From dc14f7c8a10cedd610fed2a6a7c443e723a78b59 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 18 Jan 2021 17:25:39 +0000 Subject: [PATCH 01/51] extensions: Add category param/s to envoy_cc_extension/s Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 2 ++ source/extensions/filters/network/client_ssl_auth/BUILD | 1 + 2 files changed, 3 insertions(+) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index ca64d5a09e000..59e4d3343bf41 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -80,6 +80,8 @@ EXTENSION_STATUS_VALUES = [ def envoy_cc_extension( name, security_posture, + # Make this mandatory once all extensions have had their cat added. + category = None, # Only set this for internal, undocumented extensions. undocumented = False, status = "stable", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index d77c4abae5949..7a2f71411471d 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -16,6 +16,7 @@ envoy_cc_library( name = "client_ssl_auth", srcs = ["client_ssl_auth.cc"], hdrs = ["client_ssl_auth.h"], + category = "envoy.filters.network", deps = [ "//include/envoy/network:connection_interface", "//include/envoy/network:filter_interface", From aa112cb42b9f2653f6e2d8b1260463afc6e02780 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 12:49:27 +0000 Subject: [PATCH 02/51] cats Signed-off-by: Ryan Northey --- source/extensions/access_loggers/file/BUILD | 1 + source/extensions/access_loggers/grpc/BUILD | 2 ++ source/extensions/access_loggers/wasm/BUILD | 1 + source/extensions/bootstrap/wasm/BUILD | 1 + source/extensions/clusters/aggregate/BUILD | 1 + source/extensions/clusters/dynamic_forward_proxy/BUILD | 1 + source/extensions/clusters/redis/BUILD | 1 + source/extensions/common/crypto/BUILD | 1 + source/extensions/compression/gzip/compressor/BUILD | 1 + source/extensions/compression/gzip/decompressor/BUILD | 1 + source/extensions/filters/http/adaptive_concurrency/BUILD | 1 + source/extensions/filters/http/admission_control/BUILD | 1 + source/extensions/filters/http/aws_lambda/BUILD | 1 + source/extensions/filters/http/aws_request_signing/BUILD | 1 + source/extensions/filters/http/buffer/BUILD | 1 + source/extensions/filters/http/cache/BUILD | 1 + source/extensions/filters/http/cache/simple_http_cache/BUILD | 1 + source/extensions/filters/http/cdn_loop/BUILD | 1 + source/extensions/filters/http/compressor/BUILD | 1 + source/extensions/filters/http/cors/BUILD | 1 + source/extensions/filters/http/csrf/BUILD | 1 + source/extensions/filters/http/decompressor/BUILD | 1 + source/extensions/filters/http/dynamic_forward_proxy/BUILD | 1 + source/extensions/filters/http/dynamo/BUILD | 1 + source/extensions/filters/http/ext_authz/BUILD | 1 + source/extensions/filters/http/ext_proc/BUILD | 1 + source/extensions/filters/http/fault/BUILD | 1 + source/extensions/filters/http/grpc_http1_bridge/BUILD | 1 + source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD | 1 + source/extensions/filters/http/grpc_json_transcoder/BUILD | 1 + source/extensions/filters/http/grpc_stats/BUILD | 1 + source/extensions/filters/http/grpc_web/BUILD | 1 + source/extensions/filters/http/gzip/BUILD | 1 + source/extensions/filters/http/header_to_metadata/BUILD | 1 + source/extensions/filters/http/health_check/BUILD | 1 + source/extensions/filters/http/ip_tagging/BUILD | 1 + source/extensions/filters/http/jwt_authn/BUILD | 1 + source/extensions/filters/http/kill_request/BUILD | 1 + source/extensions/filters/http/local_ratelimit/BUILD | 1 + source/extensions/filters/http/lua/BUILD | 1 + source/extensions/filters/http/oauth2/BUILD | 1 + source/extensions/filters/http/on_demand/BUILD | 1 + source/extensions/filters/http/original_src/BUILD | 1 + source/extensions/filters/http/ratelimit/BUILD | 1 + source/extensions/filters/http/rbac/BUILD | 1 + source/extensions/filters/http/router/BUILD | 1 + source/extensions/filters/http/squash/BUILD | 1 + source/extensions/filters/http/tap/BUILD | 1 + source/extensions/filters/http/wasm/BUILD | 1 + source/extensions/filters/listener/http_inspector/BUILD | 1 + source/extensions/filters/listener/original_dst/BUILD | 1 + source/extensions/filters/listener/original_src/BUILD | 1 + source/extensions/filters/listener/proxy_protocol/BUILD | 1 + source/extensions/filters/listener/tls_inspector/BUILD | 1 + source/extensions/filters/network/client_ssl_auth/BUILD | 3 ++- source/extensions/filters/network/direct_response/BUILD | 1 + source/extensions/filters/network/dubbo_proxy/BUILD | 1 + source/extensions/filters/network/echo/BUILD | 1 + source/extensions/filters/network/ext_authz/BUILD | 1 + .../extensions/filters/network/http_connection_manager/BUILD | 1 + source/extensions/filters/network/kafka/BUILD | 1 + source/extensions/filters/network/local_ratelimit/BUILD | 1 + source/extensions/filters/network/mongo_proxy/BUILD | 1 + source/extensions/filters/network/mysql_proxy/BUILD | 1 + source/extensions/filters/network/postgres_proxy/BUILD | 1 + source/extensions/filters/network/ratelimit/BUILD | 1 + source/extensions/filters/network/rbac/BUILD | 1 + source/extensions/filters/network/redis_proxy/BUILD | 1 + source/extensions/filters/network/rocketmq_proxy/BUILD | 1 + source/extensions/filters/network/sni_cluster/BUILD | 1 + .../extensions/filters/network/sni_dynamic_forward_proxy/BUILD | 1 + source/extensions/filters/network/tcp_proxy/BUILD | 1 + source/extensions/filters/network/thrift_proxy/BUILD | 1 + .../filters/network/thrift_proxy/filters/ratelimit/BUILD | 1 + source/extensions/filters/network/thrift_proxy/router/BUILD | 1 + source/extensions/filters/network/wasm/BUILD | 1 + source/extensions/filters/network/zookeeper_proxy/BUILD | 1 + source/extensions/filters/udp/dns_filter/BUILD | 1 + source/extensions/filters/udp/udp_proxy/BUILD | 1 + source/extensions/grpc_credentials/aws_iam/BUILD | 1 + source/extensions/grpc_credentials/file_based_metadata/BUILD | 1 + source/extensions/health_checkers/redis/BUILD | 1 + source/extensions/internal_redirect/allow_listed_routes/BUILD | 1 + source/extensions/internal_redirect/previous_routes/BUILD | 1 + source/extensions/internal_redirect/safe_cross_scheme/BUILD | 1 + source/extensions/quic_listeners/quiche/BUILD | 1 + source/extensions/rate_limit_descriptors/expr/BUILD | 1 + source/extensions/resource_monitors/fixed_heap/BUILD | 1 + source/extensions/resource_monitors/injected_resource/BUILD | 1 + source/extensions/retry/host/omit_canary_hosts/BUILD | 1 + source/extensions/retry/host/omit_host_metadata/BUILD | 1 + source/extensions/retry/host/previous_hosts/BUILD | 1 + source/extensions/retry/priority/previous_priorities/BUILD | 1 + source/extensions/stat_sinks/dog_statsd/BUILD | 1 + source/extensions/stat_sinks/hystrix/BUILD | 1 + source/extensions/stat_sinks/metrics_service/BUILD | 1 + source/extensions/stat_sinks/statsd/BUILD | 1 + source/extensions/stat_sinks/wasm/BUILD | 1 + source/extensions/tracers/datadog/BUILD | 1 + source/extensions/tracers/dynamic_ot/BUILD | 1 + source/extensions/tracers/lightstep/BUILD | 1 + source/extensions/tracers/opencensus/BUILD | 1 + source/extensions/tracers/skywalking/BUILD | 1 + source/extensions/tracers/xray/BUILD | 1 + source/extensions/tracers/zipkin/BUILD | 1 + source/extensions/transport_sockets/alts/BUILD | 1 + source/extensions/transport_sockets/proxy_protocol/BUILD | 1 + source/extensions/transport_sockets/raw_buffer/BUILD | 1 + source/extensions/transport_sockets/starttls/BUILD | 1 + source/extensions/transport_sockets/tap/BUILD | 1 + source/extensions/transport_sockets/tls/BUILD | 1 + source/extensions/upstreams/http/BUILD | 1 + source/extensions/upstreams/http/generic/BUILD | 1 + source/extensions/upstreams/http/http/BUILD | 1 + source/extensions/upstreams/http/tcp/BUILD | 1 + source/extensions/upstreams/tcp/generic/BUILD | 1 + source/extensions/wasm_runtime/null/BUILD | 1 + source/extensions/wasm_runtime/v8/BUILD | 1 + source/extensions/wasm_runtime/wasmtime/BUILD | 1 + source/extensions/wasm_runtime/wavm/BUILD | 1 + source/extensions/watchdog/profile_action/BUILD | 1 + 121 files changed, 123 insertions(+), 1 deletion(-) diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index 93e2ad5b5c614..fb40a1c51112a 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -27,6 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) determine if this is core or should be cleaned up. extra_visibility = [ "//test:__subpackages__", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index b958ccba79950..5710d0d94a152 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -97,6 +97,7 @@ envoy_cc_extension( name = "http_config", srcs = ["http_config.cc"], hdrs = ["http_config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", @@ -120,6 +121,7 @@ envoy_cc_extension( name = "tcp_config", srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/access_loggers/wasm/BUILD b/source/extensions/access_loggers/wasm/BUILD index efb16906d78e9..774529b17298c 100644 --- a/source/extensions/access_loggers/wasm/BUILD +++ b/source/extensions/access_loggers/wasm/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/bootstrap/wasm/BUILD b/source/extensions/bootstrap/wasm/BUILD index e23ac8fc84a2f..29a6aada422fa 100644 --- a/source/extensions/bootstrap/wasm/BUILD +++ b/source/extensions/bootstrap/wasm/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/clusters/aggregate/BUILD b/source/extensions/clusters/aggregate/BUILD index d23dd525625af..f2c561926f1a4 100644 --- a/source/extensions/clusters/aggregate/BUILD +++ b/source/extensions/clusters/aggregate/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( "cluster.h", "lb_context.h", ], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//source/common/upstream:cluster_factory_lib", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index 0dc4780118e1d..1cc69f35893fc 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "cluster", srcs = ["cluster.cc"], hdrs = ["cluster.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/common/network:transport_socket_options_lib", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index 784103719061e..f18a868e723b2 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -42,6 +42,7 @@ envoy_cc_extension( "redis_cluster.cc", "redis_cluster.h", ], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "redis_cluster_lb", diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index 7877fee80388b..a2dea37f23185 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( external_deps = [ "ssl", ], + category = "SOMECAT", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/config:__subpackages__", diff --git a/source/extensions/compression/gzip/compressor/BUILD b/source/extensions/compression/gzip/compressor/BUILD index e8918d1fcbc8d..d230b2ac5ba08 100644 --- a/source/extensions/compression/gzip/compressor/BUILD +++ b/source/extensions/compression/gzip/compressor/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_lib", diff --git a/source/extensions/compression/gzip/decompressor/BUILD b/source/extensions/compression/gzip/decompressor/BUILD index b4c6fb375d459..a7e1ed019eee7 100644 --- a/source/extensions/compression/gzip/decompressor/BUILD +++ b/source/extensions/compression/gzip/decompressor/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":zlib_decompressor_impl_lib", diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index 9cef1214ab36f..5f1ef9e08ac7a 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 9dab0fc8f6bc7..642c7dc67de56 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( "admission_control.h", "thread_local_controller.h", ], + category = "SOMECAT", security_posture = "unknown", deps = [ "//include/envoy/http:filter_interface", diff --git a/source/extensions/filters/http/aws_lambda/BUILD b/source/extensions/filters/http/aws_lambda/BUILD index 86e2cc553f784..550261c2ed669 100644 --- a/source/extensions/filters/http/aws_lambda/BUILD +++ b/source/extensions/filters/http/aws_lambda/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/aws_request_signing/BUILD b/source/extensions/filters/http/aws_request_signing/BUILD index 01b83ecf68656..5ed8fee27e4ea 100644 --- a/source/extensions/filters/http/aws_request_signing/BUILD +++ b/source/extensions/filters/http/aws_request_signing/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index f63cd254e3add..18e3c17c36fec 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", # Legacy test use. TODO(#9953) clean up. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/cache/BUILD b/source/extensions/filters/http/cache/BUILD index f7617abeecf3d..7a86045992c50 100644 --- a/source/extensions/filters/http/cache/BUILD +++ b/source/extensions/filters/http/cache/BUILD @@ -100,6 +100,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cache/simple_http_cache/BUILD b/source/extensions/filters/http/cache/simple_http_cache/BUILD index f9484060aa97d..ef15471e6df03 100644 --- a/source/extensions/filters/http/cache/simple_http_cache/BUILD +++ b/source/extensions/filters/http/cache/simple_http_cache/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "simple_http_cache_lib", srcs = ["simple_http_cache.cc"], hdrs = ["simple_http_cache.