a/source/extensions/filters/network/common/BUILD +++ b/source/extensions/filters/network/common/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "factory_base_lib", hdrs = ["factory_base.h"], + # Used by core. TODO(#9953) clean up. + visibility = ["//visibility:public"], deps = [ "//include/envoy/server:filter_config_interface", ], @@ -19,6 +21,8 @@ envoy_cc_library( envoy_cc_library( name = "utility_lib", hdrs = ["utility.h"], + # Used by core. TODO(#9953) clean up. + visibility = ["//visibility:public"], deps = [ "//include/envoy/runtime:runtime_interface", "//source/common/common:macros", diff --git a/source/extensions/filters/network/common/redis/BUILD b/source/extensions/filters/network/common/redis/BUILD index 3b4dcedbb01e..5c0393d36a62 100644 --- a/source/extensions/filters/network/common/redis/BUILD +++ b/source/extensions/filters/network/common/redis/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "codec_interface", diff --git a/source/extensions/filters/network/direct_response/BUILD b/source/extensions/filters/network/direct_response/BUILD index fe6244a5c19d..a7ed6d274a1f 100644 --- a/source/extensions/filters/network/direct_response/BUILD +++ b/source/extensions/filters/network/direct_response/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Direct response L4 network filter. # Public docs: docs/root/configuration/network_filters/direct_response_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "filter", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index 6b2affdd7d72..bf83e91ad0fd 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "buffer_helper_lib", diff --git a/source/extensions/filters/network/dubbo_proxy/filters/BUILD b/source/extensions/filters/network/dubbo_proxy/filters/BUILD index 2fc5922c92ea..d2c9fd1ff03c 100644 --- a/source/extensions/filters/network/dubbo_proxy/filters/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/filters/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "filter_interface", diff --git a/source/extensions/filters/network/dubbo_proxy/router/BUILD b/source/extensions/filters/network/dubbo_proxy/router/BUILD index 9dd2cf7e46c8..4227ca25fcf5 100644 --- a/source/extensions/filters/network/dubbo_proxy/router/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/router/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "router_interface", diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index 6d39336775b0..6b136705258c 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Echo L4 network filter. This is primarily a simplistic example. # Public docs: docs/root/configuration/network_filters/echo_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "echo", @@ -29,6 +29,11 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], security_posture = "unknown", + # TODO(#9953) move echo integration test to extensions. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":echo", "//include/envoy/registry", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 1a7277d7ac4d..ebc6847e28f6 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # External authorization L4 network filter # Public docs: TODO(saumoh): Docs needed in docs/root/configuration/network_filters -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ext_authz", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index 5d03f03ecc4a..012cd2b00cce 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,13 +10,15 @@ licenses(["notice"]) # Apache 2 # drives all of the L7 HTTP filters. # Public docs: docs/root/configuration/http_conn_man/http_conn_man.rst -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # This is core Envoy config. + visibility = ["//visibility:public"], deps = [ "//include/envoy/config:config_provider_manager_interface", "//include/envoy/filesystem:filesystem_interface", diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index 495a94a7bad6..3c338ff751c6 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -3,7 +3,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -11,7 +11,7 @@ licenses(["notice"]) # Apache 2 # Kafka network filter. # Broker filter public docs: docs/root/configuration/network_filters/kafka_broker_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "kafka_broker_config_lib", diff --git a/source/extensions/filters/network/local_ratelimit/BUILD b/source/extensions/filters/network/local_ratelimit/BUILD index 052b817726d9..13389742fa56 100644 --- a/source/extensions/filters/network/local_ratelimit/BUILD +++ b/source/extensions/filters/network/local_ratelimit/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Local ratelimit L4 network filter # Public docs: docs/root/configuration/network_filters/local_rate_limit_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "local_ratelimit_lib", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index 04c14c2c610c..2e281e1f6789 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Mongo proxy L4 network filter (observability and fault injection). # Public docs: docs/root/configuration/network_filters/mongo_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "bson_interface", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index 152584385054..fee8571ea619 