diff --git a/Cargo.lock b/Cargo.lock index 3295d890c9..d6a8e17f30 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -860,12 +860,6 @@ dependencies = [ "serde 1.0.197", ] -[[package]] -name = "bytesize" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e368af43e418a04d52505cf3dbc23dda4e3407ae2fa99fd0e4f308ce546acc" - [[package]] name = "bzip2" version = "0.4.4" @@ -925,7 +919,7 @@ source = "git+https://github.com/huggingface/candle?rev=b80348d22f8f0dadb6cc4101 dependencies = [ "byteorder", "candle-gemm", - "half 2.4.0", + "half", "memmap2 0.7.1", "num-traits 0.2.18", "num_cpus", @@ -1016,7 +1010,7 @@ dependencies = [ "candle-gemm-common", "candle-gemm-f32", "dyn-stack", - "half 2.4.0", + "half", "lazy_static 1.4.0", "num-complex", "num-traits 0.2.18", @@ -1217,12 +1211,6 @@ dependencies = [ "toml 0.8.14", ] -[[package]] -name = "cast" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" - [[package]] name = "cc" version = "1.0.90" @@ -1299,17 +1287,6 @@ dependencies = [ "libloading", ] -[[package]] -name = "clap" -version = "2.34.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" -dependencies = [ - "bitflags 1.3.2", - "textwrap 0.11.0", - "unicode-width", -] - [[package]] name = "clap" version = "3.2.25" @@ -1324,7 +1301,7 @@ dependencies = [ "once_cell", "strsim 0.10.0", "termcolor", - "textwrap 0.16.1", + "textwrap", ] [[package]] @@ -1695,44 +1672,6 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "criterion" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b01d6de93b2b6c65e17c634a26653a29d107b3c98c607c765bf38d041531cd8f" -dependencies = [ - "atty", - "cast", - "clap 2.34.0", - "criterion-plot", - "csv", - "futures", - "itertools 0.10.5", - "lazy_static 1.4.0", - "num-traits 0.2.18", - "oorandom", - "plotters", - "rayon", - "regex", - "serde 1.0.197", - "serde_cbor", - "serde_derive", - "serde_json", - "tinytemplate", - "tokio", - "walkdir", -] - -[[package]] -name = "criterion-plot" -version = "0.4.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2673cc8207403546f45f5fd319a974b1e6983ad1a3ee7e6041650013be041876" -dependencies = [ - "cast", - "itertools 0.10.5", -] - [[package]] name = "crossbeam" version = "0.8.4" @@ -1842,27 +1781,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "csv" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac574ff4d437a7b5ad237ef331c17ccca63c46479e5b5453eb8e10bb99a759fe" -dependencies = [ - "csv-core", - "itoa", - "ryu", - "serde 1.0.197", -] - -[[package]] -name = "csv-core" -version = "0.1.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5efa2b3d7902f4b634a20cae3c9c4e6209dc4779feb6863329607560143efa70" -dependencies = [ - "memchr", -] - [[package]] name = "ctrlc" version = "3.4.4" @@ -3155,12 +3073,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "half" -version = "1.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b43ede17f21864e81be2fa654110bf1e793774238d86ef8555c37e6519c0403" - [[package]] name = "half" version = "2.4.0" @@ -4228,12 +4140,7 @@ version = "0.2.0-dev" source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" dependencies = [ "llm-base", - "llm-bloom", - "llm-gpt2", - "llm-gptj", - "llm-gptneox", "llm-llama", - "llm-mpt", "serde 1.0.197", "tracing", ] @@ -4245,7 +4152,7 @@ source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a87 dependencies = [ "bytemuck", "ggml", - "half 2.4.0", + "half", "llm-samplers", "memmap2 0.5.10", "partial_sort", @@ -4258,39 +4165,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "llm-bloom" -version = "0.2.0-dev" -source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" -dependencies = [ - "llm-base", -] - -[[package]] -name = "llm-gpt2" -version = "0.2.0-dev" -source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" -dependencies = [ - "bytemuck", - "llm-base", -] - -[[package]] -name = "llm-gptj" -version = "0.2.0-dev" -source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" -dependencies = [ - "llm-base", -] - -[[package]] -name = "llm-gptneox" -version = "0.2.0-dev" -source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" -dependencies = [ - "llm-base", -] - [[package]] name = "llm-llama" version = "0.2.0-dev" @@ -4300,14 +4174,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "llm-mpt" -version = "0.2.0-dev" -source = "git+https://github.com/rustformers/llm?rev=2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663#2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663" -dependencies = [ - "llm-base", -] - [[package]] name = "llm-samplers" version = "0.0.6" @@ -5127,12 +4993,6 @@ dependencies = [ "pkg-config", ] -[[package]] -name = "oorandom" -version = "11.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" - [[package]] name = "opaque-debug" version = "0.3.1" @@ -5313,94 +5173,6 @@ version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" -[[package]] -name = "outbound-http" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "http 0.2.12", - "reqwest 0.11.27", - "spin-app", - "spin-core", - "spin-expressions", - "spin-locked-app", - "spin-outbound-networking", - "spin-telemetry", - "spin-world", - "terminal", - "tracing", - "url", -] - -[[package]] -name = "outbound-mqtt" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "rumqttc", - "spin-app", - "spin-core", - "spin-expressions", - "spin-outbound-networking", - "spin-world", - "table", - "tokio", - "tracing", -] - -[[package]] -name = "outbound-mysql" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "flate2", - "mysql_async", - "mysql_common", - "spin-app", - "spin-core", - "spin-expressions", - "spin-outbound-networking", - "spin-world", - "table", - "tokio", - "tracing", - "url", -] - -[[package]] -name = "outbound-pg" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "native-tls", - "postgres-native-tls", - "spin-app", - "spin-core", - "spin-expressions", - "spin-outbound-networking", - "spin-world", - "table", - "tokio", - "tokio-postgres", - "tracing", -] - -[[package]] -name = "outbound-redis" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "redis 0.21.7", - "spin-app", - "spin-core", - "spin-expressions", - "spin-outbound-networking", - "spin-world", - "table", - "tokio", - "tracing", -] - [[package]] name = "overload" version = "0.1.1" @@ -5722,34 +5494,6 @@ version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" -[[package]] -name = "plotters" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45" -dependencies = [ - "num-traits 0.2.18", - "plotters-backend", - "plotters-svg", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "plotters-backend" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609" - -[[package]] -name = "plotters-svg" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab" -dependencies = [ - "plotters-backend", -] - [[package]] name = "polling" version = "2.8.0" @@ -6815,16 +6559,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "sanitize-filename" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08c502bdb638f1396509467cb0580ef3b29aa2a45c5d43e5d84928241280296c" -dependencies = [ - "lazy_static 1.4.0", - "regex", -] - [[package]] name = "sanitize-filename" version = "0.5.0" @@ -6993,16 +6727,6 @@ dependencies = [ "serde 1.0.197", ] -[[package]] -name = "serde_cbor" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5" -dependencies = [ - "half 1.8.3", - "serde 1.0.197", -] - [[package]] name = "serde_derive" version = "1.0.197" @@ -7973,18 +7697,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "spin-llm" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "bytesize", - "llm", - "spin-app", - "spin-core", - "spin-world", -] - [[package]] name = "spin-llm-local" version = "2.8.0-pre0" @@ -8114,7 +7826,6 @@ dependencies = [ "spin-loader", "spin-locked-app", "spin-manifest", - "spin-testing", "tempfile", "tokio", "tokio-util 0.7.10", @@ -8290,124 +8001,6 @@ dependencies = [ "walkdir", ] -[[package]] -name = "spin-testing" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "http 1.1.0", - "hyper 1.4.1", - "serde 1.0.197", - "serde_json", - "spin-app", - "spin-componentize", - "spin-core", - "spin-http", - "spin-trigger", - "tokio", - "tracing-subscriber", -] - -[[package]] -name = "spin-trigger" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "async-trait", - "clap 3.2.25", - "ctrlc", - "dirs 4.0.0", - "futures", - "http 1.1.0", - "indexmap 1.9.3", - "ipnet", - "outbound-http", - "outbound-mqtt", - "outbound-mysql", - "outbound-pg", - "outbound-redis", - "rustls-pemfile 2.1.2", - "rustls-pki-types", - "sanitize-filename 0.4.0", - "serde 1.0.197", - "serde_json", - "spin-app", - "spin-common", - "spin-componentize", - "spin-core", - "spin-expressions", - "spin-key-value", - "spin-key-value-azure", - "spin-key-value-redis", - "spin-key-value-sqlite", - "spin-llm", - "spin-llm-local", - "spin-llm-remote-http", - "spin-loader", - "spin-manifest", - "spin-outbound-networking", - "spin-serde", - "spin-sqlite", - "spin-sqlite-inproc", - "spin-sqlite-libsql", - "spin-telemetry", - "spin-variables", - "spin-world", - "tempfile", - "terminal", - "tokio", - "toml 0.5.11", - "tracing", - "url", - "wasmtime", - "wasmtime-wasi", - "wasmtime-wasi-http", -] - -[[package]] -name = "spin-trigger-http" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "async-trait", - "clap 3.2.25", - "criterion", - "futures", - "futures-util", - "http 1.1.0", - "http-body-util", - "hyper 1.4.1", - "hyper-util", - "indexmap 1.9.3", - "num_cpus", - "outbound-http", - "percent-encoding", - "rustls 0.22.4", - "rustls-pemfile 2.1.2", - "rustls-pki-types", - "serde 1.0.197", - "serde_json", - "spin-app", - "spin-core", - "spin-http", - "spin-outbound-networking", - "spin-telemetry", - "spin-testing", - "spin-trigger", - "spin-world", - "terminal", - "tls-listener", - "tokio", - "tokio-rustls 0.25.0", - "tracing", - "url", - "wasi-common", - "wasmtime", - "wasmtime-wasi", - "wasmtime-wasi-http", - "webpki-roots 0.26.1", -] - [[package]] name = "spin-trigger-http2" version = "2.8.0-pre0" @@ -8449,27 +8042,6 @@ dependencies = [ "webpki-roots 0.26.1", ] -[[package]] -name = "spin-trigger-redis" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "async-trait", - "futures", - "redis 0.21.7", - "serde 1.0.197", - "spin-app", - "spin-common", - "spin-core", - "spin-expressions", - "spin-telemetry", - "spin-testing", - "spin-trigger", - "spin-world", - "tokio", - "tracing", -] - [[package]] name = "spin-trigger2" version = "2.8.0-pre0" @@ -8478,7 +8050,7 @@ dependencies = [ "clap 3.2.25", "ctrlc", "futures", - "sanitize-filename 0.5.0", + "sanitize-filename", "serde 1.0.197", "serde_json", "spin-app", @@ -8505,29 +8077,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "spin-variables" -version = "2.8.0-pre0" -dependencies = [ - "anyhow", - "async-trait", - "azure_core", - "azure_identity", - "azure_security_keyvault", - "dotenvy", - "once_cell", - "serde 1.0.197", - "spin-app", - "spin-core", - "spin-expressions", - "spin-world", - "thiserror", - "tokio", - "toml 0.5.11", - "tracing", - "vaultrs", -] - [[package]] name = "spin-world" version = "2.8.0-pre0" @@ -8885,15 +8434,6 @@ dependencies = [ "wasmtime-wasi-http", ] -[[package]] -name = "textwrap" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", -] - [[package]] name = "textwrap" version = "0.16.1" @@ -8982,16 +8522,6 @@ dependencies = [ "lazy_static 0.2.11", ] -[[package]] -name = "tinytemplate" -version = "1.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" -dependencies = [ - "serde 1.0.197", - "serde_json", -] - [[package]] name = "tinyvec" version = "1.6.0" @@ -9898,33 +9428,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasi-common" -version = "22.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b86fd41e1e26ff6af9451c6a332a5ce5f5283ca51e87d875cdd9a05305598ee3" -dependencies = [ - "anyhow", - "bitflags 2.5.0", - "cap-fs-ext", - "cap-rand", - "cap-std 3.0.0", - "cap-time-ext", - "fs-set-times", - "io-extras", - "io-lifetimes 2.0.3", - "log", - "once_cell", - "rustix 0.38.32", - "system-interface", - "thiserror", - "tokio", - "tracing", - "wasmtime", - "wiggle", - "windows-sys 0.52.0", -] - [[package]] name = "wasite" version = "0.1.0" diff --git a/build.rs b/build.rs index 7ddf012e35..d4cd7acf0e 100644 --- a/build.rs +++ b/build.rs @@ -68,17 +68,17 @@ error: the `wasm32-wasi` target is not installed std::fs::create_dir_all("target/test-programs").unwrap(); build_wasm_test_program("core-wasi-test.wasm", "crates/core/tests/core-wasi-test"); - build_wasm_test_program("redis-rust.wasm", "crates/trigger-redis/tests/rust"); - - build_wasm_test_program( - "spin-http-benchmark.wasm", - "crates/trigger-http/benches/spin-http-benchmark", - ); - build_wasm_test_program( - "wagi-benchmark.wasm", - "crates/trigger-http/benches/wagi-benchmark", - ); - build_wasm_test_program("timer_app_example.wasm", "examples/spin-timer/app-example"); + // build_wasm_test_program("redis-rust.wasm", "crates/trigger-redis/tests/rust"); + + // build_wasm_test_program( + // "spin-http-benchmark.wasm", + // "crates/trigger-http/benches/spin-http-benchmark", + // ); + // build_wasm_test_program( + // "wagi-benchmark.wasm", + // "crates/trigger-http/benches/wagi-benchmark", + // ); + // build_wasm_test_program("timer_app_example.wasm", "examples/spin-timer/app-example"); cargo_build(TIMER_TRIGGER_INTEGRATION_TEST); } diff --git a/crates/llm/Cargo.toml b/crates/llm/Cargo.toml deleted file mode 100644 index 08c193e0b6..0000000000 --- a/crates/llm/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "spin-llm" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[dependencies] -anyhow = "1.0" -bytesize = "1.1" -llm = { git = "https://github.com/rustformers/llm", rev = "2f6ffd4435799ceaa1d1bcb5a8790e5b3e0c5663", features = [ - "tokenizers-remote", - "models", -], default-features = false } -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-world = { path = "../world" } diff --git a/crates/llm/src/host_component.rs b/crates/llm/src/host_component.rs deleted file mode 100644 index 8574e6bb0e..0000000000 --- a/crates/llm/src/host_component.rs +++ /dev/null @@ -1,49 +0,0 @@ -use spin_app::DynamicHostComponent; -use spin_core::HostComponent; - -use crate::{LlmDispatch, LlmEngine, AI_MODELS_KEY}; - -pub struct LlmComponent { - create_engine: Box Box + Send + Sync>, -} - -impl LlmComponent { - pub fn new(create_engine: F) -> Self - where - F: Fn() -> Box + Send + Sync + 'static, - { - Self { - create_engine: Box::new(create_engine), - } - } -} - -impl HostComponent for LlmComponent { - type Data = LlmDispatch; - - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - spin_world::v1::llm::add_to_linker(linker, get)?; - spin_world::v2::llm::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - LlmDispatch { - engine: (self.create_engine)(), - allowed_models: Default::default(), - } - } -} - -impl DynamicHostComponent for LlmComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - data.allowed_models = component.get_metadata(AI_MODELS_KEY)?.unwrap_or_default(); - Ok(()) - } -} diff --git a/crates/llm/src/lib.rs b/crates/llm/src/lib.rs deleted file mode 100644 index 399c2fbcaf..0000000000 --- a/crates/llm/src/lib.rs +++ /dev/null @@ -1,112 +0,0 @@ -pub mod host_component; - -use spin_app::MetadataKey; -use spin_core::async_trait; -use spin_world::v1::llm::{self as v1}; -use spin_world::v2::llm::{self as v2}; -use std::collections::HashSet; - -pub use crate::host_component::LlmComponent; - -pub const MODEL_ALL_MINILM_L6_V2: &str = "all-minilm-l6-v2"; -pub const AI_MODELS_KEY: MetadataKey> = MetadataKey::new("ai_models"); - -#[async_trait] -pub trait LlmEngine: Send + Sync { - async fn infer( - &mut self, - model: v1::InferencingModel, - prompt: String, - params: v2::InferencingParams, - ) -> Result; - - async fn generate_embeddings( - &mut self, - model: v2::EmbeddingModel, - data: Vec, - ) -> Result; -} - -pub struct LlmDispatch { - engine: Box, - allowed_models: HashSet, -} - -#[async_trait] -impl v2::Host for LlmDispatch { - async fn infer( - &mut self, - model: v2::InferencingModel, - prompt: String, - params: Option, - ) -> Result { - if !self.allowed_models.contains(&model) { - return Err(access_denied_error(&model)); - } - self.engine - .infer( - model, - prompt, - params.unwrap_or(v2::InferencingParams { - max_tokens: 100, - repeat_penalty: 1.1, - repeat_penalty_last_n_token_count: 64, - temperature: 0.8, - top_k: 40, - top_p: 0.9, - }), - ) - .await - } - - async fn generate_embeddings( - &mut self, - m: v1::EmbeddingModel, - data: Vec, - ) -> Result { - if !self.allowed_models.contains(&m) { - return Err(access_denied_error(&m)); - } - self.engine.generate_embeddings(m, data).await - } - - fn convert_error(&mut self, error: v2::Error) -> anyhow::Result { - Ok(error) - } -} - -#[async_trait] -impl v1::Host for LlmDispatch { - async fn infer( - &mut self, - model: v1::InferencingModel, - prompt: String, - params: Option, - ) -> Result { - ::infer(self, model, prompt, params.map(Into::into)) - .await - .map(Into::into) - .map_err(Into::into) - } - - async fn generate_embeddings( - &mut self, - model: v1::EmbeddingModel, - data: Vec, - ) -> Result { - ::generate_embeddings(self, model, data) - .await - .map(Into::into) - .map_err(Into::into) - } - - fn convert_error(&mut self, error: v1::Error) -> anyhow::Result { - Ok(error) - } -} - -fn access_denied_error(model: &str) -> v2::Error { - v2::Error::InvalidInput(format!( - "The component does not have access to use '{model}'. To give the component access, add '{model}' to the 'ai_models' key for the component in your spin.toml manifest" - )) -} diff --git a/crates/oci/Cargo.toml b/crates/oci/Cargo.toml index 8dcbd55b76..92ac7ae6e3 100644 --- a/crates/oci/Cargo.toml +++ b/crates/oci/Cargo.toml @@ -31,6 +31,3 @@ tokio = { version = "1", features = ["fs"] } tokio-util = { version = "0.7.9", features = ["compat"] } tracing = { workspace = true } walkdir = "2.3" - -[dev-dependencies] -spin-testing = { path = "../testing" } diff --git a/crates/oci/src/client.rs b/crates/oci/src/client.rs index 92015b9458..218b4cb666 100644 --- a/crates/oci/src/client.rs +++ b/crates/oci/src/client.rs @@ -824,252 +824,252 @@ mod test { } } - #[tokio::test] - async fn can_assemble_layers() { - use spin_locked_app::locked::LockedComponent; - use tokio::io::AsyncWriteExt; - - let working_dir = tempfile::tempdir().unwrap(); - - // Set up component/file directory tree - // - // create component1 and component2 dirs - let _ = tokio::fs::create_dir(working_dir.path().join("component1").as_path()).await; - let _ = tokio::fs::create_dir(working_dir.path().join("component2").as_path()).await; - - // create component "wasm" files - let mut c1 = tokio::fs::File::create(working_dir.path().join("component1.wasm")) - .await - .expect("should create component wasm file"); - c1.write_all(b"c1") - .await - .expect("should write component wasm contents"); - let mut c2 = tokio::fs::File::create(working_dir.path().join("component2.wasm")) - .await - .expect("should create component wasm file"); - c2.write_all(b"c2") - .await - .expect("should write component wasm contents"); - - // component1 files - let mut c1f1 = tokio::fs::File::create(working_dir.path().join("component1").join("bar")) - .await - .expect("should create component file"); - c1f1.write_all(b"bar") - .await - .expect("should write file contents"); - let mut c1f2 = tokio::fs::File::create(working_dir.path().join("component1").join("baz")) - .await - .expect("should create component file"); - c1f2.write_all(b"baz") - .await - .expect("should write file contents"); - - // component2 files - let mut c2f1 = tokio::fs::File::create(working_dir.path().join("component2").join("baz")) - .await - .expect("should create component file"); - c2f1.write_all(b"baz") - .await - .expect("should write file contents"); - - #[derive(Clone)] - struct TestCase { - name: &'static str, - opts: Option, - locked_components: Vec, - expected_layer_count: usize, - expected_error: Option<&'static str>, - } - - let tests: Vec = [ - TestCase { - name: "Two component layers", - opts: None, - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }}, - { - "id": "component2", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component2.wasm").to_str().unwrap()), - "digest": "digest", - }}]), - expected_layer_count: 2, - expected_error: None, - }, - TestCase { - name: "One component layer and two file layers", - opts: Some(ClientOpts{content_ref_inline_max_size: 0}), - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }, - "files": [ - { - "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), - "path": working_dir.path().join("component1").join("bar").to_str().unwrap() - }, - { - "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), - "path": working_dir.path().join("component1").join("baz").to_str().unwrap() - } - ] - }]), - expected_layer_count: 3, - expected_error: None, - }, - TestCase { - name: "One component layer and one file with inlined content", - opts: None, - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }, - "files": [ - { - "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), - "path": working_dir.path().join("component1").join("bar").to_str().unwrap() - } - ] - }]), - expected_layer_count: 1, - expected_error: None, - }, - TestCase { - name: "Component has no source", - opts: None, - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": "", - "digest": "digest", - } - }]), - expected_layer_count: 0, - expected_error: Some("Invalid URL: \"\""), - }, - TestCase { - name: "Duplicate component sources", - opts: None, - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }}, - { - "id": "component2", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }}]), - expected_layer_count: 1, - expected_error: None, - }, - TestCase { - name: "Duplicate file paths", - opts: Some(ClientOpts{content_ref_inline_max_size: 0}), - locked_components: spin_testing::from_json!([{ - "id": "component1", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), - "digest": "digest", - }, - "files": [ - { - "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), - "path": working_dir.path().join("component1").join("bar").to_str().unwrap() - }, - { - "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), - "path": working_dir.path().join("component1").join("baz").to_str().unwrap() - } - ]}, - { - "id": "component2", - "source": { - "content_type": "application/wasm", - "source": format!("file://{}", working_dir.path().join("component2.wasm").to_str().unwrap()), - "digest": "digest", - }, - "files": [ - { - "source": format!("file://{}", working_dir.path().join("component2").to_str().unwrap()), - "path": working_dir.path().join("component2").join("baz").to_str().unwrap() - } - ] - }]), - expected_layer_count: 4, - expected_error: None, - }, - ] - .to_vec(); - - for tc in tests { - let triggers = Default::default(); - let metadata = Default::default(); - let variables = Default::default(); - let mut locked = LockedApp { - spin_lock_version: Default::default(), - components: tc.locked_components, - triggers, - metadata, - variables, - must_understand: Default::default(), - host_requirements: Default::default(), - }; - - let mut client = Client::new(false, Some(working_dir.path().to_path_buf())) - .await - .expect("should create new client"); - if let Some(o) = tc.opts { - client.opts = o; - } - - match tc.expected_error { - Some(e) => { - assert_eq!( - e, - client - .assemble_layers(&mut locked, AssemblyMode::Simple) - .await - .unwrap_err() - .to_string(), - "{}", - tc.name - ) - } - None => { - assert_eq!