load("//bazel:build.bzl", "redpanda_cc_library")

redpanda_cc_library(
    name = "config",
    srcs = [
        "config_bsl.cc",
        "config_rcl.cc",
        "gssapi_rule.cc",
        "logger.cc",
        "mtls_rule.cc",
    ],
    hdrs = [
        "config.h",
        "gssapi_rule.h",
        "logger.h",
        "mtls_rule.h",
        "oidc_error.h",
        "oidc_principal_mapping.h",
        "oidc_url_parser.h",
    ],
    include_prefix = "security",
    visibility = ["//visibility:public"],
    deps = [
        "//src/v/base",
        "//src/v/json",
        "//src/v/ssx:sformat",
        "//src/v/thirdparty/ada",
        "@boost//:algorithm",
        "@fmt",
        "@re2",
        "@seastar",
    ],
)

redpanda_cc_library(
    name = "license",
    srcs = [
        "license.cc",
    ],
    hdrs = [
        "license.h",
    ],
    include_prefix = "security",
    visibility = ["//visibility:public"],
    deps = [
        "//src/v/base",
        "//src/v/crypto",
        "//src/v/hashing:secure",
        "//src/v/json",
        "//src/v/serde",
        "//src/v/serde:chrono",
        "//src/v/serde:enum",
        "//src/v/serde:sstring",
        "//src/v/utils:base64",
        "@fmt",
        "@seastar",
    ],
)

redpanda_cc_library(
    name = "request_auth",
    srcs = [
        "request_auth.cc",
    ],
    hdrs = [
        "request_auth.h",
    ],
    include_prefix = "security",
    visibility = ["//visibility:public"],
    deps = [
        ":security",
        "//src/v/base",
        "//src/v/cluster",
        "//src/v/config",
        "@seastar",
    ],
)

redpanda_cc_library(
    name = "security",
    srcs = [
        "acl.cc",
        "authorizer.cc",
        "credential.cc",
        "gssapi_authenticator.cc",
        "gssapi_principal_mapper.cc",
        "jwt.cc",
        "krb5.cc",
        "krb5_configurator.cc",
        "mtls.cc",
        "oidc_authenticator.cc",
        "oidc_principal_mapping_applicator.cc",
        "oidc_service.cc",
        "role.cc",
        "scram_algorithm.cc",
        "scram_authenticator.cc",
    ],
    hdrs = [
        "acl.h",
        "acl_entry_set.h",
        "acl_store.h",
        "authorizer.h",
        "credential_store.h",
        "ephemeral_credential.h",
        "ephemeral_credential_store.h",
        "errc.h",
        "exceptions.h",
        "fwd.h",
        "gssapi.h",
        "gssapi_authenticator.h",
        "gssapi_principal_mapper.h",
        "jwt.h",
        "krb5.h",
        "krb5_configurator.h",
        "logger.h",
        "mtls.h",
        "oidc_authenticator.h",
        "oidc_error.h",
        "oidc_principal_mapping_applicator.h",
        "oidc_service.h",
        "role.h",
        "role_store.h",
        "sasl_authentication.h",
        "scram_algorithm.h",
        "scram_authenticator.h",
        "scram_credential.h",
        "types.h",
    ],
    include_prefix = "security",
    visibility = ["//visibility:public"],
    deps = [
        ":config",
        "//src/v/base",
        "//src/v/bytes",
        "//src/v/bytes:random",
        "//src/v/config",
        "//src/v/container:fragmented_vector",
        "//src/v/crypto",
        "//src/v/hashing:secure",
        "//src/v/http",
        "//src/v/json",
        "//src/v/kafka/protocol",
        "//src/v/metrics",
        "//src/v/model",
        "//src/v/net",
        "//src/v/random:generators",
        "//src/v/reflection:adl",
        "//src/v/security/audit:types",
        "//src/v/serde",
        "//src/v/serde:bytes",
        "//src/v/serde:enum",
        "//src/v/serde:optional",
        "//src/v/ssx:future_util",
        "//src/v/ssx:sformat",
        "//src/v/ssx:thread_worker",
        "//src/v/strings:string_switch",
        "//src/v/strings:utf8",
        "//src/v/thirdparty/krb5",
        "//src/v/utils:absl_sstring_hash",
        "//src/v/utils:base64",
        "//src/v/utils:log_hist",
        "//src/v/utils:named_type",
        "//src/v/utils:to_string",
        "//src/v/version",
        "@abseil-cpp//absl/algorithm:container",
        "@abseil-cpp//absl/container:btree",
        "@abseil-cpp//absl/container:flat_hash_map",
        "@abseil-cpp//absl/container:flat_hash_set",
        "@abseil-cpp//absl/container:node_hash_map",
        "@abseil-cpp//absl/container:node_hash_set",
        "@boost//:algorithm",
        "@boost//:outcome",
        "@boost//:range",
        "@fmt",
        "@rapidjson",
        "@re2",
        "@seastar",
    ],
)
