diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index ca64d5a09e000..d052c481ace5c 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -66,6 +66,38 @@ EXTENSION_SECURITY_POSTURES = [ "data_plane_agnostic", ] +# Extension categories as defined by factories +EXTENSION_CATEGORIES = [ + "envoy.access_loggers", + "envoy.bootstrap", + "envoy.clusters", + "envoy.compression.compressor", + "envoy.compression.decompressor", + "envoy.filters.http", + "envoy.filters.listener", + "envoy.filters.network", + "envoy.filters.udp_listener", + "envoy.formatter", + "envoy.grpc_credentials", + "envoy.guarddog_actions", + "envoy.health_checkers", + "envoy.internal_redirect_predicates", + "envoy.io_socket", + "envoy.rate_limit_descriptors", + "envoy.resolvers", + "envoy.resource_monitors", + "envoy.retry_host_predicates", + "envoy.retry_priorities", + "envoy.stats_sinks", + "envoy.thrift_proxy.filters", + "envoy.tracers", + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + "envoy.upstreams", + "envoy.wasm.runtime", + "DELIBERATELY_OMITTED", +] + EXTENSION_STATUS_VALUES = [ # This extension is stable and is expected to be production usable. "stable", @@ -80,6 +112,7 @@ EXTENSION_STATUS_VALUES = [ def envoy_cc_extension( name, security_posture, + category = None, # Only set this for internal, undocumented extensions. undocumented = False, status = "stable", @@ -87,6 +120,14 @@ def envoy_cc_extension( extra_visibility = [], visibility = EXTENSION_CONFIG_VISIBILITY, **kwargs): + if not category: + fail("Category not set for %s" % name) + if type(category) == "string": + category = (category,) + for cat in category: + if cat not in EXTENSION_CATEGORIES: + fail("Unknown extension category for %s: %s" % + (name, cat)) if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index 93e2ad5b5c614..36a550e33bb91 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -27,6 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.access_loggers", # TODO(#9953) determine if this is core or should be cleaned up. extra_visibility = [ "//test:__subpackages__", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index b958ccba79950..ebffc533ba20a 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -97,6 +97,7 @@ envoy_cc_extension( name = "http_config", srcs = ["http_config.cc"], hdrs = ["http_config.h"], + category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", @@ -120,6 +121,7 @@ envoy_cc_extension( name = "tcp_config", srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], + category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/access_loggers/wasm/BUILD b/source/extensions/access_loggers/wasm/BUILD index efb16906d78e9..0ed93bef9607d 100644 --- a/source/extensions/access_loggers/wasm/BUILD +++ b/source/extensions/access_loggers/wasm/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.access_loggers", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/bootstrap/wasm/BUILD b/source/extensions/bootstrap/wasm/BUILD index e23ac8fc84a2f..fe58c86f94c02 100644 --- a/source/extensions/bootstrap/wasm/BUILD +++ b/source/extensions/bootstrap/wasm/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.bootstrap", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/clusters/aggregate/BUILD b/source/extensions/clusters/aggregate/BUILD index d23dd525625af..473f140b30da7 100644 --- a/source/extensions/clusters/aggregate/BUILD +++ b/source/extensions/clusters/aggregate/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( "cluster.h", "lb_context.h", ], + category = "envoy.clusters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//source/common/upstream:cluster_factory_lib", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index 0dc4780118e1d..3a6fdf9f10804 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "cluster", srcs = ["cluster.cc"], hdrs = ["cluster.h"], + category = "envoy.clusters", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/common/network:transport_socket_options_lib", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index 784103719061e..dd2e31fc7b5e7 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -42,6 +42,7 @@ envoy_cc_extension( "redis_cluster.cc", "redis_cluster.h", ], + category = "envoy.clusters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "redis_cluster_lb", diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index 7877fee80388b..d33b7986b519d 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -18,6 +18,7 @@ envoy_cc_extension( "crypto_impl.h", "utility_impl.h", ], + category = "DELIBERATELY_OMITTED", external_deps = [ "ssl", ], diff --git a/source/extensions/compression/gzip/compressor/BUILD b/source/extensions/compression/gzip/compressor/BUILD index e8918d1fcbc8d..39a7e7c6e9d73 100644 --- a/source/extensions/compression/gzip/compressor/BUILD +++ b/source/extensions/compression/gzip/compressor/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.compression.compressor", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_lib", diff --git a/source/extensions/compression/gzip/decompressor/BUILD