dependencies: refactor repository location schema utils, cleanups. (#13452)
- Refactor code responsible for processing repository location specs, i.e. checking for the presence of fields like last_updated and interpolation of version. The same code is now usable by both API repository_locations.bzl and bazel/repository_locations.bzl. - Cleanup reference to repo locations in repository_locations.bzl, now using a consistent set of macros. - Add API dependencies to dependency dashboard. Risk level: Low Testing: Docs build. Part of #12673 Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 9181790e3ab21b53ec268470202986b9517c3723master-ci-test
data-plane-api(Azure Pipelines)
4 years ago
parent
ff1d59c377
commit
2680c5ba71
5 changed files with 160 additions and 41 deletions
@ -0,0 +1,116 @@ |
|||||||
|
load("@envoy_api//bazel:repository_locations_utils.bzl", "load_repository_locations_spec") |
||||||
|
|
||||||
|
# Envoy dependencies may be annotated with the following attributes: |
||||||
|
DEPENDENCY_ANNOTATIONS = [ |
||||||
|
# List of the categories describing how the dependency is being used. This attribute is used |
||||||
|
# for automatic tracking of security posture of Envoy's dependencies. |
||||||
|
# Possible values are documented in the USE_CATEGORIES list below. |
||||||
|
# This attribute is mandatory for each dependecy. |
||||||
|
"use_category", |
||||||
|
|
||||||
|
# Attribute specifying CPE (Common Platform Enumeration, see https://nvd.nist.gov/products/cpe) ID |
||||||
|
# of the dependency. The ID may be in v2.3 or v2.2 format, although v2.3 is prefferred. See |
||||||
|
# https://nvd.nist.gov/products/cpe for CPE format. Use single wildcard '*' for version and vector elements |
||||||
|
# i.e. 'cpe:2.3:a:nghttp2:nghttp2:*'. Use "N/A" for dependencies without CPE assigned. |
||||||
|
# This attribute is optional for components with use categories listed in the |
||||||
|
# USE_CATEGORIES_WITH_CPE_OPTIONAL |
||||||
|
"cpe", |
||||||
|
] |
||||||
|
|
||||||
|
# NOTE: If a dependency use case is either dataplane or controlplane, the other uses are not needed |
||||||
|
# to be declared. |
||||||
|
USE_CATEGORIES = [ |
||||||
|
# This dependency is used in API protos. |
||||||
|
"api", |
||||||
|
# This dependency is used in build process. |
||||||
|
"build", |
||||||
|
# This dependency is used to process xDS requests. |
||||||
|
"controlplane", |
||||||
|
# This dependency is used in processing downstream or upstream requests (core). |
||||||
|
"dataplane_core", |
||||||
|
# This dependency is used in processing downstream or upstream requests (extensions). |
||||||
|
"dataplane_ext", |
||||||
|
# This dependecy is used for logging, metrics or tracing (core). It may process unstrusted input. |
||||||
|
"observability_core", |
||||||
|
# This dependecy is used for logging, metrics or tracing (extensions). It may process unstrusted input. |
||||||
|
"observability_ext", |
||||||
|
# This dependency does not handle untrusted data and is used for various utility purposes. |
||||||
|
"other", |
||||||
|
# This dependency is used only in tests. |
||||||
|
"test_only", |
||||||
|
] |
||||||
|
|
||||||
|
# Components with these use categories are not required to specify the 'cpe' |
||||||
|
# and 'last_updated' annotation. |
||||||
|
USE_CATEGORIES_WITH_CPE_OPTIONAL = ["build", "other", "test_only", "api"] |
||||||
|
|
||||||
|
def _fail_missing_attribute(attr, key): |
||||||
|
fail("The '%s' attribute must be defined for external dependecy " % attr + key) |
||||||
|
|
||||||
|
# Method for verifying content of the repository location specifications. |
||||||
|
# |
||||||
|
# We also remove repository metadata attributes so that further consumers, e.g. |
||||||
|
# http_archive, are not confused by them. |
||||||
|
def load_repository_locations(repository_locations_spec): |
||||||
|
locations = {} |
||||||
|
for key, location in load_repository_locations_spec(repository_locations_spec).items(): |
||||||
|
mutable_location = dict(location) |