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # MySQL proxy L7 network filter. # Public docs: docs/root/configuration/network_filters/mysql_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_lib", diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index b2d7d2dcef11..aa397da9b55f 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -12,7 +12,7 @@ licenses(["notice"]) # Apache 2 # PostgresSQL proxy L7 network filter. # Public docs: docs/root/configuration/network_filters/postgres_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "filter", diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 68f54558afa4..f653adf348fb 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,12 +10,18 @@ licenses(["notice"]) # Apache 2 # Ratelimit L4 network filter # Public docs: docs/root/configuration/network_filters/rate_limit_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ratelimit_lib", srcs = ["ratelimit.cc"], hdrs = ["ratelimit.h"], + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//source/extensions:__subpackages__", + "//test/common/network:__pkg__", + "//test/extensions:__subpackages__", + ], deps = [ "//include/envoy/network:connection_interface", "//include/envoy/network:filter_interface", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index 367104e913d8..75e98406cf26 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index 4d452f0cad3c..c0b742efa02e 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -11,7 +11,7 @@ licenses(["notice"]) # Apache 2 # clusters. # Public docs: docs/root/configuration/network_filters/redis_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "command_splitter_interface", @@ -119,6 +119,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "requires_trusted_downstream_and_upstream", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ "//include/envoy/upstream:upstream_interface", "//source/extensions/common/redis:cluster_refresh_manager_lib", diff --git a/source/extensions/filters/network/rocketmq_proxy/BUILD b/source/extensions/filters/network/rocketmq_proxy/BUILD index 7ce5e971d74a..f837b9bf83f8 100644 --- a/source/extensions/filters/network/rocketmq_proxy/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", diff --git a/source/extensions/filters/network/rocketmq_proxy/router/BUILD b/source/extensions/filters/network/rocketmq_proxy/router/BUILD index 03f3b70a34be..8f303861daae 100644 --- a/source/extensions/filters/network/rocketmq_proxy/router/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/router/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "router_interface", diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index 6524b5defe1e..e6670b8e4260 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "sni_cluster", diff --git a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD index d7f95b44d6bd..372fce9155e2 100644 --- a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_filter_lib", diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index 312b3233b10d..d6d7495e9122 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -9,13 +9,15 @@ licenses(["notice"]) # Apache 2 # TCP proxy L4 network filter. # Public docs: docs/root/configuration/network_filters/tcp_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # This is core Envoy config. + visibility = ["//visibility:public"], deps = [ "//include/envoy/registry", "//source/common/tcp_proxy", diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index baa733731637..78f484da3f9e 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "app_exception_lib", diff --git a/source/extensions/filters/network/thrift_proxy/filters/BUILD b/source/extensions/filters/network/thrift_proxy/filters/BUILD index 808e42dd8e98..a1b91d286809 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "filter_config_interface", diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index 5c136b0a0353..7252afc340a7 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "ratelimit_lib", diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index 74a706741538..00e32bbf06a2 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index 301498c6465b..8dc6e0791392 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # ZooKeeper proxy L7 network filter. # Public docs: docs/root/configuration/network_filters/zookeeper_proxy_filter.rst -envoy_package() +envoy_extension_package() envoy_cc_library( name = "proxy_lib", diff --git a/source/extensions/filters/udp/dns_filter/BUILD b/source/extensions/filters/udp/dns_filter/BUILD index 1d4f8e0ab1fb..4511fb6380da 100644 --- a/source/extensions/filters/udp/dns_filter/BUILD +++ b/source/extensions/filters/udp/dns_filter/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "dns_filter_lib", diff --git a/source/extensions/filters/udp/udp_proxy/BUILD b/source/extensions/filters/udp/udp_proxy/BUILD index 7b9efa4498a2..834c8ed66a0a 100644 --- a/source/extensions/filters/udp/udp_proxy/BUILD +++ b/source/extensions/filters/udp/udp_proxy/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "udp_proxy_filter_lib", diff --git a/source/extensions/grpc_credentials/BUILD b/source/extensions/grpc_credentials/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/grpc_credentials/BUILD +++ b/source/extensions/grpc_credentials/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index 4c3e179096b1..ab920487e264 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # AWS IAM gRPC Credentials -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/grpc_credentials/example/BUILD b/source/extensions/grpc_credentials/example/BUILD index 30025a7c046e..8c43f6c27532 100644 --- a/source/extensions/grpc_credentials/example/BUILD +++ b/source/extensions/grpc_credentials/example/BUILD @@ -1,20 +1,26 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Example gRPC Credentials -envoy_package() +envoy_extension_package() envoy_cc_library( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], external_deps = ["grpc"], + # Legacy test use. + visibility = [ + "//source/extensions:__subpackages__", + "//test/common/grpc:__subpackages__", + "//test/extensions:__subpackages__", + ], deps = [ "//include/envoy/grpc:google_grpc_creds_interface", "//include/envoy/registry", diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index b41ac277c73f..d6c8b8d5e5fb 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -1,14 +1,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # File Based Metadata gRPC Credentials -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/health_checkers/BUILD b/source/extensions/health_checkers/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/health_checkers/BUILD +++ b/source/extensions/health_checkers/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index 3dd32163468a..cd852d4f78ec 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Redis custom health checker. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "redis", diff --git a/source/extensions/internal_redirect/BUILD b/source/extensions/internal_redirect/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/internal_redirect/BUILD +++ b/source/extensions/internal_redirect/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/internal_redirect/allow_listed_routes/BUILD b/source/extensions/internal_redirect/allow_listed_routes/BUILD index c2ee85a134ac..6fe252ddf6bb 100644 --- a/source/extensions/internal_redirect/allow_listed_routes/BUILD +++ b/source/extensions/internal_redirect/allow_listed_routes/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "allow_listed_routes_lib", @@ -25,6 +25,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream_and_upstream", + # TODO(#9953) clean up by moving the redirect test to extensions. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":allow_listed_routes_lib", "//include/envoy/registry", diff --git a/source/extensions/internal_redirect/previous_routes/BUILD b/source/extensions/internal_redirect/previous_routes/BUILD index 91f76aebc135..58a0878f0957 100644 --- a/source/extensions/internal_redirect/previous_routes/BUILD +++ b/source/extensions/internal_redirect/previous_routes/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "previous_routes_lib", @@ -25,6 +25,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream_and_upstream", + # TODO(#9953) clean up by moving the redirect test to extensions. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":previous_routes_lib", "//include/envoy/registry", diff --git a/source/extensions/internal_redirect/safe_cross_scheme/BUILD b/source/extensions/internal_redirect/safe_cross_scheme/BUILD index 50433bf8fb42..d957fa57673f 100644 --- a/source/extensions/internal_redirect/safe_cross_scheme/BUILD +++ b/source/extensions/internal_redirect/safe_cross_scheme/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "safe_cross_scheme_lib", @@ -24,6 +24,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream_and_upstream", + # TODO(#9953) clean up by moving the redirect test to extensions. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":safe_cross_scheme_lib", "//include/envoy/registry", diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD index eb2e1922e182..1099eb26deb8 100644 --- a/source/extensions/quic_listeners/quiche/BUILD +++ b/source/extensions/quic_listeners/quiche/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "envoy_quic_alarm_lib", @@ -306,6 +306,12 @@ envoy_cc_library( srcs = ["active_quic_listener_config.cc"], hdrs = ["active_quic_listener_config.h"], tags = ["nofips"], + # TODO(#9953) this should be cleaned up + visibility = [ + "//source/extensions:__subpackages__", + "//test/extensions:__subpackages__", + "//test/server:__subpackages__", + ], deps = [ ":active_quic_listener_lib", "//include/envoy/registry", diff --git a/source/extensions/quic_listeners/quiche/platform/BUILD b/source/extensions/quic_listeners/quiche/platform/BUILD index 9c9857842e75..e7f70f86cb26 100644 --- a/source/extensions/quic_listeners/quiche/platform/BUILD +++ b/source/extensions/quic_listeners/quiche/platform/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() # Build targets in this package are part of the QUICHE platform implementation. # These implementations are the infrastructure building block for QUIC. They are diff --git a/source/extensions/resource_monitors/BUILD