metropolis: Lock down visibility rules
This formalizes the package structure introduced by D683.
Test Plan: Pure refactor, CI only.
X-Origin-Diff: phab/D684
GitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index b730deb..06ade3c 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel
@@ -5,7 +5,7 @@
name = "go_default_library",
srcs = ["ports.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis:__subpackages__"],
)
# debug_build checks if we're building in debug mode and enables various debug features for the image. Currently this
@@ -88,7 +88,10 @@
tools = [
"//metropolis/node/build/mkimage",
],
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/test/launch:__subpackages__",
+ "//metropolis/test/e2e:__subpackages__",
+ ],
)
genrule(
@@ -128,7 +131,10 @@
cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
""",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/test/launch:__subpackages__",
+ "//metropolis/test/e2e:__subpackages__",
+ ],
)
load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
diff --git a/metropolis/node/build/genosrelease/BUILD.bazel b/metropolis/node/build/genosrelease/BUILD.bazel
index 9403d72..c5b7759 100644
--- a/metropolis/node/build/genosrelease/BUILD.bazel
+++ b/metropolis/node/build/genosrelease/BUILD.bazel
@@ -11,5 +11,5 @@
go_binary(
name = "genosrelease",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/build/kconfig-patcher/BUILD.bazel b/metropolis/node/build/kconfig-patcher/BUILD.bazel
index 55b2b52..3ce0f74 100644
--- a/metropolis/node/build/kconfig-patcher/BUILD.bazel
+++ b/metropolis/node/build/kconfig-patcher/BUILD.bazel
@@ -10,7 +10,10 @@
go_binary(
name = "kconfig-patcher",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__pkg__",
+ "//metropolis/test/ktest:__pkg__",
+ ],
)
go_test(
diff --git a/metropolis/node/build/mkimage/BUILD.bazel b/metropolis/node/build/mkimage/BUILD.bazel
index b489002..2b59adf 100644
--- a/metropolis/node/build/mkimage/BUILD.bazel
+++ b/metropolis/node/build/mkimage/BUILD.bazel
@@ -16,5 +16,5 @@
go_binary(
name = "mkimage",
embed = [":go_default_library"],
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/core/BUILD.bazel b/metropolis/node/core/BUILD.bazel
index 004bbc8..b9d9d03 100644
--- a/metropolis/node/core/BUILD.bazel
+++ b/metropolis/node/core/BUILD.bazel
@@ -39,5 +39,5 @@
name = "core",
embed = [":go_default_library"],
pure = "on", # keep
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
)
diff --git a/metropolis/node/core/network/dhcp4c/BUILD.bazel b/metropolis/node/core/network/dhcp4c/BUILD.bazel
index c84bd05..5dc7b9e 100644
--- a/metropolis/node/core/network/dhcp4c/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/BUILD.bazel
@@ -8,7 +8,11 @@
"lease.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__subpackages__",
+ # Exception for this package: the DHCP client is also used by nanoswitch.
+ "//metropolis/test/nanoswitch:__subpackages__",
+ ],
deps = [
"//metropolis/node/core/network/dhcp4c/transport:go_default_library",
"//metropolis/pkg/supervisor:go_default_library",
diff --git a/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel b/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
index ed6f330..a752e52 100644
--- a/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/callback/BUILD.bazel
@@ -5,7 +5,11 @@
name = "go_default_library",
srcs = ["callback.go"],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c/callback",
- visibility = ["//visibility:public"],
+ visibility = [
+ "//metropolis/node:__subpackages__",
+ # Exception for this package: the DHCP client is also used by nanoswitch.
+ "//metropolis/test/nanoswitch:__subpackages__",
+ ],
deps = [
"//metropolis/node/core/network/dhcp4c:go_default_library",
"@com_github_insomniacslk_dhcp//dhcpv4:go_default_library",
diff --git a/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel b/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
index edd47a1..23adf2c 100644
--- a/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
+++ b/metropolis/node/core/network/dhcp4c/transport/BUILD.bazel
@@ -8,7 +8,7 @@
"transport_unicast.go",
],
importpath = "git.monogon.dev/source/nexantic.git/metropolis/node/core/network/dhcp4c/transport",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node/core/network/dhcp4c:__subpackages__"],
deps = [
"@com_github_google_gopacket//:go_default_library",
"@com_github_google_gopacket//layers:go_default_library",
diff --git a/metropolis/node/kubernetes/hyperkube/BUILD b/metropolis/node/kubernetes/hyperkube/BUILD
index dced1c7..4c8c5c9 100644
--- a/metropolis/node/kubernetes/hyperkube/BUILD
+++ b/metropolis/node/kubernetes/hyperkube/BUILD
@@ -24,6 +24,6 @@
name = "hyperkube",
embed = [":go_default_library"],
pure = "on",
- visibility = ["//visibility:public"],
+ visibility = ["//metropolis/node:__pkg__"],
x_defs = version_x_defs(),
)