b/source/extensions/compression/gzip/decompressor/BUILD index b4c6fb375d459..0a1d8766031b9 100644 --- a/source/extensions/compression/gzip/decompressor/BUILD +++ b/source/extensions/compression/gzip/decompressor/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.compression.decompressor", security_posture = "robust_to_untrusted_downstream", deps = [ ":zlib_decompressor_impl_lib", diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index 9cef1214ab36f..7662d09bc1fd8 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 9dab0fc8f6bc7..9bfd7c4505361 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( "admission_control.h", "thread_local_controller.h", ], + category = "envoy.filters.http", security_posture = "unknown", deps = [ "//include/envoy/http:filter_interface", @@ -40,6 +41,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/aws_lambda/BUILD b/source/extensions/filters/http/aws_lambda/BUILD index 86e2cc553f784..1001ba3d87cbf 100644 --- a/source/extensions/filters/http/aws_lambda/BUILD +++ b/source/extensions/filters/http/aws_lambda/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/aws_request_signing/BUILD b/source/extensions/filters/http/aws_request_signing/BUILD index 01b83ecf68656..f0222a4b954bc 100644 --- a/source/extensions/filters/http/aws_request_signing/BUILD +++ b/source/extensions/filters/http/aws_request_signing/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index f63cd254e3add..c38b84635d661 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", # Legacy test use. TODO(#9953) clean up. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/cache/BUILD b/source/extensions/filters/http/cache/BUILD index f7617abeecf3d..2506f3310f08c 100644 --- a/source/extensions/filters/http/cache/BUILD +++ b/source/extensions/filters/http/cache/BUILD @@ -100,6 +100,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cache/simple_http_cache/BUILD b/source/extensions/filters/http/cache/simple_http_cache/BUILD index f9484060aa97d..65901a682ee5d 100644 --- a/source/extensions/filters/http/cache/simple_http_cache/BUILD +++ b/source/extensions/filters/http/cache/simple_http_cache/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "simple_http_cache_lib", srcs = ["simple_http_cache.cc"], hdrs = ["simple_http_cache.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cdn_loop/BUILD b/source/extensions/filters/http/cdn_loop/BUILD index ff6a8c26bfdf4..291f20b3a7256 100644 --- a/source/extensions/filters/http/cdn_loop/BUILD +++ b/source/extensions/filters/http/cdn_loop/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/compressor/BUILD b/source/extensions/filters/http/compressor/BUILD index 01855f8eb64a6..cec12558d4a93 100644 --- a/source/extensions/filters/http/compressor/BUILD +++ b/source/extensions/filters/http/compressor/BUILD @@ -27,6 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_filter_lib", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index bd5ce89be6821..719af988af59a 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index 383b805580f0d..9b5af4e5a8788 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/decompressor/BUILD b/source/extensions/filters/http/decompressor/BUILD index 08d224b8b2849..fb69254e476b5 100644 --- a/source/extensions/filters/http/decompressor/BUILD +++ b/source/extensions/filters/http/decompressor/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":decompressor_filter_lib", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index 528a263694945..5b0768fe9d2d8 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index c152863819ed0..4854329af55c1 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -42,6 +42,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":dynamo_filter_lib", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index 9a902c51777d3..766e09774d1e2 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -40,6 +40,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":ext_authz", diff --git a/source/extensions/filters/http/ext_proc/BUILD b/source/extensions/filters/http/ext_proc/BUILD index 933e17b54dc6e..8a74b1f18ace0 100644 --- a/source/extensions/filters/http/ext_proc/BUILD +++ b/source/extensions/filters/http/ext_proc/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index a518d60f37e13..8778d38568685 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index 41e02d59666f8..4a1154094c647 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//source/exe:__pkg__", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index 852c3c368a5fe..be9226b61f545 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 6ee3d0dcd9aed..24b26e33cf9d7 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -61,6 +61,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index ac38af9751369..10c7558f549f8 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["grpc_stats_filter.cc"], hdrs = ["grpc_stats_filter.