b/source/extensions/resource_monitors/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/resource_monitors/BUILD +++ b/source/extensions/resource_monitors/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/resource_monitors/common/BUILD b/source/extensions/resource_monitors/common/BUILD index 7e759d696abd..a17f10b5c378 100644 --- a/source/extensions/resource_monitors/common/BUILD +++ b/source/extensions/resource_monitors/common/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "factory_base_lib", hdrs = ["factory_base.h"], + # This resource monitoring library is considered core code. + visibility = ["//visibility:public"], deps = [ "//include/envoy/server:resource_monitor_config_interface", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 4feb2a6e7cd2..6c2022537d3d 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "fixed_heap_monitor", diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index 4b3702afffdf..6f1c24318cee 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "injected_resource_monitor", @@ -28,6 +28,11 @@ envoy_cc_extension( hdrs = ["config.h"], security_posture = "data_plane_agnostic", status = "alpha", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/integration:__subpackages__", + ], deps = [ ":injected_resource_monitor", "//include/envoy/registry", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index e8fc9840f156..9427fa9fc507 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "omit_canary_hosts_predicate_lib", diff --git a/source/extensions/retry/host/omit_host_metadata/BUILD b/source/extensions/retry/host/omit_host_metadata/BUILD index 09b01e08848c..5e1aaa38c5af 100644 --- a/source/extensions/retry/host/omit_host_metadata/BUILD +++ b/source/extensions/retry/host/omit_host_metadata/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "omit_host_metadata_predicate_lib", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index ea9aa0d78f4e..78e78b1a330e 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "previous_hosts_predicate_lib", diff --git a/source/extensions/retry/priority/BUILD b/source/extensions/retry/priority/BUILD index 06456dbbcb5e..22d835b40706 100644 --- a/source/extensions/retry/priority/BUILD +++ b/source/extensions/retry/priority/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index 65061e5740da..66a592d9c772 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "previous_priorities_lib", diff --git a/source/extensions/stat_sinks/BUILD b/source/extensions/stat_sinks/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/stat_sinks/BUILD +++ b/source/extensions/stat_sinks/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/stat_sinks/common/statsd/BUILD b/source/extensions/stat_sinks/common/statsd/BUILD index 378a7146234d..5e3d6a771d21 100644 --- a/source/extensions/stat_sinks/common/statsd/BUILD +++ b/source/extensions/stat_sinks/common/statsd/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "statsd_lib", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index 2a6e1d7d9c44..662a3c18c24f 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -1,7 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -9,7 +9,7 @@ licenses(["notice"]) # Apache 2 # Stats sink for the DataDog (https://www.datadoghq.com/) variant of the statsd protocol # (https://docs.datadoghq.com/developers/dogstatsd/). -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 463576dd757c..7b28f8218c1b 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Stats sink for the basic version of the hystrix protocol (https://github.com/b/hystrix_spec). -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index ecd35309b7fb..df78d152ba53 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Stats sink for the gRPC metrics service: api/envoy/service/metrics/v2/metrics_service.proto -envoy_package() +envoy_extension_package() envoy_cc_library( name = "metrics_service_grpc_lib", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index a9c862e12e8b..0a8ed4648bca 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -1,20 +1,25 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Stats sink for the basic version of the statsd protocol (https://github.com/b/statsd_spec). -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "data_plane_agnostic", + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/server:__subpackages__", + ], deps = [ "//include/envoy/registry", "//source/common/network:address_lib", diff --git a/source/extensions/tracers/common/BUILD b/source/extensions/tracers/common/BUILD index f31e56bc9cd6..450aef98b536 100644 --- a/source/extensions/tracers/common/BUILD +++ b/source/extensions/tracers/common/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "factory_base_lib", diff --git a/source/extensions/tracers/common/ot/BUILD b/source/extensions/tracers/common/ot/BUILD index 16a0a3642905..beced5b3f219 100644 --- a/source/extensions/tracers/common/ot/BUILD +++ b/source/extensions/tracers/common/ot/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "opentracing_driver_lib", diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index 325f4345a717..7ad1d164203e 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Trace driver for Datadog (https://datadoghq.com/) -envoy_package() +envoy_extension_package() envoy_cc_library( name = "datadog_tracer_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index eb9cc5ee24c6..95b903be987d 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Trace driver for dynamically loadable C++ OpenTracing drivers (http://opentracing.io/). -envoy_package() +envoy_extension_package() envoy_cc_library( name = "dynamic_opentracing_driver_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 1fb5d0e30171..6c287b4a75fe 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Trace driver for LightStep (https://lightstep.com/) -envoy_package() +envoy_extension_package() envoy_cc_library( name = "lightstep_tracer_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index 3494746500a1..2513be7249f6 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", "envoy_select_google_grpc", ) @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Trace driver for OpenCensus: https://opencensus.io/ -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index a186e661eaad..ef486aaac4eb 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", "envoy_proto_library", ) @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # Trace driver for AWS X-Ray. -envoy_package() +envoy_extension_package() envoy_proto_library( name = "daemon", diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index ee0328353fa0..fc2d417c4d1c 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Trace driver for Zipkin (https://zipkin.io/). -envoy_package() +envoy_extension_package() envoy_cc_library( name = "zipkin_lib", @@ -68,6 +68,11 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream", + # Legacy test use. TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/server:__subpackages__", + ], deps = [ ":zipkin_lib", "//source/extensions/tracers/common:factory_base_lib", diff --git a/source/extensions/transport_sockets/BUILD b/source/extensions/transport_sockets/BUILD index 06456dbbcb5e..40a5e79b39d3 100644 --- a/source/extensions/transport_sockets/BUILD +++ b/source/extensions/transport_sockets/BUILD @@ -1,16 +1,18 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "well_known_names", hdrs = ["well_known_names.h"], + # well known names files are public as long as they exist. + visibility = ["//visibility:public"], deps = [ "//source/common/singleton:const_singleton", ], diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index a667fac37e14..631c74a1c8d3 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -2,7 +2,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 @@ -10,7 +10,7 @@ licenses(["notice"]) # Apache 2 # ALTS transport socket. This provides Google's ALTS protocol support in GCP to Envoy. # https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/ -envoy_package() +envoy_extension_package() envoy_cc_library( name = "grpc_tsi_wrapper", diff --git a/source/extensions/transport_sockets/common/BUILD b/source/extensions/transport_sockets/common/BUILD index 8aacce0fdd15..eee229da12fb 100644 --- a/source/extensions/transport_sockets/common/BUILD +++ b/source/extensions/transport_sockets/common/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "passthrough_lib", diff --git a/source/extensions/transport_sockets/proxy_protocol/BUILD b/source/extensions/transport_sockets/proxy_protocol/BUILD index d44382487e85..251721adfbb4 100644 --- a/source/extensions/transport_sockets/proxy_protocol/BUILD +++ b/source/extensions/transport_sockets/proxy_protocol/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "upstream_proxy_protocol", diff --git a/source/extensions/transport_sockets/raw_buffer/BUILD b/source/extensions/transport_sockets/raw_buffer/BUILD index 4d5bdacbe88c..3d4b41c96cde 100644 --- a/source/extensions/transport_sockets/raw_buffer/BUILD +++ b/source/extensions/transport_sockets/raw_buffer/BUILD @@ -1,20 +1,22 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Built-in plaintext connection transport socket. -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "requires_trusted_downstream_and_upstream", + # This is core Envoy config. + visibility = ["//visibility:public"], deps = [ "//include/envoy/network:transport_socket_interface", "//include/envoy/registry", diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index a241afa2df24..4adb0db7cb38 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -2,14 +2,14 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # tap wrapper around a transport socket. -envoy_package() +envoy_extension_package() envoy_cc_library( name = "tap_config_interface", @@ -53,6 +53,12 @@ envoy_cc_extension( hdrs = ["config.h"], security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", + # TODO(#9953) clean up. + visibility = [ + "//:extension_config", + "//test/common/access_log:__subpackages__", + "//test/integration:__subpackages__", + ], deps = [ ":tap_config_impl", ":tap_lib", diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 6b14b5b0a870..1cd091050d15 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -2,20 +2,22 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 # Built-in TLS connection transport socket. -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], security_posture = "robust_to_untrusted_downstream_and_upstream", + # TLS is core functionality. + visibility = ["//visibility:public"], deps = [ ":ssl_socket_lib", "//include/envoy/network:transport_socket_interface", @@ -37,6 +39,8 @@ envoy_cc_library( "abseil_synchronization", "ssl", ], + # TLS is core functionality. + visibility = ["//visibility:public"], deps = [ ":context_config_lib", ":context_lib", @@ -62,6 +66,8 @@ envoy_cc_library( external_deps = [ "ssl", ], + # TLS is core functionality. + visibility = ["//visibility:public"], deps = [ "//include/envoy/secret:secret_callbacks_interface", "//include/envoy/secret:secret_provider_interface", @@ -95,6 +101,8 @@ envoy_cc_library( "abseil_synchronization", "ssl", ], + # TLS is core functionality. + visibility = ["//visibility:public"], deps = [ ":utility_lib", "//include/envoy/ssl:context_config_interface", diff --git a/source/extensions/transport_sockets/tls/private_key/BUILD b/source/extensions/transport_sockets/tls/private_key/BUILD index 8b0563f5e06d..f6163ca64012 100644 --- a/source/extensions/transport_sockets/tls/private_key/BUILD +++ b/source/extensions/transport_sockets/tls/private_key/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_library( name = "private_key_manager_lib", diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD index 712b0d9632ea..563b4bf5a9e2 100644 --- a/source/extensions/upstreams/http/generic/BUILD +++ b/source/extensions/upstreams/http/generic/BUILD @@ -1,12 +1,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD index f97f894d3294..4c0b5be394b9 100644 --- a/source/extensions/upstreams/http/http/BUILD +++ b/source/extensions/upstreams/http/http/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD index 82b0422fad70..6daa95ce15d7 100644 --- a/source/extensions/upstreams/http/tcp/BUILD +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -2,12 +2,12 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", - "envoy_package", + "envoy_extension_package", ) licenses(["notice"]) # Apache 2 -envoy_package() +envoy_extension_package() envoy_cc_extension( name = "config", diff --git a/tools/code_format/envoy_build_fixer.py b/tools/code_format/envoy_build_fixer.py index 51f7d0fb866c..9af90f0f7e21 100755 --- a/tools/code_format/envoy_build_fixer.py +++ b/tools/code_format/envoy_build_fixer.py @@ -2,7 +2,7 @@ # Enforces: # - License headers on Envoy BUILD files -# - envoy_package() top-level invocation for standard Envoy package setup. +# - envoy_package() or envoy_extension_package() top-level invocation for standard Envoy package setup. # - Infers API dependencies from source files. # - Misc. cleanups: avoids redundant blank lines, removes unused loads. # - Maybe more later? @@ -31,8 +31,9 @@ # Match an Envoy rule, e.g. envoy_cc_library( in a BUILD file. ENVOY_RULE_REGEX = re.compile(r'envoy[_\w]+\(') -# Match a load() statement for the envoy_package macro. +# Match a load() statement for the envoy_package macros. PACKAGE_LOAD_BLOCK_REGEX = re.compile('("envoy_package".*?\)\n)', re.DOTALL) +EXTENSION_PACKAGE_LOAD_BLOCK_REGEX = re.compile('("envoy_extension_package".*?\)\n)', re.DOTALL) # Match Buildozer 'print' output. Example of Buildozer print output: # cc_library json_transcoder_filter_lib [json_transcoder_filter.cc] (missing) (missing) @@ -70,20 +71,29 @@ def RunBuildozer(cmds, contents): # Add an Apache 2 license and envoy_package() import and rule as needed. -def FixPackageAndLicense(contents): +def FixPackageAndLicense(path, contents): + regex_to_use = PACKAGE_LOAD_BLOCK_REGEX + package_string = 'envoy_package' + + if 'source/extensions' in path: + regex_to_use = EXTENSION_PACKAGE_LOAD_BLOCK_REGEX + package_string = 'envoy_extension_package' + # Ensure we have an envoy_package import load if this is a real Envoy package. We also allow # the prefix to be overridden if envoy is included in a larger workspace. if re.search(ENVOY_RULE_REGEX, contents): + new_load = 'new_load {}//bazel:envoy_build_system.bzl %s' % package_string contents = RunBuildozer([ - ('new_load {}//bazel:envoy_build_system.bzl envoy_package'.format( - os.getenv("ENVOY_BAZEL_PREFIX", "")), '__pkg__'), + (new_load.format(os.getenv("ENVOY_BAZEL_PREFIX", "")), '__pkg__'), ], contents) # Envoy package is inserted after the load block containing the # envoy_package import. - if 'envoy_package()' not in contents: - contents = re.sub(PACKAGE_LOAD_BLOCK_REGEX, r'\1\nenvoy_package()\n\n', contents) - if 'envoy_package()' not in contents: - raise EnvoyBuildFixerError('Unable to insert envoy_package()') + package_and_parens = package_string + '()' + if package_and_parens not in contents: + contents = re.sub(regex_to_use, r'\1\n%s\n\n' % package_and_parens, contents) + if package_and_parens not in contents: + raise EnvoyBuildFixerError('Unable to insert %s' % package_and_parens) + # Delete old licenses. if re.search(OLD_LICENSES_REGEX, contents): contents = re.sub(OLD_LICENSES_REGEX, '', contents) @@ -173,7 +183,7 @@ def FixBuild(path): with open(path, 'r') as f: contents = f.read() xforms = [ - FixPackageAndLicense, + functools.partial(FixPackageAndLicense, path), functools.partial(FixApiDeps, path), BuildifierLint, ]