metropolis: Lock down visibility rules
This formalizes the package structure introduced by D683.
Test Plan: Pure refactor, CI only.
X-Origin-Diff: phab/D684
GitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac
diff --git a/metropolis/cli/dbg/BUILD.bazel b/metropolis/cli/dbg/BUILD.bazel
index 45464d6..e85defb 100644
--- a/metropolis/cli/dbg/BUILD.bazel
+++ b/metropolis/cli/dbg/BUILD.bazel
@@ -20,5 +20,5 @@
go_binary(
name = "dbg",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//visibility:private"],
)
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index b730deb..06ade3c 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel
@@ -5,7 +5,7 @@
name = "go_default_library",
srcs = ["ports.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
# debug_build checks if we're building in debug mode and enables various debug features for the image. Currently this
@@ -88,7 +88,10 @@
tools = [
"//metropolis/node/build/mkimage",
],
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/test/launch:__subpackages__",
+ "//metropolis/test/e2e:__subpackages__",
+ ],
)
genrule(
@@ -128,7 +131,10 @@
cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
""",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/test/launch:__subpackages__",
+ "//metropolis/test/e2e:__subpackages__",
+ ],
)
load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
diff --git a/metropolis/node/build/genosrelease/BUILD.bazel b/metropolis/node/build/genosrelease/BUILD.bazel
index 9403d72..c5b7759 100644
--- a/metropolis/node/build/genosrelease/BUILD.bazel
+++ b/metropolis/node/build/genosrelease/BUILD.bazel
@@ -11,5 +11,5 @@
go_binary(
name = "genosrelease",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/build/kconfig-patcher/BUILD.bazel b/metropolis/node/build/kconfig-patcher/BUILD.bazel
index 55b2b52..3ce0f74 100644
--- a/metropolis/node/build/kconfig-patcher/BUILD.bazel
+++ b/metropolis/node/build/kconfig-patcher/BUILD.bazel
@@ -10,7 +10,10 @@
go_binary(
name = "kconfig-patcher",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__pkg__",
+ "//metropolis/test/ktest:__pkg__",
+ ],
)
go_test(
diff --git a/metropolis/node/build/mkimage/BUILD.bazel b/metropolis/node/build/mkimage/BUILD.bazel
index b489002..2b59adf 100644
--- a/metropolis/node/build/mkimage/BUILD.bazel
+++ b/metropolis/node/build/mkimage/BUILD.bazel
@@ -16,5 +16,5 @@
go_binary(
name = "mkimage",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/core/BUILD.bazel b/metropolis/node/core/BUILD.bazel
index 004bbc8..b9d9d03 100644
--- a/metropolis/node/core/BUILD.bazel
+++ b/metropolis/node/core/BUILD.bazel
@@ -39,5 +39,5 @@
name = "core",
embed = [":go_default_library"],
pure = "on", # keep
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/core/network/dhcp4c/BUILD.bazel b/metropolis/node/core/network/dhcp4c/BUILD.bazel
index c84bd05..5dc7b9e 100644
--- a/metropolis/node/core/network/dhcp4c/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/BUILD.bazel
@@ -8,7 +8,11 @@
"lease.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__subpackages__",
+ # Exception for this package: the DHCP client is also used by nanoswitch.
+ "//metropolis/test/nanoswitch:__subpackages__",
+ ],
deps = [
"//metropolis/node/core/network/dhcp4c/transport:go_default_library",
"//metropolis/pkg/supervisor:go_default_library",
diff --git a/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel b/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
index ed6f330..a752e52 100644
--- a/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
@@ -5,7 +5,11 @@
name = "go_default_library",
srcs = ["callback.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c/callback",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__subpackages__",
+ # Exception for this package: the DHCP client is also used by nanoswitch.