||||||
|
locations[key] = mutable_location |
||||||
|
|
||||||
|
if "sha256" not in location or len(location["sha256"]) == 0: |
||||||
|
_fail_missing_attribute("sha256", key) |
||||||
|
|
||||||
|
if "project_name" not in location: |
||||||
|
_fail_missing_attribute("project_name", key) |
||||||
|
mutable_location.pop("project_name") |
||||||
|
|
||||||
|
if "project_desc" not in location: |
||||||
|
_fail_missing_attribute("project_desc", key) |
||||||
|
mutable_location.pop("project_desc") |
||||||
|
|
||||||
|
if "project_url" not in location: |
||||||
|
_fail_missing_attribute("project_url", key) |
||||||
|
project_url = mutable_location.pop("project_url") |
||||||
|
if not project_url.startswith("https://") and not project_url.startswith("http://"): |
||||||
|
fail("project_url must start with https:// or http://: " + project_url) |
||||||
|
|
||||||
|
if "version" not in location: |
||||||
|
_fail_missing_attribute("version", key) |
||||||
|
mutable_location.pop("version") |
||||||
|
|
||||||
|
if "use_category" not in location: |
||||||
|
_fail_missing_attribute("use_category", key) |
||||||
|
use_category = mutable_location.pop("use_category") |
||||||
|
|
||||||
|
if "dataplane_ext" in use_category or "observability_ext" in use_category: |
||||||
|
if "extensions" not in location: |
||||||
|
_fail_missing_attribute("extensions", key) |
||||||
|
mutable_location.pop("extensions") |
||||||
|
|
||||||
|
if "last_updated" not in location: |
||||||
|
_fail_missing_attribute("last_updated", key) |
||||||
|
last_updated = mutable_location.pop("last_updated") |
||||||
|
|
||||||
|
# Starlark doesn't have regexes. |
||||||
|
if len(last_updated) != 10 or last_updated[4] != "-" or last_updated[7] != "-": |
||||||
|
fail("last_updated must match YYYY-DD-MM: " + last_updated) |
||||||
|
|
||||||
|
if "cpe" in location: |
||||||
|
cpe = mutable_location.pop("cpe") |
||||||
|
|
||||||
|
# Starlark doesn't have regexes. |
||||||
|
cpe_components = len(cpe.split(":")) |
||||||
|
|
||||||
|
# We allow cpe:2.3:a:foo:* and cpe:2.3.:a:foo:bar:* only. |
||||||
|
cpe_components_valid = cpe_components in [5, 6] |
||||||
|
cpe_matches = (cpe == "N/A" or (cpe.startswith("cpe:2.3:a:") and cpe.endswith(":*") and cpe_components_valid)) |
||||||
|
if not cpe_matches: |
||||||
|
fail("CPE must match cpe:2.3:a:<facet>:<facet>:*: " + cpe) |
||||||
|
elif not [category for category in USE_CATEGORIES_WITH_CPE_OPTIONAL if category in location["use_category"]]: |
||||||
|
_fail_missing_attribute("cpe", key) |
||||||
|
|
||||||
|
for category in location["use_category"]: |
||||||
|
if category not in USE_CATEGORIES: |
||||||
|
fail("Unknown use_category value '" + category + "' for dependecy " + key) |
||||||
|
|
||||||
|
return locations |
||||||
@ -0,0 +1,20 @@ |
|||||||
|
def _format_version(s, version): |
||||||
|
return s.format(version = version, dash_version = version.replace(".", "-"), underscore_version = version.replace(".", "_")) |
||||||
|
|
||||||
|
# Generate a "repository location specification" from raw repository |
||||||
|
# specification. The information should match the format required by |
||||||
|
# external_deps.bzl. This function mostly does interpolation of {version} in |
||||||
|
# the repository info fields. This code should be capable of running in both |
||||||
|
# Python and Starlark. |
||||||
|
def load_repository_locations_spec(repository_locations_spec): |
||||||
|
locations = {} |
||||||
|
for key, location in repository_locations_spec.items(): |
||||||
|
mutable_location = dict(location) |
||||||
|
locations[key] = mutable_location |
||||||
|
|
||||||
|
# Fixup with version information. |
||||||
|
if "version" in location: |
||||||
|
if "strip_prefix" in location: |
||||||
|
mutable_location["strip_prefix"] = _format_version(location["strip_prefix"], location["version"]) |
||||||
|
mutable_location["urls"] = [_format_version(url, location["version"]) for url in location["urls"]] |
||||||
|
return locations |
||||||
Loading…
Reference in new issue