( - tc.expected_layer_count, - client - .assemble_layers(&mut locked, AssemblyMode::Simple) - .await - .unwrap() - .len(), - "{}", - tc.name - ) - } - } - } - } + // #[tokio::test] + // async fn can_assemble_layers() { + // use spin_locked_app::locked::LockedComponent; + // use tokio::io::AsyncWriteExt; + + // let working_dir = tempfile::tempdir().unwrap(); + + // // Set up component/file directory tree + // // + // // create component1 and component2 dirs + // let _ = tokio::fs::create_dir(working_dir.path().join("component1").as_path()).await; + // let _ = tokio::fs::create_dir(working_dir.path().join("component2").as_path()).await; + + // // create component "wasm" files + // let mut c1 = tokio::fs::File::create(working_dir.path().join("component1.wasm")) + // .await + // .expect("should create component wasm file"); + // c1.write_all(b"c1") + // .await + // .expect("should write component wasm contents"); + // let mut c2 = tokio::fs::File::create(working_dir.path().join("component2.wasm")) + // .await + // .expect("should create component wasm file"); + // c2.write_all(b"c2") + // .await + // .expect("should write component wasm contents"); + + // // component1 files + // let mut c1f1 = tokio::fs::File::create(working_dir.path().join("component1").join("bar")) + // .await + // .expect("should create component file"); + // c1f1.write_all(b"bar") + // .await + // .expect("should write file contents"); + // let mut c1f2 = tokio::fs::File::create(working_dir.path().join("component1").join("baz")) + // .await + // .expect("should create component file"); + // c1f2.write_all(b"baz") + // .await + // .expect("should write file contents"); + + // // component2 files + // let mut c2f1 = tokio::fs::File::create(working_dir.path().join("component2").join("baz")) + // .await + // .expect("should create component file"); + // c2f1.write_all(b"baz") + // .await + // .expect("should write file contents"); + + // #[derive(Clone)] + // struct TestCase { + // name: &'static str, + // opts: Option, + // locked_components: Vec, + // expected_layer_count: usize, + // expected_error: Option<&'static str>, + // } + + // let tests: Vec = [ + // TestCase { + // name: "Two component layers", + // opts: None, + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }}, + // { + // "id": "component2", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component2.wasm").to_str().unwrap()), + // "digest": "digest", + // }}]), + // expected_layer_count: 2, + // expected_error: None, + // }, + // TestCase { + // name: "One component layer and two file layers", + // opts: Some(ClientOpts{content_ref_inline_max_size: 0}), + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }, + // "files": [ + // { + // "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), + // "path": working_dir.path().join("component1").join("bar").to_str().unwrap() + // }, + // { + // "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), + // "path": working_dir.path().join("component1").join("baz").to_str().unwrap() + // } + // ] + // }]), + // expected_layer_count: 3, + // expected_error: None, + // }, + // TestCase { + // name: "One component layer and one file with inlined content", + // opts: None, + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }, + // "files": [ + // { + // "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), + // "path": working_dir.path().join("component1").join("bar").to_str().unwrap() + // } + // ] + // }]), + // expected_layer_count: 1, + // expected_error: None, + // }, + // TestCase { + // name: "Component has no source", + // opts: None, + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": "", + // "digest": "digest", + // } + // }]), + // expected_layer_count: 0, + // expected_error: Some("Invalid URL: \"\""), + // }, + // TestCase { + // name: "Duplicate component sources", + // opts: None, + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }}, + // { + // "id": "component2", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }}]), + // expected_layer_count: 1, + // expected_error: None, + // }, + // TestCase { + // name: "Duplicate file paths", + // opts: Some(ClientOpts{content_ref_inline_max_size: 0}), + // locked_components: spin_testing::from_json!([{ + // "id": "component1", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component1.wasm").to_str().unwrap()), + // "digest": "digest", + // }, + // "files": [ + // { + // "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), + // "path": working_dir.path().join("component1").join("bar").to_str().unwrap() + // }, + // { + // "source": format!("file://{}", working_dir.path().join("component1").to_str().unwrap()), + // "path": working_dir.path().join("component1").join("baz").to_str().unwrap() + // } + // ]}, + // { + // "id": "component2", + // "source": { + // "content_type": "application/wasm", + // "source": format!("file://{}", working_dir.path().join("component2.wasm").to_str().unwrap()), + // "digest": "digest", + // }, + // "files": [ + // { + // "source": format!("file://{}", working_dir.path().join("component2").to_str().unwrap()), + // "path": working_dir.path().join("component2").join("baz").to_str().unwrap() + // } + // ] + // }]), + // expected_layer_count: 4, + // expected_error: None, + // }, + // ] + // .to_vec(); + + // for tc in tests { + // let triggers = Default::default(); + // let metadata = Default::default(); + // let variables = Default::default(); + // let mut locked = LockedApp { + // spin_lock_version: Default::default(), + // components: tc.locked_components, + // triggers, + // metadata, + // variables, + // must_understand: Default::default(), + // host_requirements: Default::default(), + // }; + + // let mut client = Client::new(false, Some(working_dir.path().to_path_buf())) + // .await + // .expect("should create new client"); + // if let Some(o) = tc.opts { + // client.opts = o; + // } + + // match tc.expected_error { + // Some(e) => { + // assert_eq!( + // e, + // client + // .assemble_layers(&mut locked, AssemblyMode::Simple) + // .await + // .unwrap_err() + // .to_string(), + // "{}", + // tc.name + // ) + // } + // None => { + // assert_eq!( + // tc.expected_layer_count, + // client + // .assemble_layers(&mut locked, AssemblyMode::Simple) + // .await + // .unwrap() + // .len(), + // "{}", + // tc.name + // ) + // } + // } + // } + // } fn annotatable_app() -> LockedApp { let mut meta_builder = spin_locked_app::values::ValuesMapBuilder::new(); diff --git a/crates/outbound-http/Cargo.toml b/crates/outbound-http/Cargo.toml deleted file mode 100644 index 73617a08c9..0000000000 --- a/crates/outbound-http/Cargo.toml +++ /dev/null @@ -1,30 +0,0 @@ -[package] -name = "outbound-http" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -http = "0.2" -reqwest = { version = "0.11", features = ["gzip"] } -spin-app = { path = "../app", optional = true } -spin-core = { path = "../core", optional = true } -spin-expressions = { path = "../expressions", optional = true } -spin-locked-app = { path = "../locked-app" } -spin-outbound-networking = { path = "../outbound-networking" } -spin-world = { path = "../world", optional = true } -spin-telemetry = { path = "../telemetry" } -terminal = { path = "../terminal" } -tracing = { workspace = true } -url = "2.2.1" - -[features] -default = ["runtime"] -runtime = ["dep:spin-app", "dep:spin-core", "dep:spin-expressions", "dep:spin-world"] - -[lints] -workspace = true diff --git a/crates/outbound-http/src/host_component.rs b/crates/outbound-http/src/host_component.rs deleted file mode 100644 index 0fd60a05d9..0000000000 --- a/crates/outbound-http/src/host_component.rs +++ /dev/null @@ -1,41 +0,0 @@ -use anyhow::Result; - -use spin_app::DynamicHostComponent; -use spin_core::{Data, HostComponent, Linker}; -use spin_outbound_networking::{AllowedHostsConfig, ALLOWED_HOSTS_KEY}; -use spin_world::v1::http; - -use crate::host_impl::OutboundHttp; - -pub struct OutboundHttpComponent { - pub resolver: spin_expressions::SharedPreparedResolver, -} - -impl HostComponent for OutboundHttpComponent { - type Data = OutboundHttp; - - fn add_to_linker( - linker: &mut Linker, - get: impl Fn(&mut Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> Result<()> { - http::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - Default::default() - } -} - -impl DynamicHostComponent for OutboundHttpComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - data.allowed_hosts = AllowedHostsConfig::parse(&hosts, self.resolver.get().unwrap())?; - Ok(()) - } -} diff --git a/crates/outbound-http/src/host_impl.rs b/crates/outbound-http/src/host_impl.rs deleted file mode 100644 index cffdc5cc19..0000000000 --- a/crates/outbound-http/src/host_impl.rs +++ /dev/null @@ -1,208 +0,0 @@ -use anyhow::Result; -use http::{HeaderMap, Uri}; -use reqwest::Client; -use spin_core::async_trait; -use spin_outbound_networking::{AllowedHostsConfig, OutboundUrl}; -use spin_world::v1::{ - http as outbound_http, - http_types::{self, Headers, HttpError, Method, Request, Response}, -}; -use tracing::{field::Empty, instrument, Level}; - -/// A very simple implementation for outbound HTTP requests. -#[derive(Default, Clone)] -pub struct OutboundHttp { - /// List of hosts guest modules are allowed to make requests to. - pub allowed_hosts: AllowedHostsConfig, - /// During an incoming HTTP request, origin is set to the host of that incoming HTTP request. - /// This is used to direct outbound requests to the same host when allowed. - pub origin: String, - client: Option, -} - -impl OutboundHttp { - /// Check if guest module is allowed to send request to URL, based on the list of - /// allowed hosts defined by the runtime. If the url passed in is a relative path, - /// only allow if allowed_hosts contains `self`. If the list of allowed hosts contains - /// `insecure:allow-all`, then all hosts are allowed. - /// If `None` is passed, the guest module is not allowed to send the request. - fn is_allowed(&mut self, url: &str) -> Result { - if url.starts_with('/') { - return Ok(self.allowed_hosts.allows_relative_url(&["http", "https"])); - } - - Ok(OutboundUrl::parse(url, "https") - .map(|u| self.allowed_hosts.allows(&u)) - .unwrap_or_default()) - } -} - -#[async_trait] -impl outbound_http::Host for OutboundHttp { - #[instrument(name = "spin_outbound_http.send_request", skip_all, err(level = Level::INFO), - fields(otel.kind = "client", url.full = Empty, http.request.method = Empty, - http.response.status_code = Empty, otel.name = Empty, server.address = Empty, server.port = Empty))] - async fn send_request(&mut self, req: Request) -> Result { - let current_span = tracing::Span::current(); - let method = format!("{:?}", req.method) - .strip_prefix("Method::") - .unwrap_or("_OTHER") - .to_uppercase(); - current_span.record("otel.name", method.clone()); - current_span.record("url.full", req.uri.clone()); - current_span.record("http.request.method", method); - if let Ok(uri) = req.uri.parse::() { - if let Some(authority) = uri.authority() { - current_span.record("server.address", authority.host()); - if let Some(port) = authority.port() { - current_span.record("server.port", port.as_u16()); - } - } - } - - tracing::trace!("Attempting to send outbound HTTP request to {}", req.uri); - if !self - .is_allowed(&req.uri) - .map_err(|_| HttpError::RuntimeError)? - { - tracing::info!("Destination not allowed: {}", req.uri); - if let Some((scheme, host_and_port)) = scheme_host_and_port(&req.uri) { - terminal::warn!("A component tried to make a HTTP request to non-allowed host '{host_and_port}'."); - eprintln!("To allow requests, add 'allowed_outbound_hosts = [\"{scheme}://{host_and_port}\"]' to the manifest component section."); - } - return Err(HttpError::DestinationNotAllowed); - } - - let method = method_from(req.method); - - let abs_url = if req.uri.starts_with('/') { - format!("{}{}", self.origin, req.uri) - } else { - req.uri.clone() - }; - - let req_url = reqwest::Url::parse(&abs_url).map_err(|_| HttpError::InvalidUrl)?; - - let mut headers = request_headers(req.headers).map_err(|_| HttpError::RuntimeError)?; - spin_telemetry::inject_trace_context(&mut headers); - let body = req.body.unwrap_or_default().to_vec(); - - if !req.params.is_empty() { - tracing::warn!("HTTP params field is deprecated"); - } - - // Allow reuse of Client's internal connection pool for multiple requests - // in a single component execution - let client = self.client.get_or_insert_with(Default::default); - - let resp = client - .request(method, req_url) - .headers(headers) - .body(body) - .send() - .await - .map_err(log_reqwest_error)?; - tracing::trace!("Returning response from outbound request to {}", req.uri); - current_span.record("http.response.status_code", resp.status().as_u16()); - response_from_reqwest(resp).await - } -} - -impl http_types::Host for OutboundHttp { - fn convert_http_error(&mut self, error: HttpError) -> Result { - Ok(error) - } -} - -fn log_reqwest_error(err: reqwest::Error) -> HttpError { - let error_desc = if err.is_timeout() { - "timeout error" - } else if err.is_connect() { - "connection error" - } else if err.is_body() || err.is_decode() { - "message body error" - } else if err.is_request() { - "request error" - } else { - "error" - }; - tracing::warn!( - "Outbound HTTP {}: URL {}, error detail {:?}", - error_desc, - err.url() - .map(|u| u.to_string()) - .unwrap_or_else(|| "".to_owned()), - err - ); - HttpError::RuntimeError -} - -fn method_from(m: Method) -> http::Method { - match m { - Method::Get => http::Method::GET, - Method::Post => http::Method::POST, - Method::Put => http::Method::PUT, - Method::Delete => http::Method::DELETE, - Method::Patch => http::Method::PATCH, - Method::Head => http::Method::HEAD, - Method::Options => http::Method::OPTIONS, - } -} - -async fn response_from_reqwest(res: reqwest::Response) -> Result { - let status = res.status().as_u16(); - let headers = response_headers(res.headers()).map_err(|_| HttpError::RuntimeError)?; - - let body = Some( - res.bytes() - .await - .map_err(|_| HttpError::RuntimeError)? - .to_vec(), - ); - - Ok(Response { - status, - headers, - body, - }) -} - -fn request_headers(h: Headers) -> anyhow::Result { - let mut res = HeaderMap::new(); - for (k, v) in h { - res.insert( - http::header::HeaderName::try_from(k)?, - http::header::HeaderValue::try_from(v)?, - ); - } - Ok(res) -} - -fn response_headers(h: &HeaderMap) -> anyhow::Result>> { - let mut res: Vec<(String, String)> = vec![]; - - for (k, v) in h { - res.push(( - k.to_string(), - std::str::from_utf8(v.as_bytes())?.to_string(), - )); - } - - Ok(Some(res)) -} - -/// Returns both the scheme and the `$HOST:$PORT` for the url string -/// -/// Returns `None` if the url cannot be parsed or if it does not contain a host -fn scheme_host_and_port(url: &str) -> Option<(String, String)> { - url::Url::parse(url).ok().and_then(|u| { - u.host_str().map(|h| { - let mut host = h.to_owned(); - if let Some(p) = u.port() { - use std::fmt::Write; - write!(&mut host, ":{p}").unwrap(); - } - (u.scheme().to_owned(), host) - }) - }) -} diff --git a/crates/outbound-http/src/lib.rs b/crates/outbound-http/src/lib.rs deleted file mode 100644 index 33a726f34b..0000000000 --- a/crates/outbound-http/src/lib.rs +++ /dev/null @@ -1,11 +0,0 @@ -#[cfg(feature = "runtime")] -mod host_component; -#[cfg(feature = "runtime")] -mod host_impl; - -#[cfg(feature = "runtime")] -pub use host_component::OutboundHttpComponent; - -use spin_locked_app::MetadataKey; - -pub const ALLOWED_HTTP_HOSTS_KEY: MetadataKey> = MetadataKey::new("allowed_http_hosts"); diff --git a/crates/outbound-mqtt/Cargo.toml b/crates/outbound-mqtt/Cargo.toml deleted file mode 100644 index 385bdfb117..0000000000 --- a/crates/outbound-mqtt/Cargo.toml +++ /dev/null @@ -1,23 +0,0 @@ -[package] -name = "outbound-mqtt" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -rumqttc = { version = "0.24", features = ["url"] } -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-world = { path = "../world" } -spin-outbound-networking = { path = "../outbound-networking" } -table = { path = "../table" } -tokio = { version = "1", features = ["sync"] } -tracing = { workspace = true } - -[lints] -workspace = true diff --git a/crates/outbound-mqtt/src/host_component.rs b/crates/outbound-mqtt/src/host_component.rs deleted file mode 100644 index df242a54ba..0000000000 --- a/crates/outbound-mqtt/src/host_component.rs +++ /dev/null @@ -1,41 +0,0 @@ -use anyhow::Context; -use spin_app::DynamicHostComponent; -use spin_core::HostComponent; - -use crate::OutboundMqtt; - -pub struct OutboundMqttComponent { - pub resolver: spin_expressions::SharedPreparedResolver, -} - -impl HostComponent for OutboundMqttComponent { - type Data = OutboundMqtt; - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - spin_world::v2::mqtt::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - Default::default() - } -} - -impl DynamicHostComponent for OutboundMqttComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(spin_outbound_networking::ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - data.allowed_hosts = spin_outbound_networking::AllowedHostsConfig::parse( - &hosts, - self.resolver.get().unwrap(), - ) - .context("`allowed_outbound_hosts` contained an invalid url")?; - Ok(()) - } -} diff --git a/crates/outbound-mqtt/src/lib.rs b/crates/outbound-mqtt/src/lib.rs deleted file mode 100644 index b17d110556..0000000000 --- a/crates/outbound-mqtt/src/lib.rs +++ /dev/null @@ -1,158 +0,0 @@ -mod host_component; - -use std::time::Duration; - -use anyhow::Result; -use rumqttc::{AsyncClient, Event, Incoming, Outgoing, QoS}; -use spin_core::{async_trait, wasmtime::component::Resource}; -use spin_world::v2::mqtt::{self as v2, Connection as MqttConnection, Error, Qos}; - -pub use host_component::OutboundMqttComponent; -use tracing::{instrument, Level}; - -pub struct OutboundMqtt { - allowed_hosts: spin_outbound_networking::AllowedHostsConfig, - connections: table::Table<(AsyncClient, rumqttc::EventLoop)>, -} - -impl Default for OutboundMqtt { - fn default() -> Self { - Self { - allowed_hosts: Default::default(), - connections: table::Table::new(1024), - } - } -} - -const MQTT_CHANNEL_CAP: usize = 1000; - -impl OutboundMqtt { - fn is_address_allowed(&self, address: &str) -> bool { - spin_outbound_networking::check_url(address, "mqtt", &self.allowed_hosts) - } - - async fn establish_connection( - &mut self, - address: String, - username: String, - password: String, - keep_alive_interval: Duration, - ) -> Result, Error> { - let mut conn_opts = rumqttc::MqttOptions::parse_url(address).map_err(|e| { - tracing::error!("MQTT URL parse error: {e:?}"); - Error::InvalidAddress - })?; - conn_opts.set_credentials(username, password); - conn_opts.set_keep_alive(keep_alive_interval); - let (client, event_loop) = AsyncClient::new(conn_opts, MQTT_CHANNEL_CAP); - - self.connections - .push((client, event_loop)) - .map(Resource::new_own) - .map_err(|_| Error::TooManyConnections) - } -} - -impl v2::Host for OutboundMqtt { - fn convert_error(&mut self, error: Error) -> Result { - Ok(error) - } -} - -#[async_trait] -impl v2::HostConnection for OutboundMqtt { - #[instrument(name = "spin_outbound_mqtt.open_connection", skip(self, password), err(level = Level::INFO), fields(otel.kind = "client"))] - async fn open( - &mut self, - address: String, - username: String, - password: String, - keep_alive_interval: u64, - ) -> Result, Error> { - if !self.is_address_allowed(&address) { - return Err(v2::Error::ConnectionFailed(format!( - "address {address} is not permitted" - ))); - } - self.establish_connection( - address, - username, - password, - Duration::from_secs(keep_alive_interval), - ) - .await - } - - /// Publish a message to the MQTT broker. - /// - /// OTEL trace propagation is not directly supported in MQTT V3. You will need to embed the - /// current trace context into the payload yourself. - /// https://w3c.github.io/trace-context-mqtt/#mqtt-v3-recommendation. - #[instrument(name = "spin_outbound_mqtt.publish", skip(self, connection, payload), err(level = Level::INFO), - fields(otel.kind = "producer", otel.name = format!("{} publish", topic), messaging.operation = "publish", - messaging.system = "mqtt"))] - async fn publish( - &mut self, - connection: Resource, - topic: String, - payload: Vec, - qos: Qos, - ) -> Result<(), Error> { - let (client, eventloop) = self.get_conn(connection).await.map_err(other_error)?; - let qos = convert_to_mqtt_qos_value(qos); - - // Message published to EventLoop (not MQTT Broker) - client - .publish_bytes(topic, qos, false, payload.into()) - .await - .map_err(other_error)?; - - // Poll event loop until outgoing publish event is iterated over to send the message to MQTT broker or capture/throw error. - // We may revisit this later to manage long running connections, high throughput use cases and their issues in the connection pool. - loop { - let event = eventloop - .poll() - .await - .map_err(|err| v2::Error::ConnectionFailed(err.to_string()))?; - - match (qos, event) { - (QoS::AtMostOnce, Event::Outgoing(Outgoing::Publish(_))) - | (QoS::AtLeastOnce, Event::Incoming(Incoming::PubAck(_))) - | (QoS::ExactlyOnce, Event::Incoming(Incoming::PubComp(_))) => break, - - (_, _) => continue, - } - } - Ok(()) - } - - fn drop(&mut self, connection: Resource) -> anyhow::Result<()> { - self.connections.remove(connection.rep()); - Ok(()) - } -} - -fn convert_to_mqtt_qos_value(qos: Qos) -> rumqttc::QoS { - match qos { - Qos::AtMostOnce => rumqttc::QoS::AtMostOnce, - Qos::AtLeastOnce => rumqttc::QoS::AtLeastOnce, - Qos::ExactlyOnce => rumqttc::QoS::ExactlyOnce, - } -} - -fn other_error(e: impl std::fmt::Display) -> Error { - Error::Other(e.to_string()) -} - -impl OutboundMqtt { - async fn get_conn( - &mut self, - connection: Resource, - ) -> Result<&mut (AsyncClient, rumqttc::EventLoop), Error> { - self.connections - .get_mut(connection.rep()) - .ok_or(Error::Other( - "could not find connection for resource".into(), - )) - } -} diff --git a/crates/outbound-mysql/Cargo.toml b/crates/outbound-mysql/Cargo.toml deleted file mode 100644 index bfc49cd676..0000000000 --- a/crates/outbound-mysql/Cargo.toml +++ /dev/null @@ -1,30 +0,0 @@ -[package] -name = "outbound-mysql" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -flate2 = "1.0.17" -# Removing default features for mysql_async to remove flate2/zlib feature -mysql_async = { version = "0.33.0", default-features = false, features = [ - "native-tls-tls", -] } -# Removing default features for mysql_common to remove flate2/zlib feature -mysql_common = { version = "0.31.0", default-features = false } -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-outbound-networking = { path = "../outbound-networking" } -spin-world = { path = "../world" } -table = { path = "../table" } -tokio = { version = "1", features = ["rt-multi-thread"] } -tracing = { version = "0.1", features = ["log"] } -url = "2.3.1" - -[lints] -workspace = true diff --git a/crates/outbound-mysql/src/lib.rs b/crates/outbound-mysql/src/lib.rs deleted file mode 100644 index 78f369f47c..0000000000 --- a/crates/outbound-mysql/src/lib.rs +++ /dev/null @@ -1,442 +0,0 @@ -use anyhow::{Context, Result}; -use mysql_async::{consts::ColumnType, from_value_opt, prelude::*, Opts, OptsBuilder, SslOpts}; -use spin_app::DynamicHostComponent; -use spin_core::wasmtime::component::Resource; -use spin_core::{async_trait, HostComponent}; -use spin_world::v1::mysql as v1; -use spin_world::v2::mysql::{self as v2, Connection}; -use spin_world::v2::rdbms_types as v2_types; -use spin_world::v2::rdbms_types::{Column, DbDataType, DbValue, ParameterValue}; -use std::sync::Arc; -use tracing::{instrument, Level}; -use url::Url; - -/// A simple implementation to support outbound mysql connection -pub struct OutboundMysqlComponent { - pub resolver: spin_expressions::SharedPreparedResolver, -} - -#[derive(Default)] -pub struct OutboundMysql { - allowed_hosts: spin_outbound_networking::AllowedHostsConfig, - pub connections: table::Table, -} - -impl OutboundMysql { - async fn open_connection(&mut self, address: &str) -> Result, v2::Error> { - self.connections - .push( - build_conn(address) - .await - .map_err(|e| v2::Error::ConnectionFailed(format!("{e:?}")))?, - ) - .map_err(|_| v2::Error::ConnectionFailed("too many connections".into())) - .map(Resource::new_own) - } - - async fn get_conn( - &mut self, - connection: Resource, - ) -> Result<&mut mysql_async::Conn, v2::Error> { - self.connections - .get_mut(connection.rep()) - .ok_or_else(|| v2::Error::ConnectionFailed("no connection found".into())) - } - - fn is_address_allowed(&self, address: &str) -> bool { - spin_outbound_networking::check_url(address, "mysql", &self.allowed_hosts) - } -} - -impl HostComponent for OutboundMysqlComponent { - type Data = OutboundMysql; - - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - v2::add_to_linker(linker, get)?; - v1::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - Default::default() - } -} - -impl DynamicHostComponent for OutboundMysqlComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(spin_outbound_networking::ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - data.allowed_hosts = spin_outbound_networking::AllowedHostsConfig::parse( - &hosts, - self.resolver.get().unwrap(), - ) - .context("`allowed_outbound_hosts` contained an invalid url")?; - Ok(()) - } -} - -impl v2::Host for OutboundMysql {} - -#[async_trait] -impl v2::HostConnection for OutboundMysql { - #[instrument(name = "spin_outbound_mysql.open_connection", skip(self), err(level = Level::INFO), fields(otel.kind = "client", db.system = "mysql"))] - async fn open(&mut self, address: String) -> Result, v2::Error> { - if !self.is_address_allowed(&address) { - return Err(v2::Error::ConnectionFailed(format!( - "address {address} is not permitted" - ))); - } - self.open_connection(&address).await - } - - #[instrument(name = "spin_outbound_mysql.execute", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "mysql", otel.name = statement))] - async fn execute( - &mut self, - connection: Resource, - statement: String, - params: Vec, - ) -> Result<(), v2::Error> { - let db_params = params.into_iter().map(to_sql_parameter).collect::>(); - let parameters = mysql_async::Params::Positional(db_params); - - self.get_conn(connection) - .await? - .exec_batch(&statement, &[parameters]) - .await - .map_err(|e| v2::Error::QueryFailed(format!("{:?}", e)))?; - - Ok(()) - } - - #[instrument(name = "spin_outbound_mysql.query", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "mysql", otel.name = statement))] - async fn query( - &mut self, - connection: Resource, - statement: String, - params: Vec, - ) -> Result { - let db_params = params.into_iter().map(to_sql_parameter).collect::>(); - let parameters = mysql_async::Params::Positional(db_params); - - let mut query_result = self - .get_conn(connection) - .await? - .exec_iter(&statement, parameters) - .await - .map_err(|e| v2::Error::QueryFailed(format!