+ "//metropolis/test/nanoswitch:__subpackages__",
+ ],
deps = [
"//metropolis/node/core/network/dhcp4c:go_default_library",
"@com_github_insomniacslk_dhcp//dhcpv4:go_default_library",
diff --git a/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel b/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
index edd47a1..23adf2c 100644
--- a/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
@@ -8,7 +8,7 @@
"transport_unicast.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c/transport",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node/core/network/dhcp4c:__subpackages__"],
deps = [
"@com_github_google_gopacket//:go_default_library",
"@com_github_google_gopacket//layers:go_default_library",
diff --git a/metropolis/node/kubernetes/hyperkube/BUILD b/metropolis/node/kubernetes/hyperkube/BUILD
index dced1c7..4c8c5c9 100644
--- a/metropolis/node/kubernetes/hyperkube/BUILD
+++ b/metropolis/node/kubernetes/hyperkube/BUILD
@@ -24,6 +24,6 @@
name = "hyperkube",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
x_defs = version_x_defs(),
)
diff --git a/metropolis/pkg/devicemapper/BUILD.bazel b/metropolis/pkg/devicemapper/BUILD.bazel
index 17c50cc..44c96d1 100644
--- a/metropolis/pkg/devicemapper/BUILD.bazel
+++ b/metropolis/pkg/devicemapper/BUILD.bazel
@@ -4,7 +4,7 @@
name = "go_default_library",
srcs = ["devicemapper.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/devicemapper",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"@com_github_pkg_errors//:go_default_library",
"@com_github_yalue_native_endian//:go_default_library",
diff --git a/metropolis/pkg/fileargs/BUILD.bazel b/metropolis/pkg/fileargs/BUILD.bazel
index fab70d7..f07c531 100644
--- a/metropolis/pkg/fileargs/BUILD.bazel
+++ b/metropolis/pkg/fileargs/BUILD.bazel
@@ -4,6 +4,6 @@
name = "go_default_library",
srcs = ["fileargs.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/fileargs",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = ["@org_golang_x_sys//unix:go_default_library"],
)
diff --git a/metropolis/pkg/freeport/BUILD.bazel b/metropolis/pkg/freeport/BUILD.bazel
index 8ac6daf..70084b2 100644
--- a/metropolis/pkg/freeport/BUILD.bazel
+++ b/metropolis/pkg/freeport/BUILD.bazel
@@ -4,5 +4,5 @@
name = "go_default_library",
srcs = ["freeport.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/freeport",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
diff --git a/metropolis/pkg/fsquota/BUILD.bazel b/metropolis/pkg/fsquota/BUILD.bazel
index 5f875a9..30dbfa6 100644
--- a/metropolis/pkg/fsquota/BUILD.bazel
+++ b/metropolis/pkg/fsquota/BUILD.bazel
@@ -8,7 +8,7 @@
"fsquota.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/fsquota",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"//metropolis/pkg/fsquota/fsxattrs:go_default_library",
"//metropolis/pkg/fsquota/quotactl:go_default_library",
diff --git a/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel b/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel
index 87f2617..87fc9e1 100644
--- a/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel
+++ b/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel
@@ -4,6 +4,6 @@
name = "go_default_library",
srcs = ["fsxattrs.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/fsquota/fsxattrs",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = ["@org_golang_x_sys//unix:go_default_library"],
)
diff --git a/metropolis/pkg/fsquota/quotactl/BUILD.bazel b/metropolis/pkg/fsquota/quotactl/BUILD.bazel
index 406c784..6810e2d 100644
--- a/metropolis/pkg/fsquota/quotactl/BUILD.bazel
+++ b/metropolis/pkg/fsquota/quotactl/BUILD.bazel
@@ -4,6 +4,6 @@
name = "go_default_library",
srcs = ["quotactl.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/fsquota/quotactl",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = ["@org_golang_x_sys//unix:go_default_library"],
)
diff --git a/metropolis/pkg/jsonpatch/BUILD.bazel b/metropolis/pkg/jsonpatch/BUILD.bazel
index b733c57..a1414ca 100644
--- a/metropolis/pkg/jsonpatch/BUILD.bazel
+++ b/metropolis/pkg/jsonpatch/BUILD.bazel
@@ -4,7 +4,7 @@
name = "go_default_library",
srcs = ["jsonpatch.go.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/jsonpatch",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
go_test(
diff --git a/metropolis/pkg/logbuffer/BUILD.bazel b/metropolis/pkg/logbuffer/BUILD.bazel
index 57a85d8..0a07593 100644
--- a/metropolis/pkg/logbuffer/BUILD.bazel
+++ b/metropolis/pkg/logbuffer/BUILD.bazel
@@ -7,7 +7,7 @@
"logbuffer.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/logbuffer",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = ["//metropolis/proto/api:go_default_library"],
)
diff --git a/metropolis/pkg/logtree/BUILD.bazel b/metropolis/pkg/logtree/BUILD.bazel
index bb07e99..f13b39a 100644
--- a/metropolis/pkg/logtree/BUILD.bazel
+++ b/metropolis/pkg/logtree/BUILD.bazel
@@ -15,7 +15,7 @@
"logtree_publisher.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/logtree",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"//metropolis/pkg/logbuffer:go_default_library",
"//metropolis/proto/api:go_default_library",
diff --git a/metropolis/pkg/supervisor/BUILD.bazel b/metropolis/pkg/supervisor/BUILD.bazel
index 40b0469..ac00fe7 100644
--- a/metropolis/pkg/supervisor/BUILD.bazel
