diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl index 4d958fddba763..92c837a4f06a2 100644 --- a/bazel/dependency_imports.bzl +++ b/bazel/dependency_imports.bzl @@ -10,6 +10,7 @@ load("@configs_pip3//:requirements.bzl", configs_pip_install = "pip_install") load("@headersplit_pip3//:requirements.bzl", headersplit_pip_install = "pip_install") load("@kafka_pip3//:requirements.bzl", kafka_pip_install = "pip_install") load("@protodoc_pip3//:requirements.bzl", protodoc_pip_install = "pip_install") +load("@thrift_pip3//:requirements.bzl", thrift_pip_install = "pip_install") load("@rules_antlr//antlr:deps.bzl", "antlr_dependencies") # go version for rules_go @@ -59,3 +60,4 @@ def envoy_dependency_imports(go_version = GO_VERSION): headersplit_pip_install() kafka_pip_install() protodoc_pip_install() + thrift_pip_install() diff --git a/bazel/external/apache_thrift.BUILD b/bazel/external/apache_thrift.BUILD deleted file mode 100644 index db12d91f0b841..0000000000000 --- a/bazel/external/apache_thrift.BUILD +++ /dev/null @@ -1,29 +0,0 @@ -load("@rules_python//python:defs.bzl", "py_library") - -licenses(["notice"]) # Apache 2 - -# The apache-thrift distribution does not keep the thrift files in a directory with the -# expected package name (it uses src/Thrift.py vs src/thrift/Thrift.py), so we provide a -# genrule to copy src/**/*.py to thrift/**/*.py. -src_files = glob(["src/**/*.py"]) - -genrule( - name = "thrift_files", - srcs = src_files, - outs = [f.replace("src/", "thrift/") for f in src_files], - cmd = "\n".join( - ["mkdir -p $$(dirname $(location %s)) && cp $(location %s) $(location :%s)" % ( - f, - f, - f.replace("src/", "thrift/"), - ) for f in src_files], - ), - visibility = ["//visibility:private"], -) - -py_library( - name = "apache_thrift", - srcs = [":thrift_files"], - visibility = ["//visibility:public"], - deps = ["@six"], -) diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl index f66dc9f180ed7..ce30752e1e948 100644 --- a/bazel/repositories.bzl +++ b/bazel/repositories.bzl @@ -95,10 +95,6 @@ _default_envoy_build_config = repository_rule( # Python dependencies. def _python_deps(): # TODO(htuch): convert these to pip3_import. - _repository_impl( - name = "com_github_apache_thrift", - build_file = "@envoy//bazel/external:apache_thrift.BUILD", - ) _repository_impl( name = "com_github_twitter_common_lang", build_file = "@envoy//bazel/external:twitter_common_lang.BUILD", diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl index ca93f0829c781..8e19344926b84 100644 --- a/bazel/repositories_extra.bzl +++ b/bazel/repositories_extra.bzl @@ -7,24 +7,59 @@ def _python_deps(): pip_repositories() pip3_import( + # project_name = "PyYAML", + # project_url = "https://github.com/yaml/pyyaml", + # version = "5.3.1", + # use_category = ["other"], + # cpe = "cpe:2.3:a:pyyaml:pyyaml:*", name = "config_validation_pip3", requirements = "@envoy//tools/config_validation:requirements.txt", + extra_pip_args = ["--require-hashes"], ) pip3_import( + # project_name = "Jinja", + # project_url = "http://palletsprojects.com/p/jinja", + # version = "2.11.2", + # use_category = ["test"], + # cpe = "cpe:2.3:a:palletsprojects:jinja:*", name = "configs_pip3", requirements = "@envoy//configs:requirements.txt", + extra_pip_args = ["--require-hashes"], ) pip3_import( + # project_name = "Jinja", + # project_url = "http://palletsprojects.com/p/jinja", + # version = "2.11.2", + # use_category = ["test"], + # cpe = "cpe:2.3:a:palletsprojects:jinja:*", name = "kafka_pip3", requirements = "@envoy//source/extensions/filters/network/kafka:requirements.txt", + extra_pip_args = ["--require-hashes"], ) pip3_import( name = "headersplit_pip3", requirements = "@envoy//tools/envoy_headersplit:requirements.txt", + extra_pip_args = ["--require-hashes"], ) pip3_import( + # project_name = "PyYAML", + # project_url = "https://github.com/yaml/pyyaml", + # version = "5.3.1", + # use_category = ["other"], + # cpe = "cpe:2.3:a:pyyaml:pyyaml:*", name = "protodoc_pip3", requirements = "@envoy//tools/protodoc:requirements.txt", + extra_pip_args = ["--require-hashes"], + ) + pip3_import( + # project_name = "Apache Thrift", + # project_url = "http://thrift.apache.org/", + # version = "0.11.0", + # use_category = ["dataplane"], + # cpe = "cpe:2.3:a:apache:thrift:*", + name = "thrift_pip3", + requirements = "@envoy//test/extensions/filters/network/thrift_proxy:requirements.txt", + extra_pip_args = ["--require-hashes"], ) # Envoy deps that rely on a first stage of dependency loading in envoy_dependencies(). diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index c09a10be4d6c1..a9e674938bbe3 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -125,16 +125,6 @@ DEPENDENCY_REPOSITORIES_SPEC = dict( use_category = ["dataplane", "controlplane"], cpe = "N/A", ), - com_github_apache_thrift = dict( - project_name = "Apache Thrift", - project_url = "http://thrift.apache.org/", - version = "0.11.0", - sha256 = "7d59ac4fdcb2c58037ebd4a9da5f9a49e3e034bf75b3f26d9fe48ba3d8806e6b", - strip_prefix = "thrift-{version}", - urls = ["https://files.pythonhosted.org/packages/c6/b4/510617906f8e0c5660e7d96fbc5585113f83ad547a3989b80297ac72a74c/thrift-{version}.tar.gz"], - use_category = ["dataplane"], - cpe = "cpe:2.3:a:apache:thrift:*", - ), com_github_c_ares_c_ares = dict( project_name = "c-ares", project_url = "https://c-ares.haxx.se/", @@ -520,7 +510,7 @@ DEPENDENCY_REPOSITORIES_SPEC = dict( ), io_opencensus_cpp = dict( project_name = "OpenCensus C++", - project_url = "https://pypi.org/project/six/", + project_url = "https://github.com/census-instrumentation/opencensus-cpp", # 2020-06-01 version = "7877337633466358ed680f9b26967da5b310d7aa", sha256 = "12ff300fa804f97bd07e2ff071d969e09d5f3d7bbffeac438c725fa52a51a212", diff --git a/configs/requirements.txt b/configs/requirements.txt index b52f9745422be..07e1fe994fc33 100644 --- a/configs/requirements.txt +++ b/configs/requirements.txt @@ -1,2 +1,37 @@ -Jinja2==2.11.2 -MarkupSafe==1.1.1 +Jinja2==2.11.2 \ + --hash=sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0 \ + --hash=sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035 +MarkupSafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be diff --git a/source/extensions/filters/network/kafka/requirements.txt b/source/extensions/filters/network/kafka/requirements.txt index b52f9745422be..07e1fe994fc33 100644 --- a/source/extensions/filters/network/kafka/requirements.txt +++ b/source/extensions/filters/network/kafka/requirements.txt @@ -1,2 +1,37 @@ -Jinja2==2.11.2 -MarkupSafe==1.1.1 +Jinja2==2.11.2 \ + --hash=sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0 \ + --hash=sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035 +MarkupSafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be diff --git a/test/extensions/filters/network/thrift_proxy/driver/fbthrift/BUILD b/test/extensions/filters/network/thrift_proxy/driver/fbthrift/BUILD index 82b251aeac773..13299104df276 100644 --- a/test/extensions/filters/network/thrift_proxy/driver/fbthrift/BUILD +++ b/test/extensions/filters/network/thrift_proxy/driver/fbthrift/BUILD @@ -1,5 +1,6 @@ load("@rules_python//python:defs.bzl", "py_library") load("//bazel:envoy_build_system.bzl", "envoy_package") +load("@thrift_pip3//:requirements.bzl", "requirement") licenses(["notice"]) # Apache 2 @@ -12,6 +13,6 @@ py_library( "__init__.py", ], deps = [ - "@com_github_apache_thrift//:apache_thrift", + requirement("thrift"), ], ) diff --git a/test/extensions/filters/network/thrift_proxy/driver/finagle/BUILD b/test/extensions/filters/network/thrift_proxy/driver/finagle/BUILD index e2f159ae992d4..988f9ddcd3349 100644 --- a/test/extensions/filters/network/thrift_proxy/driver/finagle/BUILD +++ b/test/extensions/filters/network/thrift_proxy/driver/finagle/BUILD @@ -1,5 +1,6 @@ load("@rules_python//python:defs.bzl", "py_library") load("//bazel:envoy_build_system.bzl", "envoy_package") +load("@thrift_pip3//:requirements.bzl", "requirement") licenses(["notice"]) # Apache 2 @@ -13,8 +14,8 @@ py_library( "__init__.py", ], deps = [ - "@com_github_apache_thrift//:apache_thrift", "@com_github_twitter_common_finagle_thrift//:twitter_common_finagle_thrift", "@com_github_twitter_common_rpc//:twitter_common_rpc", + requirement("thrift"), ], ) diff --git a/test/extensions/filters/network/thrift_proxy/driver/generated/example/BUILD b/test/extensions/filters/network/thrift_proxy/driver/generated/example/BUILD index d3a7029ab41d3..277460b79be9d 100644 --- a/test/extensions/filters/network/thrift_proxy/driver/generated/example/BUILD +++ b/test/extensions/filters/network/thrift_proxy/driver/generated/example/BUILD @@ -1,5 +1,6 @@ load("@rules_python//python:defs.bzl", "py_library") load("//bazel:envoy_build_system.bzl", "envoy_package") +load("@thrift_pip3//:requirements.bzl", "requirement") licenses(["notice"]) # Apache 2 @@ -14,6 +15,6 @@ py_library( "ttypes.py", ], deps = [ - "@com_github_apache_thrift//:apache_thrift", + requirement("thrift"), ], ) diff --git a/test/extensions/filters/network/thrift_proxy/requirements.txt b/test/extensions/filters/network/thrift_proxy/requirements.txt new file mode 100644 index 0000000000000..100ee46c8839e --- /dev/null +++ b/test/extensions/filters/network/thrift_proxy/requirements.txt @@ -0,0 +1,5 @@ +thrift==0.13.0 \ + --hash=sha256:9af1c86bf73433afc6010ed376a6c6aca2b54099cc0d61895f640870a9ae7d89 +six==1.15.0 \ + --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \ + --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced diff --git a/tools/config_validation/requirements.txt b/tools/config_validation/requirements.txt index 7a997b5e44bdb..c327c23fc27a3 100644 --- a/tools/config_validation/requirements.txt +++ b/tools/config_validation/requirements.txt @@ -1 +1,12 @@ -PyYAML==5.3.1 +PyYAML==5.3.1 \ + --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \ + --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \ + --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \ + --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \ + --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \ + --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \ + --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \ + --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \ + --hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d \ + --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \ + --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a diff --git a/tools/envoy_headersplit/requirements.txt b/tools/envoy_headersplit/requirements.txt index 7a2ae10ce74c7..4d79549827846 100644 --- a/tools/envoy_headersplit/requirements.txt +++ b/tools/envoy_headersplit/requirements.txt @@ -1 +1,3 @@ -clang==10.0.1 +clang==10.0.1 \ + --hash=sha256:c90eca387fede58e2398c4e211e2b38a310f5caa9adb367a8f84aa1ba2fe98b5 \ + --hash=sha256:f8d8e02ebaed0e9b8d5e6173c3c38b68e5f381ba34841aeb8145087d16750d89 diff --git a/tools/protodoc/requirements.txt b/tools/protodoc/requirements.txt index 7a997b5e44bdb..c327c23fc27a3 100644 --- a/tools/protodoc/requirements.txt +++ b/tools/protodoc/requirements.txt @@ -1 +1,12 @@ -PyYAML==5.3.1 +PyYAML==5.3.1 \ + --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \ + --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \ + --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \ + --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \ + --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \ + --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \ + --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \ + --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \ + --hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d \ + --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \ + --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a