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index d18eb56ed01d0..4a7089ca962eb 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -32,6 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index 39b1459d45bef..d2d9fc86479b4 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index ad4f9bcf8cfef..aa13db4517e15 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index f78d1b95db20f..c54f3bf2ad17e 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/filter/http:__subpackages__", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index 6ee659df773cf..2c75ece83a991 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index 1df6425b585f2..0d5895dfbd5a6 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -70,6 +70,7 @@ envoy_cc_extension( name = "config", srcs = ["filter_factory.cc"], hdrs = ["filter_factory.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/kill_request/BUILD b/source/extensions/filters/http/kill_request/BUILD index 6fa2cc297e89c..8c5c44cd690c1 100644 --- a/source/extensions/filters/http/kill_request/BUILD +++ b/source/extensions/filters/http/kill_request/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "kill_request_config", srcs = ["kill_request_config.cc"], hdrs = ["kill_request_config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/local_ratelimit/BUILD b/source/extensions/filters/http/local_ratelimit/BUILD index 91493ff13f66c..f60271193bc67 100644 --- a/source/extensions/filters/http/local_ratelimit/BUILD +++ b/source/extensions/filters/http/local_ratelimit/BUILD @@ -36,6 +36,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", deps = [ ":local_ratelimit_lib", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index 188b0c484752f..9d6c381a09892 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -55,6 +55,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/oauth2/BUILD b/source/extensions/filters/http/oauth2/BUILD index 44d0718a995d6..7fc8a96a6cf31 100644 --- a/source/extensions/filters/http/oauth2/BUILD +++ b/source/extensions/filters/http/oauth2/BUILD @@ -63,6 +63,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/on_demand/BUILD b/source/extensions/filters/http/on_demand/BUILD index 04a8037484d2f..35ab5e325746d 100644 --- a/source/extensions/filters/http/on_demand/BUILD +++ b/source/extensions/filters/http/on_demand/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # TODO(#9953) classify and clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index b88a1d8df9ffe..3181285fc50a8 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index a4090ee21d790..78ec6694d2a55 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":ratelimit_lib", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 31dbbad82db10..9cd4d9cbedd8e 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index 6402dc14c8802..3d78b2f303e05 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index e89a1c25d8b5b..e486d07f4a890 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 73d4237cd0192..9379579d8b804 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -52,6 +52,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/wasm/BUILD b/source/extensions/filters/http/wasm/BUILD index 81d0a69665e10..e399e89290aa4 100644 --- a/source/extensions/filters/http/wasm/BUILD +++ b/source/extensions/filters/http/wasm/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index 0f3c7f50eb40d..5873f83eb830d 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -32,6 +32,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.listener", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":http_inspector_lib", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index 185605baa2104..098c9e3ba68a6 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index 4240bb61f28a2..26df22093a3cd 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -38,6 +38,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + category = "envoy.filters.listener", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 302940fff6b79..96840051a6f1c 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -39,6 +39,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index 4c05874044c3f..9ee8da494d73a 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -36,6 +36,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index d77c4abae5949..184ef95404aa4 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -40,6 +40,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ ":client_ssl_auth", diff --git a/source/extensions/filters/network/direct_response/BUILD b/source/extensions/filters/network/direct_response/BUILD index a7ed6d274a1fa..7954de4042115 100644 --- a/source/extensions/filters/network/direct_response/BUILD +++ b/source/extensions/filters/network/direct_response/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.network", security_posture = "unknown", deps = [ ":filter", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index bf83e91ad0fd1..4ccdd989436f7 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -106,6 +106,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index 10105f1621c3d..68270a5dd5e20 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.filters.network", # TODO(#9953) move