+++ b/metropolis/pkg/supervisor/BUILD.bazel
@@ -10,10 +10,7 @@
"supervisor_testhelpers.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/supervisor",
- visibility = [
- "//metropolis/node:__subpackages__",
- "//metropolis/test:__subpackages__",
- ],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"//metropolis/pkg/logtree:go_default_library",
"@com_github_cenkalti_backoff_v4//:go_default_library",
diff --git a/metropolis/pkg/sysfs/BUILD.bazel b/metropolis/pkg/sysfs/BUILD.bazel
index 0cea1f8..03e4c5b 100644
--- a/metropolis/pkg/sysfs/BUILD.bazel
+++ b/metropolis/pkg/sysfs/BUILD.bazel
@@ -4,5 +4,5 @@
name = "go_default_library",
srcs = ["uevents.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/sysfs",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
diff --git a/metropolis/pkg/tpm/BUILD.bazel b/metropolis/pkg/tpm/BUILD.bazel
index d06ff37..7ea5b87 100644
--- a/metropolis/pkg/tpm/BUILD.bazel
+++ b/metropolis/pkg/tpm/BUILD.bazel
@@ -7,7 +7,7 @@
"tpm.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/tpm",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"//metropolis/pkg/logtree:go_default_library",
"//metropolis/pkg/sysfs:go_default_library",
diff --git a/metropolis/pkg/tpm/eventlog/BUILD.bazel b/metropolis/pkg/tpm/eventlog/BUILD.bazel
index 94a7ee9..78b3ed4 100644
--- a/metropolis/pkg/tpm/eventlog/BUILD.bazel
+++ b/metropolis/pkg/tpm/eventlog/BUILD.bazel
@@ -8,7 +8,7 @@
"secureboot.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/pkg/tpm/eventlog",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
deps = [
"//metropolis/pkg/tpm/eventlog/internal:go_default_library",
"@com_github_google_certificate_transparency_go//x509:go_default_library",
diff --git a/metropolis/proto/common/BUILD.bazel b/metropolis/proto/common/BUILD.bazel
index 882bb61..a5f7eb0 100644
--- a/metropolis/proto/common/BUILD.bazel
+++ b/metropolis/proto/common/BUILD.bazel
@@ -5,19 +5,19 @@
proto_library(
name = "common_proto",
srcs = ["common.proto"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
go_proto_library(
name = "common_go_proto",
importpath = "git.monogon.dev/source/nexantic.git/metropolis/proto/common",
proto = ":common_proto",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
go_library(
name = "go_default_library",
embed = [":common_go_proto"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/proto/common",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
diff --git a/metropolis/test/e2e/k8s_cts/BUILD.bazel b/metropolis/test/e2e/k8s_cts/BUILD.bazel
index 0e43c24..2932758 100644
--- a/metropolis/test/e2e/k8s_cts/BUILD.bazel
+++ b/metropolis/test/e2e/k8s_cts/BUILD.bazel
@@ -22,7 +22,7 @@
base = ":kubectl_in_path",
binary = "@io_k8s_kubernetes//test/e2e:_go_default_test-pure",
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
go_library(
@@ -51,5 +51,5 @@
"@com_github_bonzini_qboot//:qboot-bin",
],
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//visibility:private"],
)
diff --git a/metropolis/test/e2e/preseedtest/BUILD.bazel b/metropolis/test/e2e/preseedtest/BUILD.bazel
index 41b32e3..d33bcbc 100644
--- a/metropolis/test/e2e/preseedtest/BUILD.bazel
+++ b/metropolis/test/e2e/preseedtest/BUILD.bazel
@@ -12,5 +12,5 @@
name = "preseedtest",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/test/ktest/BUILD b/metropolis/test/ktest/BUILD
index d94831c..38f1f31 100644
--- a/metropolis/test/ktest/BUILD
+++ b/metropolis/test/ktest/BUILD
@@ -13,7 +13,7 @@
name = "ktest",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
kconfig_patch(
@@ -53,11 +53,11 @@
cp $$DIR/vmlinux $@
""",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
filegroup(
name = "test-script",
srcs = ["run_ktest.sh"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
diff --git a/metropolis/test/ktest/init/BUILD.bazel b/metropolis/test/ktest/init/BUILD.bazel
index 4161146..0298a8e 100644
--- a/metropolis/test/ktest/init/BUILD.bazel
+++ b/metropolis/test/ktest/init/BUILD.bazel
@@ -12,5 +12,5 @@
name = "init",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
diff --git a/metropolis/test/launch/cli/launch-multi2/BUILD.bazel b/metropolis/test/launch/cli/launch-multi2/BUILD.bazel
index 4b51824..aeb19ec 100644
--- a/metropolis/test/launch/cli/launch-multi2/BUILD.bazel
+++ b/metropolis/test/launch/cli/launch-multi2/BUILD.bazel
@@ -26,5 +26,5 @@
"@com_github_bonzini_qboot//:qboot-bin",
],
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//:__pkg__"],
)
diff --git a/metropolis/test/launch/cli/launch/BUILD.bazel b/metropolis/test/launch/cli/launch/BUILD.bazel
index 6b1461d..72c8161 100644
--- a/metropolis/test/launch/cli/launch/BUILD.bazel
+++ b/metropolis/test/launch/cli/launch/BUILD.bazel
@@ -16,5 +16,5 @@
"//third_party/edk2:firmware",
],
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//:__pkg__"],
)
diff --git a/metropolis/test/nanoswitch/BUILD b/metropolis/test/nanoswitch/BUILD
index fa7e271..643d16b 100644
--- a/metropolis/test/nanoswitch/BUILD
+++ b/metropolis/test/nanoswitch/BUILD
@@ -26,7 +26,7 @@
name = "nanoswitch",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//visibility:private"],
)
node_initramfs(
@@ -37,5 +37,5 @@
# CA Certificate bundle
"@cacerts//file": "/etc/ssl/cert.pem",
},
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/test:__subpackages__"],
)