("{:?}", e)))?; - - // We have to get these before collect() destroys them - let columns = convert_columns(query_result.columns()); - - match query_result.collect::().await { - Err(e) => Err(v2::Error::Other(e.to_string())), - Ok(result_set) => { - let rows = result_set - .into_iter() - .map(|row| convert_row(row, &columns)) - .collect::, _>>()?; - - Ok(v2_types::RowSet { columns, rows }) - } - } - } - - fn drop(&mut self, connection: Resource) -> Result<()> { - self.connections.remove(connection.rep()); - Ok(()) - } -} - -impl v2_types::Host for OutboundMysql { - fn convert_error(&mut self, error: v2::Error) -> Result { - Ok(error) - } -} - -/// Delegate a function call to the v2::HostConnection implementation -macro_rules! delegate { - ($self:ident.$name:ident($address:expr, $($arg:expr),*)) => {{ - if !$self.is_address_allowed(&$address) { - return Err(v1::MysqlError::ConnectionFailed(format!( - "address {} is not permitted", $address - ))); - } - let connection = match $self.open_connection(&$address).await { - Ok(c) => c, - Err(e) => return Err(e.into()), - }; - ::$name($self, connection, $($arg),*) - .await - .map_err(Into::into) - }}; -} - -#[async_trait] -impl v1::Host for OutboundMysql { - async fn execute( - &mut self, - address: String, - statement: String, - params: Vec, - ) -> Result<(), v1::MysqlError> { - delegate!(self.execute( - address, - statement, - params.into_iter().map(Into::into).collect() - )) - } - - async fn query( - &mut self, - address: String, - statement: String, - params: Vec, - ) -> Result { - delegate!(self.query( - address, - statement, - params.into_iter().map(Into::into).collect() - )) - .map(Into::into) - } - - fn convert_mysql_error(&mut self, error: v1::MysqlError) -> Result { - Ok(error) - } -} - -fn to_sql_parameter(value: ParameterValue) -> mysql_async::Value { - match value { - ParameterValue::Boolean(v) => mysql_async::Value::from(v), - ParameterValue::Int32(v) => mysql_async::Value::from(v), - ParameterValue::Int64(v) => mysql_async::Value::from(v), - ParameterValue::Int8(v) => mysql_async::Value::from(v), - ParameterValue::Int16(v) => mysql_async::Value::from(v), - ParameterValue::Floating32(v) => mysql_async::Value::from(v), - ParameterValue::Floating64(v) => mysql_async::Value::from(v), - ParameterValue::Uint8(v) => mysql_async::Value::from(v), - ParameterValue::Uint16(v) => mysql_async::Value::from(v), - ParameterValue::Uint32(v) => mysql_async::Value::from(v), - ParameterValue::Uint64(v) => mysql_async::Value::from(v), - ParameterValue::Str(v) => mysql_async::Value::from(v), - ParameterValue::Binary(v) => mysql_async::Value::from(v), - ParameterValue::DbNull => mysql_async::Value::NULL, - } -} - -fn convert_columns(columns: Option>) -> Vec { - match columns { - Some(columns) => columns.iter().map(convert_column).collect(), - None => vec![], - } -} - -fn convert_column(column: &mysql_async::Column) -> Column { - let name = column.name_str().into_owned(); - let data_type = convert_data_type(column); - - Column { name, data_type } -} - -fn convert_data_type(column: &mysql_async::Column) -> DbDataType { - let column_type = column.column_type(); - - if column_type.is_numeric_type() { - convert_numeric_type(column) - } else if column_type.is_character_type() { - convert_character_type(column) - } else { - DbDataType::Other - } -} - -fn convert_character_type(column: &mysql_async::Column) -> DbDataType { - match (column.column_type(), is_binary(column)) { - (ColumnType::MYSQL_TYPE_BLOB, false) => DbDataType::Str, // TEXT type - (ColumnType::MYSQL_TYPE_BLOB, _) => DbDataType::Binary, - (ColumnType::MYSQL_TYPE_LONG_BLOB, _) => DbDataType::Binary, - (ColumnType::MYSQL_TYPE_MEDIUM_BLOB, _) => DbDataType::Binary, - (ColumnType::MYSQL_TYPE_STRING, true) => DbDataType::Binary, // BINARY type - (ColumnType::MYSQL_TYPE_STRING, _) => DbDataType::Str, - (ColumnType::MYSQL_TYPE_VAR_STRING, true) => DbDataType::Binary, // VARBINARY type - (ColumnType::MYSQL_TYPE_VAR_STRING, _) => DbDataType::Str, - (_, _) => DbDataType::Other, - } -} - -fn convert_numeric_type(column: &mysql_async::Column) -> DbDataType { - match (column.column_type(), is_signed(column)) { - (ColumnType::MYSQL_TYPE_DOUBLE, _) => DbDataType::Floating64, - (ColumnType::MYSQL_TYPE_FLOAT, _) => DbDataType::Floating32, - (ColumnType::MYSQL_TYPE_INT24, true) => DbDataType::Int32, - (ColumnType::MYSQL_TYPE_INT24, false) => DbDataType::Uint32, - (ColumnType::MYSQL_TYPE_LONG, true) => DbDataType::Int32, - (ColumnType::MYSQL_TYPE_LONG, false) => DbDataType::Uint32, - (ColumnType::MYSQL_TYPE_LONGLONG, true) => DbDataType::Int64, - (ColumnType::MYSQL_TYPE_LONGLONG, false) => DbDataType::Uint64, - (ColumnType::MYSQL_TYPE_SHORT, true) => DbDataType::Int16, - (ColumnType::MYSQL_TYPE_SHORT, false) => DbDataType::Uint16, - (ColumnType::MYSQL_TYPE_TINY, true) => DbDataType::Int8, - (ColumnType::MYSQL_TYPE_TINY, false) => DbDataType::Uint8, - (_, _) => DbDataType::Other, - } -} - -fn is_signed(column: &mysql_async::Column) -> bool { - !column - .flags() - .contains(mysql_async::consts::ColumnFlags::UNSIGNED_FLAG) -} - -fn is_binary(column: &mysql_async::Column) -> bool { - column - .flags() - .contains(mysql_async::consts::ColumnFlags::BINARY_FLAG) -} - -fn convert_row(mut row: mysql_async::Row, columns: &[Column]) -> Result, v2::Error> { - let mut result = Vec::with_capacity(row.len()); - for index in 0..row.len() { - result.push(convert_entry(&mut row, index, columns)?); - } - Ok(result) -} - -fn convert_entry( - row: &mut mysql_async::Row, - index: usize, - columns: &[Column], -) -> Result { - match (row.take(index), columns.get(index)) { - (None, _) => Ok(DbValue::DbNull), // TODO: is this right or is this an "index out of range" thing - (_, None) => Err(v2::Error::Other(format!( - "Can't get column at index {}", - index - ))), - (Some(mysql_async::Value::NULL), _) => Ok(DbValue::DbNull), - (Some(value), Some(column)) => convert_value(value, column), - } -} - -fn convert_value(value: mysql_async::Value, column: &Column) -> Result { - match column.data_type { - DbDataType::Binary => convert_value_to::>(value).map(DbValue::Binary), - DbDataType::Boolean => convert_value_to::(value).map(DbValue::Boolean), - DbDataType::Floating32 => convert_value_to::(value).map(DbValue::Floating32), - DbDataType::Floating64 => convert_value_to::(value).map(DbValue::Floating64), - DbDataType::Int8 => convert_value_to::(value).map(DbValue::Int8), - DbDataType::Int16 => convert_value_to::(value).map(DbValue::Int16), - DbDataType::Int32 => convert_value_to::(value).map(DbValue::Int32), - DbDataType::Int64 => convert_value_to::(value).map(DbValue::Int64), - DbDataType::Str => convert_value_to::(value).map(DbValue::Str), - DbDataType::Uint8 => convert_value_to::(value).map(DbValue::Uint8), - DbDataType::Uint16 => convert_value_to::(value).map(DbValue::Uint16), - DbDataType::Uint32 => convert_value_to::(value).map(DbValue::Uint32), - DbDataType::Uint64 => convert_value_to::(value).map(DbValue::Uint64), - DbDataType::Other => Err(v2::Error::ValueConversionFailed(format!( - "Cannot convert value {:?} in column {} data type {:?}", - value, column.name, column.data_type - ))), - } -} - -async fn build_conn(address: &str) -> Result { - tracing::debug!("Build new connection: {}", address); - - let opts = build_opts(address)?; - - let connection_pool = mysql_async::Pool::new(opts); - - connection_pool.get_conn().await -} - -fn is_ssl_param(s: &str) -> bool { - ["ssl-mode", "sslmode"].contains(&s.to_lowercase().as_str()) -} - -/// The mysql_async crate blows up if you pass it an SSL parameter and doesn't support SSL opts properly. This function -/// is a workaround to manually set SSL opts if the user requests them. -/// -/// We only support ssl-mode in the query as per -/// https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html#cj-conn-prop_sslMode. -/// -/// An issue has been filed in the upstream repository https://github.com/blackbeam/mysql_async/issues/225. -fn build_opts(address: &str) -> Result { - let url = Url::parse(address)?; - - let use_ssl = url - .query_pairs() - .any(|(k, v)| is_ssl_param(&k) && v.to_lowercase() != "disabled"); - - let query_without_ssl: Vec<(_, _)> = url - .query_pairs() - .filter(|(k, _v)| !is_ssl_param(k)) - .collect(); - let mut cleaned_url = url.clone(); - cleaned_url.set_query(None); - cleaned_url - .query_pairs_mut() - .extend_pairs(query_without_ssl); - - Ok(OptsBuilder::from_opts(cleaned_url.as_str()) - .ssl_opts(if use_ssl { - Some(SslOpts::default()) - } else { - None - }) - .into()) -} - -fn convert_value_to(value: mysql_async::Value) -> Result { - from_value_opt::(value).map_err(|e| v2::Error::ValueConversionFailed(format!("{}", e))) -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_mysql_address_without_ssl_mode() { - assert!(build_opts("mysql://myuser:password@127.0.0.1/db") - .unwrap() - .ssl_opts() - .is_none()) - } - - #[test] - fn test_mysql_address_with_ssl_mode_disabled() { - assert!( - build_opts("mysql://myuser:password@127.0.0.1/db?ssl-mode=DISABLED") - .unwrap() - .ssl_opts() - .is_none() - ) - } - - #[test] - fn test_mysql_address_with_ssl_mode_verify_ca() { - assert!( - build_opts("mysql://myuser:password@127.0.0.1/db?sslMode=VERIFY_CA") - .unwrap() - .ssl_opts() - .is_some() - ) - } - - #[test] - fn test_mysql_address_with_more_to_query() { - let address = "mysql://myuser:password@127.0.0.1/db?SsLmOdE=VERIFY_CA&pool_max=10"; - assert!(build_opts(address).unwrap().ssl_opts().is_some()); - assert_eq!( - build_opts(address).unwrap().pool_opts().constraints().max(), - 10 - ) - } -} diff --git a/crates/outbound-pg/Cargo.toml b/crates/outbound-pg/Cargo.toml deleted file mode 100644 index d12580978f..0000000000 --- a/crates/outbound-pg/Cargo.toml +++ /dev/null @@ -1,25 +0,0 @@ -[package] -name = "outbound-pg" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -native-tls = "0.2.11" -postgres-native-tls = "0.5.0" -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-outbound-networking = { path = "../outbound-networking" } -spin-world = { path = "../world" } -table = { path = "../table" } -tokio = { version = "1", features = ["rt-multi-thread"] } -tokio-postgres = { version = "0.7.7" } -tracing = { workspace = true } - -[lints] -workspace = true diff --git a/crates/outbound-pg/src/lib.rs b/crates/outbound-pg/src/lib.rs deleted file mode 100644 index 23f01c1917..0000000000 --- a/crates/outbound-pg/src/lib.rs +++ /dev/null @@ -1,461 +0,0 @@ -use anyhow::{anyhow, Context, Result}; -use native_tls::TlsConnector; -use postgres_native_tls::MakeTlsConnector; -use spin_app::DynamicHostComponent; -use spin_core::{async_trait, wasmtime::component::Resource, HostComponent}; -use spin_world::v1::postgres as v1; -use spin_world::v1::rdbms_types as v1_types; -use spin_world::v2::postgres::{self as v2, Connection}; -use spin_world::v2::rdbms_types; -use spin_world::v2::rdbms_types::{Column, DbDataType, DbValue, ParameterValue, RowSet}; -use tokio_postgres::{ - config::SslMode, - types::{ToSql, Type}, - Client, NoTls, Row, Socket, -}; -use tracing::instrument; -use tracing::Level; - -pub struct OutboundPgComponent { - pub resolver: spin_expressions::SharedPreparedResolver, -} - -/// A simple implementation to support outbound pg connection -#[derive(Default)] -pub struct OutboundPg { - allowed_hosts: spin_outbound_networking::AllowedHostsConfig, - pub connections: table::Table, -} - -impl OutboundPg { - async fn open_connection(&mut self, address: &str) -> Result, v2::Error> { - self.connections - .push( - build_client(address) - .await - .map_err(|e| v2::Error::ConnectionFailed(format!("{e:?}")))?, - ) - .map_err(|_| v2::Error::ConnectionFailed("too many connections".into())) - .map(Resource::new_own) - } - - async fn get_client(&mut self, connection: Resource) -> Result<&Client, v2::Error> { - self.connections - .get(connection.rep()) - .ok_or_else(|| v2::Error::ConnectionFailed("no connection found".into())) - } - - fn is_address_allowed(&self, address: &str) -> bool { - let Ok(config) = address.parse::() else { - return false; - }; - for (i, host) in config.get_hosts().iter().enumerate() { - match host { - tokio_postgres::config::Host::Tcp(address) => { - let ports = config.get_ports(); - // The port we use is either: - // * The port at the same index as the host - // * The first port if there is only one port - let port = - ports - .get(i) - .or_else(|| if ports.len() == 1 { ports.get(1) } else { None }); - let port_str = port.map(|p| format!(":{}", p)).unwrap_or_default(); - let url = format!("{address}{port_str}"); - if !spin_outbound_networking::check_url(&url, "postgres", &self.allowed_hosts) { - return false; - } - } - #[cfg(unix)] - tokio_postgres::config::Host::Unix(_) => return false, - } - } - true - } -} - -impl HostComponent for OutboundPgComponent { - type Data = OutboundPg; - - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - v1::add_to_linker(linker, get)?; - v2::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - Default::default() - } -} - -impl DynamicHostComponent for OutboundPgComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(spin_outbound_networking::ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - data.allowed_hosts = spin_outbound_networking::AllowedHostsConfig::parse( - &hosts, - self.resolver.get().unwrap(), - ) - .context("`allowed_outbound_hosts` contained an invalid url")?; - Ok(()) - } -} - -#[async_trait] -impl v2::Host for OutboundPg {} - -#[async_trait] -impl v2::HostConnection for OutboundPg { - #[instrument(name = "spin_outbound_pg.open_connection", skip(self), err(level = Level::INFO), fields(otel.kind = "client", db.system = "postgresql"))] - async fn open(&mut self, address: String) -> Result, v2::Error> { - if !self.is_address_allowed(&address) { - return Err(v2::Error::ConnectionFailed(format!( - "address {address} is not permitted" - ))); - } - self.open_connection(&address).await - } - - #[instrument(name = "spin_outbound_pg.execute", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "postgresql", otel.name = statement))] - async fn execute( - &mut self, - connection: Resource, - statement: String, - params: Vec, - ) -> Result { - let params: Vec<&(dyn ToSql + Sync)> = params - .iter() - .map(to_sql_parameter) - .collect::>>() - .map_err(|e| v2::Error::ValueConversionFailed(format!("{:?}", e)))?; - - let nrow = self - .get_client(connection) - .await? - .execute(&statement, params.as_slice()) - .await - .map_err(|e| v2::Error::QueryFailed(format!("{:?}", e)))?; - - Ok(nrow) - } - - #[instrument(name = "spin_outbound_pg.query", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "postgresql", otel.name = statement))] - async fn query( - &mut self, - connection: Resource, - statement: String, - params: Vec, - ) -> Result { - let params: Vec<&(dyn ToSql + Sync)> = params - .iter() - .map(to_sql_parameter) - .collect::>>() - .map_err(|e| v2::Error::BadParameter(format!("{:?}", e)))?; - - let results = self - .get_client(connection) - .await? - .query(&statement, params.as_slice()) - .await - .map_err(|e| v2::Error::QueryFailed(format!("{:?}", e)))?; - - if results.is_empty() { - return Ok(RowSet { - columns: vec![], - rows: vec![], - }); - } - - let columns = infer_columns(&results[0]); - let rows = results - .iter() - .map(convert_row) - .collect::, _>>() - .map_err(|e| v2::Error::QueryFailed(format!("{:?}", e)))?; - - Ok(RowSet { columns, rows }) - } - - fn drop(&mut self, connection: Resource) -> anyhow::Result<()> { - self.connections.remove(connection.rep()); - Ok(()) - } -} - -impl rdbms_types::Host for OutboundPg { - fn convert_error(&mut self, error: v2::Error) -> Result { - Ok(error) - } -} - -fn to_sql_parameter(value: &ParameterValue) -> anyhow::Result<&(dyn ToSql + Sync)> { - match value { - ParameterValue::Boolean(v) => Ok(v), - ParameterValue::Int32(v) => Ok(v), - ParameterValue::Int64(v) => Ok(v), - ParameterValue::Int8(v) => Ok(v), - ParameterValue::Int16(v) => Ok(v), - ParameterValue::Floating32(v) => Ok(v), - ParameterValue::Floating64(v) => Ok(v), - ParameterValue::Uint8(_) - | ParameterValue::Uint16(_) - | ParameterValue::Uint32(_) - | ParameterValue::Uint64(_) => Err(anyhow!("Postgres does not support unsigned integers")), - ParameterValue::Str(v) => Ok(v), - ParameterValue::Binary(v) => Ok(v), - ParameterValue::DbNull => Ok(&PgNull), - } -} - -fn infer_columns(row: &Row) -> Vec { - let mut result = Vec::with_capacity(row.len()); - for index in 0..row.len() { - result.push(infer_column(row, index)); - } - result -} - -fn infer_column(row: &Row, index: usize) -> Column { - let column = &row.columns()[index]; - let name = column.name().to_owned(); - let data_type = convert_data_type(column.type_()); - Column { name, data_type } -} - -fn convert_data_type(pg_type: &Type) -> DbDataType { - match *pg_type { - Type::BOOL => DbDataType::Boolean, - Type::BYTEA => DbDataType::Binary, - Type::FLOAT4 => DbDataType::Floating32, - Type::FLOAT8 => DbDataType::Floating64, - Type::INT2 => DbDataType::Int16, - Type::INT4 => DbDataType::Int32, - Type::INT8 => DbDataType::Int64, - Type::TEXT | Type::VARCHAR | Type::BPCHAR => DbDataType::Str, - _ => { - tracing::debug!("Couldn't convert Postgres type {} to WIT", pg_type.name(),); - DbDataType::Other - } - } -} - -fn convert_row(row: &Row) -> Result, tokio_postgres::Error> { - let mut result = Vec::with_capacity(row.len()); - for index in 0..row.len() { - result.push(convert_entry(row, index)?); - } - Ok(result) -} - -fn convert_entry(row: &Row, index: usize) -> Result { - let column = &row.columns()[index]; - let value = match column.type_() { - &Type::BOOL => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Boolean(v), - None => DbValue::DbNull, - } - } - &Type::BYTEA => { - let value: Option> = row.try_get(index)?; - match value { - Some(v) => DbValue::Binary(v), - None => DbValue::DbNull, - } - } - &Type::FLOAT4 => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Floating32(v), - None => DbValue::DbNull, - } - } - &Type::FLOAT8 => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Floating64(v), - None => DbValue::DbNull, - } - } - &Type::INT2 => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Int16(v), - None => DbValue::DbNull, - } - } - &Type::INT4 => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Int32(v), - None => DbValue::DbNull, - } - } - &Type::INT8 => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Int64(v), - None => DbValue::DbNull, - } - } - &Type::TEXT | &Type::VARCHAR | &Type::BPCHAR => { - let value: Option = row.try_get(index)?; - match value { - Some(v) => DbValue::Str(v), - None => DbValue::DbNull, - } - } - t => { - tracing::debug!( - "Couldn't convert Postgres type {} in column {}", - t.name(), - column.name() - ); - DbValue::Unsupported - } - }; - Ok(value) -} - -async fn build_client(address: &str) -> anyhow::Result { - let config = address.parse::()?; - - tracing::debug!("Build new connection: {}", address); - - if config.get_ssl_mode() == SslMode::Disable { - connect(config).await - } else { - connect_tls(config).await - } -} - -async fn connect(config: tokio_postgres::Config) -> anyhow::Result { - let (client, connection) = config.connect(NoTls).await?; - - spawn(connection); - - Ok(client) -} - -async fn connect_tls(config: tokio_postgres::Config) -> anyhow::Result { - let builder = TlsConnector::builder(); - let connector = MakeTlsConnector::new(builder.build()?); - let (client, connection) = config.connect(connector).await?; - - spawn(connection); - - Ok(client) -} - -fn spawn(connection: tokio_postgres::Connection) -where - T: tokio_postgres::tls::TlsStream + std::marker::Unpin + std::marker::Send + 'static, -{ - tokio::spawn(async move { - if let Err(e) = connection.await { - tracing::error!("Postgres connection error: {}", e); - } - }); -} - -/// Although the Postgres crate converts Rust Option::None to Postgres NULL, -/// it enforces the type of the Option as it does so. (For example, trying to -/// pass an Option::::None to a VARCHAR column fails conversion.) As we -/// do not know expected column types, we instead use a "neutral" custom type -/// which allows conversion to any type but always tells the Postgres crate to -/// treat it as a SQL NULL. -struct PgNull; - -impl ToSql for PgNull { - fn to_sql( - &self, - _ty: &Type, - _out: &mut tokio_postgres::types::private::BytesMut, - ) -> Result> - where - Self: Sized, - { - Ok(tokio_postgres::types::IsNull::Yes) - } - - fn accepts(_ty: &Type) -> bool - where - Self: Sized, - { - true - } - - fn to_sql_checked( - &self, - _ty: &Type, - _out: &mut tokio_postgres::types::private::BytesMut, - ) -> Result> { - Ok(tokio_postgres::types::IsNull::Yes) - } -} - -impl std::fmt::Debug for PgNull { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.debug_struct("NULL").finish() - } -} - -/// Delegate a function call to the v2::HostConnection implementation -macro_rules! delegate { - ($self:ident.$name:ident($address:expr, $($arg:expr),*)) => {{ - if !$self.is_address_allowed(&$address) { - return Err(v1::PgError::ConnectionFailed(format!( - "address {} is not permitted", $address - ))); - } - let connection = match $self.open_connection(&$address).await { - Ok(c) => c, - Err(e) => return Err(e.into()), - }; - ::$name($self, connection, $($arg),*) - .await - .map_err(|e| e.into()) - }}; -} - -#[async_trait] -impl v1::Host for OutboundPg { - async fn execute( - &mut self, - address: String, - statement: String, - params: Vec, - ) -> Result { - delegate!(self.execute( - address, - statement, - params.into_iter().map(Into::into).collect() - )) - } - - async fn query( - &mut self, - address: String, - statement: String, - params: Vec, - ) -> Result { - delegate!(self.query( - address, - statement, - params.into_iter().map(Into::into).collect() - )) - .map(Into::into) - } - - fn convert_pg_error(&mut self, error: v1::PgError) -> Result { - Ok(error) - } -} diff --git a/crates/outbound-redis/Cargo.toml b/crates/outbound-redis/Cargo.toml deleted file mode 100644 index 83080c6071..0000000000 --- a/crates/outbound-redis/Cargo.toml +++ /dev/null @@ -1,23 +0,0 @@ -[package] -name = "outbound-redis" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -redis = { version = "0.21", features = ["tokio-comp", "tokio-native-tls-comp"] } -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-world = { path = "../world" } -spin-outbound-networking = { path = "../outbound-networking" } -table = { path = "../table" } -tokio = { version = "1", features = ["sync"] } -tracing = { workspace = true } - -[lints] -workspace = true diff --git a/crates/outbound-redis/src/host_component.rs b/crates/outbound-redis/src/host_component.rs deleted file mode 100644 index 464e1712d2..0000000000 --- a/crates/outbound-redis/src/host_component.rs +++ /dev/null @@ -1,42 +0,0 @@ -use anyhow::Context; -use spin_app::DynamicHostComponent; -use spin_core::HostComponent; - -use crate::OutboundRedis; - -pub struct OutboundRedisComponent { - pub resolver: spin_expressions::SharedPreparedResolver, -} - -impl HostComponent for OutboundRedisComponent { - type Data = OutboundRedis; - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - spin_world::v1::redis::add_to_linker(linker, get)?; - spin_world::v2::redis::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - Default::default() - } -} - -impl DynamicHostComponent for OutboundRedisComponent { - fn update_data( - &self, - data: &mut Self::Data, - component: &spin_app::AppComponent, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(spin_outbound_networking::ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - data.allowed_hosts = spin_outbound_networking::AllowedHostsConfig::parse( - &hosts, - self.resolver.get().unwrap(), - ) - .context("`allowed_outbound_hosts` contained an invalid url")?; - Ok(()) - } -} diff --git a/crates/outbound-redis/src/lib.rs b/crates/outbound-redis/src/lib.rs deleted file mode 100644 index e895efd628..0000000000 --- a/crates/outbound-redis/src/lib.rs +++ /dev/null @@ -1,317 +0,0 @@ -mod host_component; - -use anyhow::Result; -use redis::{aio::Connection, AsyncCommands, FromRedisValue, Value}; -use spin_core::{async_trait, wasmtime::component::Resource}; -use spin_world::v1::{redis as v1, redis_types}; -use spin_world::v2::redis::{ - self as v2, Connection as RedisConnection, Error, RedisParameter, RedisResult, -}; - -pub use host_component::OutboundRedisComponent; -use tracing::{instrument, Level}; - -struct RedisResults(Vec); - -impl FromRedisValue for RedisResults { - fn from_redis_value(value: &Value) -> redis::RedisResult { - fn append(values: &mut Vec, value: &Value) { - match value { - Value::Nil | Value::Okay => (), - Value::Int(v) => values.push(RedisResult::Int64(*v)), - Value::Data(bytes) => values.push(RedisResult::Binary(bytes.to_owned())), - Value::Bulk(bulk) => bulk.iter().for_each(|value| append(values, value)), - Value::Status(message) => values.push(RedisResult::Status(message.to_owned())), - } - } - - let mut values = Vec::new(); - append(&mut values, value); - Ok(RedisResults(values)) - } -} - -pub struct OutboundRedis { - allowed_hosts: spin_outbound_networking::AllowedHostsConfig, - connections: table::Table, -} - -impl Default for OutboundRedis { - fn default() -> Self { - Self { - allowed_hosts: Default::default(), - connections: table::Table::new(1024), - } - } -} - -impl OutboundRedis { - fn is_address_allowed(&self, address: &str) -> bool { - spin_outbound_networking::check_url(address, "redis", &self.allowed_hosts) - } - - async fn establish_connection( - &mut self, - address: String, - ) -> Result, Error> { - let conn = redis::Client::open(address.as_str()) - .map_err(|_| Error::InvalidAddress)? - .get_async_connection() - .await - .map_err(other_error)?; - self.connections - .push(conn) - .map(Resource::new_own) - .map_err(|_| Error::TooManyConnections) - } -} - -impl v2::Host for OutboundRedis { - fn convert_error(&mut self, error: Error) -> Result { - Ok(error) - } -} - -#[async_trait] -impl v2::HostConnection for OutboundRedis { - #[instrument(name = "spin_outbound_redis.open_connection", skip(self), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis"))] - async fn open(&mut self, address: String) -> Result, Error> { - if !self.is_address_allowed(&address) { - return Err(Error::InvalidAddress); - } - - self.establish_connection(address).await - } - - #[instrument(name = "spin_outbound_redis.publish", skip(self, connection, payload), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("PUBLISH {}", channel)))] - async fn publish( - &mut self, - connection: Resource, - channel: String, - payload: Vec, - ) -> Result<(), Error> { - let conn = self.get_conn(connection).await.map_err(other_error)?; - conn.publish(&channel, &payload) - .await - .map_err(other_error)?; - Ok(()) - } - - #[instrument(name = "spin_outbound_redis.get", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("GET {}", key)))] - async fn get( - &mut self, - connection: Resource, - key: String, - ) -> Result>, Error> { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.get(&key).await.map_err(other_error)?