summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAndrew Clayton <a.clayton@nginx.com>2024-02-05 21:50:52 +0000
committerAndrew Clayton <a.clayton@nginx.com>2024-02-21 16:20:32 +0000
commit07a0c9a34817d6faedff67505507cd4f54752a22 (patch)
tree998ea43d529b19154e9fba69d1045028c3958673
parent8d030139a1bde3ee640852d1348eb595cb376d05 (diff)
downloadunit-07a0c9a34817d6faedff67505507cd4f54752a22.tar.gz
unit-07a0c9a34817d6faedff67505507cd4f54752a22.tar.bz2
Wasm-wc: Wire up the language module to the config system
This exposes the various WebAssembly Component Model language module specific options. The application type is "wasm-wasi-component". There is a "component" option that is required, this specifies the full path to the WebAssembly component to be run. This component should be in binary format, i.e a .wasm file. There is also currently one optional option "access" Due to the sandboxed nature of WebAssembly, by default Wasm modules/components don't have any access to the underlying filesystem. There is however a capabilities based mechanism[0] for allowing such access. This adds a config option to the 'wasm-wasi-component' application type (same as for 'wasm'); 'access.filesystem' which takes an array of directory paths that are then made available to the wasm module/component. This access works recursively, i.e everything under a specific path is allowed access to. Example config might look like "applications": { "my-wasm-component": { "type": "wasm-wasi-component", "component": "/path/to/component.wasm", "access" { "filesystem": [ "/tmp", "/var/tmp" ] } } } The actual mechanism used allows directories to be mapped differently in the guest. But at the moment we don't support that and just map say /tmp to /tmp. This can be revisited if it's something users clamour for. [0]: <https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-capabilities.md> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to '')
-rw-r--r--src/nxt_application.c3
-rw-r--r--src/nxt_conf_validation.c17
-rw-r--r--src/nxt_main_process.c15
3 files changed, 35 insertions, 0 deletions
diff --git a/src/nxt_application.c b/src/nxt_application.c
index 872e387a..e0247bf0 100644
--- a/src/nxt_application.c
+++ b/src/nxt_application.c
@@ -1100,6 +1100,9 @@ nxt_app_parse_type(u_char *p, size_t length)
} else if (nxt_str_eq(&str, "java", 4)) {
return NXT_APP_JAVA;
+ } else if (nxt_str_eq(&str, "wasm-wasi-component", 19)) {
+ return NXT_APP_WASM_WC;
+
} else if (nxt_str_eq(&str, "wasm", 4)) {
return NXT_APP_WASM;
}
diff --git a/src/nxt_conf_validation.c b/src/nxt_conf_validation.c
index caa068d2..2099f887 100644
--- a/src/nxt_conf_validation.c
+++ b/src/nxt_conf_validation.c
@@ -1095,6 +1095,22 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_wasm_members[] = {
};
+static nxt_conf_vldt_object_t nxt_conf_vldt_wasm_wc_members[] = {
+ {
+ .name = nxt_string("component"),
+ .type = NXT_CONF_VLDT_STRING,
+ .flags = NXT_CONF_VLDT_REQUIRED,
+ }, {
+ .name = nxt_string("access"),
+ .type = NXT_CONF_VLDT_OBJECT,
+ .validator = nxt_conf_vldt_object,
+ .u.members = nxt_conf_vldt_wasm_access_members,
+ },
+
+ NXT_CONF_VLDT_NEXT(nxt_conf_vldt_common_members)
+};
+
+
static nxt_conf_vldt_object_t nxt_conf_vldt_wasm_access_members[] = {
{
.name = nxt_string("filesystem"),
@@ -2660,6 +2676,7 @@ nxt_conf_vldt_app(nxt_conf_validation_t *vldt, nxt_str_t *name,
{ nxt_conf_vldt_object, nxt_conf_vldt_ruby_members },
{ nxt_conf_vldt_object, nxt_conf_vldt_java_members },
{ nxt_conf_vldt_object, nxt_conf_vldt_wasm_members },
+ { nxt_conf_vldt_object, nxt_conf_vldt_wasm_wc_members },
};
ret = nxt_conf_vldt_type(vldt, name, value, NXT_CONF_VLDT_OBJECT);
diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c
index 3f317d5e..060ead41 100644
--- a/src/nxt_main_process.c
+++ b/src/nxt_main_process.c
@@ -377,6 +377,20 @@ static nxt_conf_map_t nxt_wasm_app_conf[] = {
};
+static nxt_conf_map_t nxt_wasm_wc_app_conf[] = {
+ {
+ nxt_string("component"),
+ NXT_CONF_MAP_CSTRZ,
+ offsetof(nxt_common_app_conf_t, u.wasm_wc.component),
+ },
+ {
+ nxt_string("access"),
+ NXT_CONF_MAP_PTR,
+ offsetof(nxt_common_app_conf_t, u.wasm_wc.access),
+ },
+};
+
+
static nxt_conf_app_map_t nxt_app_maps[] = {
{ nxt_nitems(nxt_external_app_conf), nxt_external_app_conf },
{ nxt_nitems(nxt_python_app_conf), nxt_python_app_conf },
@@ -385,6 +399,7 @@ static nxt_conf_app_map_t nxt_app_maps[] = {
{ nxt_nitems(nxt_ruby_app_conf), nxt_ruby_app_conf },
{ nxt_nitems(nxt_java_app_conf), nxt_java_app_conf },
{ nxt_nitems(nxt_wasm_app_conf), nxt_wasm_app_conf },
+ { nxt_nitems(nxt_wasm_wc_app_conf), nxt_wasm_wc_app_conf },
};