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cdn_loop/BUILD b/source/extensions/filters/http/cdn_loop/BUILD index ff6a8c26bfdf4..41bb06108bad8 100644 --- a/source/extensions/filters/http/cdn_loop/BUILD +++ b/source/extensions/filters/http/cdn_loop/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/compressor/BUILD b/source/extensions/filters/http/compressor/BUILD index 01855f8eb64a6..f2e80d0a6b678 100644 --- a/source/extensions/filters/http/compressor/BUILD +++ b/source/extensions/filters/http/compressor/BUILD @@ -27,6 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_filter_lib", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index bd5ce89be6821..fdbb6340af958 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index 383b805580f0d..a31fc955d6b3c 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/decompressor/BUILD b/source/extensions/filters/http/decompressor/BUILD index 08d224b8b2849..0b584252af300 100644 --- a/source/extensions/filters/http/decompressor/BUILD +++ b/source/extensions/filters/http/decompressor/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":decompressor_filter_lib", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index dc15f124ed780..ffae40c927366 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index c152863819ed0..25b6d2898b3fe 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -42,6 +42,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":dynamo_filter_lib", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index 9a902c51777d3..e2cfb224ffc2a 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -40,6 +40,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":ext_authz", diff --git a/source/extensions/filters/http/ext_proc/BUILD b/source/extensions/filters/http/ext_proc/BUILD index 933e17b54dc6e..496b69f3ab511 100644 --- a/source/extensions/filters/http/ext_proc/BUILD +++ b/source/extensions/filters/http/ext_proc/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index a518d60f37e13..16af3699175b0 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index 41e02d59666f8..d7f39f4fb7e13 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//source/exe:__pkg__", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index 852c3c368a5fe..05f58a99f7c33 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 88429fc0bfc71..5d3ba850d78f8 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -59,6 +59,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index ac38af9751369..00b6a722b0871 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["grpc_stats_filter.cc"], hdrs = ["grpc_stats_filter.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index d18eb56ed01d0..0687c504a1752 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -32,6 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index 39b1459d45bef..d1a629dcb3d24 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index ad4f9bcf8cfef..c8db4e40f9050 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index f78d1b95db20f..1aff2dca233b2 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/filter/http:__subpackages__", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index 6ee659df773cf..b5a911fe2fc38 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index 1df6425b585f2..002d704d0a076 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -70,6 +70,7 @@ envoy_cc_extension( name = "config", srcs = ["filter_factory.cc"], hdrs = ["filter_factory.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/kill_request/BUILD b/source/extensions/filters/http/kill_request/BUILD index 6fa2cc297e89c..6daa14f7487cf 100644 --- a/source/extensions/filters/http/kill_request/BUILD +++ b/source/extensions/filters/http/kill_request/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "kill_request_config", srcs = ["kill_request_config.cc"], hdrs = ["kill_request_config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/local_ratelimit/BUILD b/source/extensions/filters/http/local_ratelimit/BUILD index 91493ff13f66c..d7f3258d4746c 100644 --- a/source/extensions/filters/http/local_ratelimit/BUILD +++ b/source/extensions/filters/http/local_ratelimit/BUILD @@ -36,6 +36,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", deps = [ ":local_ratelimit_lib", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index 188b0c484752f..afd19e62f1cd9 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -55,6 +55,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/oauth2/BUILD b/source/extensions/filters/http/oauth2/BUILD index 44d0718a995d6..7c4d4da6e759d 100644 --- a/source/extensions/filters/http/oauth2/BUILD +++ b/source/extensions/filters/http/oauth2/BUILD @@ -63,6 +63,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/on_demand/BUILD b/source/extensions/filters/http/on_demand/BUILD index 04a8037484d2f..545ee7d190d9c 100644 --- a/source/extensions/filters/http/on_demand/BUILD +++ b/source/extensions/filters/http/on_demand/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) classify and clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index b88a1d8df9ffe..0b1fa83ea7837 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index a4090ee21d790..52918956d5bf2 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":ratelimit_lib", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 31dbbad82db10..154f288d7fa6d 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index 6402dc14c8802..9e1d6c76501ec 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index e89a1c25d8b5b..6cf321845c6b9 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 73d4237cd0192..14ae328603f3d 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -52,6 +52,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/wasm/BUILD b/source/extensions/filters/http/wasm/BUILD index 81d0a69665e10..ab708398ef679 100644 --- a/source/extensions/filters/http/wasm/BUILD +++ b/source/extensions/filters/http/wasm/BUILD @@ -30,6 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index 0f3c7f50eb40d..b519f5025c13d 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -32,6 +32,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":http_inspector_lib", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index 185605baa2104..74576f98d4b07 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index 4240bb61f28a2..ae4442bd67079 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -38,6 +38,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 302940fff6b79..644ed79f3988e 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -39,6 +39,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index 4c05874044c3f..f2679a4f3e7ae 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -36,6 +36,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index 7a2f71411471d..fdb43abe4fea2 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -16,7 +16,6 @@ envoy_cc_library( name = "client_ssl_auth", srcs = ["client_ssl_auth.cc"], hdrs = ["client_ssl_auth.h"], - category = "envoy.filters.network", deps = [ "//include/envoy/network:connection_interface", "//include/envoy/network:filter_interface", @@ -41,7 +40,9 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", + category = "envoy.filters.network", deps = [ ":client_ssl_auth", "//include/envoy/registry", diff --git a/source/extensions/filters/network/direct_response/BUILD b/source/extensions/filters/network/direct_response/BUILD index a7ed6d274a1fa..3c15c4428dcc6 100644 --- a/source/extensions/filters/network/direct_response/BUILD +++ b/source/extensions/filters/network/direct_response/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "unknown", deps = [ ":filter", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index bf83e91ad0fd1..a28144e1691ce 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -106,6 +106,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index 10105f1621c3d..d85a8126a6bc9 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -28,6 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", # TODO(#9953) move echo integration test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 4d43cbd30eeb1..0f6c08fe4376d 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index db02c5750db83..6646fd22548e2 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index 30b2251bbb55a..e76c46673729c 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -18,6 +18,7 @@ envoy_cc_extension( name = "kafka_broker_config_lib", srcs = ["broker/config.cc"], hdrs = ["broker/config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/network/local_ratelimit/BUILD b/source/extensions/filters/network/local_ratelimit/BUILD index ad61ff36235ef..5e4eda49d735b 100644 --- a/source/extensions/filters/network/local_ratelimit/BUILD +++ b/source/extensions/filters/network/local_ratelimit/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index 2e281e1f67896..932bde0deff9f 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -107,6 +107,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":proxy_lib", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index fee8571ea619c..85c76a2d2efb5 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -53,6 +53,7 @@ envoy_cc_extension( name = "config", srcs = ["mysql_config.cc"], hdrs = ["mysql_config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index 420286527f04f..3dcd8ba7bfc25 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], repository = "@envoy", + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":filter", diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 4cbe47dcbd014..80820827a2bde 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -39,6 +39,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index 75e98406cf268..53f3f0bca2f1f 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":rbac_filter", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index 460bfa7f0edf6..ec3df474f28ab 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -120,6 +120,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/rocketmq_proxy/BUILD b/source/extensions/filters/network/rocketmq_proxy/BUILD index f837b9bf83f8d..3e8ec50cf0421 100644 --- a/source/extensions/filters/network/rocketmq_proxy/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/BUILD @@ -122,6 +122,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index e6670b8e42601..6195a3f5664db 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", deps = [ ":sni_cluster", diff --git a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD index 372fce9155e2b..8e6603720d898 100644 --- a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD @@ -28,6 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index d6d7495e9122e..a1b6fe61f923a 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index 78f484da3f9e8..372acaaf9fbc4 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":app_exception_lib", diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index 9cec570747408..ea58066224736 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -32,6 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index 00e32bbf06a25..3165d86a2abda 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":router_lib", diff --git a/source/extensions/filters/network/wasm/BUILD b/source/extensions/filters/network/wasm/BUILD index f879094826656..909bb8aec9a72 100644 --- a/source/extensions/filters/network/wasm/BUILD +++ b/source/extensions/filters/network/wasm/BUILD @@ -28,6 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index 8dc6e07913921..f048b0b12ae3b 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -43,6 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/udp/dns_filter/BUILD b/source/extensions/filters/udp/dns_filter/BUILD index 5684b6569ed92..680ea85aa233f 100644 --- a/source/extensions/filters/udp/dns_filter/BUILD +++ b/source/extensions/filters/udp/dns_filter/BUILD @@ -51,6 +51,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/udp/udp_proxy/BUILD b/source/extensions/filters/udp/udp_proxy/BUILD index da1fe0ab12b00..7bb013e38fc93 100644 --- a/source/extensions/filters/udp/udp_proxy/BUILD +++ b/source/extensions/filters/udp/udp_proxy/BUILD @@ -45,6 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":udp_proxy_filter_lib", diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index ab920487e2641..940c81f9e0f29 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], external_deps = ["grpc"], + category = "SOMECAT", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index d6c8b8d5e5fb6..d08e3a01f022a 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( srcs = ["config.cc"], hdrs = ["config.h"], external_deps = ["grpc"], + category = "SOMECAT", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index 3bc89797ab32f..f166b933c3fda 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -31,6 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":redis", diff --git a/source/extensions/internal_redirect/allow_listed_routes/BUILD b/source/extensions/internal_redirect/allow_listed_routes/BUILD index 2d8148b2335ea..0906e813dd4b0 100644 --- a/source/extensions/internal_redirect/allow_listed_routes/BUILD +++ b/source/extensions/internal_redirect/allow_listed_routes/BUILD @@ -24,6 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/previous_routes/BUILD b/source/extensions/internal_redirect/previous_routes/BUILD index ef2601fdfb500..fea9887f3976f 100644 --- a/source/extensions/internal_redirect/previous_routes/BUILD +++ b/source/extensions/internal_redirect/previous_routes/BUILD @@ -24,6 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/safe_cross_scheme/BUILD b/source/extensions/internal_redirect/safe_cross_scheme/BUILD index 045e81c5252de..32a168f8d531a 100644 --- a/source/extensions/internal_redirect/safe_cross_scheme/BUILD +++ b/source/extensions/internal_redirect/safe_cross_scheme/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD index a90cfde6ddc66..071ea02db6107 100644 --- a/source/extensions/quic_listeners/quiche/BUILD +++ b/source/extensions/quic_listeners/quiche/BUILD @@ -369,6 +369,7 @@ envoy_cc_library( # All of these are needed for this extension to function. envoy_cc_extension( name = "quic_factory_lib", + category = "SOMECAT", security_posture = "unknown", tags = ["nofips"], diff --git a/source/extensions/rate_limit_descriptors/expr/BUILD b/source/extensions/rate_limit_descriptors/expr/BUILD index 720c3bf5293bf..b8c96fcc0c54c 100644 --- a/source/extensions/rate_limit_descriptors/expr/BUILD +++ b/source/extensions/rate_limit_descriptors/expr/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", copts = select({ "//bazel:windows_x86_64": [], # TODO: fix the windows ANTLR build "//conditions:default": [ diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 6c2022537d3d7..8c5ac238fb443 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -25,6 +25,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index 6cff7be112ee2..6382b228fa679 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -26,6 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index 9427fa9fc5071..897b30955d261 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_canary_hosts_predicate_lib", diff --git a/source/extensions/retry/host/omit_host_metadata/BUILD b/source/extensions/retry/host/omit_host_metadata/BUILD index 5e1aaa38c5af5..68dc887d49f82 100644 --- a/source/extensions/retry/host/omit_host_metadata/BUILD +++ b/source/extensions/retry/host/omit_host_metadata/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_host_metadata_predicate_lib", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index 78e78b1a330e1..cb2f450984385 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -21,6 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_hosts_predicate_lib", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index 66a592d9c7727..bbac8d10a96cb 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -23,6 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_priorities_lib", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index 662a3c18c24f4..043ec6484ffe0 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 7b28f8218c1b9..64a9562b336f0 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", deps = [ ":hystrix_lib", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index cf7a8ce39cba8..1539c2153959d 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -43,6 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index 82ee8f026cc07..1badb96290042 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", # Legacy test use. TODO(#9953) clean up. deps = [ diff --git a/source/extensions/stat_sinks/wasm/BUILD b/source/extensions/stat_sinks/wasm/BUILD index 70e156ac4acc4..d8f6996910a3e 100644 --- a/source/extensions/stat_sinks/wasm/BUILD +++ b/source/extensions/stat_sinks/wasm/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index 7ad1d164203e9..eb18a0de2aa10 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index 95b903be987d6..d6405c344d968 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -29,6 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 6c287b4a75fe6..da924df94b9d9 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -35,6 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index 2513be7249f6a..c9355690e8d79 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", diff --git a/source/extensions/tracers/skywalking/BUILD b/source/extensions/tracers/skywalking/BUILD index 5cf90c3f976fc..0ebc2c379a00e 100644 --- a/source/extensions/tracers/skywalking/BUILD +++ b/source/extensions/tracers/skywalking/BUILD @@ -96,6 +96,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index 35e39cd426b97..fea83f407cb6e 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -57,6 +57,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index bb76f9f16ed4f..caed059dd966a 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -67,6 +67,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/server:__subpackages__", diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index 631c74a1c8d3f..ff486ea4bbcd5 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -37,6 +37,7 @@ envoy_cc_extension( external_deps = [ "abseil_node_hash_set", ], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":tsi_handshaker", diff --git a/source/extensions/transport_sockets/proxy_protocol/BUILD b/source/extensions/transport_sockets/proxy_protocol/BUILD index 397626c3c6ae2..2d7778ef5c371 100644 --- a/source/extensions/transport_sockets/proxy_protocol/BUILD +++ b/source/extensions/transport_sockets/proxy_protocol/BUILD @@ -13,6 +13,7 @@ envoy_cc_extension( name = "upstream_config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", # header generated in Envoy, so can't be faked deps = [ ":upstream_proxy_protocol", diff --git a/source/extensions/transport_sockets/raw_buffer/BUILD b/source/extensions/transport_sockets/raw_buffer/BUILD index 3d4b41c96cdee..77cc365e658cf 100644 --- a/source/extensions/transport_sockets/raw_buffer/BUILD +++ b/source/extensions/transport_sockets/raw_buffer/BUILD @@ -14,6 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "requires_trusted_downstream_and_upstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/transport_sockets/starttls/BUILD b/source/extensions/transport_sockets/starttls/BUILD index 6269f165e5f3f..06ca6c57aeed9 100644 --- a/source/extensions/transport_sockets/starttls/BUILD +++ b/source/extensions/transport_sockets/starttls/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index 31341dbbf9b07..e6ece6a2ccea3 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -51,6 +51,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 860b56203c301..db966e530daf8 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -15,6 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", # TLS is core functionality. visibility = ["//visibility:public"], diff --git a/source/extensions/upstreams/http/BUILD b/source/extensions/upstreams/http/BUILD index cfcf0b407f97c..a0c364d60013c 100644 --- a/source/extensions/upstreams/http/BUILD +++ b/source/extensions/upstreams/http/BUILD @@ -12,6 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD index 563b4bf5a9e2b..d768b09c82272 100644 --- a/source/extensions/upstreams/http/generic/BUILD +++ b/source/extensions/upstreams/http/generic/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD index 3b777db5fd986..2af13a7bb7ed5 100644 --- a/source/extensions/upstreams/http/http/BUILD +++ b/source/extensions/upstreams/http/http/BUILD @@ -17,6 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD index e99752677e315..53e9d48c7286a 100644 --- a/source/extensions/upstreams/http/tcp/BUILD +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -17,6 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/tcp/generic/BUILD b/source/extensions/upstreams/tcp/generic/BUILD index dc1ae3eb91168..5959c58248bd2 100644 --- a/source/extensions/upstreams/tcp/generic/BUILD +++ b/source/extensions/upstreams/tcp/generic/BUILD @@ -16,6 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/wasm_runtime/null/BUILD b/source/extensions/wasm_runtime/null/BUILD index 63969c889c256..010f53fcb41cc 100644 --- a/source/extensions/wasm_runtime/null/BUILD +++ b/source/extensions/wasm_runtime/null/BUILD @@ -11,6 +11,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/v8/BUILD b/source/extensions/wasm_runtime/v8/BUILD index 8785616044d74..527001f68a3b3 100644 --- a/source/extensions/wasm_runtime/v8/BUILD +++ b/source/extensions/wasm_runtime/v8/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wasmtime/BUILD b/source/extensions/wasm_runtime/wasmtime/BUILD index d0adea5660c67..8ced90d3b92e4 100644 --- a/source/extensions/wasm_runtime/wasmtime/BUILD +++ b/source/extensions/wasm_runtime/wasmtime/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wavm/BUILD b/source/extensions/wasm_runtime/wavm/BUILD index c9a5153efe31f..66e41fc38fe6a 100644 --- a/source/extensions/wasm_runtime/wavm/BUILD +++ b/source/extensions/wasm_runtime/wavm/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/watchdog/profile_action/BUILD b/source/extensions/watchdog/profile_action/BUILD index afe779924b43e..d3282d92d0aa3 100644 --- a/source/extensions/watchdog/profile_action/BUILD +++ b/source/extensions/watchdog/profile_action/BUILD @@ -33,6 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "data_plane_agnostic", status = "alpha", deps = [ From e682f6a5212108493301604bcb8dcb7f7890b31d Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 12:57:24 +0000 Subject: [PATCH 03/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 59e4d3343bf41..f1dc46ddf8298 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -80,7 +80,6 @@ EXTENSION_STATUS_VALUES = [ def envoy_cc_extension( name, security_posture, - # Make this mandatory once all extensions have had their cat added. category = None, # Only set this for internal, undocumented extensions. undocumented = False, @@ -89,6 +88,9 @@ def envoy_cc_extension( extra_visibility = [], visibility = EXTENSION_CONFIG_VISIBILITY, **kwargs): + if not category: + fail("Category not set for %s" % name) + if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: From 93c7c75c15f0a73b228ec30595a90fb654a61fdc Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 13:12:48 +0000 Subject: [PATCH 04/51] empty Signed-off-by: Ryan Northey From 0e91ba760eee5623c35cd1be7ceaff606917d23e Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 13:24:19 +0000 Subject: [PATCH 05/51] source Signed-off-by: Ryan Northey --- source/extensions/filters/network/client_ssl_auth/BUILD | 1 - 1 file changed, 1 deletion(-) diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index fdb43abe4fea2..bc7c1afc41e7e 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -40,7 +40,6 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", security_posture = "robust_to_untrusted_downstream", category = "envoy.filters.network", deps = [ From 4cbe10d455b499936f5fe179259f0df884717cd7 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 14:13:41 +0000 Subject: [PATCH 06/51] lint Signed-off-by: Ryan Northey --- source/extensions/common/crypto/BUILD | 2 +- source/extensions/filters/network/client_ssl_auth/BUILD | 2 +- source/extensions/filters/network/postgres_proxy/BUILD | 2 +- source/extensions/grpc_credentials/aws_iam/BUILD | 2 +- source/extensions/grpc_credentials/file_based_metadata/BUILD | 2 +- source/extensions/transport_sockets/alts/BUILD | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index a2dea37f23185..f1dbcb736725d 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -18,10 +18,10 @@ envoy_cc_extension( "crypto_impl.h", "utility_impl.h", ], + category = "SOMECAT", external_deps = [ "ssl", ], - category = "SOMECAT", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/config:__subpackages__", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index bc7c1afc41e7e..184ef95404aa4 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -40,8 +40,8 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - security_posture = "robust_to_untrusted_downstream", category = "envoy.filters.network", + security_posture = "robust_to_untrusted_downstream", deps = [ ":client_ssl_auth", "//include/envoy/registry", diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index 3dcd8ba7bfc25..ffdb433eafd59 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -44,8 +44,8 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - repository = "@envoy", category = "SOMECAT", + repository = "@envoy", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":filter", diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index 940c81f9e0f29..761472a80664a 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -14,8 +14,8 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - external_deps = ["grpc"], category = "SOMECAT", + external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index d08e3a01f022a..a76ee53f2a02b 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -14,8 +14,8 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - external_deps = ["grpc"], category = "SOMECAT", + external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index ff486ea4bbcd5..5a71fc4b80913 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -34,10 +34,10 @@ envoy_cc_extension( hdrs = [ "config.h", ], + category = "SOMECAT", external_deps = [ "abseil_node_hash_set", ], - category = "SOMECAT", security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":tsi_handshaker", From 15ef6b9f76a47c03e79855879e5d7a079c805e28 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 14:43:39 +0000 Subject: [PATCH 07/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 92178b450074d..004b1c69f1ea6 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,8 +121,9 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() + _deps = subprocess.run(['bazel', 'query', deps_query], capture_output=True, text=True) + print(_deps.stderr) + deps = _deps.stdout # .decode().splitlines() ext_deps = set() implied_untracked_deps = set() for d in deps: From 576c3dc91a240562637658f66ee2b5da4ae376e8 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 15:02:28 +0000 Subject: [PATCH 08/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 004b1c69f1ea6..c9aef9eb64dff 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,7 +121,7 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - _deps = subprocess.run(['bazel', 'query', deps_query], capture_output=True, text=True) + _deps = subprocess.run(['bazel', 'query', deps_query], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) print(_deps.stderr) deps = _deps.stdout # .decode().splitlines() ext_deps = set() From 6c0a3d467bd1df3f5080ccafcae0bb1dd83aed5d Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 15:42:08 +0000 Subject: [PATCH 09/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index c9aef9eb64dff..559122c80d5fe 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -123,7 +123,7 @@ def QueryExternalDeps(self, *targets): deps_query = ' union '.join(f'deps({l})' for l in targets) _deps = subprocess.run(['bazel', 'query', deps_query], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) print(_deps.stderr) - deps = _deps.stdout # .decode().splitlines() + deps = _deps.stdout.decode().splitlines() ext_deps = set() implied_untracked_deps = set() for d in deps: From 8d81ee786b8632539b503f61573b9f28412ffca4 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 15:58:12 +0000 Subject: [PATCH 10/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 559122c80d5fe..92178b450074d 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,9 +121,8 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - _deps = subprocess.run(['bazel', 'query', deps_query], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - print(_deps.stderr) - deps = _deps.stdout.decode().splitlines() + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() ext_deps = set() implied_untracked_deps = set() for d in deps: From 1982bdf364b5d3267ad5fc5d35c727276788b0d1 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 16:14:15 +0000 Subject: [PATCH 11/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 92178b450074d..357833ddb4346 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,8 +121,14 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() + try: + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() + except Exception as e: + print('FAILED') + print(targets) + print(e) + ext_deps = set() implied_untracked_deps = set() for d in deps: From 1cdd307fd46c92997cf15d00c1ce3b36473d49b5 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 19 Jan 2021 16:38:53 +0000 Subject: [PATCH 12/51] source/ Signed-off-by: Ryan Northey --- source/extensions/filters/http/admission_control/BUILD | 1 + 1 file changed, 1 insertion(+) diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 642c7dc67de56..4fac3095a6424 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -41,6 +41,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + category = "SOMECAT", security_posture = "unknown", status = "alpha", deps = [ From b2cf10fa83aab8aeebeb49b12e45cf5eefc047a9 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 13:11:28 +0000 Subject: [PATCH 13/51] more-cats Signed-off-by: Ryan Northey --- source/extensions/access_loggers/file/BUILD | 2 +- source/extensions/access_loggers/grpc/BUILD | 4 ++-- source/extensions/access_loggers/wasm/BUILD | 2 +- source/extensions/bootstrap/wasm/BUILD | 2 +- source/extensions/clusters/aggregate/BUILD | 2 +- source/extensions/clusters/dynamic_forward_proxy/BUILD | 2 +- source/extensions/clusters/redis/BUILD | 2 +- source/extensions/compression/gzip/compressor/BUILD | 2 +- source/extensions/compression/gzip/decompressor/BUILD | 2 +- source/extensions/filters/http/adaptive_concurrency/BUILD | 2 +- source/extensions/filters/http/admission_control/BUILD | 4 ++-- source/extensions/filters/http/aws_lambda/BUILD | 2 +- source/extensions/filters/http/aws_request_signing/BUILD | 2 +- source/extensions/filters/http/buffer/BUILD | 2 +- source/extensions/filters/http/cache/BUILD | 2 +- source/extensions/filters/http/cache/simple_http_cache/BUILD | 2 +- source/extensions/filters/http/cdn_loop/BUILD | 2 +- source/extensions/filters/http/compressor/BUILD | 2 +- source/extensions/filters/http/cors/BUILD | 2 +- source/extensions/filters/http/csrf/BUILD | 2 +- source/extensions/filters/http/decompressor/BUILD | 2 +- source/extensions/filters/http/dynamic_forward_proxy/BUILD | 2 +- source/extensions/filters/http/dynamo/BUILD | 2 +- source/extensions/filters/http/ext_authz/BUILD | 2 +- source/extensions/filters/http/ext_proc/BUILD | 2 +- source/extensions/filters/http/fault/BUILD | 2 +- source/extensions/filters/http/grpc_http1_bridge/BUILD | 2 +- .../extensions/filters/http/grpc_http1_reverse_bridge/BUILD | 2 +- source/extensions/filters/http/grpc_json_transcoder/BUILD | 2 +- source/extensions/filters/http/grpc_stats/BUILD | 2 +- source/extensions/filters/http/grpc_web/BUILD | 2 +- source/extensions/filters/http/gzip/BUILD | 2 +- source/extensions/filters/http/header_to_metadata/BUILD | 2 +- source/extensions/filters/http/health_check/BUILD | 2 +- source/extensions/filters/http/ip_tagging/BUILD | 2 +- source/extensions/filters/http/jwt_authn/BUILD | 2 +- source/extensions/filters/http/kill_request/BUILD | 2 +- source/extensions/filters/http/local_ratelimit/BUILD | 2 +- source/extensions/filters/http/lua/BUILD | 2 +- source/extensions/filters/http/oauth2/BUILD | 2 +- source/extensions/filters/http/on_demand/BUILD | 2 +- source/extensions/filters/http/original_src/BUILD | 2 +- source/extensions/filters/http/ratelimit/BUILD | 2 +- source/extensions/filters/http/rbac/BUILD | 2 +- source/extensions/filters/http/router/BUILD | 2 +- source/extensions/filters/http/squash/BUILD | 2 +- source/extensions/filters/http/tap/BUILD | 2 +- source/extensions/filters/http/wasm/BUILD | 2 +- source/extensions/filters/listener/http_inspector/BUILD | 2 +- source/extensions/filters/listener/original_dst/BUILD | 4 ++-- source/extensions/filters/listener/original_src/BUILD | 2 +- source/extensions/filters/listener/proxy_protocol/BUILD | 2 +- source/extensions/filters/listener/tls_inspector/BUILD | 2 +- source/extensions/filters/network/direct_response/BUILD | 2 +- source/extensions/filters/network/dubbo_proxy/BUILD | 2 +- source/extensions/filters/network/echo/BUILD | 2 +- source/extensions/filters/network/ext_authz/BUILD | 2 +- .../extensions/filters/network/http_connection_manager/BUILD | 2 +- source/extensions/filters/network/kafka/BUILD | 2 +- source/extensions/filters/network/local_ratelimit/BUILD | 2 +- source/extensions/filters/network/mongo_proxy/BUILD | 2 +- source/extensions/filters/network/mysql_proxy/BUILD | 2 +- source/extensions/filters/network/postgres_proxy/BUILD | 2 +- source/extensions/filters/network/ratelimit/BUILD | 2 +- source/extensions/filters/network/rbac/BUILD | 2 +- source/extensions/filters/network/redis_proxy/BUILD | 2 +- source/extensions/filters/network/rocketmq_proxy/BUILD | 2 +- source/extensions/filters/network/sni_cluster/BUILD | 2 +- .../filters/network/sni_dynamic_forward_proxy/BUILD | 2 +- source/extensions/filters/network/tcp_proxy/BUILD | 2 +- source/extensions/filters/network/wasm/BUILD | 2 +- source/extensions/filters/network/zookeeper_proxy/BUILD | 2 +- source/extensions/grpc_credentials/aws_iam/BUILD | 2 +- source/extensions/grpc_credentials/file_based_metadata/BUILD | 2 +- source/extensions/health_checkers/redis/BUILD | 2 +- source/extensions/internal_redirect/allow_listed_routes/BUILD | 2 +- source/extensions/internal_redirect/previous_routes/BUILD | 2 +- source/extensions/internal_redirect/safe_cross_scheme/BUILD | 2 +- source/extensions/rate_limit_descriptors/expr/BUILD | 2 +- source/extensions/resource_monitors/fixed_heap/BUILD | 2 +- source/extensions/resource_monitors/injected_resource/BUILD | 2 +- source/extensions/retry/host/omit_canary_hosts/BUILD | 2 +- source/extensions/retry/host/omit_host_metadata/BUILD | 2 +- source/extensions/retry/host/previous_hosts/BUILD | 2 +- source/extensions/retry/priority/previous_priorities/BUILD | 2 +- source/extensions/stat_sinks/dog_statsd/BUILD | 2 +- source/extensions/stat_sinks/hystrix/BUILD | 2 +- source/extensions/stat_sinks/metrics_service/BUILD | 2 +- source/extensions/stat_sinks/statsd/BUILD | 2 +- source/extensions/stat_sinks/wasm/BUILD | 2 +- source/extensions/tracers/datadog/BUILD | 2 +- source/extensions/tracers/dynamic_ot/BUILD | 2 +- source/extensions/tracers/lightstep/BUILD | 2 +- source/extensions/tracers/opencensus/BUILD | 2 +- source/extensions/tracers/skywalking/BUILD | 2 +- source/extensions/tracers/xray/BUILD | 2 +- source/extensions/tracers/zipkin/BUILD | 2 +- 97 files changed, 100 insertions(+), 100 deletions(-) diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index fb40a1c51112a..36a550e33bb91 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -27,7 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.access_loggers", # TODO(#9953) determine if this is core or should be cleaned up. extra_visibility = [ "//test:__subpackages__", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index 5710d0d94a152..ebffc533ba20a 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -97,7 +97,7 @@ envoy_cc_extension( name = "http_config", srcs = ["http_config.cc"], hdrs = ["http_config.h"], - category = "SOMECAT", + category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", @@ -121,7 +121,7 @@ envoy_cc_extension( name = "tcp_config", srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], - category = "SOMECAT", + category = "envoy.access_loggers", # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/access_loggers/wasm/BUILD b/source/extensions/access_loggers/wasm/BUILD index 774529b17298c..0ed93bef9607d 100644 --- a/source/extensions/access_loggers/wasm/BUILD +++ b/source/extensions/access_loggers/wasm/BUILD @@ -26,7 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.access_loggers", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/bootstrap/wasm/BUILD b/source/extensions/bootstrap/wasm/BUILD index 29a6aada422fa..fe58c86f94c02 100644 --- a/source/extensions/bootstrap/wasm/BUILD +++ b/source/extensions/bootstrap/wasm/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.bootstrap", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/clusters/aggregate/BUILD b/source/extensions/clusters/aggregate/BUILD index f2c561926f1a4..473f140b30da7 100644 --- a/source/extensions/clusters/aggregate/BUILD +++ b/source/extensions/clusters/aggregate/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( "cluster.h", "lb_context.h", ], - category = "SOMECAT", + category = "envoy.clusters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//source/common/upstream:cluster_factory_lib", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index 1cc69f35893fc..3a6fdf9f10804 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -12,7 +12,7 @@ envoy_cc_extension( name = "cluster", srcs = ["cluster.cc"], hdrs = ["cluster.h"], - category = "SOMECAT", + category = "envoy.clusters", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/common/network:transport_socket_options_lib", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index f18a868e723b2..dd2e31fc7b5e7 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -42,7 +42,7 @@ envoy_cc_extension( "redis_cluster.cc", "redis_cluster.h", ], - category = "SOMECAT", + category = "envoy.clusters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "redis_cluster_lb", diff --git a/source/extensions/compression/gzip/compressor/BUILD b/source/extensions/compression/gzip/compressor/BUILD index d230b2ac5ba08..39a7e7c6e9d73 100644 --- a/source/extensions/compression/gzip/compressor/BUILD +++ b/source/extensions/compression/gzip/compressor/BUILD @@ -26,7 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.compression.compressor", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_lib", diff --git a/source/extensions/compression/gzip/decompressor/BUILD b/source/extensions/compression/gzip/decompressor/BUILD index a7e1ed019eee7..0a1d8766031b9 100644 --- a/source/extensions/compression/gzip/decompressor/BUILD +++ b/source/extensions/compression/gzip/decompressor/BUILD @@ -29,7 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.compression.decompressor", security_posture = "robust_to_untrusted_downstream", deps = [ ":zlib_decompressor_impl_lib", diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index 5f1ef9e08ac7a..7662d09bc1fd8 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/admission_control/BUILD b/source/extensions/filters/http/admission_control/BUILD index 4fac3095a6424..9bfd7c4505361 100644 --- a/source/extensions/filters/http/admission_control/BUILD +++ b/source/extensions/filters/http/admission_control/BUILD @@ -21,7 +21,7 @@ envoy_cc_extension( "admission_control.h", "thread_local_controller.h", ], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", deps = [ "//include/envoy/http:filter_interface", @@ -41,7 +41,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/aws_lambda/BUILD b/source/extensions/filters/http/aws_lambda/BUILD index 550261c2ed669..1001ba3d87cbf 100644 --- a/source/extensions/filters/http/aws_lambda/BUILD +++ b/source/extensions/filters/http/aws_lambda/BUILD @@ -37,7 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/aws_request_signing/BUILD b/source/extensions/filters/http/aws_request_signing/BUILD index 5ed8fee27e4ea..f0222a4b954bc 100644 --- a/source/extensions/filters/http/aws_request_signing/BUILD +++ b/source/extensions/filters/http/aws_request_signing/BUILD @@ -29,7 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index 18e3c17c36fec..c38b84635d661 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -37,7 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", # Legacy test use. TODO(#9953) clean up. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/cache/BUILD b/source/extensions/filters/http/cache/BUILD index 7a86045992c50..2506f3310f08c 100644 --- a/source/extensions/filters/http/cache/BUILD +++ b/source/extensions/filters/http/cache/BUILD @@ -100,7 +100,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cache/simple_http_cache/BUILD b/source/extensions/filters/http/cache/simple_http_cache/BUILD index ef15471e6df03..65901a682ee5d 100644 --- a/source/extensions/filters/http/cache/simple_http_cache/BUILD +++ b/source/extensions/filters/http/cache/simple_http_cache/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "simple_http_cache_lib", srcs = ["simple_http_cache.cc"], hdrs = ["simple_http_cache.