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.set", skip(self, connection, value), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("SET {}", key)))] - async fn set( - &mut self, - connection: Resource, - key: String, - value: Vec, - ) -> Result<(), Error> { - let conn = self.get_conn(connection).await.map_err(other_error)?; - conn.set(&key, &value).await.map_err(other_error)?; - Ok(()) - } - - #[instrument(name = "spin_outbound_redis.incr", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("INCRBY {} 1", key)))] - async fn incr( - &mut self, - connection: Resource, - key: String, - ) -> Result { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.incr(&key, 1).await.map_err(other_error)?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.del", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("DEL {}", keys.join(" "))))] - async fn del( - &mut self, - connection: Resource, - keys: Vec, - ) -> Result { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.del(&keys).await.map_err(other_error)?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.sadd", skip(self, connection, values), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("SADD {} {}", key, values.join(" "))))] - async fn sadd( - &mut self, - connection: Resource, - key: String, - values: Vec, - ) -> Result { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.sadd(&key, &values).await.map_err(|e| { - if e.kind() == redis::ErrorKind::TypeError { - Error::TypeError - } else { - Error::Other(e.to_string()) - } - })?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.smembers", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("SMEMBERS {}", key)))] - async fn smembers( - &mut self, - connection: Resource, - key: String, - ) -> Result, Error> { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.smembers(&key).await.map_err(other_error)?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.srem", skip(self, connection, values), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("SREM {} {}", key, values.join(" "))))] - async fn srem( - &mut self, - connection: Resource, - key: String, - values: Vec, - ) -> Result { - let conn = self.get_conn(connection).await.map_err(other_error)?; - let value = conn.srem(&key, &values).await.map_err(other_error)?; - Ok(value) - } - - #[instrument(name = "spin_outbound_redis.execute", skip(self, connection), err(level = Level::INFO), fields(otel.kind = "client", db.system = "redis", otel.name = format!("{}", command)))] - async fn execute( - &mut self, - connection: Resource, - command: String, - arguments: Vec, - ) -> Result, Error> { - let conn = self.get_conn(connection).await?; - let mut cmd = redis::cmd(&command); - arguments.iter().for_each(|value| match value { - RedisParameter::Int64(v) => { - cmd.arg(v); - } - RedisParameter::Binary(v) => { - cmd.arg(v); - } - }); - - cmd.query_async::<_, RedisResults>(conn) - .await - .map(|values| values.0) - .map_err(other_error) - } - - fn drop(&mut self, connection: Resource) -> anyhow::Result<()> { - self.connections.remove(connection.rep()); - Ok(()) - } -} - -fn other_error(e: impl std::fmt::Display) -> Error { - Error::Other(e.to_string()) -} - -/// Delegate a function call to the v2::HostConnection implementation -macro_rules! delegate { - ($self:ident.$name:ident($address:expr, $($arg:expr),*)) => {{ - if !$self.is_address_allowed(&$address) { - return Err(v1::Error::Error); - } - let connection = match $self.establish_connection($address).await { - Ok(c) => c, - Err(_) => return Err(v1::Error::Error), - }; - ::$name($self, connection, $($arg),*) - .await - .map_err(|_| v1::Error::Error) - }}; -} - -#[async_trait] -impl v1::Host for OutboundRedis { - async fn publish( - &mut self, - address: String, - channel: String, - payload: Vec, - ) -> Result<(), v1::Error> { - delegate!(self.publish(address, channel, payload)) - } - - async fn get(&mut self, address: String, key: String) -> Result, v1::Error> { - delegate!(self.get(address, key)).map(|v| v.unwrap_or_default()) - } - - async fn set(&mut self, address: String, key: String, value: Vec) -> Result<(), v1::Error> { - delegate!(self.set(address, key, value)) - } - - async fn incr(&mut self, address: String, key: String) -> Result { - delegate!(self.incr(address, key)) - } - - async fn del(&mut self, address: String, keys: Vec) -> Result { - delegate!(self.del(address, keys)).map(|v| v as i64) - } - - async fn sadd( - &mut self, - address: String, - key: String, - values: Vec, - ) -> Result { - delegate!(self.sadd(address, key, values)).map(|v| v as i64) - } - - async fn smembers(&mut self, address: String, key: String) -> Result, v1::Error> { - delegate!(self.smembers(address, key)) - } - - async fn srem( - &mut self, - address: String, - key: String, - values: Vec, - ) -> Result { - delegate!(self.srem(address, key, values)).map(|v| v as i64) - } - - async fn execute( - &mut self, - address: String, - command: String, - arguments: Vec, - ) -> Result, v1::Error> { - delegate!(self.execute( - address, - command, - arguments.into_iter().map(Into::into).collect() - )) - .map(|v| v.into_iter().map(Into::into).collect()) - } -} - -impl redis_types::Host for OutboundRedis { - fn convert_error(&mut self, error: redis_types::Error) -> Result { - Ok(error) - } -} - -impl OutboundRedis { - async fn get_conn( - &mut self, - connection: Resource, - ) -> Result<&mut Connection, Error> { - self.connections - .get_mut(connection.rep()) - .ok_or(Error::Other( - "could not find connection for resource".into(), - )) - } -} diff --git a/crates/testing/Cargo.toml b/crates/testing/Cargo.toml deleted file mode 100644 index 45204df15d..0000000000 --- a/crates/testing/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "spin-testing" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[dependencies] -anyhow = "1.0" -http = "1.0.0" -hyper = "1.0.0" -serde = "1.0.188" -serde_json = "1" -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-http = { path = "../http" } -spin-trigger = { path = "../trigger" } -tokio = { version = "1", features = ["macros", "rt"] } -tracing-subscriber = "0.3" -spin-componentize = { workspace = true } diff --git a/crates/testing/src/lib.rs b/crates/testing/src/lib.rs deleted file mode 100644 index 48b56bf589..0000000000 --- a/crates/testing/src/lib.rs +++ /dev/null @@ -1,244 +0,0 @@ -//! This crates contains common code for use in tests. Many methods will panic -//! in the slightest breeze, so DO NOT USE IN NON-TEST CODE. - -use std::{ - net::SocketAddr, - path::{Path, PathBuf}, - sync::Once, -}; - -use http::Response; -use serde::de::DeserializeOwned; -use serde_json::{json, Value}; -use spin_app::{ - async_trait, - locked::{LockedApp, LockedComponentSource}, - AppComponent, Loader, -}; -use spin_core::{Component, StoreBuilder}; -use spin_http::config::{ - HttpExecutorType, HttpTriggerConfig, HttpTriggerRouteConfig, WagiTriggerConfig, -}; -use spin_trigger::{HostComponentInitData, RuntimeConfig, TriggerExecutor, TriggerExecutorBuilder}; -use tokio::fs; - -pub use tokio; - -// Built by build.rs -const TEST_PROGRAM_PATH: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/../../target/test-programs"); - -/// Initialize a test writer for `tracing`, making its output compatible with libtest -pub fn init_tracing() { - static ONCE: Once = Once::new(); - ONCE.call_once(|| { - tracing_subscriber::fmt() - // Cranelift is very verbose at INFO, so let's tone that down: - .with_max_level(tracing_subscriber::filter::LevelFilter::WARN) - .with_test_writer() - .init(); - }) -} - -// Convenience wrapper for deserializing from literal JSON -#[macro_export] -macro_rules! from_json { - ($($json:tt)+) => { - serde_json::from_value(serde_json::json!($($json)+)).expect("valid json") - }; -} - -#[derive(Default)] -pub struct HttpTestConfig { - module_path: Option, - http_trigger_config: HttpTriggerConfig, -} - -#[derive(Default)] -pub struct RedisTestConfig { - module_path: Option, - redis_channel: String, -} - -impl HttpTestConfig { - pub fn module_path(&mut self, path: impl Into) -> &mut Self { - init_tracing(); - self.module_path = Some(path.into()); - self - } - - pub fn test_program(&mut self, name: impl AsRef) -> &mut Self { - self.module_path(Path::new(TEST_PROGRAM_PATH).join(name)) - } - - pub fn http_spin_trigger(&mut self, route: impl Into) -> &mut Self { - self.http_trigger_config = HttpTriggerConfig { - component: "test-component".to_string(), - route: route.into(), - executor: None, - }; - self - } - - pub fn http_wagi_trigger( - &mut self, - route: impl Into, - wagi_config: WagiTriggerConfig, - ) -> &mut Self { - self.http_trigger_config = HttpTriggerConfig { - component: "test-component".to_string(), - route: route.into(), - executor: Some(HttpExecutorType::Wagi(wagi_config)), - }; - self - } - - pub fn build_loader(&self) -> impl Loader { - init_tracing(); - TestLoader { - module_path: self.module_path.clone().expect("module path to be set"), - trigger_type: "http".into(), - app_trigger_metadata: json!({"base": "/"}), - trigger_config: serde_json::to_value(&self.http_trigger_config).unwrap(), - } - } - - pub async fn build_trigger(&self) -> Executor - where - Executor::TriggerConfig: DeserializeOwned, - { - TriggerExecutorBuilder::new(self.build_loader()) - .build( - TEST_APP_URI.to_string(), - RuntimeConfig::default(), - HostComponentInitData::default(), - ) - .await - .unwrap() - } -} - -impl RedisTestConfig { - pub fn module_path(&mut self, path: impl Into) -> &mut Self { - init_tracing(); - self.module_path = Some(path.into()); - self - } - - pub fn test_program(&mut self, name: impl AsRef) -> &mut Self { - self.module_path(Path::new(TEST_PROGRAM_PATH).join(name)) - } - - pub fn build_loader(&self) -> impl Loader { - TestLoader { - module_path: self.module_path.clone().expect("module path to be set"), - trigger_type: "redis".into(), - app_trigger_metadata: json!({"address": "test-redis-host"}), - trigger_config: json!({ - "component": "test-component", - "channel": self.redis_channel, - }), - } - } - - pub async fn build_trigger(&mut self, channel: &str) -> Executor - where - Executor::TriggerConfig: DeserializeOwned, - { - self.redis_channel = channel.into(); - - TriggerExecutorBuilder::new(self.build_loader()) - .build( - TEST_APP_URI.to_string(), - RuntimeConfig::default(), - HostComponentInitData::default(), - ) - .await - .unwrap() - } -} - -const TEST_APP_URI: &str = "spin-test:"; - -struct TestLoader { - module_path: PathBuf, - trigger_type: String, - app_trigger_metadata: Value, - trigger_config: Value, -} - -#[async_trait] -impl Loader for TestLoader { - async fn load_app(&self, uri: &str) -> anyhow::Result { - assert_eq!(uri, TEST_APP_URI); - let components = from_json!([{ - "id": "test-component", - "source": { - "content_type": "application/wasm", - "digest": "test-source", - }, - }]); - let triggers = from_json!([ - { - "id": "trigger--test-app", - "trigger_type": self.trigger_type, - "trigger_config": self.trigger_config, - }, - ]); - let mut trigger_meta = self.app_trigger_metadata.clone(); - trigger_meta - .as_object_mut() - .unwrap() - .insert("type".into(), self.trigger_type.clone().into()); - let metadata = from_json!({"name": "test-app", "trigger": trigger_meta}); - let variables = Default::default(); - Ok(LockedApp { - spin_lock_version: Default::default(), - components, - triggers, - metadata, - variables, - must_understand: Default::default(), - host_requirements: Default::default(), - }) - } - - async fn load_component( - &self, - engine: &spin_core::wasmtime::Engine, - source: &LockedComponentSource, - ) -> anyhow::Result { - assert_eq!(source.content.digest.as_deref(), Some("test-source")); - Component::new( - engine, - spin_componentize::componentize_if_necessary(&fs::read(&self.module_path).await?)?, - ) - } - - async fn load_module( - &self, - engine: &spin_core::wasmtime::Engine, - source: &LockedComponentSource, - ) -> anyhow::Result { - assert_eq!(source.content.digest.as_deref(), Some("test-source")); - spin_core::Module::from_file(engine, &self.module_path) - } - - async fn mount_files( - &self, - _store_builder: &mut StoreBuilder, - component: &AppComponent, - ) -> anyhow::Result<()> { - assert_eq!(component.files().len(), 0, "files testing not implemented"); - Ok(()) - } -} - -pub fn test_socket_addr() -> SocketAddr { - "127.0.0.1:55555".parse().unwrap() -} - -pub fn assert_http_response_success(resp: &Response) { - if !resp.status().is_success() { - panic!("non-success response {}: {:?}", resp.status(), resp.body()); - } -} diff --git a/crates/trigger-http/Cargo.toml b/crates/trigger-http/Cargo.toml deleted file mode 100644 index 79ce6c1288..0000000000 --- a/crates/trigger-http/Cargo.toml +++ /dev/null @@ -1,62 +0,0 @@ -[package] -name = "spin-trigger-http" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -async-trait = "0.1" -clap = "3" -futures = "0.3" -futures-util = "0.3.8" -http = "1.0.0" -hyper = { workspace = true } -hyper-util = { version = "0.1.2", features = ["tokio"] } -http-body-util = { workspace = true } -indexmap = "1" -outbound-http = { path = "../outbound-http" } -percent-encoding = "2" -rustls = { version = "0.22.4" } -rustls-pemfile = "2.1.2" -rustls-pki-types = "1.7" -serde = { version = "1.0", features = ["derive"] } -serde_json = "1" -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-http = { path = "../http" } -spin-outbound-networking = { path = "../outbound-networking" } -spin-telemetry = { path = "../telemetry" } -spin-trigger = { path = "../trigger" } -spin-world = { path = "../world" } -terminal = { path = "../terminal" } -tls-listener = { version = "0.10.0", features = ["rustls"] } -tokio = { version = "1.23", features = ["full"] } -tokio-rustls = { version = "0.25.0" } -url = "2.4.1" -tracing = { workspace = true } -wasmtime = { workspace = true } -wasmtime-wasi = { workspace = true } -wasmtime-wasi-http = { workspace = true } -wasi-common-preview1 = { workspace = true } -webpki-roots = { version = "0.26.0" } - -[dev-dependencies] -criterion = { version = "0.3.5", features = ["async_tokio"] } -num_cpus = "1" -spin-testing = { path = "../testing" } - -[[bench]] -name = "baseline" -harness = false - -[features] -llm = ["spin-trigger/llm"] -llm-metal = ["llm", "spin-trigger/llm-metal"] -llm-cublas = ["llm", "spin-trigger/llm-cublas"] - -[lints] -workspace = true diff --git a/crates/trigger-http/benches/baseline.rs b/crates/trigger-http/benches/baseline.rs deleted file mode 100644 index 2eac1aa6b0..0000000000 --- a/crates/trigger-http/benches/baseline.rs +++ /dev/null @@ -1,126 +0,0 @@ -use std::future::Future; -use std::sync::atomic::{AtomicBool, Ordering::Relaxed}; -use std::sync::Arc; - -use criterion::{criterion_group, criterion_main, Criterion}; - -use http::uri::Scheme; -use http::Request; -use spin_testing::{assert_http_response_success, HttpTestConfig}; -use spin_trigger_http::HttpTrigger; -use tokio::runtime::Runtime; - -criterion_main!(benches); -criterion_group!( - benches, - bench_startup, - bench_spin_concurrency_minimal, - bench_wagi_concurrency_minimal, -); - -async fn spin_trigger() -> Arc { - Arc::new( - HttpTestConfig::default() - .test_program("spin-http-benchmark.wasm") - .http_spin_trigger("/") - .build_trigger() - .await, - ) -} - -async fn wagi_trigger() -> Arc { - Arc::new( - HttpTestConfig::default() - .test_program("wagi-benchmark.wasm") - .http_wagi_trigger("/", Default::default()) - .build_trigger() - .await, - ) -} - -// Benchmark time to start and process one request -fn bench_startup(c: &mut Criterion) { - let async_runtime = Runtime::new().unwrap(); - - let mut group = c.benchmark_group("startup"); - group.bench_function("spin-executor", |b| { - b.to_async(&async_runtime).iter(|| async { - let trigger = spin_trigger().await; - run(&trigger, "/").await; - }); - }); - group.bench_function("spin-wagi-executor", |b| { - b.to_async(&async_runtime).iter(|| async { - let trigger = wagi_trigger().await; - run(&trigger, "/").await; - }); - }); -} - -fn bench_spin_concurrency_minimal(c: &mut Criterion) { - bench_concurrency_minimal(c, "spin-executor", spin_trigger); -} -fn bench_wagi_concurrency_minimal(c: &mut Criterion) { - bench_concurrency_minimal(c, "spin-wagi-executor", wagi_trigger); -} - -fn bench_concurrency_minimal>>( - c: &mut Criterion, - name: &str, - mk: fn() -> F, -) { - let async_runtime = Runtime::new().unwrap(); - let trigger = async_runtime.block_on(mk()); - - for task in ["/?sleep=1", "/?noop", "/?cpu=1"] { - let mut group = c.benchmark_group(format!("{name}{task}")); - for concurrency in concurrency_steps() { - group.bench_function(format!("concurrency-{}", concurrency), |b| { - let done = Arc::new(AtomicBool::new(false)); - let background = (0..concurrency - 1) - .map(|_| { - let trigger = trigger.clone(); - let done = done.clone(); - async_runtime.spawn(async move { - while !done.load(Relaxed) { - run(&trigger, task).await; - } - }) - }) - .collect::>(); - b.to_async(&async_runtime).iter(|| run(&trigger, task)); - done.store(true, Relaxed); - for task in background { - async_runtime.block_on(task).unwrap(); - } - }); - } - } -} - -// Helpers - -fn concurrency_steps() -> [u32; 3] { - let cpus = num_cpus::get() as u32; - if cpus > 1 { - [1, cpus, cpus * 4] - } else { - [1, 2, 4] - } -} - -async fn run(trigger: &HttpTrigger, path: &str) { - let req = Request::get(path.to_string()) - .body(Default::default()) - .unwrap(); - let resp = trigger - .handle( - req, - Scheme::HTTP, - "127.0.0.1:3000".parse().unwrap(), - "127.0.0.1:55555".parse().unwrap(), - ) - .await - .unwrap(); - assert_http_response_success(&resp); -} diff --git a/crates/trigger-http/benches/readme.md b/crates/trigger-http/benches/readme.md deleted file mode 100644 index 18c9ef2298..0000000000 --- a/crates/trigger-http/benches/readme.md +++ /dev/null @@ -1,8 +0,0 @@ -These benchmarks use [criterion.rs](https://github.com/bheisler/criterion.rs); the recommended way to run them is with the [cargo-criterion](https://github.com/bheisler/cargo-criterion) tool: - -```sh -$ cargo install cargo-criterion -$ cargo criterion --workspace -``` - -HTML reports will be written to `target/criterion/reports` \ No newline at end of file diff --git a/crates/trigger-http/benches/spin-http-benchmark/.cargo/config.toml b/crates/trigger-http/benches/spin-http-benchmark/.cargo/config.toml deleted file mode 100644 index 6b77899cb3..0000000000 --- a/crates/trigger-http/benches/spin-http-benchmark/.cargo/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[build] -target = "wasm32-wasi" diff --git a/crates/trigger-http/benches/spin-http-benchmark/Cargo.toml b/crates/trigger-http/benches/spin-http-benchmark/Cargo.toml deleted file mode 100644 index dae8080366..0000000000 --- a/crates/trigger-http/benches/spin-http-benchmark/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "spin-http-benchmark" -version = "0.2.0" -edition = "2021" - -[lib] -crate-type = ["cdylib"] - -[dependencies] -wit-bindgen = "0.13.0" -url = "2.4.1" - -[workspace] diff --git a/crates/trigger-http/benches/spin-http-benchmark/src/lib.rs b/crates/trigger-http/benches/spin-http-benchmark/src/lib.rs deleted file mode 100644 index 52e8835297..0000000000 --- a/crates/trigger-http/benches/spin-http-benchmark/src/lib.rs +++ /dev/null @@ -1,57 +0,0 @@ -wit_bindgen::generate!({ - world: "http-trigger", - path: "../../../../wit/deps/spin@unversioned", - exports: { - "fermyon:spin/inbound-http": SpinHttp, - } -}); - -use exports::fermyon::spin::inbound_http; - -struct SpinHttp; - -impl inbound_http::Guest for SpinHttp { - fn handle_request(req: inbound_http::Request) -> inbound_http::Response { - let params = req.uri.find('?').map(|i| &req.uri[i + 1..]).unwrap_or(""); - for (key, value) in url::form_urlencoded::parse(params.as_bytes()) { - #[allow(clippy::single_match)] - match &*key { - // sleep= param simulates processing time - "sleep" => { - let ms = value.parse().expect("invalid sleep"); - std::thread::sleep(std::time::Duration::from_millis(ms)); - } - // cpu= param simulates compute time - "cpu" => { - let amt = value.parse().expect("invalid cpu"); - for _ in 0..amt { - do_some_work(); - } - } - _ => (), - } - } - inbound_http::Response { - status: 200, - headers: None, - body: None, - } - } -} - -// According to my computer, which is highly accurate, this is the best way to -// simulate precisely 1.5ms of work. That definitely won't change over time. -fn do_some_work() { - const N: usize = 4096; - const AMT: usize = 5_000; - - let mut a = [0u8; N]; - let mut b = [1u8; N]; - - for _ in 0..AMT { - a.copy_from_slice(&b); - std::hint::black_box(&a); - b.copy_from_slice(&a); - std::hint::black_box(&b); - } -} diff --git a/crates/trigger-http/benches/wagi-benchmark/.cargo/config.toml b/crates/trigger-http/benches/wagi-benchmark/.cargo/config.toml deleted file mode 100644 index 6b77899cb3..0000000000 --- a/crates/trigger-http/benches/wagi-benchmark/.cargo/config.toml +++ /dev/null @@ -1,2 +0,0 @@ -[build] -target = "wasm32-wasi" diff --git a/crates/trigger-http/benches/wagi-benchmark/Cargo.toml b/crates/trigger-http/benches/wagi-benchmark/Cargo.toml deleted file mode 100644 index a2b6085cf8..0000000000 --- a/crates/trigger-http/benches/wagi-benchmark/Cargo.toml +++ /dev/null @@ -1,6 +0,0 @@ -[package] -name = "wagi-benchmark" -version = "0.1.0" -edition = "2021" - -[workspace] \ No newline at end of file diff --git a/crates/trigger-http/benches/wagi-benchmark/src/main.rs b/crates/trigger-http/benches/wagi-benchmark/src/main.rs deleted file mode 100644 index a8e17c8ac6..0000000000 --- a/crates/trigger-http/benches/wagi-benchmark/src/main.rs +++ /dev/null @@ -1,11 +0,0 @@ -fn main() { - for arg in std::env::args() { - // sleep= param simulates processing time - if let Some(ms_str) = arg.strip_prefix("sleep=") { - let ms = ms_str.parse().expect("invalid sleep"); - std::thread::sleep(std::time::Duration::from_millis(ms)); - } - } - - println!("Content-Type: text/plain\n"); -} diff --git a/crates/trigger-http/src/handler.rs b/crates/trigger-http/src/handler.rs deleted file mode 100644 index 4ff4aa3980..0000000000 --- a/crates/trigger-http/src/handler.rs +++ /dev/null @@ -1,456 +0,0 @@ -use std::{net::SocketAddr, str, str::FromStr}; - -use crate::{Body, ChainedRequestHandler, HttpExecutor, HttpInstance, HttpTrigger, Store}; -use anyhow::{anyhow, Context, Result}; -use futures::TryFutureExt; -use http::{HeaderName, HeaderValue}; -use http_body_util::BodyExt; -use hyper::{Request, Response}; -use outbound_http::OutboundHttpComponent; -use spin_core::async_trait; -use spin_core::wasi_2023_10_18::exports::wasi::http::incoming_handler::Guest as IncomingHandler2023_10_18; -use spin_core::wasi_2023_11_10::exports::wasi::http::incoming_handler::Guest as IncomingHandler2023_11_10; -use spin_core::{Component, Engine, Instance}; -use spin_http::body; -use spin_http::routes::RouteMatch; -use spin_trigger::TriggerAppEngine; -use spin_world::v1::http_types; -use std::sync::Arc; -use tokio::{sync::oneshot, task}; -use tracing::{instrument, Instrument, Level}; -use wasmtime_wasi_http::{proxy::Proxy, WasiHttpView}; - -#[derive(Clone)] -pub struct HttpHandlerExecutor; - -#[async_trait] -impl HttpExecutor for HttpHandlerExecutor { - #[instrument(name = "spin_trigger_http.execute_wasm", skip_all, err(level = Level::INFO), fields(otel.name = format!