echo integration test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 4d43cbd30eeb1..391fe6e21d72c 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index db02c5750db83..b4f43f9ce324a 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index 30b2251bbb55a..6ad3666863c9b 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -18,6 +18,7 @@ envoy_cc_extension( name = "kafka_broker_config_lib", srcs = ["broker/config.cc"], hdrs = ["broker/config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/network/local_ratelimit/BUILD b/source/extensions/filters/network/local_ratelimit/BUILD index ad61ff36235ef..6e10aaff1de32 100644 --- a/source/extensions/filters/network/local_ratelimit/BUILD +++ b/source/extensions/filters/network/local_ratelimit/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index 2e281e1f67896..ab1956d777cb0 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -107,6 +107,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":proxy_lib", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index fee8571ea619c..0a81574c89d87 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -53,6 +53,7 @@ envoy_cc_extension( name = "config", srcs = ["mysql_config.cc"], hdrs = ["mysql_config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index 420286527f04f..398fa80cc67d5 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -44,6 +44,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", repository = "@envoy", security_posture = "requires_trusted_downstream_and_upstream", deps = [ diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 4cbe47dcbd014..2ab3b5ac6787c 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -39,6 +39,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index 75e98406cf268..f5a4f38fdc0ed 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ ":rbac_filter", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index 460bfa7f0edf6..7cf695e2a513b 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -120,6 +120,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/rocketmq_proxy/BUILD b/source/extensions/filters/network/rocketmq_proxy/BUILD index f837b9bf83f8d..4dd07abc6225a 100644 --- a/source/extensions/filters/network/rocketmq_proxy/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/BUILD @@ -122,6 +122,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index e6670b8e42601..310bf058c1924 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "unknown", deps = [ ":sni_cluster", diff --git a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD index 372fce9155e2b..bed8252554bbb 100644 --- a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD @@ -28,6 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index d6d7495e9122e..e1a22d965da99 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index 78f484da3f9e8..3d098813e3c3d 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":app_exception_lib", diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index 9cec570747408..b27da3987272e 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -32,6 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.thrift_proxy.filters", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index 00e32bbf06a25..34885fe3d24a1 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.thrift_proxy.filters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":router_lib", diff --git a/source/extensions/filters/network/wasm/BUILD b/source/extensions/filters/network/wasm/BUILD index f879094826656..2023fd1f48d8d 100644 --- a/source/extensions/filters/network/wasm/BUILD +++ b/source/extensions/filters/network/wasm/BUILD @@ -28,6 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index 8dc6e07913921..10d14b23ae88a 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -43,6 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/udp/dns_filter/BUILD b/source/extensions/filters/udp/dns_filter/BUILD index 5684b6569ed92..ee87d26ef8de9 100644 --- a/source/extensions/filters/udp/dns_filter/BUILD +++ b/source/extensions/filters/udp/dns_filter/BUILD @@ -51,6 +51,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.udp_listener", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/udp/udp_proxy/BUILD b/source/extensions/filters/udp/udp_proxy/BUILD index da1fe0ab12b00..b939347604fab 100644 --- a/source/extensions/filters/udp/udp_proxy/BUILD +++ b/source/extensions/filters/udp/udp_proxy/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.filters.udp_listener", security_posture = "robust_to_untrusted_downstream", deps = [ ":udp_proxy_filter_lib", diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index ab920487e2641..41e311cc52c55 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.grpc_credentials", external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index d6c8b8d5e5fb6..45f065419f87e 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.grpc_credentials", external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index 3bc89797ab32f..9226e6dcf9c49 