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/http/cdn_loop/BUILD b/source/extensions/filters/http/cdn_loop/BUILD index 41bb06108bad8..291f20b3a7256 100644 --- a/source/extensions/filters/http/cdn_loop/BUILD +++ b/source/extensions/filters/http/cdn_loop/BUILD @@ -45,7 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/compressor/BUILD b/source/extensions/filters/http/compressor/BUILD index f2e80d0a6b678..cec12558d4a93 100644 --- a/source/extensions/filters/http/compressor/BUILD +++ b/source/extensions/filters/http/compressor/BUILD @@ -27,7 +27,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":compressor_filter_lib", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index fdbb6340af958..719af988af59a 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -31,7 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index a31fc955d6b3c..9b5af4e5a8788 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/decompressor/BUILD b/source/extensions/filters/http/decompressor/BUILD index 0b584252af300..fb69254e476b5 100644 --- a/source/extensions/filters/http/decompressor/BUILD +++ b/source/extensions/filters/http/decompressor/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":decompressor_filter_lib", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index ffae40c927366..0a3c9beba54dc 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index 25b6d2898b3fe..4854329af55c1 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -42,7 +42,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":dynamo_filter_lib", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index e2cfb224ffc2a..766e09774d1e2 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -40,7 +40,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":ext_authz", diff --git a/source/extensions/filters/http/ext_proc/BUILD b/source/extensions/filters/http/ext_proc/BUILD index 496b69f3ab511..8a74b1f18ace0 100644 --- a/source/extensions/filters/http/ext_proc/BUILD +++ b/source/extensions/filters/http/ext_proc/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index 16af3699175b0..8778d38568685 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -45,7 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index d7f39f4fb7e13..4a1154094c647 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//source/exe:__pkg__", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index 05f58a99f7c33..be9226b61f545 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -31,7 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 5d3ba850d78f8..e8f1e8262de52 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -59,7 +59,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index 00b6a722b0871..10c7558f549f8 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -14,7 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["grpc_stats_filter.cc"], hdrs = ["grpc_stats_filter.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index 0687c504a1752..4a7089ca962eb 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -32,7 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index d1a629dcb3d24..d2d9fc86479b4 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index c8db4e40f9050..aa13db4517e15 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index 1aff2dca233b2..c54f3bf2ad17e 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -37,7 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/common/filter/http:__subpackages__", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index b5a911fe2fc38..2c75ece83a991 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index 002d704d0a076..0d5895dfbd5a6 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -70,7 +70,7 @@ envoy_cc_extension( name = "config", srcs = ["filter_factory.cc"], hdrs = ["filter_factory.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/kill_request/BUILD b/source/extensions/filters/http/kill_request/BUILD index 6daa14f7487cf..8c5c44cd690c1 100644 --- a/source/extensions/filters/http/kill_request/BUILD +++ b/source/extensions/filters/http/kill_request/BUILD @@ -29,7 +29,7 @@ envoy_cc_extension( name = "kill_request_config", srcs = ["kill_request_config.cc"], hdrs = ["kill_request_config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/local_ratelimit/BUILD b/source/extensions/filters/http/local_ratelimit/BUILD index d7f3258d4746c..f60271193bc67 100644 --- a/source/extensions/filters/http/local_ratelimit/BUILD +++ b/source/extensions/filters/http/local_ratelimit/BUILD @@ -36,7 +36,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", deps = [ ":local_ratelimit_lib", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index afd19e62f1cd9..9d6c381a09892 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -55,7 +55,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/oauth2/BUILD b/source/extensions/filters/http/oauth2/BUILD index 7c4d4da6e759d..7fc8a96a6cf31 100644 --- a/source/extensions/filters/http/oauth2/BUILD +++ b/source/extensions/filters/http/oauth2/BUILD @@ -63,7 +63,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/on_demand/BUILD b/source/extensions/filters/http/on_demand/BUILD index 545ee7d190d9c..35ab5e325746d 100644 --- a/source/extensions/filters/http/on_demand/BUILD +++ b/source/extensions/filters/http/on_demand/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # TODO(#9953) classify and clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index 0b1fa83ea7837..3181285fc50a8 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index 52918956d5bf2..78ec6694d2a55 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -45,7 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", deps = [ ":ratelimit_lib", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 154f288d7fa6d..9cd4d9cbedd8e 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -13,7 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index 9e1d6c76501ec..3d78b2f303e05 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index 6cf321845c6b9..e486d07f4a890 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -37,7 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 14ae328603f3d..9379579d8b804 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -52,7 +52,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/http/wasm/BUILD b/source/extensions/filters/http/wasm/BUILD index ab708398ef679..e399e89290aa4 100644 --- a/source/extensions/filters/http/wasm/BUILD +++ b/source/extensions/filters/http/wasm/BUILD @@ -30,7 +30,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.http", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index b519f5025c13d..5873f83eb830d 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -32,7 +32,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.listener", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":http_inspector_lib", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index 74576f98d4b07..204759891a24c 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -1,4 +1,4 @@ -load( + load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", @@ -28,7 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index ae4442bd67079..26df22093a3cd 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -38,7 +38,7 @@ envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], - category = "SOMECAT", + category = "envoy.filters.listener", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 644ed79f3988e..96840051a6f1c 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -39,7 +39,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index f2679a4f3e7ae..9ee8da494d73a 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -36,7 +36,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.listener", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/direct_response/BUILD b/source/extensions/filters/network/direct_response/BUILD index 3c15c4428dcc6..7954de4042115 100644 --- a/source/extensions/filters/network/direct_response/BUILD +++ b/source/extensions/filters/network/direct_response/BUILD @@ -28,7 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "unknown", deps = [ ":filter", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index a28144e1691ce..4ccdd989436f7 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -106,7 +106,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index d85a8126a6bc9..68270a5dd5e20 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -28,7 +28,7 @@ envoy_cc_library( envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.filters.network", # TODO(#9953) move echo integration test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 0f6c08fe4376d..391fe6e21d72c 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -37,7 +37,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index 6646fd22548e2..b4f43f9ce324a 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index e76c46673729c..6ad3666863c9b 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -18,7 +18,7 @@ envoy_cc_extension( name = "kafka_broker_config_lib", srcs = ["broker/config.cc"], hdrs = ["broker/config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "wip", deps = [ diff --git a/source/extensions/filters/network/local_ratelimit/BUILD b/source/extensions/filters/network/local_ratelimit/BUILD index 5e4eda49d735b..6e10aaff1de32 100644 --- a/source/extensions/filters/network/local_ratelimit/BUILD +++ b/source/extensions/filters/network/local_ratelimit/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index 932bde0deff9f..ab1956d777cb0 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -107,7 +107,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":proxy_lib", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index 85c76a2d2efb5..0a81574c89d87 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -53,7 +53,7 @@ envoy_cc_extension( name = "config", srcs = ["mysql_config.cc"], hdrs = ["mysql_config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/postgres_proxy/BUILD b/source/extensions/filters/network/postgres_proxy/BUILD index ffdb433eafd59..398fa80cc67d5 100644 --- a/source/extensions/filters/network/postgres_proxy/BUILD +++ b/source/extensions/filters/network/postgres_proxy/BUILD @@ -44,7 +44,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", repository = "@envoy", security_posture = "requires_trusted_downstream_and_upstream", deps = [ diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 80820827a2bde..2ab3b5ac6787c 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -39,7 +39,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index 53f3f0bca2f1f..f5a4f38fdc0ed 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -13,7 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", deps = [ ":rbac_filter", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index ec3df474f28ab..7cf695e2a513b 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -120,7 +120,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/filters/network/rocketmq_proxy/BUILD b/source/extensions/filters/network/rocketmq_proxy/BUILD index 3e8ec50cf0421..4dd07abc6225a 100644 --- a/source/extensions/filters/network/rocketmq_proxy/BUILD +++ b/source/extensions/filters/network/rocketmq_proxy/BUILD @@ -122,7 +122,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index 6195a3f5664db..310bf058c1924 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -26,7 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "unknown", deps = [ ":sni_cluster", diff --git a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD index 8e6603720d898..bed8252554bbb 100644 --- a/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/network/sni_dynamic_forward_proxy/BUILD @@ -28,7 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index a1b6fe61f923a..e1a22d965da99 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/filters/network/wasm/BUILD b/source/extensions/filters/network/wasm/BUILD index 909bb8aec9a72..2023fd1f48d8d 100644 --- a/source/extensions/filters/network/wasm/BUILD +++ b/source/extensions/filters/network/wasm/BUILD @@ -28,7 +28,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index f048b0b12ae3b..10d14b23ae88a 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -43,7 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index 761472a80664a..41e311cc52c55 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -14,7 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.grpc_credentials", external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index a76ee53f2a02b..45f065419f87e 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -14,7 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.grpc_credentials", external_deps = ["grpc"], security_posture = "data_plane_agnostic", status = "alpha", diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index f166b933c3fda..9226e6dcf9c49 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -31,7 +31,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.health_checkers", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":redis", diff --git a/source/extensions/internal_redirect/allow_listed_routes/BUILD b/source/extensions/internal_redirect/allow_listed_routes/BUILD index 0906e813dd4b0..f3186dde09df6 100644 --- a/source/extensions/internal_redirect/allow_listed_routes/BUILD +++ b/source/extensions/internal_redirect/allow_listed_routes/BUILD @@ -24,7 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/previous_routes/BUILD b/source/extensions/internal_redirect/previous_routes/BUILD index fea9887f3976f..ada41e1ed237e 100644 --- a/source/extensions/internal_redirect/previous_routes/BUILD +++ b/source/extensions/internal_redirect/previous_routes/BUILD @@ -24,7 +24,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/internal_redirect/safe_cross_scheme/BUILD b/source/extensions/internal_redirect/safe_cross_scheme/BUILD index 32a168f8d531a..5936010fed94a 100644 --- a/source/extensions/internal_redirect/safe_cross_scheme/BUILD +++ b/source/extensions/internal_redirect/safe_cross_scheme/BUILD @@ -23,7 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.internal_redirect_predicates", # TODO(#9953) clean up by moving the redirect test to extensions. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/rate_limit_descriptors/expr/BUILD b/source/extensions/rate_limit_descriptors/expr/BUILD index b8c96fcc0c54c..088dd84be9c7a 100644 --- a/source/extensions/rate_limit_descriptors/expr/BUILD +++ b/source/extensions/rate_limit_descriptors/expr/BUILD @@ -12,7 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.rate_limit_descriptors", copts = select({ "//bazel:windows_x86_64": [], # TODO: fix the windows ANTLR build "//conditions:default": [ diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 8c5ac238fb443..14b20df2d34a5 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -25,7 +25,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.resource_monitors", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index 6382b228fa679..7b6eff7d6ef47 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -26,7 +26,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.resource_monitors", # TODO(#9953) clean up. extra_visibility = [ "//test/integration:__subpackages__", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index 897b30955d261..f9e5f2bded93b 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -21,7 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_canary_hosts_predicate_lib", diff --git a/source/extensions/retry/host/omit_host_metadata/BUILD b/source/extensions/retry/host/omit_host_metadata/BUILD index 68dc887d49f82..51813ad4a4b86 100644 --- a/source/extensions/retry/host/omit_host_metadata/BUILD +++ b/source/extensions/retry/host/omit_host_metadata/BUILD @@ -23,7 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_host_metadata_predicate_lib", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index cb2f450984385..e0deefe584a77 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -21,7 +21,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.retry_host_predicates", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_hosts_predicate_lib", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index bbac8d10a96cb..d036f6266d396 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -23,7 +23,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.retry_priorities", security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_priorities_lib", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index 043ec6484ffe0..a9a269862dd39 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 64a9562b336f0..1566d97c6de1f 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ ":hystrix_lib", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index 1539c2153959d..28afad7f25ac9 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -43,7 +43,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index 1badb96290042..8d4c70c3131ab 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -14,7 +14,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", # Legacy test use. TODO(#9953) clean up. deps = [ diff --git a/source/extensions/stat_sinks/wasm/BUILD b/source/extensions/stat_sinks/wasm/BUILD index d8f6996910a3e..dbbdb81e891a6 100644 --- a/source/extensions/stat_sinks/wasm/BUILD +++ b/source/extensions/stat_sinks/wasm/BUILD @@ -15,7 +15,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "data_plane_agnostic", status = "alpha", deps = [ diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index eb18a0de2aa10..bab4579844737 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index d6405c344d968..6ff33daac2fec 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -29,7 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index da924df94b9d9..10dae64e0ea1b 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index c9355690e8d79..b680c95d51a01 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", diff --git a/source/extensions/tracers/skywalking/BUILD b/source/extensions/tracers/skywalking/BUILD index 0ebc2c379a00e..b1f950f38cca7 100644 --- a/source/extensions/tracers/skywalking/BUILD +++ b/source/extensions/tracers/skywalking/BUILD @@ -96,7 +96,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index fea83f407cb6e..2894a2b3008d8 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -57,7 +57,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index caed059dd966a..3f88411450e57 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -67,7 +67,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.stats_sinks", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/server:__subpackages__", From d8f7782f3d0437f9d8f530d57e17ec7e80365428 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 13:13:53 +0000 Subject: [PATCH 14/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 357833ddb4346..1b10d1320b52f 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,13 +121,8 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - try: - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() - except Exception as e: - print('FAILED') - print(targets) - print(e) + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() ext_deps = set() implied_untracked_deps = set() From 8d680367add38b286d4c1078ffab4b6aa5b60cfa Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 13:32:53 +0000 Subject: [PATCH 15/51] source/ Signed-off-by: Ryan Northey --- source/extensions/filters/listener/original_dst/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index 204759891a24c..098c9e3ba68a6 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -1,4 +1,4 @@ - load( +load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", "envoy_cc_library", From 0a7c387d543690a088f885d0c36b72831ea5c1e1 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 16:28:16 +0000 Subject: [PATCH 16/51] source/ Signed-off-by: Ryan Northey --- source/extensions/filters/network/thrift_proxy/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index 372acaaf9fbc4..3d098813e3c3d 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.network", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":app_exception_lib", From 228ca3084ee0a39faa1a4c91240788d07046e194 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 16:30:42 +0000 Subject: [PATCH 17/51] source/ Signed-off-by: Ryan Northey --- .../filters/network/thrift_proxy/filters/ratelimit/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index ea58066224736..b27da3987272e 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -32,7 +32,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.thrift_proxy.filters", security_posture = "requires_trusted_downstream_and_upstream", status = "alpha", deps = [ From 2b996b21500bd22374b71a800c42c2464059d23f Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 16:33:57 +0000 Subject: [PATCH 18/51] source/ Signed-off-by: Ryan Northey --- source/extensions/filters/udp/dns_filter/BUILD | 2 +- source/extensions/filters/udp/udp_proxy/BUILD | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/extensions/filters/udp/dns_filter/BUILD b/source/extensions/filters/udp/dns_filter/BUILD index 680ea85aa233f..ee87d26ef8de9 100644 --- a/source/extensions/filters/udp/dns_filter/BUILD +++ b/source/extensions/filters/udp/dns_filter/BUILD @@ -51,7 +51,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.udp_listener", security_posture = "robust_to_untrusted_downstream", status = "alpha", deps = [ diff --git a/source/extensions/filters/udp/udp_proxy/BUILD b/source/extensions/filters/udp/udp_proxy/BUILD index 7bb013e38fc93..b939347604fab 100644 --- a/source/extensions/filters/udp/udp_proxy/BUILD +++ b/source/extensions/filters/udp/udp_proxy/BUILD @@ -45,7 +45,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.filters.udp_listener", security_posture = "robust_to_untrusted_downstream", deps = [ ":udp_proxy_filter_lib", From 6e334afe7c0a8dad0e664f40aad9177965662660 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 16:37:01 +0000 Subject: [PATCH 19/51] source/ Signed-off-by: Ryan Northey --- source/extensions/upstreams/http/BUILD | 2 +- source/extensions/upstreams/http/generic/BUILD | 2 +- source/extensions/upstreams/http/http/BUILD | 2 +- source/extensions/upstreams/http/tcp/BUILD | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source/extensions/upstreams/http/BUILD b/source/extensions/upstreams/http/BUILD index a0c364d60013c..00657164e9d1e 100644 --- a/source/extensions/upstreams/http/BUILD +++ b/source/extensions/upstreams/http/BUILD @@ -12,7 +12,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD index d768b09c82272..1e2c0d2119e7a 100644 --- a/source/extensions/upstreams/http/generic/BUILD +++ b/source/extensions/upstreams/http/generic/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD index 2af13a7bb7ed5..132d065cabb3b 100644 --- a/source/extensions/upstreams/http/http/BUILD +++ b/source/extensions/upstreams/http/http/BUILD @@ -17,7 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD index 53e9d48c7286a..46169ea4b14cc 100644 --- a/source/extensions/upstreams/http/tcp/BUILD +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -17,7 +17,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ From 3bd92381ad7aad4023aca3d5341ca6eebddbd0d3 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Wed, 20 Jan 2021 16:41:55 +0000 Subject: [PATCH 20/51] source/ Signed-off-by: Ryan Northey --- source/extensions/upstreams/tcp/generic/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/upstreams/tcp/generic/BUILD b/source/extensions/upstreams/tcp/generic/BUILD index 5959c58248bd2..2320d1ea51ef1 100644 --- a/source/extensions/upstreams/tcp/generic/BUILD +++ b/source/extensions/upstreams/tcp/generic/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = "envoy.upstreams", security_posture = "robust_to_untrusted_downstream", visibility = ["//visibility:public"], deps = [ From 37fba555eb2ca73f124eb8226be5be67476bf648 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 21 Jan 2021 12:41:30 +0000 Subject: [PATCH 21/51] source/ Signed-off-by: Ryan Northey --- source/extensions/quic_listeners/quiche/BUILD | 5 ++++- source/extensions/transport_sockets/alts/BUILD | 5 ++++- source/extensions/transport_sockets/proxy_protocol/BUILD | 4 +++- source/extensions/transport_sockets/raw_buffer/BUILD | 5 ++++- source/extensions/transport_sockets/starttls/BUILD | 5 ++++- source/extensions/transport_sockets/tap/BUILD | 5 ++++- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD index 071ea02db6107..1d34f993348b8 100644 --- a/source/extensions/quic_listeners/quiche/BUILD +++ b/source/extensions/quic_listeners/quiche/BUILD @@ -369,7 +369,10 @@ envoy_cc_library( # All of these are needed for this extension to function. envoy_cc_extension( name = "quic_factory_lib", - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "unknown", tags = ["nofips"], diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index 5a71fc4b80913..2d3df5920e8fb 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -34,7 +34,10 @@ envoy_cc_extension( hdrs = [ "config.h", ], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), external_deps = [ "abseil_node_hash_set", ], diff --git a/source/extensions/transport_sockets/proxy_protocol/BUILD b/source/extensions/transport_sockets/proxy_protocol/BUILD index 2d7778ef5c371..105ac9b506d9f 100644 --- a/source/extensions/transport_sockets/proxy_protocol/BUILD +++ b/source/extensions/transport_sockets/proxy_protocol/BUILD @@ -13,7 +13,9 @@ envoy_cc_extension( name = "upstream_config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", # header generated in Envoy, so can't be faked deps = [ ":upstream_proxy_protocol", diff --git a/source/extensions/transport_sockets/raw_buffer/BUILD b/source/extensions/transport_sockets/raw_buffer/BUILD index 77cc365e658cf..68a220fad1246 100644 --- a/source/extensions/transport_sockets/raw_buffer/BUILD +++ b/source/extensions/transport_sockets/raw_buffer/BUILD @@ -14,7 +14,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "requires_trusted_downstream_and_upstream", # This is core Envoy config. visibility = ["//visibility:public"], diff --git a/source/extensions/transport_sockets/starttls/BUILD b/source/extensions/transport_sockets/starttls/BUILD index 06ca6c57aeed9..a286e46cad866 100644 --- a/source/extensions/transport_sockets/starttls/BUILD +++ b/source/extensions/transport_sockets/starttls/BUILD @@ -15,7 +15,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", visibility = ["//visibility:public"], deps = [ diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index e6ece6a2ccea3..5461e5d2585c7 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -51,7 +51,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), # TODO(#9953) clean up. extra_visibility = [ "//test/common/access_log:__subpackages__", From c6318a03d66cde6dd59896279de0e44b72ba78cb Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 21 Jan 2021 12:57:44 +0000 Subject: [PATCH 22/51] source/ Signed-off-by: Ryan Northey --- source/extensions/transport_sockets/tls/BUILD | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index db966e530daf8..2564ae978d7a9 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -15,7 +15,10 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = ( + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + ), security_posture = "robust_to_untrusted_downstream_and_upstream", # TLS is core functionality. visibility = ["//visibility:public"], From b1064e14c109b3fe3110ca1981625690abacd4dc Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 21 Jan 2021 16:35:44 +0000 Subject: [PATCH 23/51] source/ Signed-off-by: Ryan Northey --- source/extensions/watchdog/profile_action/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/watchdog/profile_action/BUILD b/source/extensions/watchdog/profile_action/BUILD index d3282d92d0aa3..8da916b007ad9 100644 --- a/source/extensions/watchdog/profile_action/BUILD +++ b/source/extensions/watchdog/profile_action/BUILD @@ -33,7 +33,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.guarddog_actions", security_posture = "data_plane_agnostic", status = "alpha", deps = [ From 17ab0c02223367cb51c4be83b915991610cfad51 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 18 Jan 2021 11:11:27 +0000 Subject: [PATCH 24/51] generate extension db Signed-off-by: Ryan Northey --- docs/generate_extension_db.