("execute_wasm_component {}", route_match.component_id())))] - async fn execute( - &self, - engine: Arc>, - base: &str, - route_match: &RouteMatch, - req: Request, - client_addr: SocketAddr, - ) -> Result> { - let component_id = route_match.component_id(); - - tracing::trace!( - "Executing request using the Spin executor for component {}", - component_id - ); - - let (instance, mut store) = engine.prepare_instance(component_id).await?; - let HttpInstance::Component(instance, ty) = instance else { - unreachable!() - }; - - set_http_origin_from_request(&mut store, engine.clone(), self, &req); - - // set the client tls options for the current component_id. - // The OutboundWasiHttpHandler in this file is only used - // when making http-request from a http-trigger component. - // The outbound http requests from other triggers such as Redis - // uses OutboundWasiHttpHandler defined in spin_core crate. - store.as_mut().data_mut().as_mut().client_tls_opts = - engine.get_client_tls_opts(component_id); - - let resp = match ty { - HandlerType::Spin => { - Self::execute_spin(store, instance, base, route_match, req, client_addr) - .await - .map_err(contextualise_err)? - } - _ => { - Self::execute_wasi(store, instance, ty, base, route_match, req, client_addr).await? - } - }; - - tracing::info!( - "Request finished, sending response with status code {}", - resp.status() - ); - Ok(resp) - } -} - -impl HttpHandlerExecutor { - pub async fn execute_spin( - mut store: Store, - instance: Instance, - base: &str, - route_match: &RouteMatch, - req: Request, - client_addr: SocketAddr, - ) -> Result> { - let headers = Self::headers(&req, base, route_match, client_addr)?; - let func = instance - .exports(&mut store) - .instance("fermyon:spin/inbound-http") - // Safe since we have already checked that this instance exists - .expect("no fermyon:spin/inbound-http found") - .typed_func::<(http_types::Request,), (http_types::Response,)>("handle-request")?; - - let (parts, body) = req.into_parts(); - let bytes = body.collect().await?.to_bytes().to_vec(); - - let method = if let Some(method) = Self::method(&parts.method) { - method - } else { - return Ok(Response::builder() - .status(http::StatusCode::METHOD_NOT_ALLOWED) - .body(body::empty())?); - }; - - // Preparing to remove the params field. We are leaving it in place for now - // to avoid breaking the ABI, but no longer pass or accept values in it. - // https://github.com/fermyon/spin/issues/663 - let params = vec![]; - - let uri = match parts.uri.path_and_query() { - Some(u) => u.to_string(), - None => parts.uri.to_string(), - }; - - let req = http_types::Request { - method, - uri, - headers, - params, - body: Some(bytes), - }; - - let (resp,) = func.call_async(&mut store, (req,)).await?; - - if resp.status < 100 || resp.status > 600 { - tracing::error!("malformed HTTP status code"); - return Ok(Response::builder() - .status(http::StatusCode::INTERNAL_SERVER_ERROR) - .body(body::empty())?); - }; - - let mut response = http::Response::builder().status(resp.status); - if let Some(headers) = response.headers_mut() { - Self::append_headers(headers, resp.headers)?; - } - - let body = match resp.body { - Some(b) => body::full(b.into()), - None => body::empty(), - }; - - Ok(response.body(body)?) - } - - fn method(m: &http::Method) -> Option { - Some(match *m { - http::Method::GET => http_types::Method::Get, - http::Method::POST => http_types::Method::Post, - http::Method::PUT => http_types::Method::Put, - http::Method::DELETE => http_types::Method::Delete, - http::Method::PATCH => http_types::Method::Patch, - http::Method::HEAD => http_types::Method::Head, - http::Method::OPTIONS => http_types::Method::Options, - _ => return None, - }) - } - - async fn execute_wasi( - mut store: Store, - instance: Instance, - ty: HandlerType, - base: &str, - route_match: &RouteMatch, - mut req: Request, - client_addr: SocketAddr, - ) -> anyhow::Result> { - let headers = Self::headers(&req, base, route_match, client_addr)?; - req.headers_mut().clear(); - req.headers_mut() - .extend(headers.into_iter().filter_map(|(n, v)| { - let Ok(name) = n.parse::() else { - return None; - }; - let Ok(value) = HeaderValue::from_bytes(v.as_bytes()) else { - return None; - }; - Some((name, value)) - })); - let request = store.as_mut().data_mut().new_incoming_request(req)?; - - let (response_tx, response_rx) = oneshot::channel(); - let response = store - .as_mut() - .data_mut() - .new_response_outparam(response_tx)?; - - enum Handler { - Latest(Proxy), - Handler2023_11_10(IncomingHandler2023_11_10), - Handler2023_10_18(IncomingHandler2023_10_18), - } - - let handler = - { - let mut exports = instance.exports(&mut store); - match ty { - HandlerType::Wasi2023_10_18 => { - let mut instance = exports - .instance(WASI_HTTP_EXPORT_2023_10_18) - .ok_or_else(|| { - anyhow!("export of `{WASI_HTTP_EXPORT_2023_10_18}` not an instance") - })?; - Handler::Handler2023_10_18(IncomingHandler2023_10_18::new(&mut instance)?) - } - HandlerType::Wasi2023_11_10 => { - let mut instance = exports - .instance(WASI_HTTP_EXPORT_2023_11_10) - .ok_or_else(|| { - anyhow!("export of `{WASI_HTTP_EXPORT_2023_11_10}` not an instance") - })?; - Handler::Handler2023_11_10(IncomingHandler2023_11_10::new(&mut instance)?) - } - HandlerType::Wasi0_2 => { - drop(exports); - Handler::Latest(Proxy::new(&mut store, &instance)?) - } - HandlerType::Spin => panic!("should have used execute_spin instead"), - } - }; - - let span = tracing::debug_span!("execute_wasi"); - let handle = task::spawn( - async move { - let result = match handler { - Handler::Latest(proxy) => { - proxy - .wasi_http_incoming_handler() - .call_handle(&mut store, request, response) - .instrument(span) - .await - } - Handler::Handler2023_10_18(proxy) => { - proxy - .call_handle(&mut store, request, response) - .instrument(span) - .await - } - Handler::Handler2023_11_10(proxy) => { - proxy - .call_handle(&mut store, request, response) - .instrument(span) - .await - } - }; - - tracing::trace!( - "wasi-http memory consumed: {}", - store.as_ref().data().memory_consumed() - ); - - result - } - .in_current_span(), - ); - - match response_rx.await { - Ok(response) => { - task::spawn( - async move { - handle - .await - .context("guest invocation panicked")? - .context("guest invocation failed")?; - - Ok(()) - } - .map_err(|e: anyhow::Error| { - tracing::warn!("component error after response: {e:?}"); - }), - ); - - Ok(response.context("guest failed to produce a response")?) - } - - Err(_) => { - handle - .await - .context("guest invocation panicked")? - .context("guest invocation failed")?; - - Err(anyhow!( - "guest failed to produce a response prior to returning" - )) - } - } - } - - fn headers( - req: &Request, - base: &str, - route_match: &RouteMatch, - client_addr: SocketAddr, - ) -> Result> { - let mut res = Vec::new(); - for (name, value) in req - .headers() - .iter() - .map(|(name, value)| (name.to_string(), std::str::from_utf8(value.as_bytes()))) - { - let value = value?.to_string(); - res.push((name, value)); - } - - let default_host = http::HeaderValue::from_str("localhost")?; - let host = std::str::from_utf8( - req.headers() - .get("host") - .unwrap_or(&default_host) - .as_bytes(), - )?; - - // Set the environment information (path info, base path, etc) as headers. - // In the future, we might want to have this information in a context - // object as opposed to headers. - for (keys, val) in - crate::compute_default_headers(req.uri(), base, host, route_match, client_addr)? - { - res.push((Self::prepare_header_key(&keys[0]), val)); - } - - Ok(res) - } - - fn prepare_header_key(key: &str) -> String { - key.replace('_', "-").to_ascii_lowercase() - } - - fn append_headers(res: &mut http::HeaderMap, src: Option>) -> Result<()> { - if let Some(src) = src { - for (k, v) in src.iter() { - res.insert( - http::header::HeaderName::from_str(k)?, - http::header::HeaderValue::from_str(v)?, - ); - } - }; - - Ok(()) - } -} - -/// Whether this handler uses the custom Spin http handler interface for wasi-http -#[derive(Copy, Clone)] -pub enum HandlerType { - Spin, - Wasi0_2, - Wasi2023_11_10, - Wasi2023_10_18, -} - -const WASI_HTTP_EXPORT_2023_10_18: &str = "wasi:http/incoming-handler@0.2.0-rc-2023-10-18"; -const WASI_HTTP_EXPORT_2023_11_10: &str = "wasi:http/incoming-handler@0.2.0-rc-2023-11-10"; -const WASI_HTTP_EXPORT_0_2_0: &str = "wasi:http/incoming-handler@0.2.0"; - -impl HandlerType { - /// Determine the handler type from the exports of a component - pub fn from_component(engine: &Engine, component: &Component) -> Result { - let mut handler_ty = None; - - let mut set = |ty: HandlerType| { - if handler_ty.is_none() { - handler_ty = Some(ty); - Ok(()) - } else { - Err(anyhow!( - "component exports multiple different handlers but \ - it's expected to export only one" - )) - } - }; - let ty = component.component_type(); - for (name, _) in ty.exports(engine.as_ref()) { - match name { - WASI_HTTP_EXPORT_2023_10_18 => set(HandlerType::Wasi2023_10_18)?, - WASI_HTTP_EXPORT_2023_11_10 => set(HandlerType::Wasi2023_11_10)?, - WASI_HTTP_EXPORT_0_2_0 => set(HandlerType::Wasi0_2)?, - "fermyon:spin/inbound-http" => set(HandlerType::Spin)?, - _ => {} - } - } - - handler_ty.ok_or_else(|| { - anyhow!( - "Expected component to either export `{WASI_HTTP_EXPORT_2023_10_18}`, \ - `{WASI_HTTP_EXPORT_2023_11_10}`, `{WASI_HTTP_EXPORT_0_2_0}`, \ - or `fermyon:spin/inbound-http` but it exported none of those" - ) - }) - } -} - -fn set_http_origin_from_request( - store: &mut Store, - engine: Arc>, - handler: &HttpHandlerExecutor, - req: &Request, -) { - if let Some(authority) = req.uri().authority() { - if let Some(scheme) = req.uri().scheme_str() { - let origin = format!("{}://{}", scheme, authority); - if let Some(outbound_http_handle) = engine - .engine - .find_host_component_handle::>() - { - let outbound_http_data = store - .host_components_data() - .get_or_insert(outbound_http_handle); - - outbound_http_data.origin.clone_from(&origin); - store.as_mut().data_mut().as_mut().allowed_hosts = - outbound_http_data.allowed_hosts.clone(); - } - - let chained_request_handler = ChainedRequestHandler { - engine: engine.clone(), - executor: handler.clone(), - }; - store.as_mut().data_mut().as_mut().origin = Some(origin); - store.as_mut().data_mut().as_mut().chained_handler = Some(chained_request_handler); - } - } -} - -fn contextualise_err(e: anyhow::Error) -> anyhow::Error { - if e.to_string() - .contains("failed to find function export `canonical_abi_free`") - { - e.context( - "component is not compatible with Spin executor - should this use the Wagi executor?", - ) - } else { - e - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_spin_header_keys() { - assert_eq!( - HttpHandlerExecutor::prepare_header_key("SPIN_FULL_URL"), - "spin-full-url".to_string() - ); - assert_eq!( - HttpHandlerExecutor::prepare_header_key("SPIN_PATH_INFO"), - "spin-path-info".to_string() - ); - assert_eq!( - HttpHandlerExecutor::prepare_header_key("SPIN_RAW_COMPONENT_ROUTE"), - "spin-raw-component-route".to_string() - ); - } -} diff --git a/crates/trigger-http/src/instrument.rs b/crates/trigger-http/src/instrument.rs deleted file mode 100644 index 2e74d97aaa..0000000000 --- a/crates/trigger-http/src/instrument.rs +++ /dev/null @@ -1,93 +0,0 @@ -use anyhow::Result; -use http::Response; -use tracing::Level; -use wasmtime_wasi_http::body::HyperIncomingBody; - -/// Create a span for an HTTP request. -macro_rules! http_span { - ($request:tt, $addr:tt) => { - tracing::info_span!( - "spin_trigger_http.handle_http_request", - "otel.kind" = "server", - "http.request.method" = %$request.method(), - "network.peer.address" = %$addr.ip(), - "network.peer.port" = %$addr.port(), - "network.protocol.name" = "http", - "url.path" = $request.uri().path(), - "url.query" = $request.uri().query().unwrap_or(""), - "url.scheme" = $request.uri().scheme_str().unwrap_or(""), - "client.address" = $request.headers().get("x-forwarded-for").and_then(|val| val.to_str().ok()), - // Recorded later - "error.type" = Empty, - "http.response.status_code" = Empty, - "http.route" = Empty, - "otel.name" = Empty, - ) - }; -} - -pub(crate) use http_span; - -/// Finish setting attributes on the HTTP span. -pub(crate) fn finalize_http_span( - response: Result>, - method: String, -) -> Result> { - let span = tracing::Span::current(); - match response { - Ok(response) => { - let matched_route = response.extensions().get::(); - // Set otel.name and http.route - if let Some(MatchedRoute { route }) = matched_route { - span.record("http.route", route); - span.record("otel.name", format!("{method} {route}")); - } else { - span.record("otel.name", method); - } - - // Set status code - span.record("http.response.status_code", response.status().as_u16()); - - Ok(response) - } - Err(err) => { - instrument_error(&err); - span.record("http.response.status_code", 500); - span.record("otel.name", method); - Err(err) - } - } -} - -/// Marks the current span as errored. -pub(crate) fn instrument_error(err: &anyhow::Error) { - let span = tracing::Span::current(); - tracing::event!(target:module_path!(), Level::INFO, error = %err); - span.record("error.type", format!("{:?}", err)); -} - -/// MatchedRoute is used as a response extension to track the route that was matched for OTel -/// tracing purposes. -#[derive(Clone)] -pub struct MatchedRoute { - pub route: String, -} - -impl MatchedRoute { - pub fn set_response_extension( - resp: &mut Response, - route: impl Into, - ) { - resp.extensions_mut().insert(MatchedRoute { - route: route.into(), - }); - } - - pub fn with_response_extension( - mut resp: Response, - route: impl Into, - ) -> Response { - Self::set_response_extension(&mut resp, route); - resp - } -} diff --git a/crates/trigger-http/src/lib.rs b/crates/trigger-http/src/lib.rs deleted file mode 100644 index c5c5f066c1..0000000000 --- a/crates/trigger-http/src/lib.rs +++ /dev/null @@ -1,1240 +0,0 @@ -//! Implementation for the Spin HTTP engine. - -mod handler; -mod instrument; -mod tls; -mod wagi; - -use std::{ - collections::HashMap, - error::Error, - io::IsTerminal, - net::{Ipv4Addr, SocketAddr, ToSocketAddrs}, - path::PathBuf, - str::FromStr, - sync::Arc, -}; - -use anyhow::{Context, Result}; -use async_trait::async_trait; -use clap::Args; -use http::{header::HOST, uri::Authority, uri::Scheme, HeaderValue, StatusCode, Uri}; -use http_body_util::BodyExt; -use hyper::{ - body::{Bytes, Incoming}, - server::conn::http1, - service::service_fn, - Request, Response, -}; -use hyper_util::rt::tokio::TokioIo; -use instrument::{finalize_http_span, http_span}; -use spin_app::{AppComponent, APP_DESCRIPTION_KEY}; -use spin_core::{Engine, OutboundWasiHttpHandler}; -use spin_http::{ - app_info::AppInfo, - body, - config::{HttpExecutorType, HttpTriggerConfig}, - routes::{RouteMatch, Router}, -}; -use spin_outbound_networking::{ - is_service_chaining_host, parse_service_chaining_target, AllowedHostsConfig, OutboundUrl, -}; -use spin_trigger::{ParsedClientTlsOpts, TriggerAppEngine, TriggerExecutor, TriggerInstancePre}; -use tokio::{ - io::{AsyncRead, AsyncWrite}, - net::{TcpListener, TcpStream}, - task, - time::timeout, -}; - -use tracing::{field::Empty, log, Instrument}; -use wasmtime_wasi_http::{ - bindings::wasi::http::{types, types::ErrorCode}, - body::{HyperIncomingBody as Body, HyperOutgoingBody}, - types::HostFutureIncomingResponse, - HttpError, HttpResult, -}; - -use crate::{ - handler::{HandlerType, HttpHandlerExecutor}, - instrument::{instrument_error, MatchedRoute}, - wagi::WagiHttpExecutor, -}; - -pub use tls::TlsConfig; - -pub(crate) type RuntimeData = HttpRuntimeData; -pub(crate) type Store = spin_core::Store; - -/// The Spin HTTP trigger. -pub struct HttpTrigger { - engine: Arc>, - router: Router, - // Base path for component routes. - base: String, - // Component ID -> component trigger config - component_trigger_configs: HashMap, -} - -#[derive(Args)] -pub struct CliArgs { - /// IP address and port to listen on - #[clap(long = "listen", env = "SPIN_HTTP_LISTEN_ADDR", default_value = "127.0.0.1:3000", value_parser = parse_listen_addr)] - pub address: SocketAddr, - - /// The path to the certificate to use for https, if this is not set, normal http will be used. The cert should be in PEM format - #[clap(long, env = "SPIN_TLS_CERT", requires = "tls-key")] - pub tls_cert: Option, - - /// The path to the certificate key to use for https, if this is not set, normal http will be used. The key should be in PKCS#8 format - #[clap(long, env = "SPIN_TLS_KEY", requires = "tls-cert")] - pub tls_key: Option, -} - -impl CliArgs { - fn into_tls_config(self) -> Option { - match (self.tls_cert, self.tls_key) { - (Some(cert_path), Some(key_path)) => Some(TlsConfig { - cert_path, - key_path, - }), - (None, None) => None, - _ => unreachable!(), - } - } -} - -pub enum HttpInstancePre { - Component(spin_core::InstancePre, HandlerType), - Module(spin_core::ModuleInstancePre), -} - -pub enum HttpInstance { - Component(spin_core::Instance, HandlerType), - Module(spin_core::ModuleInstance), -} - -#[async_trait] -impl TriggerExecutor for HttpTrigger { - const TRIGGER_TYPE: &'static str = "http"; - type RuntimeData = RuntimeData; - type TriggerConfig = HttpTriggerConfig; - type RunConfig = CliArgs; - type InstancePre = HttpInstancePre; - - async fn new(engine: TriggerAppEngine) -> Result { - let mut base = engine - .trigger_metadata::()? - .unwrap_or_default() - .base; - - if !base.starts_with('/') { - base = format!("/{base}"); - } - - let component_routes = engine - .trigger_configs() - .map(|(_, config)| (config.component.as_str(), &config.route)); - - let (router, duplicate_routes) = Router::build(&base, component_routes)?; - - if !duplicate_routes.is_empty() { - log::error!("The following component routes are duplicates and will never be used:"); - for dup in &duplicate_routes { - log::error!( - " {}: {} (duplicate of {})", - dup.replaced_id, - dup.route(), - dup.effective_id, - ); - } - } - - log::trace!( - "Constructed router for application {}: {:?}", - engine.app_name, - router.routes().collect::>() - ); - - let component_trigger_configs = engine - .trigger_configs() - .map(|(_, config)| (config.component.clone(), config.clone())) - .collect(); - - Ok(Self { - engine: Arc::new(engine), - router, - base, - component_trigger_configs, - }) - } - - async fn run(self, config: Self::RunConfig) -> Result<()> { - let listen_addr = config.address; - let tls = config.into_tls_config(); - - let listener = TcpListener::bind(listen_addr) - .await - .with_context(|| format!("Unable to listen on {}", listen_addr))?; - - let self_ = Arc::new(self); - if let Some(tls) = tls { - self_.serve_tls(listener, listen_addr, tls).await? - } else { - self_.serve(listener, listen_addr).await? - }; - - Ok(()) - } - - fn supported_host_requirements() -> Vec<&'static str> { - vec![spin_app::locked::SERVICE_CHAINING_KEY] - } -} - -#[async_trait] -impl TriggerInstancePre for HttpInstancePre { - type Instance = HttpInstance; - - async fn instantiate_pre( - engine: &Engine, - component: &AppComponent, - config: &HttpTriggerConfig, - ) -> Result { - if let Some(HttpExecutorType::Wagi(_)) = &config.executor { - let module = component.load_module(engine).await?; - Ok(HttpInstancePre::Module( - engine.module_instantiate_pre(&module)?, - )) - } else { - let comp = component.load_component(engine).await?; - let handler_ty = HandlerType::from_component(engine, &comp)?; - Ok(HttpInstancePre::Component( - engine.instantiate_pre(&comp)?, - handler_ty, - )) - } - } - - async fn instantiate(&self, store: &mut Store) -> Result { - match self { - HttpInstancePre::Component(pre, ty) => Ok(HttpInstance::Component( - pre.instantiate_async(store).await?, - *ty, - )), - HttpInstancePre::Module(pre) => { - pre.instantiate_async(store).await.map(HttpInstance::Module) - } - } - } -} - -impl HttpTrigger { - /// Handles incoming requests using an HTTP executor. - pub async fn handle( - &self, - mut req: Request, - scheme: Scheme, - server_addr: SocketAddr, - client_addr: SocketAddr, - ) -> Result> { - set_req_uri(&mut req, scheme, server_addr)?; - strip_forbidden_headers(&mut req); - - spin_telemetry::extract_trace_context(&req); - - log::info!( - "Processing request for application {} on URI {}", - &self.engine.app_name, - req.uri() - ); - - let path = req.uri().path().to_string(); - - // Handle well-known spin paths - if let Some(well_known) = path.strip_prefix(spin_http::WELL_KNOWN_PREFIX) { - return match well_known { - "health" => Ok(MatchedRoute::with_response_extension( - Response::new(body::full(Bytes::from_static(b"OK"))), - path, - )), - "info" => self.app_info(path), - _ => Self::not_found(NotFoundRouteKind::WellKnown), - }; - } - - // Route to app component - match self.router.route(&path) { - Ok(route_match) => { - spin_telemetry::metrics::monotonic_counter!( - spin.request_count = 1, - trigger_type = "http", - app_id = &self.engine.app_name, - component_id = route_match.component_id() - ); - - let component_id = route_match.component_id(); - - let trigger = self.component_trigger_configs.get(component_id).unwrap(); - - let executor = trigger.executor.as_ref().unwrap_or(&HttpExecutorType::Http); - - let res = match executor { - HttpExecutorType::Http => { - HttpHandlerExecutor - .execute( - self.engine.clone(), - &self.base, - &route_match, - req, - client_addr, - ) - .await - } - HttpExecutorType::Wagi(wagi_config) => { - let executor = WagiHttpExecutor { - wagi_config: wagi_config.clone(), - }; - executor - .execute( - self.engine.clone(), - &self.base, - &route_match, - req, - client_addr, - ) - .await - } - }; - match res { - Ok(res) => Ok(MatchedRoute::with_response_extension( - res, - route_match.raw_route(), - )), - Err(e) => { - log::error!("Error processing request: {:?}", e); - instrument_error(&e); - Self::internal_error(None, route_match.raw_route()) - } - } - } - Err(_) => Self::not_found(NotFoundRouteKind::Normal(path.to_string())), - } - } - - /// Returns spin status information. - fn app_info(&self, route: String) -> Result> { - let info = AppInfo::new(self.engine.app()); - let body = serde_json::to_vec_pretty(&info)?; - Ok(MatchedRoute::with_response_extension( - Response::builder() - .header("content-type", "application/json") - .body(body::full(body.into()))?, - route, - )) - } - - /// Creates an HTTP 500 response. - fn internal_error(body: Option<&str>, route: impl Into) -> Result> { - let body = match body { - Some(body) => body::full(Bytes::copy_from_slice(body.as_bytes())), - None => body::empty(), - }; - - Ok(MatchedRoute::with_response_extension( - Response::builder() - .status(StatusCode::INTERNAL_SERVER_ERROR) - .body(body)?, - route, - )) - } - - /// Creates an HTTP 404 response. - fn not_found(kind: NotFoundRouteKind) -> Result> { - use std::sync::atomic::{AtomicBool, Ordering}; - static SHOWN_GENERIC_404_WARNING: AtomicBool = AtomicBool::new(false); - if let NotFoundRouteKind::Normal(route) = kind { - if !SHOWN_GENERIC_404_WARNING.fetch_or(true, Ordering::Relaxed) - && std::io::stderr().is_terminal() - { - terminal::warn!("Request to {route} matched no pattern, and received a generic 404 response. To serve a more informative 404 page, add a catch-all (/...) route."); - } - } - Ok(Response::builder() - .status(StatusCode::NOT_FOUND) - .body(body::empty())?) - } - - fn serve_connection( - self: Arc, - stream: S, - server_addr: SocketAddr, - client_addr: SocketAddr, - ) { - task::spawn(async move { - if let Err(e) = http1::Builder::new() - .keep_alive(true) - .serve_connection( - TokioIo::new(stream), - service_fn(move |request| { - self.clone() - .instrumented_service_fn(server_addr, client_addr, request) - }), - ) - .await - { - log::warn!("{e:?}"); - } - }); - } - - async fn instrumented_service_fn( - self: Arc, - server_addr: SocketAddr, - client_addr: SocketAddr, - request: Request, - ) -> Result> { - let span = http_span!(request, client_addr); - let method = request.method().to_string(); - async { - let result = self - .handle( - request.map(|body: Incoming| { - body.map_err(wasmtime_wasi_http::hyper_response_error) - .boxed() - }), - Scheme::HTTP, - server_addr, - client_addr, - ) - .await; - finalize_http_span(result, method) - } - .instrument(span) - .await - } - - async fn serve(self: Arc, listener: TcpListener, listen_addr: SocketAddr) -> Result<()> { - self.print_startup_msgs("http", &listener)?; - loop { - let (stream, client_addr) = listener.accept().await?; - self.clone() - .serve_connection(stream, listen_addr, client_addr); - } - } - - async fn serve_tls( - self: Arc, - listener: TcpListener, - listen_addr: SocketAddr, - tls: TlsConfig, - ) -> Result<()> { - let acceptor = tls.server_config()?; - self.print_startup_msgs("https", &listener)?; - - loop { - let (stream, addr) = listener.accept().await?; - match acceptor.accept(stream).await { - Ok(stream) => self.clone().serve_connection(stream, listen_addr, addr), - Err(err) => tracing::error!