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.health_checkers", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":redis", diff --git a/source/extensions/internal_redirect/allow_listed_routes/BUILD b/source/extensions/internal_redirect/allow_listed_routes/BUILD index 2d8148b2335ea..f3186dde09df6 100644 --- a/source/extensions/internal_redirect/allow_listed_routes/BUILD +++ b/source/extensions/internal_redirect/allow_listed_routes/BUILD @@ -24,6 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/previous_routes/BUILD b/source/extensions/internal_redirect/previous_routes/BUILD index ef2601fdfb500..ada41e1ed237e 100644 --- a/source/extensions/internal_redirect/previous_routes/BUILD +++ b/source/extensions/internal_redirect/previous_routes/BUILD @@ -24,6 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/safe_cross_scheme/BUILD b/source/extensions/internal_redirect/safe_cross_scheme/BUILD index 045e81c5252de..5936010fed94a 100644 --- a/source/extensions/internal_redirect/safe_cross_scheme/BUILD +++ b/source/extensions/internal_redirect/safe_cross_scheme/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/io_socket/user_space/BUILD b/source/extensions/io_socket/user_space/BUILD index e449d227ef684..6becad0a92c76 100644 --- a/source/extensions/io_socket/user_space/BUILD +++ b/source/extensions/io_socket/user_space/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.h"], + category = "envoy.io_socket", security_posture = "unknown", status = "wip", undocumented = True, diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD index 97b30b620f077..6dd9192114b03 100644 --- a/source/extensions/quic_listeners/quiche/BUILD +++ b/source/extensions/quic_listeners/quiche/BUILD @@ -371,6 +371,10 @@ envoy_cc_library( # All of these are needed for this extension to function. envoy_cc_extension( name = "quic_factory_lib", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "unknown", tags = ["nofips"], diff --git a/source/extensions/rate_limit_descriptors/expr/BUILD b/source/extensions/rate_limit_descriptors/expr/BUILD index 720c3bf5293bf..088dd84be9c7a 100644 --- a/source/extensions/rate_limit_descriptors/expr/BUILD +++ b/source/extensions/rate_limit_descriptors/expr/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.rate_limit_descriptors", copts = select({ "//bazel:windows_x86_64": [], # TODO: fix the windows ANTLR build "//conditions:default": [ diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 6c2022537d3d7..14b20df2d34a5 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -25,6 +25,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.resource_monitors", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index 6cff7be112ee2..7b6eff7d6ef47 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.resource_monitors", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index 9427fa9fc5071..f9e5f2bded93b 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_canary_hosts_predicate_lib", diff --git a/source/extensions/retry/host/omit_host_metadata/BUILD b/source/extensions/retry/host/omit_host_metadata/BUILD index 5e1aaa38c5af5..51813ad4a4b86 100644 --- a/source/extensions/retry/host/omit_host_metadata/BUILD +++ b/source/extensions/retry/host/omit_host_metadata/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_host_metadata_predicate_lib", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index 78e78b1a330e1..e0deefe584a77 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_hosts_predicate_lib", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index 66a592d9c7727..d036f6266d396 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.retry_priorities", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_priorities_lib", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index 662a3c18c24f4..a9a269862dd39 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 7b28f8218c1b9..1566d97c6de1f 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ ":hystrix_lib", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index cf7a8ce39cba8..28afad7f25ac9 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -43,6 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index 82ee8f026cc07..8d4c70c3131ab 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", # Legacy test use. TODO(#9953) clean up. deps = [ diff --git a/source/extensions/stat_sinks/wasm/BUILD b/source/extensions/stat_sinks/wasm/BUILD index 70e156ac4acc4..dbbdb81e891a6 100644 --- a/source/extensions/stat_sinks/wasm/BUILD +++ b/source/extensions/stat_sinks/wasm/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index 7ad1d164203e9..d294f3e56a41e 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index 95b903be987d6..c7ce76f3267f2 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 6c287b4a75fe6..0bfc9f44ec6f4 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index 2513be7249f6a..a1c414cca9d7e 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", diff --git a/source/extensions/tracers/skywalking/BUILD b/source/extensions/tracers/skywalking/BUILD index 158731e9c0cef..41da2c3f61f37 