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/generate_extension_db.py b/docs/generate_extension_db.py index 9eab52d3d6f3c..814c127d08f22 100755 --- a/docs/generate_extension_db.py +++ b/docs/generate_extension_db.py @@ -37,10 +37,10 @@ def GetExtensionMetadata(target): if not BUILDOZER_PATH: raise ExtensionDbError('Buildozer not found!') r = subprocess.run( - [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented', target], + [BUILDOZER_PATH, '-stdout', 'print security_posture status category undocumented', target], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - security_posture, status, undocumented = r.stdout.decode('utf-8').strip().split(' ') + security_posture, status, category, undocumented = r.stdout.decode('utf-8').strip().split(' ') if IsMissing(security_posture): raise ExtensionDbError( 'Missing security posture for %s. Please make sure the target is an envoy_cc_extension and security_posture is set' @@ -49,6 +49,7 @@ def GetExtensionMetadata(target): 'security_posture': security_posture, 'undocumented': False if IsMissing(undocumented) else bool(undocumented), 'status': 'stable' if IsMissing(status) else status, + 'category': 'nocategory' if IsMissing(category) else category, } @@ -71,4 +72,8 @@ def GetExtensionMetadata(target): extension_db['envoy.upstreams.http.http_protocol_options'] = GetExtensionMetadata( '//source/extensions/upstreams/http:config') + print('EXTENSION DB') + print(extension_db) + print() + pathlib.Path(output_path).write_text(json.dumps(extension_db)) From 387e6e0d6d6839976f7f191a1d7bd917edbd6ac3 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 13:06:57 +0000 Subject: [PATCH 25/51] docs/ Signed-off-by: Ryan Northey --- docs/generate_extension_db.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/generate_extension_db.py b/docs/generate_extension_db.py index 814c127d08f22..1a30228874271 100755 --- a/docs/generate_extension_db.py +++ b/docs/generate_extension_db.py @@ -37,10 +37,11 @@ def GetExtensionMetadata(target): if not BUILDOZER_PATH: raise ExtensionDbError('Buildozer not found!') r = subprocess.run( - [BUILDOZER_PATH, '-stdout', 'print security_posture status category undocumented', target], + [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented category', target], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - security_posture, status, category, undocumented = r.stdout.decode('utf-8').strip().split(' ') + security_posture, status, undocumented = r.stdout.decode('utf-8').strip().split(' ')[:3] + categories = r.stdout.decode('utf-8').strip().split(' ')[3:] if IsMissing(security_posture): raise ExtensionDbError( 'Missing security posture for %s. Please make sure the target is an envoy_cc_extension and security_posture is set' @@ -49,7 +50,7 @@ def GetExtensionMetadata(target): 'security_posture': security_posture, 'undocumented': False if IsMissing(undocumented) else bool(undocumented), 'status': 'stable' if IsMissing(status) else status, - 'category': 'nocategory' if IsMissing(category) else category, + 'categories': 'nocategory' if IsMissing(categories) else categories, } From 9c322e7e9039bc57845f2a09895831e5edd84f1a Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 13:30:37 +0000 Subject: [PATCH 26/51] Revert "docs/" testing This reverts commit 387e6e0d6d6839976f7f191a1d7bd917edbd6ac3. Signed-off-by: Ryan Northey --- docs/generate_extension_db.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/generate_extension_db.py b/docs/generate_extension_db.py index 1a30228874271..9eab52d3d6f3c 100755 --- a/docs/generate_extension_db.py +++ b/docs/generate_extension_db.py @@ -37,11 +37,10 @@ def GetExtensionMetadata(target): if not BUILDOZER_PATH: raise ExtensionDbError('Buildozer not found!') r = subprocess.run( - [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented category', target], + [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented', target], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - security_posture, status, undocumented = r.stdout.decode('utf-8').strip().split(' ')[:3] - categories = r.stdout.decode('utf-8').strip().split(' ')[3:] + security_posture, status, undocumented = r.stdout.decode('utf-8').strip().split(' ') if IsMissing(security_posture): raise ExtensionDbError( 'Missing security posture for %s. Please make sure the target is an envoy_cc_extension and security_posture is set' @@ -50,7 +49,6 @@ def GetExtensionMetadata(target): 'security_posture': security_posture, 'undocumented': False if IsMissing(undocumented) else bool(undocumented), 'status': 'stable' if IsMissing(status) else status, - 'categories': 'nocategory' if IsMissing(categories) else categories, } @@ -73,8 +71,4 @@ def GetExtensionMetadata(target): extension_db['envoy.upstreams.http.http_protocol_options'] = GetExtensionMetadata( '//source/extensions/upstreams/http:config') - print('EXTENSION DB') - print(extension_db) - print() - pathlib.Path(output_path).write_text(json.dumps(extension_db)) From eab10a746e214ba55d55b723beb0345ec6d18af4 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 16:36:50 +0000 Subject: [PATCH 27/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 63 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index f1dc46ddf8298..b94d57b24269d 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -66,6 +66,62 @@ EXTENSION_SECURITY_POSTURES = [ "data_plane_agnostic", ] +# Extension categories as defined by factories +EXTENSION_CATEGORIES = [ + "envoy.access_logger.extension_filters", + "envoy.access_loggers", + "envoy.bootstrap", + "envoy.clusters", + "envoy.compression.compressor", + "envoy.compression.decompressor", + "envoy.dubbo_proxy.filters", + "envoy.dubbo_proxy.protocols", + "envoy.dubbo_proxy.route_matchers", + "envoy.dubbo_proxy.serializers", + "envoy.fatal_action", + "envoy.filters.http", + "envoy.filters.listener", + "envoy.filters.network", + "envoy.filters.udp_listener", + "envoy.filters.upstream_network", + "envoy.formatter", + "envoy.grpc_credentials", + "envoy.guarddog_actions", + "envoy.health_checkers", + "envoy.http.cache", + "envoy.internal_redirect_predicates", + "envoy.matching.action", + "envoy.matching.input_matcher", + "envoy.quic_client_codec", + "envoy.quic_server_codec", + "envoy.rate_limit_descriptors", + "envoy.request_id_extension", + "envoy.resolvers", + "envoy.resource_monitors", + "envoy.retry_host_predicates", + "envoy.retry_priorities", + "envoy.singleton", + "envoy.ssl_context_manager", + "envoy.stats_sinks", + "envoy.thrift_proxy.filters", + "envoy.thrift_proxy.protocols", + "envoy.thrift_proxy.transports", + "envoy.tls_handshakers", + "envoy.tls.key_providers", + "envoy.tracers", + "envoy.transport_sockets.downstream", + "envoy.transport_sockets.upstream", + "envoy.typed_metadata", + "envoy.udp_listeners", + "envoy.udp_packet_writers", + "envoy.upstream_options", + "envoy.upstreams", + "test", + "testing", + "testing.published", + "testing.published.additional.category", +] + EXTENSION_STATUS_VALUES = [ # This extension is stable and is expected to be production usable. "stable", @@ -90,7 +146,12 @@ def envoy_cc_extension( **kwargs): if not category: fail("Category not set for %s" % name) - + if isinstance(category, str): + category = (category, ) + for cat in category: + if cat not in EXTENSION_CATEGORIES: + fail("Unknown extension category for %s: %s" + % (name, cat)) if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: From 0dc0963e4abf92dcef7fabf4e945633970c908f3 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 16:50:25 +0000 Subject: [PATCH 28/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index b94d57b24269d..6db6d019a58bf 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -146,7 +146,7 @@ def envoy_cc_extension( **kwargs): if not category: fail("Category not set for %s" % name) - if isinstance(category, str): + if type(category) == str: category = (category, ) for cat in category: if cat not in EXTENSION_CATEGORIES: From 577eddc7d003ef0bfb9f26e7601536501957ebb2 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 16:59:25 +0000 Subject: [PATCH 29/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 6db6d019a58bf..002d8ff30fb11 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -150,8 +150,9 @@ def envoy_cc_extension( category = (category, ) for cat in category: if cat not in EXTENSION_CATEGORIES: - fail("Unknown extension category for %s: %s" - % (name, cat)) + print("FAILCAT %s %s" % (name, cat)) + # fail("Unknown extension category for %s: %s" + # % (name, cat)) if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: From cdfd929277dcae6c0b25fd8a55fc4bc15e11f348 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 17:07:43 +0000 Subject: [PATCH 30/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 002d8ff30fb11..f3f5877b2258b 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -145,7 +145,8 @@ def envoy_cc_extension( visibility = EXTENSION_CONFIG_VISIBILITY, **kwargs): if not category: - fail("Category not set for %s" % name) + print("FAILCAT %s not set" % name) + # fail("Category not set for %s" % name) if type(category) == str: category = (category, ) for cat in category: From 25634defb5e2b401229a1bc55c4e5102ccbd30b1 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 17:18:22 +0000 Subject: [PATCH 31/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index f3f5877b2258b..7df58f8ada72c 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -149,7 +149,7 @@ def envoy_cc_extension( # fail("Category not set for %s" % name) if type(category) == str: category = (category, ) - for cat in category: + for cat in category or []: if cat not in EXTENSION_CATEGORIES: print("FAILCAT %s %s" % (name, cat)) # fail("Unknown extension category for %s: %s" From 03175280fa6d387aa1ead73488a5769cc94865ff Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 17:25:13 +0000 Subject: [PATCH 32/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 1b10d1320b52f..b33f3a05ff5db 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,8 +121,14 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() + try: + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() + except Exception as e: + print('FAIL') + print(targets) + print(e) + raise e ext_deps = set() implied_untracked_deps = set() From ad9a8b8422877280c06c844e6951f3f34be07e5e Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 22 Jan 2021 17:38:00 +0000 Subject: [PATCH 33/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index b33f3a05ff5db..f5451ca5855b4 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -125,9 +125,12 @@ def QueryExternalDeps(self, *targets): deps = subprocess.check_output(['bazel', 'query', deps_query], stderr=subprocess.PIPE).decode().splitlines() except Exception as e: + result = subprocess.run(['bazel', 'query', deps_query], capture_output=True) print('FAIL') print(targets) - print(e) + print('STDERR') + print(result.stderr) + print('FAILED') raise e ext_deps = set() From a319232c59c8d20a60f0804c1d87c84ab6e9649b Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 14:03:51 +0000 Subject: [PATCH 34/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index f5451ca5855b4..d71ba870268be 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -125,7 +125,7 @@ def QueryExternalDeps(self, *targets): deps = subprocess.check_output(['bazel', 'query', deps_query], stderr=subprocess.PIPE).decode().splitlines() except Exception as e: - result = subprocess.run(['bazel', 'query', deps_query], capture_output=True) + result = subprocess.run(['bazel', 'query', deps_query], stderr=subprocess.PIPE) print('FAIL') print(targets) print('STDERR') From d3a0c02aab3744ebcaaec84fc5b51eb5296bb4c2 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 14:19:08 +0000 Subject: [PATCH 35/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 7df58f8ada72c..fd6d5382b59a0 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -145,9 +145,10 @@ def envoy_cc_extension( visibility = EXTENSION_CONFIG_VISIBILITY, **kwargs): if not category: - print("FAILCAT %s not set" % name) - # fail("Category not set for %s" % name) + fail("Category not set for %s" % name) + print('checking type for: %s' % category) if type(category) == str: + print('converting to tuple: %s' % category) category = (category, ) for cat in category or []: if cat not in EXTENSION_CATEGORIES: From 534b6b61da1b0084ae16ab97be237e73f3da003a Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 14:25:42 +0000 Subject: [PATCH 36/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index d71ba870268be..4b2cbe79eb9be 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -128,6 +128,9 @@ def QueryExternalDeps(self, *targets): result = subprocess.run(['bazel', 'query', deps_query], stderr=subprocess.PIPE) print('FAIL') print(targets) + print('STDOUT') + print(result.stdout) + print('STDERR') print(result.stderr) print('FAILED') From a434681b79e3049d962dec7e74d6e25a8372ac13 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 14:34:30 +0000 Subject: [PATCH 37/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 4b2cbe79eb9be..d9eaa79c60ca3 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -125,7 +125,10 @@ def QueryExternalDeps(self, *targets): deps = subprocess.check_output(['bazel', 'query', deps_query], stderr=subprocess.PIPE).decode().splitlines() except Exception as e: - result = subprocess.run(['bazel', 'query', deps_query], stderr=subprocess.PIPE) + result = subprocess.run( + ['bazel', 'query', deps_query], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) print('FAIL') print(targets) print('STDOUT') From 7d633a40d2c332df2cabc6756c7a02d31fb6af73 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 15:10:48 +0000 Subject: [PATCH 38/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index fd6d5382b59a0..fd00ff48301ec 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -146,15 +146,12 @@ def envoy_cc_extension( **kwargs): if not category: fail("Category not set for %s" % name) - print('checking type for: %s' % category) if type(category) == str: - print('converting to tuple: %s' % category) category = (category, ) for cat in category or []: if cat not in EXTENSION_CATEGORIES: - print("FAILCAT %s %s" % (name, cat)) - # fail("Unknown extension category for %s: %s" - # % (name, cat)) + fail("Unknown extension category for %s: %s" + % (name, cat)) if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: From 487253134d8e143325c24fc6e8bff89ef4c7b19a Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 15:19:34 +0000 Subject: [PATCH 39/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index fd00ff48301ec..cd8ec4260e4b8 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -147,8 +147,10 @@ def envoy_cc_extension( if not category: fail("Category not set for %s" % name) if type(category) == str: - category = (category, ) - for cat in category or []: + _category = (category, ) + else: + _category = category + for cat in _category or []: if cat not in EXTENSION_CATEGORIES: fail("Unknown extension category for %s: %s" % (name, cat)) From 2895c772c9a1f3be1024e5e2e8b34f835a7b09e0 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 15:32:51 +0000 Subject: [PATCH 40/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index cd8ec4260e4b8..8f4e44214de03 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -146,11 +146,9 @@ def envoy_cc_extension( **kwargs): if not category: fail("Category not set for %s" % name) - if type(category) == str: - _category = (category, ) - else: - _category = category - for cat in _category or []: + if type(category) == "string": + category = (category, ) + for cat in category or []: if cat not in EXTENSION_CATEGORIES: fail("Unknown extension category for %s: %s" % (name, cat)) From 4ee0cf508800ba47d58e7f6380adb99770b60480 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 15:38:34 +0000 Subject: [PATCH 41/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 8f4e44214de03..9abe44ee70e05 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -120,6 +120,7 @@ EXTENSION_CATEGORIES = [ "testing", "testing.published", "testing.published.additional.category", + "SOMECAT", ] EXTENSION_STATUS_VALUES = [ From 30233d20296926ec0cb545002b5100c783fc3a96 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 17:06:22 +0000 Subject: [PATCH 42/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 9abe44ee70e05..a1931acc176ca 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -148,11 +148,11 @@ def envoy_cc_extension( if not category: fail("Category not set for %s" % name) if type(category) == "string": - category = (category, ) + category = (category,) for cat in category or []: if cat not in EXTENSION_CATEGORIES: - fail("Unknown extension category for %s: %s" - % (name, cat)) + fail("Unknown extension category for %s: %s" % + (name, cat)) if security_posture not in EXTENSION_SECURITY_POSTURES: fail("Unknown extension security posture: " + security_posture) if status not in EXTENSION_STATUS_VALUES: From 296db77f7c512702ae73790bcb6357e1d7f65071 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 17:06:25 +0000 Subject: [PATCH 43/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index d9eaa79c60ca3..92178b450074d 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,24 +121,8 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - try: - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() - except Exception as e: - result = subprocess.run( - ['bazel', 'query', deps_query], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - print('FAIL') - print(targets) - print('STDOUT') - print(result.stdout) - - print('STDERR') - print(result.stderr) - print('FAILED') - raise e - + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() ext_deps = set() implied_untracked_deps = set() for d in deps: From 4550e3c45886c03d80828724943eabff928166ed Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 17:21:57 +0000 Subject: [PATCH 44/51] more Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 27 ---------------------- source/extensions/tracers/datadog/BUILD | 2 +- source/extensions/tracers/dynamic_ot/BUILD | 2 +- source/extensions/tracers/lightstep/BUILD | 2 +- source/extensions/tracers/opencensus/BUILD | 2 +- source/extensions/tracers/skywalking/BUILD | 2 +- source/extensions/tracers/xray/BUILD | 2 +- source/extensions/tracers/zipkin/BUILD | 2 +- 8 files changed, 7 insertions(+), 34 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index a1931acc176ca..3c9797c0882da 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -68,58 +68,31 @@ EXTENSION_SECURITY_POSTURES = [ # Extension categories as defined by factories EXTENSION_CATEGORIES = [ - "envoy.access_logger.extension_filters", "envoy.access_loggers", "envoy.bootstrap", "envoy.clusters", "envoy.compression.compressor", "envoy.compression.decompressor", - "envoy.dubbo_proxy.filters", - "envoy.dubbo_proxy.protocols", - "envoy.dubbo_proxy.route_matchers", - "envoy.dubbo_proxy.serializers", - "envoy.fatal_action", "envoy.filters.http", "envoy.filters.listener", "envoy.filters.network", "envoy.filters.udp_listener", - "envoy.filters.upstream_network", "envoy.formatter", "envoy.grpc_credentials", "envoy.guarddog_actions", "envoy.health_checkers", - "envoy.http.cache", "envoy.internal_redirect_predicates", - "envoy.matching.action", - "envoy.matching.input_matcher", - "envoy.quic_client_codec", - "envoy.quic_server_codec", "envoy.rate_limit_descriptors", - "envoy.request_id_extension", "envoy.resolvers", "envoy.resource_monitors", "envoy.retry_host_predicates", "envoy.retry_priorities", - "envoy.singleton", - "envoy.ssl_context_manager", "envoy.stats_sinks", "envoy.thrift_proxy.filters", - "envoy.thrift_proxy.protocols", - "envoy.thrift_proxy.transports", - "envoy.tls_handshakers", - "envoy.tls.key_providers", "envoy.tracers", "envoy.transport_sockets.downstream", "envoy.transport_sockets.upstream", - "envoy.typed_metadata", - "envoy.udp_listeners", - "envoy.udp_packet_writers", - "envoy.upstream_options", "envoy.upstreams", - "test", - "testing", - "testing.published", - "testing.published.additional.category", "SOMECAT", ] diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index bab4579844737..d294f3e56a41e 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index 6ff33daac2fec..c7ce76f3267f2 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -29,7 +29,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 10dae64e0ea1b..0bfc9f44ec6f4 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -35,7 +35,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index b680c95d51a01..a1c414cca9d7e 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -16,7 +16,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", diff --git a/source/extensions/tracers/skywalking/BUILD b/source/extensions/tracers/skywalking/BUILD index b1f950f38cca7..4592759eafdfb 100644 --- a/source/extensions/tracers/skywalking/BUILD +++ b/source/extensions/tracers/skywalking/BUILD @@ -96,7 +96,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index 2894a2b3008d8..31e35ad739383 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -57,7 +57,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", security_posture = "robust_to_untrusted_downstream", status = "wip", deps = [ diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index 3f88411450e57..34e00329e121a 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -67,7 +67,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "envoy.stats_sinks", + category = "envoy.tracers", # Legacy test use. TODO(#9953) clean up. extra_visibility = [ "//test/server:__subpackages__", From b5d2a2144eaebf9785033bd9b68abecdaa44fb59 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 17:34:03 +0000 Subject: [PATCH 45/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index 92178b450074d..d9eaa79c60ca3 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,8 +121,24 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() + try: + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() + except Exception as e: + result = subprocess.run( + ['bazel', 'query', deps_query], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + print('FAIL') + print(targets) + print('STDOUT') + print(result.stdout) + + print('STDERR') + print(result.stderr) + print('FAILED') + raise e + ext_deps = set() implied_untracked_deps = set() for d in deps: From aa1156bb316670e4c8787690d01816ab58740acd Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 18:42:36 +0000 Subject: [PATCH 46/51] tools/ Signed-off-by: Ryan Northey --- tools/dependency/validate.py | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py index d9eaa79c60ca3..92178b450074d 100755 --- a/tools/dependency/validate.py +++ b/tools/dependency/validate.py @@ -121,24 +121,8 @@ def QueryExternalDeps(self, *targets): A set of dependency identifiers that are reachable from targets. """ deps_query = ' union '.join(f'deps({l})' for l in targets) - try: - deps = subprocess.check_output(['bazel', 'query', deps_query], - stderr=subprocess.PIPE).decode().splitlines() - except Exception as e: - result = subprocess.run( - ['bazel', 'query', deps_query], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - print('FAIL') - print(targets) - print('STDOUT') - print(result.stdout) - - print('STDERR') - print(result.stderr) - print('FAILED') - raise e - + deps = subprocess.check_output(['bazel', 'query', deps_query], + stderr=subprocess.PIPE).decode().splitlines() ext_deps = set() implied_untracked_deps = set() for d in deps: From b4da8d63e2988c755cb6de816f45e4540e7f81f1 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Mon, 25 Jan 2021 19:24:44 +0000 Subject: [PATCH 47/51] source/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 1 + source/extensions/filters/network/thrift_proxy/router/BUILD | 2 +- source/extensions/wasm_runtime/null/BUILD | 2 +- source/extensions/wasm_runtime/v8/BUILD | 2 +- source/extensions/wasm_runtime/wasmtime/BUILD | 2 +- source/extensions/wasm_runtime/wavm/BUILD | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 3c9797c0882da..92c6e05e4398d 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -93,6 +93,7 @@ EXTENSION_CATEGORIES = [ "envoy.transport_sockets.downstream", "envoy.transport_sockets.upstream", "envoy.upstreams", + "envoy.wasm.runtime", "SOMECAT", ] diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index 3165d86a2abda..34885fe3d24a1 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -13,7 +13,7 @@ envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], - category = "SOMECAT", + category = "envoy.thrift_proxy.filters", security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":router_lib", diff --git a/source/extensions/wasm_runtime/null/BUILD b/source/extensions/wasm_runtime/null/BUILD index 010f53fcb41cc..e66dce75d6f3d 100644 --- a/source/extensions/wasm_runtime/null/BUILD +++ b/source/extensions/wasm_runtime/null/BUILD @@ -11,7 +11,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/v8/BUILD b/source/extensions/wasm_runtime/v8/BUILD index 527001f68a3b3..8024375f64463 100644 --- a/source/extensions/wasm_runtime/v8/BUILD +++ b/source/extensions/wasm_runtime/v8/BUILD @@ -12,7 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wasmtime/BUILD b/source/extensions/wasm_runtime/wasmtime/BUILD index 8ced90d3b92e4..47923bd0caa34 100644 --- a/source/extensions/wasm_runtime/wasmtime/BUILD +++ b/source/extensions/wasm_runtime/wasmtime/BUILD @@ -12,7 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ diff --git a/source/extensions/wasm_runtime/wavm/BUILD b/source/extensions/wasm_runtime/wavm/BUILD index 66e41fc38fe6a..f2b8c69ae785d 100644 --- a/source/extensions/wasm_runtime/wavm/BUILD +++ b/source/extensions/wasm_runtime/wavm/BUILD @@ -12,7 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.cc"], - category = "SOMECAT", + category = "envoy.wasm.runtime", security_posture = "unknown", status = "alpha", deps = [ From c04982153430369fdf200e55ea55281f64c26de3 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Tue, 26 Jan 2021 15:34:46 +0000 Subject: [PATCH 48/51] bazel/ Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 92c6e05e4398d..6973db56cef2f 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -123,7 +123,7 @@ def envoy_cc_extension( fail("Category not set for %s" % name) if type(category) == "string": category = (category,) - for cat in category or []: + for cat in category: if cat not in EXTENSION_CATEGORIES: fail("Unknown extension category for %s: %s" % (name, cat)) From 2adc5927b075a06ef67036f1887b9828bfeb8972 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 5 Feb 2021 15:32:24 +0000 Subject: [PATCH 49/51] SOMECAT -> DELIBERATELY_OMITTED Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 2 +- source/extensions/common/crypto/BUILD | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 6973db56cef2f..6b921e96b2d98 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -94,7 +94,7 @@ EXTENSION_CATEGORIES = [ "envoy.transport_sockets.upstream", "envoy.upstreams", "envoy.wasm.runtime", - "SOMECAT", + "DELIBERATELY_OMITTED", ] EXTENSION_STATUS_VALUES = [ diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index f1dbcb736725d..d33b7986b519d 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -18,7 +18,7 @@ envoy_cc_extension( "crypto_impl.h", "utility_impl.h", ], - category = "SOMECAT", + category = "DELIBERATELY_OMITTED", external_deps = [ "ssl", ], From 19b3f68b11abc1813b0b94320ced18ce5d8aafce Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 5 Feb 2021 16:26:55 +0000 Subject: [PATCH 50/51] source/ Signed-off-by: Ryan Northey --- source/extensions/io_socket/user_space/BUILD | 1 + 1 file changed, 1 insertion(+) diff --git a/source/extensions/io_socket/user_space/BUILD b/source/extensions/io_socket/user_space/BUILD index e449d227ef684..6becad0a92c76 100644 --- a/source/extensions/io_socket/user_space/BUILD +++ b/source/extensions/io_socket/user_space/BUILD @@ -12,6 +12,7 @@ envoy_extension_package() envoy_cc_extension( name = "config", srcs = ["config.h"], + category = "envoy.io_socket", security_posture = "unknown", status = "wip", undocumented = True, From 65b82bdd5635b75d38030f507b590209ec902386 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Fri, 5 Feb 2021 16:27:10 +0000 Subject: [PATCH 51/51] envoy.io_socket Signed-off-by: Ryan Northey --- bazel/envoy_library.bzl | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 6b921e96b2d98..d052c481ace5c 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -82,6 +82,7 @@ EXTENSION_CATEGORIES = [ "envoy.guarddog_actions", "envoy.health_checkers", "envoy.internal_redirect_predicates", + "envoy.io_socket", "envoy.rate_limit_descriptors", "envoy.resolvers", "envoy.resource_monitors",