(?err, "Failed to start TLS session"), - } - } - } - - fn print_startup_msgs(&self, scheme: &str, listener: &TcpListener) -> Result<()> { - let local_addr = listener.local_addr()?; - let base_url = format!("{scheme}://{local_addr:?}"); - terminal::step!("\nServing", "{}", base_url); - log::info!("Serving {}", base_url); - - println!("Available Routes:"); - for (route, component_id) in self.router.routes() { - println!(" {}: {}{}", component_id, base_url, route); - if let Some(component) = self.engine.app().get_component(component_id) { - if let Some(description) = component.get_metadata(APP_DESCRIPTION_KEY)? { - println!(" {}", description); - } - } - } - Ok(()) - } -} - -fn parse_listen_addr(addr: &str) -> anyhow::Result { - let addrs: Vec = addr.to_socket_addrs()?.collect(); - // Prefer 127.0.0.1 over e.g. [::1] because CHANGE IS HARD - if let Some(addr) = addrs - .iter() - .find(|addr| addr.is_ipv4() && addr.ip() == Ipv4Addr::LOCALHOST) - { - return Ok(*addr); - } - // Otherwise, take the first addr (OS preference) - addrs.into_iter().next().context("couldn't resolve address") -} - -/// The incoming request's scheme and authority -/// -/// The incoming request's URI is relative to the server, so we need to set the scheme and authority -fn set_req_uri(req: &mut Request, scheme: Scheme, addr: SocketAddr) -> Result<()> { - let uri = req.uri().clone(); - let mut parts = uri.into_parts(); - let authority = format!("{}:{}", addr.ip(), addr.port()).parse().unwrap(); - parts.scheme = Some(scheme); - parts.authority = Some(authority); - *req.uri_mut() = Uri::from_parts(parts).unwrap(); - Ok(()) -} - -fn strip_forbidden_headers(req: &mut Request) { - let headers = req.headers_mut(); - if let Some(host_header) = headers.get("Host") { - if let Ok(host) = host_header.to_str() { - if is_service_chaining_host(host) { - headers.remove("Host"); - } - } - } -} - -// We need to make the following pieces of information available to both executors. -// While the values we set are identical, the way they are passed to the -// modules is going to be different, so each executor must must use the info -// in its standardized way (environment variables for the Wagi executor, and custom headers -// for the Spin HTTP executor). -const FULL_URL: [&str; 2] = ["SPIN_FULL_URL", "X_FULL_URL"]; -const PATH_INFO: [&str; 2] = ["SPIN_PATH_INFO", "PATH_INFO"]; -const MATCHED_ROUTE: [&str; 2] = ["SPIN_MATCHED_ROUTE", "X_MATCHED_ROUTE"]; -const COMPONENT_ROUTE: [&str; 2] = ["SPIN_COMPONENT_ROUTE", "X_COMPONENT_ROUTE"]; -const RAW_COMPONENT_ROUTE: [&str; 2] = ["SPIN_RAW_COMPONENT_ROUTE", "X_RAW_COMPONENT_ROUTE"]; -const BASE_PATH: [&str; 2] = ["SPIN_BASE_PATH", "X_BASE_PATH"]; -const CLIENT_ADDR: [&str; 2] = ["SPIN_CLIENT_ADDR", "X_CLIENT_ADDR"]; - -pub(crate) fn compute_default_headers( - uri: &Uri, - base: &str, - host: &str, - route_match: &RouteMatch, - client_addr: SocketAddr, -) -> Result> { - fn owned(strs: &[&'static str; 2]) -> [String; 2] { - [strs[0].to_owned(), strs[1].to_owned()] - } - - let owned_full_url: [String; 2] = owned(&FULL_URL); - let owned_path_info: [String; 2] = owned(&PATH_INFO); - let owned_matched_route: [String; 2] = owned(&MATCHED_ROUTE); - let owned_component_route: [String; 2] = owned(&COMPONENT_ROUTE); - let owned_raw_component_route: [String; 2] = owned(&RAW_COMPONENT_ROUTE); - let owned_base_path: [String; 2] = owned(&BASE_PATH); - let owned_client_addr: [String; 2] = owned(&CLIENT_ADDR); - - let mut res = vec![]; - let abs_path = uri - .path_and_query() - .expect("cannot get path and query") - .as_str(); - - let path_info = route_match.trailing_wildcard(); - - let scheme = uri.scheme_str().unwrap_or("http"); - - let full_url = format!("{}://{}{}", scheme, host, abs_path); - - res.push((owned_path_info, path_info)); - res.push((owned_full_url, full_url)); - res.push((owned_matched_route, route_match.based_route().to_string())); - - res.push((owned_base_path, base.to_string())); - res.push(( - owned_raw_component_route, - route_match.raw_route().to_string(), - )); - res.push((owned_component_route, route_match.raw_route_or_prefix())); - res.push((owned_client_addr, client_addr.to_string())); - - for (wild_name, wild_value) in route_match.named_wildcards() { - let wild_header = format!("SPIN_PATH_MATCH_{}", wild_name.to_ascii_uppercase()); // TODO: safer - let wild_wagi_header = format!("X_PATH_MATCH_{}", wild_name.to_ascii_uppercase()); // TODO: safer - res.push(([wild_header, wild_wagi_header], wild_value.clone())); - } - - Ok(res) -} - -/// The HTTP executor trait. -/// All HTTP executors must implement this trait. -#[async_trait] -pub(crate) trait HttpExecutor: Clone + Send + Sync + 'static { - async fn execute( - &self, - engine: Arc>, - base: &str, - route_match: &RouteMatch, - req: Request, - client_addr: SocketAddr, - ) -> Result>; -} - -#[derive(Clone)] -struct ChainedRequestHandler { - engine: Arc>, - executor: HttpHandlerExecutor, -} - -#[derive(Default)] -pub struct HttpRuntimeData { - origin: Option, - chained_handler: Option, - // Optional mapping of authority and TLS options for the current component - client_tls_opts: Option>, - /// The hosts this app is allowed to make outbound requests to - allowed_hosts: AllowedHostsConfig, -} - -impl HttpRuntimeData { - fn chain_request( - data: &mut spin_core::Data, - request: Request, - config: wasmtime_wasi_http::types::OutgoingRequestConfig, - component_id: String, - ) -> HttpResult { - use wasmtime_wasi_http::types::IncomingResponse; - - let this = data.as_ref(); - - let chained_handler = - this.chained_handler - .clone() - .ok_or(HttpError::trap(wasmtime::Error::msg( - "Internal error: internal request chaining not prepared (engine not assigned)", - )))?; - - let engine = chained_handler.engine; - let handler = chained_handler.executor; - - let base = "/"; - let route_match = RouteMatch::synthetic(&component_id, request.uri().path()); - - let client_addr = std::net::SocketAddr::from_str("0.0.0.0:0").unwrap(); - - let between_bytes_timeout = config.between_bytes_timeout; - - let resp_fut = async move { - match handler - .execute(engine.clone(), base, &route_match, request, client_addr) - .await - { - Ok(resp) => Ok(Ok(IncomingResponse { - resp, - between_bytes_timeout, - worker: None, - })), - Err(e) => Err(wasmtime::Error::msg(e)), - } - }; - - let handle = wasmtime_wasi::runtime::spawn(resp_fut); - Ok(HostFutureIncomingResponse::Pending(handle)) - } -} - -fn parse_chaining_target(request: &Request) -> Option { - parse_service_chaining_target(request.uri()) -} - -impl OutboundWasiHttpHandler for HttpRuntimeData { - fn send_request( - data: &mut spin_core::Data, - mut request: Request, - mut config: wasmtime_wasi_http::types::OutgoingRequestConfig, - ) -> HttpResult { - let this = data.as_mut(); - - let is_relative_url = request - .uri() - .authority() - .map(|a| a.host().trim() == "") - .unwrap_or_default(); - if is_relative_url { - // Origin must be set in the incoming http handler - let origin = this.origin.clone().unwrap(); - let path_and_query = request - .uri() - .path_and_query() - .map(|p| p.as_str()) - .unwrap_or("/"); - let uri: Uri = format!("{origin}{path_and_query}") - .parse() - // origin together with the path and query must be a valid URI - .unwrap(); - let host = format!("{}:{}", uri.host().unwrap(), uri.port().unwrap()); - let headers = request.headers_mut(); - headers.insert( - HOST, - HeaderValue::from_str(&host).map_err(|_| ErrorCode::HttpProtocolError)?, - ); - - config.use_tls = uri - .scheme() - .map(|s| s == &Scheme::HTTPS) - .unwrap_or_default(); - // We know that `uri` has an authority because we set it above - *request.uri_mut() = uri; - } - - let uri = request.uri(); - let uri_string = uri.to_string(); - let unallowed_relative = - is_relative_url && !this.allowed_hosts.allows_relative_url(&["http", "https"]); - let unallowed_absolute = !is_relative_url - && !this.allowed_hosts.allows( - &OutboundUrl::parse(uri_string, "https") - .map_err(|_| ErrorCode::HttpRequestUriInvalid)?, - ); - if unallowed_relative || unallowed_absolute { - tracing::error!("Destination not allowed: {}", request.uri()); - let host = if unallowed_absolute { - // Safe to unwrap because absolute urls have a host by definition. - let host = uri.authority().map(|a| a.host()).unwrap(); - let port = uri.authority().map(|a| a.port()).unwrap(); - let port = match port { - Some(port_str) => port_str.to_string(), - None => uri - .scheme() - .and_then(|s| (s == &Scheme::HTTP).then_some(80)) - .unwrap_or(443) - .to_string(), - }; - terminal::warn!( - "A component tried to make a HTTP request to non-allowed host '{host}'." - ); - let scheme = uri.scheme().unwrap_or(&Scheme::HTTPS); - format!("{scheme}://{host}:{port}") - } else { - terminal::warn!("A component tried to make a HTTP request to the same component but it does not have permission."); - "self".into() - }; - eprintln!("To allow requests, add 'allowed_outbound_hosts = [\"{}\"]' to the manifest component section.", host); - return Err(ErrorCode::HttpRequestDenied.into()); - } - - if let Some(component_id) = parse_chaining_target(&request) { - return Self::chain_request(data, request, config, component_id); - } - - let current_span = tracing::Span::current(); - let uri = request.uri(); - if let Some(authority) = uri.authority() { - current_span.record("server.address", authority.host()); - if let Some(port) = authority.port() { - current_span.record("server.port", port.as_u16()); - } - } - - let client_tls_opts = (data.as_ref()).client_tls_opts.clone(); - - // TODO: This is a temporary workaround to make sure that outbound task is instrumented. - // Once Wasmtime gives us the ability to do the spawn ourselves we can just call .instrument - // and won't have to do this workaround. - let response_handle = async move { - let res = send_request_handler(request, config, client_tls_opts).await; - if let Ok(res) = &res { - tracing::Span::current() - .record("http.response.status_code", res.resp.status().as_u16()); - } - Ok(res) - } - .in_current_span(); - Ok(HostFutureIncomingResponse::Pending( - wasmtime_wasi::runtime::spawn(response_handle), - )) - } -} - -#[derive(Debug, PartialEq)] -enum NotFoundRouteKind { - Normal(String), - WellKnown, -} - -/// This is a fork of wasmtime_wasi_http::default_send_request_handler function -/// forked from bytecodealliance/wasmtime commit-sha 29a76b68200fcfa69c8fb18ce6c850754279a05b -/// This fork provides the ability to configure client cert auth for mTLS -pub async fn send_request_handler( - mut request: hyper::Request, - wasmtime_wasi_http::types::OutgoingRequestConfig { - use_tls, - connect_timeout, - first_byte_timeout, - between_bytes_timeout, - }: wasmtime_wasi_http::types::OutgoingRequestConfig, - client_tls_opts: Option>, -) -> Result { - let authority_str = if let Some(authority) = request.uri().authority() { - if authority.port().is_some() { - authority.to_string() - } else { - let port = if use_tls { 443 } else { 80 }; - format!("{}:{port}", authority) - } - } else { - return Err(types::ErrorCode::HttpRequestUriInvalid); - }; - - let authority = &authority_str.parse::().unwrap(); - - let tcp_stream = timeout(connect_timeout, TcpStream::connect(&authority_str)) - .await - .map_err(|_| types::ErrorCode::ConnectionTimeout)? - .map_err(|e| match e.kind() { - std::io::ErrorKind::AddrNotAvailable => { - dns_error("address not available".to_string(), 0) - } - - _ => { - if e.to_string() - .starts_with("failed to lookup address information") - { - dns_error("address not available".to_string(), 0) - } else { - types::ErrorCode::ConnectionRefused - } - } - })?; - - let (mut sender, worker) = if use_tls { - #[cfg(any(target_arch = "riscv64", target_arch = "s390x"))] - { - return Err( - wasmtime_wasi_http::bindings::http::types::ErrorCode::InternalError(Some( - "unsupported architecture for SSL".to_string(), - )), - ); - } - - #[cfg(not(any(target_arch = "riscv64", target_arch = "s390x")))] - { - use rustls::pki_types::ServerName; - let config = - get_client_tls_config_for_authority(authority, client_tls_opts).map_err(|e| { - wasmtime_wasi_http::bindings::http::types::ErrorCode::InternalError(Some( - format!( - "failed to configure client tls config for authority. error: {}", - e - ), - )) - })?; - let connector = tokio_rustls::TlsConnector::from(std::sync::Arc::new(config)); - let mut parts = authority_str.split(':'); - let host = parts.next().unwrap_or(&authority_str); - let domain = ServerName::try_from(host) - .map_err(|e| { - tracing::warn!("dns lookup error: {e:?}"); - dns_error("invalid dns name".to_string(), 0) - })? - .to_owned(); - let stream = connector.connect(domain, tcp_stream).await.map_err(|e| { - tracing::warn!("tls protocol error: {e:?}"); - types::ErrorCode::TlsProtocolError - })?; - let stream = TokioIo::new(stream); - - let (sender, conn) = timeout( - connect_timeout, - hyper::client::conn::http1::handshake(stream), - ) - .await - .map_err(|_| types::ErrorCode::ConnectionTimeout)? - .map_err(hyper_request_error)?; - - let worker = wasmtime_wasi::runtime::spawn(async move { - match conn.await { - Ok(()) => {} - // TODO: shouldn't throw away this error and ideally should - // surface somewhere. - Err(e) => tracing::warn!("dropping error {e}"), - } - }); - - (sender, worker) - } - } else { - let tcp_stream = TokioIo::new(tcp_stream); - let (sender, conn) = timeout( - connect_timeout, - // TODO: we should plumb the builder through the http context, and use it here - hyper::client::conn::http1::handshake(tcp_stream), - ) - .await - .map_err(|_| types::ErrorCode::ConnectionTimeout)? - .map_err(hyper_request_error)?; - - let worker = wasmtime_wasi::runtime::spawn(async move { - match conn.await { - Ok(()) => {} - // TODO: same as above, shouldn't throw this error away. - Err(e) => tracing::warn!("dropping error {e}"), - } - }); - - (sender, worker) - }; - - // at this point, the request contains the scheme and the authority, but - // the http packet should only include those if addressing a proxy, so - // remove them here, since SendRequest::send_request does not do it for us - *request.uri_mut() = http::Uri::builder() - .path_and_query( - request - .uri() - .path_and_query() - .map(|p| p.as_str()) - .unwrap_or("/"), - ) - .build() - .expect("comes from valid request"); - - let resp = timeout(first_byte_timeout, sender.send_request(request)) - .await - .map_err(|_| types::ErrorCode::ConnectionReadTimeout)? - .map_err(hyper_request_error)? - .map(|body| body.map_err(hyper_request_error).boxed()); - - Ok(wasmtime_wasi_http::types::IncomingResponse { - resp, - worker: Some(worker), - between_bytes_timeout, - }) -} - -fn get_client_tls_config_for_authority( - authority: &Authority, - client_tls_opts: Option>, -) -> Result { - // derived from https://github.com/tokio-rs/tls/blob/master/tokio-rustls/examples/client/src/main.rs - let ca_webpki_roots = rustls::RootCertStore { - roots: webpki_roots::TLS_SERVER_ROOTS.into(), - }; - - #[allow(clippy::mutable_key_type)] - let client_tls_opts = match client_tls_opts { - Some(opts) => opts, - _ => { - return Ok(rustls::ClientConfig::builder() - .with_root_certificates(ca_webpki_roots) - .with_no_client_auth()); - } - }; - - let client_tls_opts_for_host = match client_tls_opts.get(authority) { - Some(opts) => opts, - _ => { - return Ok(rustls::ClientConfig::builder() - .with_root_certificates(ca_webpki_roots) - .with_no_client_auth()); - } - }; - - let mut root_cert_store = if client_tls_opts_for_host.ca_webpki_roots { - ca_webpki_roots - } else { - rustls::RootCertStore::empty() - }; - - if let Some(custom_root_ca) = &client_tls_opts_for_host.custom_root_ca { - for cer in custom_root_ca { - match root_cert_store.add(cer.to_owned()) { - Ok(_) => {} - Err(e) => { - return Err(anyhow::anyhow!( - "failed to add custom cert to root_cert_store. error: {}", - e - )); - } - } - } - } - - match ( - &client_tls_opts_for_host.cert_chain, - &client_tls_opts_for_host.private_key, - ) { - (Some(cert_chain), Some(private_key)) => Ok(rustls::ClientConfig::builder() - .with_root_certificates(root_cert_store) - .with_client_auth_cert(cert_chain.to_owned(), private_key.clone_key())?), - _ => Ok(rustls::ClientConfig::builder() - .with_root_certificates(root_cert_store) - .with_no_client_auth()), - } -} - -/// Translate a [`hyper::Error`] to a wasi-http `ErrorCode` in the context of a request. -pub fn hyper_request_error(err: hyper::Error) -> ErrorCode { - // If there's a source, we might be able to extract a wasi-http error from it. - if let Some(cause) = err.source() { - if let Some(err) = cause.downcast_ref::() { - return err.clone(); - } - } - - tracing::warn!("hyper request error: {err:?}"); - - ErrorCode::HttpProtocolError -} - -pub fn dns_error(rcode: String, info_code: u16) -> ErrorCode { - ErrorCode::DnsError(wasmtime_wasi_http::bindings::http::types::DnsErrorPayload { - rcode: Some(rcode), - info_code: Some(info_code), - }) -} - -#[cfg(test)] -mod tests { - use anyhow::Result; - - use super::*; - - #[test] - fn test_default_headers_with_base_path() -> Result<()> { - let scheme = "https"; - let host = "fermyon.dev"; - let base = "/base"; - let trigger_route = "/foo/..."; - let component_path = "/foo"; - let path_info = "/bar"; - let client_addr: SocketAddr = "127.0.0.1:8777".parse().unwrap(); - - let req_uri = format!( - "{}://{}{}{}{}?key1=value1&key2=value2", - scheme, host, base, component_path, path_info - ); - - let req = http::Request::builder() - .method("POST") - .uri(req_uri) - .body("")?; - - let (router, _) = Router::build(base, [("DUMMY", &trigger_route.into())])?; - let route_match = router.route("/base/foo/bar")?; - - let default_headers = - crate::compute_default_headers(req.uri(), base, host, &route_match, client_addr)?; - - assert_eq!( - search(&FULL_URL, &default_headers).unwrap(), - "https://fermyon.dev/base/foo/bar?key1=value1&key2=value2".to_string() - ); - assert_eq!( - search(&PATH_INFO, &default_headers).unwrap(), - "/bar".to_string() - ); - assert_eq!( - search(&MATCHED_ROUTE, &default_headers).unwrap(), - "/base/foo/...".to_string() - ); - assert_eq!( - search(&BASE_PATH, &default_headers).unwrap(), - "/base".to_string() - ); - assert_eq!( - search(&RAW_COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo/...".to_string() - ); - assert_eq!( - search(&COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo".to_string() - ); - assert_eq!( - search(&CLIENT_ADDR, &default_headers).unwrap(), - "127.0.0.1:8777".to_string() - ); - - Ok(()) - } - - #[test] - fn test_default_headers_without_base_path() -> Result<()> { - let scheme = "https"; - let host = "fermyon.dev"; - let base = "/"; - let trigger_route = "/foo/..."; - let component_path = "/foo"; - let path_info = "/bar"; - let client_addr: SocketAddr = "127.0.0.1:8777".parse().unwrap(); - - let req_uri = format!( - "{}://{}{}{}?key1=value1&key2=value2", - scheme, host, component_path, path_info - ); - - let req = http::Request::builder() - .method("POST") - .uri(req_uri) - .body("")?; - - let (router, _) = Router::build(base, [("DUMMY", &trigger_route.into())])?; - let route_match = router.route("/foo/bar")?; - - let default_headers = - crate::compute_default_headers(req.uri(), base, host, &route_match, client_addr)?; - - // TODO: we currently replace the scheme with HTTP. When TLS is supported, this should be fixed. - assert_eq!( - search(&FULL_URL, &default_headers).unwrap(), - "https://fermyon.dev/foo/bar?key1=value1&key2=value2".to_string() - ); - assert_eq!( - search(&PATH_INFO, &default_headers).unwrap(), - "/bar".to_string() - ); - assert_eq!( - search(&MATCHED_ROUTE, &default_headers).unwrap(), - "/foo/...".to_string() - ); - assert_eq!( - search(&BASE_PATH, &default_headers).unwrap(), - "/".to_string() - ); - assert_eq!( - search(&RAW_COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo/...".to_string() - ); - assert_eq!( - search(&COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo".to_string() - ); - assert_eq!( - search(&CLIENT_ADDR, &default_headers).unwrap(), - "127.0.0.1:8777".to_string() - ); - - Ok(()) - } - - #[test] - fn test_default_headers_with_named_wildcards() -> Result<()> { - let scheme = "https"; - let host = "fermyon.dev"; - let base = "/"; - let trigger_route = "/foo/:userid/..."; - let component_path = "/foo"; - let path_info = "/bar"; - let client_addr: SocketAddr = "127.0.0.1:8777".parse().unwrap(); - - let req_uri = format!( - "{}://{}{}/42{}?key1=value1&key2=value2", - scheme, host, component_path, path_info - ); - - let req = http::Request::builder() - .method("POST") - .uri(req_uri) - .body("")?; - - let (router, _) = Router::build(base, [("DUMMY", &trigger_route.into())])?; - let route_match = router.route("/foo/42/bar")?; - - let default_headers = - crate::compute_default_headers(req.uri(), base, host, &route_match, client_addr)?; - - // TODO: we currently replace the scheme with HTTP. When TLS is supported, this should be fixed. - assert_eq!( - search(&FULL_URL, &default_headers).unwrap(), - "https://fermyon.dev/foo/42/bar?key1=value1&key2=value2".to_string() - ); - assert_eq!( - search(&PATH_INFO, &default_headers).unwrap(), - "/bar".to_string() - ); - assert_eq!( - search(&MATCHED_ROUTE, &default_headers).unwrap(), - "/foo/:userid/...".to_string() - ); - assert_eq!( - search(&BASE_PATH, &default_headers).unwrap(), - "/".to_string() - ); - assert_eq!( - search(&RAW_COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo/:userid/...".to_string() - ); - assert_eq!( - search(&COMPONENT_ROUTE, &default_headers).unwrap(), - "/foo/:userid".to_string() - ); - assert_eq!( - search(&CLIENT_ADDR, &default_headers).unwrap(), - "127.0.0.1:8777".to_string() - ); - - assert_eq!( - search( - &["SPIN_PATH_MATCH_USERID", "X_PATH_MATCH_USERID"], - &default_headers - ) - .unwrap(), - "42".to_string() - ); - - Ok(()) - } - - fn search(keys: &[&str; 2], headers: &[([String; 2], String)]) -> Option { - let mut res: Option = None; - for (k, v) in headers { - if k[0] == keys[0] && k[1] == keys[1] { - res = Some(v.clone()); - } - } - - res - } - - #[test] - fn parse_listen_addr_prefers_ipv4() { - let addr = parse_listen_addr("localhost:12345").unwrap(); - assert_eq!(addr.ip(), Ipv4Addr::LOCALHOST); - assert_eq!(addr.port(), 12345); - } - - #[test] - fn forbidden_headers_are_removed() { - let mut req = Request::get("http://test.spin.internal") - .header("Host", "test.spin.internal") - .header("accept", "text/plain") - .body(Default::default()) - .unwrap(); - - strip_forbidden_headers(&mut req); - - assert_eq!(1, req.headers().len()); - assert!(req.headers().get("Host").is_none()); - - let mut req = Request::get("http://test.spin.internal") - .header("Host", "test.spin.internal:1234") - .header("accept", "text/plain") - .body(Default::default()) - .unwrap(); - - strip_forbidden_headers(&mut req); - - assert_eq!(1, req.headers().len()); - assert!(req.headers().get("Host").is_none()); - } - - #[test] - fn non_forbidden_headers_are_not_removed() { - let mut req = Request::get("http://test.example.com") - .header("Host", "test.example.org") - .header("accept", "text/plain") - .body(Default::default()) - .unwrap(); - - strip_forbidden_headers(&mut req); - - assert_eq!(2, req.headers().len()); - assert!