100644 --- a/source/extensions/tracers/skywalking/BUILD +++ b/source/extensions/tracers/skywalking/BUILD @@ -67,6 +67,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index 35e39cd426b97..31e35ad739383 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -57,6 +57,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index bb76f9f16ed4f..34e00329e121a 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -67,6 +67,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.tracers", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/server:__subpackages__", diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index 631c74a1c8d3f..2d3df5920e8fb 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -34,6 +34,10 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), external_deps = [ "abseil_node_hash_set", ], diff --git a/source/extensions/transport_sockets/proxy_protocol/BUILD b/source/extensions/transport_sockets/proxy_protocol/BUILD index 397626c3c6ae2..105ac9b506d9f 100644 --- a/source/extensions/transport_sockets/proxy_protocol/BUILD +++ b/source/extensions/transport_sockets/proxy_protocol/BUILD @@ -13,6 +13,9 @@ envoy_cc_extension( name = "upstream_config", srcs = ["config.cc"], hdrs = ["config.h"], + category = ( + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", # header generated in Envoy, so can't be faked deps = [ ":upstream_proxy_protocol", diff --git a/source/extensions/transport_sockets/raw_buffer/BUILD b/source/extensions/transport_sockets/raw_buffer/BUILD index 3d4b41c96cdee..68a220fad1246 100644 --- a/source/extensions/transport_sockets/raw_buffer/BUILD +++ b/source/extensions/transport_sockets/raw_buffer/BUILD @@ -14,6 +14,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "requires_trusted_downstream_and_upstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/transport_sockets/starttls/BUILD b/source/extensions/transport_sockets/starttls/BUILD index 6269f165e5f3f..a286e46cad866 100644 --- a/source/extensions/transport_sockets/starttls/BUILD +++ b/source/extensions/transport_sockets/starttls/BUILD @@ -15,6 +15,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index 31341dbbf9b07..5461e5d2585c7 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -51,6 +51,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 0682a41d88d11..1622e91016558 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -15,6 +15,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", # TLS is core functionality. visibility = ["//visibility:public"], diff --git a/source/extensions/upstreams/http/BUILD b/source/extensions/upstreams/http/BUILD index cfcf0b407f97c..00657164e9d1e 100644 --- a/source/extensions/upstreams/http/BUILD +++ b/source/extensions/upstreams/http/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD index 563b4bf5a9e2b..1e2c0d2119e7a 100644 --- a/source/extensions/upstreams/http/generic/BUILD +++ b/source/extensions/upstreams/http/generic/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD index 3b777db5fd986..132d065cabb3b 100644 --- a/source/extensions/upstreams/http/http/BUILD +++ b/source/extensions/upstreams/http/http/BUILD @@ -17,6 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD index e99752677e315..46169ea4b14cc 100644 --- a/source/extensions/upstreams/http/tcp/BUILD +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -17,6 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/tcp/generic/BUILD b/source/extensions/upstreams/tcp/generic/BUILD index dc1ae3eb91168..2320d1ea51ef1 100644 --- a/source/extensions/upstreams/tcp/generic/BUILD +++ b/source/extensions/upstreams/tcp/generic/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/wasm_runtime/null/BUILD b/source/extensions/wasm_runtime/null/BUILD index 63969c889c256..e66dce75d6f3d 100644 --- a/source/extensions/wasm_runtime/null/BUILD +++ b/source/extensions/wasm_runtime/null/BUILD @@ -11,6 +11,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/v8/BUILD b/source/extensions/wasm_runtime/v8/BUILD index 8785616044d74..8024375f64463 100644 --- a/source/extensions/wasm_runtime/v8/BUILD +++ b/source/extensions/wasm_runtime/v8/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wasmtime/BUILD b/source/extensions/wasm_runtime/wasmtime/BUILD index d0adea5660c67..47923bd0caa34 100644 --- a/source/extensions/wasm_runtime/wasmtime/BUILD +++ b/source/extensions/wasm_runtime/wasmtime/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wavm/BUILD b/source/extensions/wasm_runtime/wavm/BUILD index c9a5153efe31f..f2b8c69ae785d 100644 --- a/source/extensions/wasm_runtime/wavm/BUILD +++ b/source/extensions/wasm_runtime/wavm/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/watchdog/profile_action/BUILD b/source/extensions/watchdog/profile_action/BUILD index afe779924b43e..8da916b007ad9 100644 --- a/source/extensions/watchdog/profile_action/BUILD +++ b/source/extensions/watchdog/profile_action/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "envoy.guarddog_actions", security_posture = "data_plane_agnostic", status = "alpha", deps = [