(req.headers().get("Host").is_some()); - } -} diff --git a/crates/trigger-http/src/testdata/invalid-cert.pem b/crates/trigger-http/src/testdata/invalid-cert.pem deleted file mode 100644 index f1a952b9c8..0000000000 --- a/crates/trigger-http/src/testdata/invalid-cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCCATegAwIBAgIIEOURVvWgx1AwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY -azNzLWNsaWVudC1jYUAxNzE3NzgwNTIwMB4XDTI0MDYwNzE3MTUyMFoXDTI1MDYw -NzE3MTUyMFowMDEXMBUGA1UEChMOc3lzdGVtOm1hc3RlcnMxFTATBgNVBAMTDHN5 -c3RlbTphZG1pbjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFGE/CVuauj8kmde -i4AagSJ5GYgGnL0eF55ItiXrKSjMmsIf/N8EyeamxQfWPKVk/1xhH7cS9GcQgNe6 -XrRvmLyjSDBGMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAf -BgNVHSMEGDAWgBRpihySeW3DafmU1cw6LMnQCQDD4jAKBggqhkjOPQQDAgNJADBG -AiEA/db1wb4mVrqJVctqbPU9xd0bXzJx7cBDzpWgPP9ISfkCIQDNyuskAkXvUMHH -F73/GJnh8Bt2H38qyzThM8nlR9v1eQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBdjCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3MtY2xp -ZW50LWNhQDE3MTc3ODA1MjAwHhcNMjQwNjA3MTcxNTIwWhcNMzQwNjA1MTcxNTIw -WjAjMSEwHwYDVQQDDBhrM3MtY2xpZW50LWNhQDE3MTc3ODA1MjAwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAASozciE0YGl8ak3G0Ll1riwXSScfpK0QRle/cFizdlA -HgDowBssBcla0/2a/eWabxqTPzsZH0cVhL7Tialoj8GNo0IwQDAOBgNVHQ8BAf8E -BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUaYocknltw2n5lNXMOizJ -0AkAw+IwCgYIKoZIzj0EAwIDRwAwRAIgR8YcLA8cH4qAMDRPDsJqLaw4GJFkgjwV -TCrMgyUxSvACIBwyklgm7mgHcC5WM9CqmliAGZJyV0xRPZBK01POrNf0 diff --git a/crates/trigger-http/src/testdata/invalid-private-key.pem b/crates/trigger-http/src/testdata/invalid-private-key.pem deleted file mode 100644 index 39d7e59ee6..0000000000 --- a/crates/trigger-http/src/testdata/invalid-private-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIA+FBtmKJbd8wBGOWeuJQfHiCKjjXF8ywEPrvj8S1N3VoAoGCCqGSM49 -AwEHoUQDQgAEUYT8JW5q6PySZ16LgBqBInkZiAacvR4Xnki2JespKMyawh/83wTJ -5qbFB9Y8pWT/XGEftxL0ZxCA17petG+YvA== ------END EC PRIVATE KEY- \ No newline at end of file diff --git a/crates/trigger-http/src/testdata/valid-cert.pem b/crates/trigger-http/src/testdata/valid-cert.pem deleted file mode 100644 index e75166d0e6..0000000000 --- a/crates/trigger-http/src/testdata/valid-cert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBkjCCATegAwIBAgIIEOURVvWgx1AwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY -azNzLWNsaWVudC1jYUAxNzE3NzgwNTIwMB4XDTI0MDYwNzE3MTUyMFoXDTI1MDYw -NzE3MTUyMFowMDEXMBUGA1UEChMOc3lzdGVtOm1hc3RlcnMxFTATBgNVBAMTDHN5 -c3RlbTphZG1pbjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFGE/CVuauj8kmde -i4AagSJ5GYgGnL0eF55ItiXrKSjMmsIf/N8EyeamxQfWPKVk/1xhH7cS9GcQgNe6 -XrRvmLyjSDBGMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAf -BgNVHSMEGDAWgBRpihySeW3DafmU1cw6LMnQCQDD4jAKBggqhkjOPQQDAgNJADBG -AiEA/db1wb4mVrqJVctqbPU9xd0bXzJx7cBDzpWgPP9ISfkCIQDNyuskAkXvUMHH -F73/GJnh8Bt2H38qyzThM8nlR9v1eQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBdjCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3MtY2xp -ZW50LWNhQDE3MTc3ODA1MjAwHhcNMjQwNjA3MTcxNTIwWhcNMzQwNjA1MTcxNTIw -WjAjMSEwHwYDVQQDDBhrM3MtY2xpZW50LWNhQDE3MTc3ODA1MjAwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAASozciE0YGl8ak3G0Ll1riwXSScfpK0QRle/cFizdlA -HgDowBssBcla0/2a/eWabxqTPzsZH0cVhL7Tialoj8GNo0IwQDAOBgNVHQ8BAf8E -BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUaYocknltw2n5lNXMOizJ -0AkAw+IwCgYIKoZIzj0EAwIDRwAwRAIgR8YcLA8cH4qAMDRPDsJqLaw4GJFkgjwV -TCrMgyUxSvACIBwyklgm7mgHcC5WM9CqmliAGZJyV0xRPZBK01POrNf0 ------END CERTIFICATE----- \ No newline at end of file diff --git a/crates/trigger-http/src/testdata/valid-private-key.pem b/crates/trigger-http/src/testdata/valid-private-key.pem deleted file mode 100644 index 2820fbed26..0000000000 --- a/crates/trigger-http/src/testdata/valid-private-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIA+FBtmKJbd8wBGOWeuJQfHiCKjjXF8ywEPrvj8S1N3VoAoGCCqGSM49 -AwEHoUQDQgAEUYT8JW5q6PySZ16LgBqBInkZiAacvR4Xnki2JespKMyawh/83wTJ -5qbFB9Y8pWT/XGEftxL0ZxCA17petG+YvA== ------END EC PRIVATE KEY----- \ No newline at end of file diff --git a/crates/trigger-http/src/tls.rs b/crates/trigger-http/src/tls.rs deleted file mode 100644 index d0486c50e7..0000000000 --- a/crates/trigger-http/src/tls.rs +++ /dev/null @@ -1,141 +0,0 @@ -use rustls_pemfile::private_key; -use std::{ - fs, io, - path::{Path, PathBuf}, - sync::Arc, -}; -use tokio_rustls::{rustls, TlsAcceptor}; - -/// TLS configuration for the server. -#[derive(Clone)] -pub struct TlsConfig { - /// Path to TLS certificate. - pub cert_path: PathBuf, - /// Path to TLS key. - pub key_path: PathBuf, -} - -impl TlsConfig { - // Creates a TLS acceptor from server config. - pub(super) fn server_config(&self) -> anyhow::Result { - let certs = load_certs(&self.cert_path)?; - let private_key = load_key(&self.key_path)?; - - let cfg = rustls::ServerConfig::builder() - .with_no_client_auth() - .with_single_cert(certs, private_key) - .map_err(|e| anyhow::anyhow!("{}", e))?; - - Ok(Arc::new(cfg).into()) - } -} - -// load_certs parse and return the certs from the provided file -pub fn load_certs( - path: impl AsRef, -) -> io::Result>> { - rustls_pemfile::certs(&mut io::BufReader::new(fs::File::open(path).map_err( - |err| { - io::Error::new( - io::ErrorKind::InvalidInput, - format!("failed to read cert file {:?}", err), - ) - }, - )?)) - .collect() -} - -// parse and return the first private key from the provided file -pub fn load_key(path: impl AsRef) -> io::Result> { - private_key(&mut io::BufReader::new(fs::File::open(path).map_err( - |err| { - io::Error::new( - io::ErrorKind::InvalidInput, - format!("failed to read private key file {:?}", err), - ) - }, - )?)) - .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid private key")) - .transpose() - .ok_or_else(|| { - io::Error::new( - io::ErrorKind::InvalidInput, - "private key file contains no private keys", - ) - })? -} - -#[cfg(test)] -mod tests { - use super::*; - - fn testdatadir() -> PathBuf { - let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR")); - path.push("src"); - path.push("testdata"); - - path - } - - #[test] - fn test_read_non_existing_cert() { - let mut path = testdatadir(); - path.push("non-existing-file.pem"); - - let certs = load_certs(path); - assert!(certs.is_err()); - assert_eq!(certs.err().unwrap().to_string(), "failed to read cert file Os { code: 2, kind: NotFound, message: \"No such file or directory\" }"); - } - - #[test] - fn test_read_invalid_cert() { - let mut path = testdatadir(); - path.push("invalid-cert.pem"); - - let certs = load_certs(path); - assert!(certs.is_err()); - assert_eq!( - certs.err().unwrap().to_string(), - "section end \"-----END CERTIFICATE-----\" missing" - ); - } - - #[test] - fn test_read_valid_cert() { - let mut path = testdatadir(); - path.push("valid-cert.pem"); - - let certs = load_certs(path); - assert!(certs.is_ok()); - assert_eq!(certs.unwrap().len(), 2); - } - - #[test] - fn test_read_non_existing_private_key() { - let mut path = testdatadir(); - path.push("non-existing-file.pem"); - - let keys = load_key(path); - assert!(keys.is_err()); - assert_eq!(keys.err().unwrap().to_string(), "failed to read private key file Os { code: 2, kind: NotFound, message: \"No such file or directory\" }"); - } - - #[test] - fn test_read_invalid_private_key() { - let mut path = testdatadir(); - path.push("invalid-private-key.pem"); - - let keys = load_key(path); - assert!(keys.is_err()); - assert_eq!(keys.err().unwrap().to_string(), "invalid private key"); - } - - #[test] - fn test_read_valid_private_key() { - let mut path = testdatadir(); - path.push("valid-private-key.pem"); - - let keys = load_key(path); - assert!(keys.is_ok()); - } -} diff --git a/crates/trigger-http/src/wagi.rs b/crates/trigger-http/src/wagi.rs deleted file mode 100644 index 0cb0202006..0000000000 --- a/crates/trigger-http/src/wagi.rs +++ /dev/null @@ -1,142 +0,0 @@ -use std::{io::Cursor, net::SocketAddr, sync::Arc}; - -use crate::HttpInstance; -use anyhow::{anyhow, ensure, Context, Result}; -use async_trait::async_trait; -use http_body_util::BodyExt; -use hyper::{Request, Response}; -use spin_core::WasiVersion; -use spin_http::{config::WagiTriggerConfig, routes::RouteMatch, wagi}; -use spin_trigger::TriggerAppEngine; -use tracing::{instrument, Level}; -use wasi_common_preview1::{pipe::WritePipe, I32Exit}; - -use crate::{Body, HttpExecutor, HttpTrigger}; - -#[derive(Clone)] -pub struct WagiHttpExecutor { - pub wagi_config: WagiTriggerConfig, -} - -#[async_trait] -impl HttpExecutor for WagiHttpExecutor { - #[instrument(name = "spin_trigger_http.execute_wagi", skip_all, err(level = Level::INFO), fields(otel.name = format!("execute_wagi_component {}", route_match.component_id())))] - async fn execute( - &self, - engine: Arc>, - base: &str, - route_match: &RouteMatch, - req: Request, - client_addr: SocketAddr, - ) -> Result> { - let component = route_match.component_id(); - - tracing::trace!( - "Executing request using the Wagi executor for component {}", - component - ); - - let uri_path = req.uri().path(); - - // Build the argv array by starting with the config for `argv` and substituting in - // script name and args where appropriate. - let script_name = uri_path.to_string(); - let args = req.uri().query().unwrap_or_default().replace('&', " "); - let argv = self - .wagi_config - .argv - .clone() - .replace("${SCRIPT_NAME}", &script_name) - .replace("${ARGS}", &args); - - let (parts, body) = req.into_parts(); - - let body = body.collect().await?.to_bytes().to_vec(); - let len = body.len(); - - // TODO - // The default host and TLS fields are currently hard-coded. - let mut headers = - wagi::build_headers(route_match, &parts, len, client_addr, "default_host", false); - - let default_host = http::HeaderValue::from_str("localhost")?; - let host = std::str::from_utf8( - parts - .headers - .get("host") - .unwrap_or(&default_host) - .as_bytes(), - )?; - - // Add the default Spin headers. - // This sets the current environment variables Wagi expects (such as - // `PATH_INFO`, or `X_FULL_URL`). - // Note that this overrides any existing headers previously set by Wagi. - for (keys, val) in - crate::compute_default_headers(&parts.uri, base, host, route_match, client_addr)? - { - headers.insert(keys[1].to_string(), val); - } - - let stdout = WritePipe::new_in_memory(); - - let mut store_builder = engine.store_builder(component, WasiVersion::Preview1)?; - // Set up Wagi environment - store_builder.args(argv.split(' '))?; - store_builder.env(headers)?; - store_builder.stdin_pipe(Cursor::new(body)); - store_builder.stdout(Box::new(stdout.clone()))?; - - let (instance, mut store) = engine - .prepare_instance_with_store(component, store_builder) - .await?; - - let HttpInstance::Module(instance) = instance else { - unreachable!() - }; - - let start = instance - .get_func(&mut store, &self.wagi_config.entrypoint) - .ok_or_else(|| { - anyhow::anyhow!( - "No such function '{}' in {}", - self.wagi_config.entrypoint, - component - ) - })?; - tracing::trace!("Calling Wasm entry point"); - start - .call_async(&mut store, &[], &mut []) - .await - .or_else(ignore_successful_proc_exit_trap) - .with_context(|| { - anyhow!( - "invoking {} for component {component}", - self.wagi_config.entrypoint - ) - })?; - tracing::info!("Module execution complete"); - - // Drop the store so we're left with a unique reference to `stdout`: - drop(store); - - let stdout = stdout.try_into_inner().unwrap().into_inner(); - ensure!( - !stdout.is_empty(), - "The {component:?} component is configured to use the WAGI executor \ - but did not write to stdout. Check the `executor` in spin.toml." - ); - - wagi::compose_response(&stdout) - } -} - -fn ignore_successful_proc_exit_trap(guest_err: anyhow::Error) -> Result<()> { - match guest_err.root_cause().downcast_ref::() { - Some(trap) => match trap.0 { - 0 => Ok(()), - _ => Err(guest_err), - }, - None => Err(guest_err), - } -} diff --git a/crates/trigger-http/tests/local.crt.pem b/crates/trigger-http/tests/local.crt.pem deleted file mode 100644 index efd51f6707..0000000000 --- a/crates/trigger-http/tests/local.crt.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICujCCAaICCQClexHj2O4K/TANBgkqhkiG9w0BAQsFADAfMQswCQYDVQQGEwJV -UzEQMA4GA1UECgwHRmVybXlvbjAeFw0yMjAyMjUxNzQ3MTFaFw0yMzAyMjUxNzQ3 -MTFaMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdGZXJteW9uMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMbUZ2eoIaJfgcBJ2fILUViWYApnA9SU+Ruf -nm6DNm9Gy5+YThqxd/0mhbPwYVkfi2/3UddWDl3VPOAYcvYoHDqH0tHm10wo+UzY -DDcNZB9enLRfGCv9Fful4bqNd3Vtx2xNwc8+F0WiljtYeMc+9wp7M5WWbKJqzKPe -VQBADRlfGoG3jCLGaQ2fyVp/73nWdqbbluWJopxHph7v1alb/BxLcDi/tjWKgZut -Vr9ZtBBPDSjRbfjHarn6pibYZAWgzanpfsaSBdbpVNn1MQ/gNXIHmNFwfbsN0V+3 -LN/Z4VNZrkc+C7CjGhJOcBj0xtrSDhoHnOmDS/z+lBUdlNOUrQIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQAOnRPnUJoEE8s9+ADUpKkWBXFCiRajtBSBDNDX3phRPwly -q2zG+gXyV+Axx1qvsis9yXQBF9DcD+lx0rEgGzQjYGfmEA45E8Co2Tih2ON7JkCu -bYoT+wMkgfOMci/S2BBOJ+d0LI3K0b1qDfc4KwHe6g3p5ywuEBFOaWKiMemJyywd -zpoD6QmcQ9qlp5/2pf12bNRUIdXe5+vMU3qVIZcWM49u04L2/Swyc6EFXfEtnp/m -6184isfCkc3egMvqEfrKUaf0lgNzCksmRD9sLF8wWaV4lcidzsNDdU47EPFutVMU -3iLgXAhmRuZ+eoBf56QkzVTQWnCYQdlGwZp1Fcoj ------END CERTIFICATE----- diff --git a/crates/trigger-http/tests/local.key.pem b/crates/trigger-http/tests/local.key.pem deleted file mode 100644 index 6b080db693..0000000000 --- a/crates/trigger-http/tests/local.key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDAxtRnZ6ghol+B -wEnZ8gtRWJZgCmcD1JT5G5+eboM2b0bLn5hOGrF3/SaFs/BhWR+Lb/dR11YOXdU8 -4Bhy9igcOofS0ebXTCj5TNgMNw1kH16ctF8YK/0V+6Xhuo13dW3HbE3Bzz4XRaKW -O1h4xz73CnszlZZsomrMo95VAEANGV8agbeMIsZpDZ/JWn/vedZ2ptuW5YminEem -Hu/VqVv8HEtwOL+2NYqBm61Wv1m0EE8NKNFt+MdqufqmJthkBaDNqel+xpIF1ulU -2fUxD+A1cgeY0XB9uw3RX7cs39nhU1muRz4LsKMaEk5wGPTG2tIOGgec6YNL/P6U -FR2U05StAgMBAAECggEAfpcSjATJp6yUwwOee3wyamyd8tth4mYKnbrCCqvPhkN0 -XeqjfUaSG5UlYs9SntqDmHEiG6AoZq6/hIY0B+oVVNQqtQoZaHAex/bqOLs+E+11 -l7nqaFkajQD/YUe79iIqwLYiKY8J2wZjSfwWkNlmQ5uiY7FrYlMVhuRk77SGWxKW -UbWfgTTMgEWIK6bU77FShQ7b0px5ZIulRPQeRaH8USdx0yktqUMwUakIrNyZ64u+ -Gx9k4ma2bCmbWxGlCEp0EQsYOlWDBeKu3Elq2g48KmADzbjvKlS7S/0fhcVqi2dE -Fj0BrmzxWjPzJwqxA6Z/8tykqzL5Nr6tOm0e6ZhBEQKBgQDhfy83jLfIWLt3rMcx -dFA4TGFSEUVJE9ESV0Za5zriLeGzM66JGut+Bph9Kk7XmDt+q3ewFJv7oDVibhzG -4nit+TakfSMWUAronsf2wQuUvpE6rNoZlWjhd7AE5f/eBZTYhNm5cp7ujGwnEn47 -vmfSVev+1yQcEUeV10OSWWaCrwKBgQDa2pEwps6htnZqiZsJP86LfxbTA1P+BgsV -nFvVkcCT0Uy7V0pSSdA82Ua/1KfcQ3BAJiBkINSL6Sob1+3lSQTeTHLVbXySacnh -c7UDDoayWJxtYNyjJeBzrjlZCDIkipJqz26pGfIhxePwVgbj30O/EB55y44gkxqn -JIvqIWBlYwKBgQDVqR4DI3lMAw92QKbo7A3KmkyoZybgLD+wgjNulKQNhW3Sz4hz -7qbt3bAFAN59l4ff6PZaR9zYWh/bKPxpUlMIfRdSWiOx05vSeAh+fMHNaZfQIdHx -5cjfwfltWsTLCTzUv2RRPBLtcu5TQ0mKsEpNWQ5ohE95rMHIb5ReCgmAjwKBgCb6 -NlGL49E5Re3DhDEphAekItSCCzt6qA65QkHPK5Un+ZqD+WCedM/hgpA3t42rFRrX -r30lu7UPWciLtHrZflx5ERqh3UXWQXY9vUdGFwc8cN+qGKGV5Vu089G/e+62H02W -lAbZ8B3DuMzdBW0gHliw7jyS3EVA7cZG5ARW3WwxAoGAW+FkrJKsPyyScHBdu/LD -GeDMGRBRBdthXVbtB7xkzi2Tla4TywlHTm32rK3ywtoBxzvhlxbVnbBODMO/83xZ -DKjq2leuKfXUNsuMEre7uhhs7ezEM6QfiKTTosD/D8Z3S8AA4q1NKu3iEBUjtXcS -FSaIdbf6aHPcvbRB9cDv5ho= ------END PRIVATE KEY----- diff --git a/crates/trigger-redis/Cargo.toml b/crates/trigger-redis/Cargo.toml deleted file mode 100644 index 70a90a61d5..0000000000 --- a/crates/trigger-redis/Cargo.toml +++ /dev/null @@ -1,30 +0,0 @@ -[package] -name = "spin-trigger-redis" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[lib] -doctest = false - -[dependencies] -anyhow = "1.0" -async-trait = "0.1" -futures = "0.3" -serde = "1.0.188" -spin-app = { path = "../app" } -spin-common = { path = "../common" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-trigger = { path = "../trigger" } -spin-world = { path = "../world" } -redis = { version = "0.21", features = ["tokio-comp"] } -tracing = { workspace = true } -tokio = { version = "1.23", features = ["full"] } -spin-telemetry = { path = "../telemetry" } - -[dev-dependencies] -spin-testing = { path = "../testing" } - -[lints] -workspace = true diff --git a/crates/trigger-redis/src/lib.rs b/crates/trigger-redis/src/lib.rs deleted file mode 100644 index 440fc00b22..0000000000 --- a/crates/trigger-redis/src/lib.rs +++ /dev/null @@ -1,203 +0,0 @@ -//! Implementation for the Spin Redis engine. - -mod spin; - -use anyhow::{anyhow, Context, Result}; -use futures::{future::join_all, StreamExt}; -use redis::{Client, ConnectionLike}; -use serde::{de::IgnoredAny, Deserialize, Serialize}; -use spin_common::url::remove_credentials; -use spin_core::{async_trait, InstancePre}; -use spin_trigger::{cli::NoArgs, TriggerAppEngine, TriggerExecutor}; -use std::collections::HashMap; -use std::sync::Arc; -use tracing::{instrument, Level}; - -use crate::spin::SpinRedisExecutor; - -pub(crate) type RuntimeData = (); -pub(crate) type Store = spin_core::Store; - -type ChannelComponents = HashMap>; -/// The Spin Redis trigger. -#[derive(Clone)] -pub struct RedisTrigger { - engine: Arc>, - // Mapping of server url with subscription channel and associated component IDs - server_channels: HashMap, -} - -/// Redis trigger configuration. -#[derive(Clone, Debug, Default, Deserialize, Serialize)] -#[serde(deny_unknown_fields)] -pub struct RedisTriggerConfig { - /// Component ID to invoke - pub component: String, - /// Channel to subscribe to - pub channel: String, - /// optional overide address for trigger - pub address: Option, - /// Trigger executor (currently unused) - #[serde(default, skip_serializing)] - pub executor: IgnoredAny, -} - -#[derive(Clone, Debug, Default, Deserialize, Serialize)] -#[serde(deny_unknown_fields)] -struct TriggerMetadata { - address: String, -} - -#[async_trait] -impl TriggerExecutor for RedisTrigger { - const TRIGGER_TYPE: &'static str = "redis"; - type RuntimeData = RuntimeData; - type TriggerConfig = RedisTriggerConfig; - type RunConfig = NoArgs; - type InstancePre = InstancePre; - - async fn new(engine: TriggerAppEngine) -> Result { - let default_address: String = engine - .trigger_metadata::()? - .unwrap_or_default() - .address; - let default_address_expr = spin_expressions::Template::new(default_address)?; - let default_address = engine.resolve_template(&default_address_expr)?; - - let mut server_channels: HashMap = HashMap::new(); - - for (_, config) in engine.trigger_configs() { - let address = config.address.clone().unwrap_or(default_address.clone()); - let address_expr = spin_expressions::Template::new(address)?; - let address = engine.resolve_template(&address_expr)?; - let server = server_channels.entry(address).or_default(); - let channel_expr = spin_expressions::Template::new(config.channel.as_str())?; - let channel = engine.resolve_template(&channel_expr)?; - server - .entry(channel) - .or_default() - .push(config.component.clone()); - } - Ok(Self { - engine: Arc::new(engine), - server_channels, - }) - } - - /// Run the Redis trigger indefinitely. - async fn run(self, _config: Self::RunConfig) -> Result<()> { - let tasks: Vec<_> = self - .server_channels - .clone() - .into_iter() - .map(|(server_address, channel_components)| { - let trigger = self.clone(); - tokio::spawn(async move { - trigger - .run_listener(server_address.clone(), channel_components.clone()) - .await - }) - }) - .collect(); - - // wait for the first handle to be returned and drop the rest - let (result, _, rest) = futures::future::select_all(tasks).await; - - drop(rest); - - result? - } -} - -impl RedisTrigger { - // Handle the message. - #[instrument(name = "spin_trigger_redis.handle_message", skip(self, channel_components, msg), - err(level = Level::INFO), fields(otel.name = format!("{} receive", msg.get_channel_name()), - otel.kind = "consumer", messaging.operation = "receive", messaging.system = "redis"))] - async fn handle( - &self, - address: &str, - channel_components: &ChannelComponents, - msg: redis::Msg, - ) -> Result<()> { - let channel = msg.get_channel_name(); - tracing::info!("Received message on channel {address}:{:?}", channel); - - if let Some(component_ids) = channel_components.get(channel) { - let futures = component_ids.iter().map(|id| { - tracing::trace!("Executing Redis component {id:?}"); - SpinRedisExecutor.execute(&self.engine, id, channel, msg.get_payload_bytes()) - }); - let results: Vec<_> = join_all(futures).await.into_iter().collect(); - let errors = results - .into_iter() - .filter_map(|r| r.err()) - .collect::>(); - if !errors.is_empty() { - return Err(anyhow!("{errors:#?}")); - } - } else { - tracing::debug!("No subscription found for {:?}", channel); - } - Ok(()) - } - - async fn run_listener( - &self, - address: String, - channel_components: ChannelComponents, - ) -> Result<()> { - tracing::info!("Connecting to Redis server at {}", address); - let mut client = Client::open(address.to_string())?; - let mut pubsub = client - .get_async_connection() - .await - .with_context(|| anyhow!("Redis trigger failed to connect to {}", address))? - .into_pubsub(); - - let sanitised_addr = remove_credentials(&address)?; - println!("Active Channels on {sanitised_addr}:"); - // Subscribe to channels - for (channel, component) in channel_components.iter() { - tracing::info!("Subscribing component {component:?} to channel {channel:?}"); - pubsub.subscribe(channel).await?; - println!("\t{sanitised_addr}:{channel}: [{}]", component.join(",")); - } - - let mut stream = pubsub.on_message(); - loop { - match stream.next().await { - Some(msg) => { - if let Err(err) = self.handle(&address, &channel_components, msg).await { - tracing::warn!("Error handling message: {err}"); - } - } - None => { - tracing::trace!("Empty message"); - if !client.check_connection() { - tracing::info!("No Redis connection available"); - println!("Disconnected from {address}"); - break; - } - } - }; - } - Ok(()) - } -} - -/// The Redis executor trait. -/// All Redis executors must implement this trait. -#[async_trait] -pub(crate) trait RedisExecutor: Clone + Send + Sync + 'static { - async fn execute( - &self, - engine: &TriggerAppEngine, - component_id: &str, - channel: &str, - payload: &[u8], - ) -> Result<()>; -} - -#[cfg(test)] -mod tests; diff --git a/crates/trigger-redis/src/spin.rs b/crates/trigger-redis/src/spin.rs deleted file mode 100644 index 290265a210..0000000000 --- a/crates/trigger-redis/src/spin.rs +++ /dev/null @@ -1,65 +0,0 @@ -use anyhow::{anyhow, Result}; -use async_trait::async_trait; -use spin_core::Instance; -use spin_trigger::TriggerAppEngine; -use spin_world::v1::redis_types::{Error, Payload}; -use tracing::{instrument, Level}; - -use crate::{RedisExecutor, RedisTrigger, Store}; - -#[derive(Clone)] -pub struct SpinRedisExecutor; - -#[async_trait] -impl RedisExecutor for SpinRedisExecutor { - #[instrument(name = "spin_trigger_redis.execute_wasm", skip(self, engine, payload), err(level = Level::INFO), fields(otel.name = format!("execute_wasm_component {}", component_id)))] - async fn execute( - &self, - engine: &TriggerAppEngine, - component_id: &str, - channel: &str, - payload: &[u8], - ) -> Result<()> { - tracing::trace!("Executing request using the Spin executor for component {component_id}"); - - spin_telemetry::metrics::monotonic_counter!( - spin.request_count = 1, - trigger_type = "redis", - app_id = engine.app_name, - component_id = component_id - ); - - let (instance, store) = engine.prepare_instance(component_id).await?; - - match Self::execute_impl(store, instance, channel, payload.to_vec()).await { - Ok(()) => { - tracing::trace!("Request finished OK"); - Ok(()) - } - Err(e) => { - tracing::trace!("Request finished with error from {component_id}: {e}"); - Err(anyhow!("Error from {component_id}: {e}")) - } - } - } -} - -impl SpinRedisExecutor { - pub async fn execute_impl( - mut store: Store, - instance: Instance, - _channel: &str, - payload: Vec, - ) -> Result<()> { - let func = instance - .exports(&mut store) - .instance("fermyon:spin/inbound-redis") - .ok_or_else(|| anyhow!("no fermyon:spin/inbound-redis instance found"))? - .typed_func::<(Payload,), (Result<(), Error>,)>("handle-message")?; - - match func.call_async(store, (payload,)).await? { - (Ok(()) | Err(Error::Success),) => Ok(()), - _ => Err(anyhow!("`handle-message` returned an error")), - } - } -} diff --git a/crates/trigger-redis/src/tests.rs b/crates/trigger-redis/src/tests.rs deleted file mode 100644 index 6e0bb91d8b..0000000000 --- a/crates/trigger-redis/src/tests.rs +++ /dev/null @@ -1,26 +0,0 @@ -use super::*; -use anyhow::Result; -use redis::{Msg, Value}; -use spin_testing::{tokio, RedisTestConfig}; - -fn create_trigger_event(channel: &str, payload: &str) -> redis::Msg { - Msg::from_value(&redis::Value::Bulk(vec![ - Value::Data("message".into()), - Value::Data(channel.into()), - Value::Data(payload.into()), - ])) - .unwrap() -} - -#[tokio::test] -async fn test_pubsub() -> Result<()> { - let trigger: RedisTrigger = RedisTestConfig::default() - .test_program("redis-rust.wasm") - .build_trigger("messages") - .await; - let test = HashMap::new(); - let msg = create_trigger_event("messages", "hello"); - trigger.handle("", &test, msg).await?; - - Ok(()) -} diff --git a/crates/trigger-redis/tests/rust/.cargo/.config b/crates/trigger-redis/tests/rust/.cargo/.config deleted file mode 100644 index 30c83a7906..0000000000 --- a/crates/trigger-redis/tests/rust/.cargo/.config +++ /dev/null @@ -1,2 +0,0 @@ -[build] - target = "wasm32-wasi" diff --git a/crates/trigger-redis/tests/rust/Cargo.lock b/crates/trigger-redis/tests/rust/Cargo.lock deleted file mode 100644 index dd62f57f13..0000000000 --- a/crates/trigger-redis/tests/rust/Cargo.lock +++ /dev/null @@ -1,303 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "anyhow" -version = "1.0.75" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" - -[[package]] -name = "bitflags" -version = "2.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" - -[[package]] -name = "equivalent" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" - -[[package]] -name = "hashbrown" -version = "0.14.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" - -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" -dependencies = [ - "unicode-segmentation", -] - -[[package]] -name = "id-arena" -version = "2.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25a2bc672d1148e28034f176e01fffebb08b35768468cc954630da77a1449005" - -[[package]] -name = "indexmap" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" -dependencies = [ - "equivalent", - "hashbrown", - "serde", -] - -[[package]] -name = "itoa" -version = "1.0.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" - -[[package]] -name = "leb128" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67" - -[[package]] -name = "log" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" - -[[package]] -name = "proc-macro2" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rust" -version = "0.1.0" -dependencies = [ - "wit-bindgen", -] - -[[package]] -name = "ryu" -version = "1.0.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" - -[[package]] -name = "semver" -version = "1.0.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" - -[[package]] -name = "serde" -version = "1.0.189" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.189" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "serde_json" -version = "1.0.107" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" -dependencies = [ - "itoa", - "ryu", - "serde", -] - -[[package]] -name = "smallvec" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" - -[[package]] -name = "spdx" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b19b32ed6d899ab23174302ff105c1577e45a06b08d4fe0a9dd13ce804bbbf71" -dependencies = [ - "smallvec", -] - -[[package]] -name = "syn" -version = "2.0.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "unicode-segmentation" -version = "1.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" - -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - -[[package]] -name = "wasm-encoder" -version = "0.35.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ca90ba1b5b0a70d3d49473c5579951f3bddc78d47b59256d2f9d4922b150aca" -dependencies = [ - "leb128", -] - -[[package]] -name = "wasm-metadata" -version = "0.10.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14abc161bfda5b519aa229758b68f2a52b45a12b993808665c857d1a9a00223c" -dependencies = [ - "anyhow", - "indexmap", - "serde", - "serde_derive", - "serde_json", - "spdx", - "wasm-encoder", - "wasmparser", -] - -[[package]] -name = "wasmparser" -version = "0.115.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e06c0641a4add879ba71ccb3a1e4278fd546f76f1eafb21d8f7b07733b547cd5" -dependencies = [ - "indexmap", - "semver", -] - -[[package]] -name = "wit-bindgen" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7d92ce0ca6b6074059413a9581a637550c3a740581c854f9847ec293c8aed71" -dependencies = [ - "bitflags", - "wit-bindgen-rust-macro", -] - -[[package]] -name = "wit-bindgen-core" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "565b945ae074886071eccf9cdaf8ccd7b959c2b0d624095bea5fe62003e8b3e0" -dependencies = [ - "anyhow", - "wit-component", - "wit-parser", -] - -[[package]] -name = "wit-bindgen-rust" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5695ff4e41873ed9ce56d2787e6b5772bdad9e70e2c1d2d160621d1762257f4f" -dependencies = [ - "anyhow", - "heck", - "wasm-metadata", - "wit-bindgen-core", - "wit-component", -] - -[[package]] -name = "wit-bindgen-rust-macro" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a91835ea4231da1fe7971679d505ba14be7826e192b6357f08465866ef482e08" -dependencies = [ - "anyhow", - "proc-macro2", - "quote", - "syn", - "wit-bindgen-core", - "wit-bindgen-rust", - "wit-component", -] - -[[package]] -name = "wit-component" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e87488b57a08e2cbbd076b325acbe7f8666965af174d69d5929cd373bd54547f" -dependencies = [ - "anyhow", - "bitflags", - "indexmap", - "log", - "serde", - "serde_derive", - "serde_json", - "wasm-encoder", - "wasm-metadata", - "wasmparser", - "wit-parser", -] - -[[package]] -name = "wit-parser" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6ace9943d89bbf3dbbc71b966da0e7302057b311f36a4ac3d65ddfef17b52cf" -dependencies = [ - "anyhow", - "id-arena", - "indexmap", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", -] diff --git a/crates/trigger-redis/tests/rust/Cargo.toml b/crates/trigger-redis/tests/rust/Cargo.toml deleted file mode 100644 index ad23592c0b..0000000000 --- a/crates/trigger-redis/tests/rust/Cargo.toml +++ /dev/null @@ -1,13 +0,0 @@ -[package] -name = "rust" -version = "0.1.0" -edition = "2021" -authors = ["Radu Matei "] - -[lib] -crate-type = ["cdylib"] - -[dependencies] -wit-bindgen = "0.13.0" - -[workspace] diff --git a/crates/trigger-redis/tests/rust/src/lib.rs b/crates/trigger-redis/tests/rust/src/lib.rs deleted file mode 100644 index 8371614b9e..0000000000 --- a/crates/trigger-redis/tests/rust/src/lib.rs +++ /dev/null @@ -1,25 +0,0 @@ -use std::str::{from_utf8, Utf8Error}; - -wit_bindgen::generate!({ - world: "redis-trigger", - path: "../../../../wit/deps/spin@unversioned", - exports: { - "fermyon:spin/inbound-redis": SpinRedis, - } -}); -use exports::fermyon::spin::inbound_redis::{self, Error, Payload}; - -struct SpinRedis; - -impl inbound_redis::Guest for SpinRedis { - fn handle_message(message: Payload) -> Result<(), Error> { - println!("Message: {:?}", from_utf8(&message)); - Ok(()) - } -} - -impl From for Error { - fn from(_: Utf8Error) -> Self { - Self::Error - } -} diff --git a/crates/trigger/Cargo.toml b/crates/trigger/Cargo.toml deleted file mode 100644 index 164a265aae..0000000000 --- a/crates/trigger/Cargo.toml +++ /dev/null @@ -1,68 +0,0 @@ -[package] -name = "spin-trigger" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[features] -llm = ["spin-llm-local"] -llm-metal = ["llm", "spin-llm-local/metal"] -llm-cublas = ["llm", "spin-llm-local/cublas"] -# Enables loading AOT compiled components, a potentially unsafe operation. See -# `::::enable_loading_aot_compiled_components` -# documentation for more information about the safety risks. -unsafe-aot-compilation = [] - -[dependencies] -anyhow = "1.0" -async-trait = "0.1" -clap = { version = "3.1.15", features = ["derive", "env"] } -ctrlc = { version = "3.2", features = ["termination"] } -dirs = "4" -futures = "0.3" -indexmap = "1" -ipnet = "2.9.0" -http = "1.0.0" -outbound-http = { path = "../outbound-http" } -outbound-redis = { path = "../outbound-redis" } -outbound-mqtt = { path = "../outbound-mqtt" } -outbound-pg = { path = "../outbound-pg" } -outbound-mysql = { path = "../outbound-mysql" } -rustls-pemfile = "2.1.2" -rustls-pki-types = "1.7.0" -spin-common = { path = "../common" } -spin-expressions = { path = "../expressions" } -spin-serde = { path = "../serde" } -spin-key-value = { path = "../key-value" } -spin-key-value-azure = { path = "../key-value-azure" } -spin-key-value-redis = { path = "../key-value-redis" } -spin-key-value-sqlite = { path = "../key-value-sqlite" } -spin-outbound-networking = { path = "../outbound-networking" } -spin-sqlite = { path = "../sqlite" } -spin-sqlite-inproc = { path = "../sqlite-inproc" } -spin-sqlite-libsql = { path = "../sqlite-libsql" } -spin-world = { path = "../world" } -spin-llm = { path = "../llm" } -spin-llm-local = { path = "../llm-local", optional = true } -spin-llm-remote-http = { path = "../llm-remote-http" } -spin-telemetry = { path = "../telemetry" } -sanitize-filename = "0.4" -serde = "1.0.188" -serde_json = "1.0" -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-loader = { path = "../loader" } -spin-manifest = { path = "../manifest" } -spin-variables = { path = "../variables" } -terminal = { path = "../terminal" } -tokio = { version = "1.23", features = ["fs"] } -toml = "0.5.9" -url = "2" -spin-componentize = { workspace = true } -tracing = { workspace = true } -wasmtime = { workspace = true } -wasmtime-wasi = { workspace = true } -wasmtime-wasi-http = { workspace = true } - -[dev-dependencies] -tempfile = "3.8.0" \ No newline at end of file diff --git a/crates/trigger/src/cli.rs b/crates/trigger/src/cli.rs deleted file mode 100644 index ccd63d67c4..0000000000 --- a/crates/trigger/src/cli.rs +++ /dev/null @@ -1,304 +0,0 @@ -use std::path::PathBuf; - -use anyhow::{Context, Result}; -use clap::{Args, IntoApp, Parser}; -use serde::de::DeserializeOwned; -use spin_app::Loader; -use spin_common::{arg_parser::parse_kv, sloth}; - -use crate::network::Network; -use crate::runtime_config::llm::LLmOptions; -use crate::runtime_config::sqlite::SqlitePersistenceMessageHook; -use crate::runtime_config::SummariseRuntimeConfigHook; -use crate::stdio::StdioLoggingTriggerHooks; -use crate::{ - loader::TriggerLoader, - runtime_config::{key_value::KeyValuePersistenceMessageHook, RuntimeConfig}, - stdio::FollowComponents, -}; -use crate::{TriggerExecutor, TriggerExecutorBuilder}; - -mod launch_metadata; -pub use launch_metadata::LaunchMetadata; - -pub const APP_LOG_DIR: &str = "APP_LOG_DIR"; -pub const DISABLE_WASMTIME_CACHE: &str = "DISABLE_WASMTIME_CACHE"; -pub const FOLLOW_LOG_OPT: &str = "FOLLOW_ID"; -pub const WASMTIME_CACHE_FILE: &str = "WASMTIME_CACHE_FILE"; -pub const RUNTIME_CONFIG_FILE: &str = "RUNTIME_CONFIG_FILE"; - -// Set by `spin up` -pub const SPIN_LOCKED_URL: &str = "SPIN_LOCKED_URL"; -pub const SPIN_LOCAL_APP_DIR: &str = "SPIN_LOCAL_APP_DIR"; -pub const SPIN_WORKING_DIR: &str = "SPIN_WORKING_DIR"; - -/// A command that runs a TriggerExecutor. -#[derive(Parser, Debug)] -#[clap( - usage = "spin [COMMAND] [OPTIONS]", - next_help_heading = help_heading::() -)] -pub struct TriggerExecutorCommand -where - Executor::RunConfig: Args, -{ - /// Log directory for the stdout and stderr of components. Setting to - /// the empty string disables logging to disk. - #[clap( - name = APP_LOG_DIR, - short = 'L', - long = "log-dir", - env = "SPIN_LOG_DIR", - )] - pub log: Option, - - /// Disable Wasmtime cache. - #[clap( - name = DISABLE_WASMTIME_CACHE, - long = "disable-cache", - env = DISABLE_WASMTIME_CACHE, - conflicts_with = WASMTIME_CACHE_FILE, - takes_value = false, - )] - pub disable_cache: bool, - - /// Wasmtime cache configuration file. - #[clap( - name = WASMTIME_CACHE_FILE, - long = "cache", - env = WASMTIME_CACHE_FILE, - conflicts_with = DISABLE_WASMTIME_CACHE, - )] - pub cache: Option, - - /// Disable Wasmtime's pooling instance allocator. - #[clap(long = "disable-pooling")] - pub disable_pooling: bool, - - /// Print output to stdout/stderr only for given component(s) - #[clap( - name = FOLLOW_LOG_OPT, - long = "follow", - multiple_occurrences = true, - )] - pub follow_components: Vec, - - /// Silence all component output to stdout/stderr - #[clap( - long = "quiet", - short = 'q', - aliases = &["sh", "shush"], - conflicts_with = FOLLOW_LOG_OPT, - )] - pub silence_component_logs: bool, - - /// Set the static assets of the components in the temporary directory as writable. - #[clap(long = "allow-transient-write")] - pub allow_transient_write: bool, - - /// Configuration file for config providers and wasmtime config. - #[clap( - name = RUNTIME_CONFIG_FILE, - long = "runtime-config-file", - env = RUNTIME_CONFIG_FILE, - )] - pub runtime_config_file: Option, - - /// Set the application state directory path. This is used in the default - /// locations for logs, key value stores, etc. - /// - /// For local apps, this defaults to `.spin/` relative to the `spin.toml` file. - /// For remote apps, this has no default (unset). - /// Passing an empty value forces the value to be unset. - #[clap(long)] - pub state_dir: Option, - - #[clap(flatten)] - pub run_config: Executor::RunConfig, - - /// Set a key/value pair (key=value) in the application's - /// default store. Any existing value will be overwritten. - /// Can be used multiple times. - #[clap(long = "key-value", parse(try_from_str = parse_kv))] - key_values: Vec<(String, String)>, - - /// Run a SQLite statement such as a migration against the default database. - /// To run from a file, prefix the filename with @ e.g. spin up --sqlite @migration.sql - #[clap(long = "sqlite")] - sqlite_statements: Vec, - - #[clap(long = "help-args-only", hide = true)] - pub help_args_only: bool, - - #[clap(long = "launch-metadata-only", hide = true)] - pub launch_metadata_only: bool, -} - -/// An empty implementation of clap::Args to be used as TriggerExecutor::RunConfig -/// for executors that do not need additional CLI args. -#[derive(Args)] -pub struct NoArgs; - -impl TriggerExecutorCommand -where - Executor::RunConfig: Args, - Executor::TriggerConfig: DeserializeOwned, -{ - /// Create a new TriggerExecutorBuilder from this TriggerExecutorCommand. - pub async fn run(self) -> Result<()> { - if self.help_args_only { - Self::command() - .disable_help_flag(true) - .help_template("{all-args}") - .print_long_help()?; - return Ok(()); - } - - if self.launch_metadata_only { - let lm = LaunchMetadata::infer::(); - let json = serde_json::to_string_pretty(&lm)?; - eprintln!("{json}"); - return Ok(()); - } - - // Required env vars - let working_dir = std::env::var(SPIN_WORKING_DIR).context(SPIN_WORKING_DIR)?; - let locked_url = std::env::var(SPIN_LOCKED_URL).context(SPIN_LOCKED_URL)?; - - let init_data = crate::HostComponentInitData::new( - &*self.key_values, - &*self.sqlite_statements, - LLmOptions { use_gpu: true }, - ); - - let loader = TriggerLoader::new(working_dir, self.allow_transient_write); - let executor = self.build_executor(loader, locked_url, init_data).await?; - - let run_fut = executor.run(self.run_config); - - let (abortable, abort_handle) = futures::future::abortable(run_fut); - ctrlc::set_handler(move || abort_handle.abort())?; - match abortable.await { - Ok(Ok(())) => { - tracing::info!("Trigger executor shut down: exiting"); - Ok(()) - } - Ok(Err(err)) => { - tracing::error!("Trigger executor failed"); - Err(err) - } - Err(_aborted) => { - tracing::info!("User requested shutdown: exiting"); - Ok(()) - } - } - } - - async fn build_executor( - &self, - loader: impl Loader + Send + Sync + 'static, - locked_url: String, - init_data: crate::HostComponentInitData, - ) -> Result { - let runtime_config = self.build_runtime_config()?; - - let _sloth_guard = warn_if_wasm_build_slothful(); - - let mut builder = TriggerExecutorBuilder::new(loader); - self.update_config(builder.config_mut())?; - - builder.hooks(StdioLoggingTriggerHooks::new(self.follow_components())); - builder.hooks(Network::default()); - builder.hooks(SummariseRuntimeConfigHook::new(&self.runtime_config_file)); - builder.hooks(KeyValuePersistenceMessageHook); - builder.hooks(SqlitePersistenceMessageHook); - - builder.build(locked_url, runtime_config, init_data).await - } - - fn build_runtime_config(&self) -> Result { - let local_app_dir = std::env::var_os(SPIN_LOCAL_APP_DIR); - let mut config = RuntimeConfig::new(local_app_dir.map(Into::into)); - if let Some(state_dir) = &self.state_dir { - config.set_state_dir(state_dir); - } - if let Some(log_dir) = &self.log { - config.set_log_dir(log_dir); - } - if let Some(config_file) = &self.runtime_config_file { - config.merge_config_file(config_file)?; - } - Ok(config) - } - - fn follow_components(&self) -> FollowComponents { - if self.silence_component_logs { - FollowComponents::None - } else if self.follow_components.is_empty() { - FollowComponents::All - } else { - let followed = self.follow_components.clone().into_iter().collect(); - FollowComponents::Named(followed) - } - } - - fn update_config(&self, config: &mut spin_core::Config) -> Result<()> { - // Apply --cache / --disable-cache - if !self.disable_cache { - config.enable_cache(&self.cache)?; - } - - if self.disable_pooling { - config.disable_pooling(); - } - - Ok(()) - } -} - -const SLOTH_WARNING_DELAY_MILLIS: u64 = 1250; - -fn warn_if_wasm_build_slothful() -> sloth::SlothGuard { - #[cfg(debug_assertions)] - let message = "\ - This is a debug build - preparing Wasm modules might take a few seconds\n\ - If you're experiencing long startup times please switch to the release build"; - - #[cfg(not(debug_assertions))] - let message = "Preparing Wasm modules is taking a few seconds..."; - - sloth::warn_if_slothful(SLOTH_WARNING_DELAY_MILLIS, format!("{message}\n")) -} - -fn help_heading() -> Option<&'static str> { - if E::TRIGGER_TYPE == help::HelpArgsOnlyTrigger::TRIGGER_TYPE { - Some("TRIGGER OPTIONS") - } else { - let heading = format!("{} TRIGGER OPTIONS", E::TRIGGER_TYPE.to_uppercase()); - let as_str = Box::new(heading).leak(); - Some(as_str) - } -} - -pub mod help { - use super::*; - - /// Null object to support --help-args-only in the absence of - /// a `spin.toml` file. - pub struct HelpArgsOnlyTrigger; - - #[async_trait::async_trait] - impl TriggerExecutor for HelpArgsOnlyTrigger { - const TRIGGER_TYPE: &'static str = "help-args-only"; - type RuntimeData = (); - type TriggerConfig = (); - type RunConfig = NoArgs; - type InstancePre = spin_core::InstancePre; - async fn new(_: crate::TriggerAppEngine) -> Result { - Ok(Self) - } - async fn run(self, _: Self::RunConfig) -> Result<()> { - Ok(()) - } - } -} diff --git a/crates/trigger/src/cli/launch_metadata.rs b/crates/trigger/src/cli/launch_metadata.rs deleted file mode 100644 index 0be69b2824..0000000000 --- a/crates/trigger/src/cli/launch_metadata.rs +++ /dev/null @@ -1,86 +0,0 @@ -use clap::{Args, CommandFactory}; -use serde::{Deserialize, Serialize}; -use std::ffi::OsString; - -use crate::{cli::TriggerExecutorCommand, TriggerExecutor}; - -/// Contains information about the trigger flags (and potentially -/// in future configuration) that a consumer (such as `spin up`) -/// can query using `--launch-metadata-only`. -#[derive(Clone, Debug, Deserialize, Serialize)] -pub struct LaunchMetadata { - all_flags: Vec, -} - -// This assumes no triggers that want to participate in multi-trigger -// use positional arguments. This is a restriction we'll have to make -// anyway: suppose triggers A and B both take one positional arg, and -// the user writes `spin up 123 456` - which value would go to which trigger? -#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)] -struct LaunchFlag { - #[serde(skip_serializing_if = "Option::is_none")] - #[serde(default)] - short: Option, - #[serde(skip_serializing_if = "Option::is_none")] - #[serde(default)] - long: Option, -} - -impl LaunchMetadata { - pub fn infer() -> Self - where - Executor::RunConfig: Args, - { - let all_flags: Vec<_> = TriggerExecutorCommand::::command() - .get_arguments() - .map(LaunchFlag::infer) - .collect(); - - LaunchMetadata { all_flags } - } - - pub fn matches<'a>(&self, groups: &[Vec<&'a OsString>]) -> Vec<&'a OsString> { - let mut matches = vec![]; - - for group in groups { - if group.is_empty() { - continue; - } - if self.is_match(group[0]) { - matches.extend(group); - } - } - - matches - } - - fn is_match(&self, arg: &OsString) -> bool { - self.all_flags.iter().any(|f| f.is_match(arg)) - } - - pub fn is_group_match(&self, group: &[&OsString]) -> bool { - if group.is_empty() { - false - } else { - self.all_flags.iter().any(|f| f.is_match(group[0])) - } - } -} - -impl LaunchFlag { - fn infer(arg: &clap::Arg) -> Self { - Self { - long: arg.get_long().map(|s| format!("--{s}")), - short: arg.get_short().map(|ch| format!("-{ch}")), - } - } - - fn is_match(&self, candidate: &OsString) -> bool { - let Some(s) = candidate.to_str() else { - return false; - }; - let candidate = Some(s.to_owned()); - - candidate == self.long || candidate == self.short - } -} diff --git a/crates/trigger/src/lib.rs b/crates/trigger/src/lib.rs deleted file mode 100644 index 506221c588..0000000000 --- a/crates/trigger/src/lib.rs +++ /dev/null @@ -1,483 +0,0 @@ -pub mod cli; -pub mod loader; -pub mod network; -mod runtime_config; -mod stdio; - -use std::{collections::HashMap, marker::PhantomData}; - -use anyhow::{Context, Result}; -pub use async_trait::async_trait; -use http::uri::Authority; -use runtime_config::llm::LLmOptions; -use serde::de::DeserializeOwned; - -use spin_app::{App, AppComponent, AppLoader, AppTrigger, Loader, OwnedApp, APP_NAME_KEY}; -use spin_core::{ - Config, Engine, EngineBuilder, Instance, InstancePre, OutboundWasiHttpHandler, Store, - StoreBuilder, WasiVersion, -}; - -pub use crate::runtime_config::{ParsedClientTlsOpts, RuntimeConfig}; - -#[async_trait] -pub trait TriggerExecutor: Sized + Send + Sync { - const TRIGGER_TYPE: &'static str; - type RuntimeData: OutboundWasiHttpHandler + Default + Send + Sync + 'static; - type TriggerConfig; - type RunConfig; - type InstancePre: TriggerInstancePre; - - /// Create a new trigger executor. - async fn new(engine: TriggerAppEngine) -> Result; - - /// Run the trigger executor. - async fn run(self, config: Self::RunConfig) -> Result<()>; - - /// Make changes to the ExecutionContext using the given Builder. - fn configure_engine(_builder: &mut EngineBuilder) -> Result<()> { - Ok(()) - } - - fn supported_host_requirements() -> Vec<&'static str> { - Vec::new() - } -} - -/// Helper type alias to project the `Instance` of a given `TriggerExecutor`. -pub type ExecutorInstance = <::InstancePre as TriggerInstancePre< - ::RuntimeData, - ::TriggerConfig, ->>::Instance; - -#[async_trait] -pub trait TriggerInstancePre: Sized + Send + Sync -where - T: OutboundWasiHttpHandler + Send + Sync, -{ - type Instance; - - async fn instantiate_pre( - engine: &Engine, - component: &AppComponent, - config: &C, - ) -> Result; - - async fn instantiate(&self, store: &mut Store) -> Result; -} - -#[async_trait] -impl TriggerInstancePre for InstancePre -where - T: OutboundWasiHttpHandler + Send + Sync, -{ - type Instance = Instance; - - async fn instantiate_pre( - engine: &Engine, - component: &AppComponent, - _config: &C, - ) -> Result { - let comp = component.load_component(engine).await?; - Ok(engine - .instantiate_pre(&comp) - .with_context(|| format!("Failed to instantiate component '{}'", component.id()))?) - } - - async fn instantiate(&self, store: &mut Store) -> Result { - self.instantiate_async(store).await - } -} - -pub struct TriggerExecutorBuilder { - loader: AppLoader, - config: Config, - hooks: Vec>, - disable_default_host_components: bool, - _phantom: PhantomData, -} - -impl TriggerExecutorBuilder { - /// Create a new TriggerExecutorBuilder with the given Application. - pub fn new(loader: impl Loader + Send + Sync + 'static) -> Self { - Self { - loader: AppLoader::new(loader), - config: Default::default(), - hooks: Default::default(), - disable_default_host_components: false, - _phantom: PhantomData, - } - } - - /// !!!Warning!!! Using a custom Wasmtime Config is entirely unsupported; - /// many configurations are likely to cause errors or unexpected behavior. - #[doc(hidden)] - pub fn config_mut(&mut self) -> &mut spin_core::Config { - &mut self.config - } - - pub fn hooks(&mut self, hooks: impl TriggerHooks + 'static) -> &mut Self { - self.hooks.push(Box::new(hooks)); - self - } - - pub fn disable_default_host_components(&mut self) -> &mut Self { - self.disable_default_host_components = true; - self - } - - pub async fn build( - mut self, - app_uri: String, - runtime_config: runtime_config::RuntimeConfig, - init_data: HostComponentInitData, - ) -> Result - where - Executor::TriggerConfig: DeserializeOwned, - { - let resolver_cell = std::sync::Arc::new(std::sync::OnceLock::new()); - - let engine = { - let mut builder = Engine::builder(&self.config)?; - - if !self.disable_default_host_components { - // Wasmtime 17: WASI@0.2.0 - builder.link_import(|l, _| { - wasmtime_wasi::add_to_linker_async(l)?; - wasmtime_wasi_http::proxy::add_only_http_to_linker(l) - })?; - - // Wasmtime 15: WASI@0.2.0-rc-2023-11-10 - builder.link_import(|l, _| spin_core::wasi_2023_11_10::add_to_linker(l))?; - - // Wasmtime 14: WASI@0.2.0-rc-2023-10-18 - builder.link_import(|l, _| spin_core::wasi_2023_10_18::add_to_linker(l))?; - - self.loader.add_dynamic_host_component( - &mut builder, - outbound_redis::OutboundRedisComponent { - resolver: resolver_cell.clone(), - }, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - outbound_mqtt::OutboundMqttComponent { - resolver: resolver_cell.clone(), - }, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - outbound_mysql::OutboundMysqlComponent { - resolver: resolver_cell.clone(), - }, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - outbound_pg::OutboundPgComponent { - resolver: resolver_cell.clone(), - }, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - runtime_config::llm::build_component(&runtime_config, init_data.llm.use_gpu) - .await, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - runtime_config::key_value::build_key_value_component( - &runtime_config, - &init_data.kv, - ) - .await?, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - runtime_config::sqlite::build_component(&runtime_config, &init_data.sqlite) - .await?, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - outbound_http::OutboundHttpComponent { - resolver: resolver_cell.clone(), - }, - )?; - self.loader.add_dynamic_host_component( - &mut builder, - spin_variables::VariablesHostComponent::new( - runtime_config.variables_providers()?, - ), - )?; - } - - Executor::configure_engine(&mut builder)?; - builder.build() - }; - - let app = self.loader.load_owned_app(app_uri).await?; - - if let Err(unmet) = app - .borrowed() - .ensure_needs_only(&Executor::supported_host_requirements()) - { - anyhow::bail!("This application requires the following features that are not available in this version of the '{}' trigger: {unmet}", Executor::TRIGGER_TYPE); - } - - let app_name = app.borrowed().require_metadata(APP_NAME_KEY)?; - - let resolver = - spin_variables::make_resolver(app.borrowed(), runtime_config.variables_providers()?)?; - let prepared_resolver = std::sync::Arc::new(resolver.prepare().await?); - resolver_cell - .set(prepared_resolver.clone()) - .map_err(|_| anyhow::anyhow!("resolver cell was already set!"))?; - - self.hooks - .iter_mut() - .try_for_each(|h| h.app_loaded(app.borrowed(), &runtime_config, &prepared_resolver))?; - - // Run trigger executor - Executor::new( - TriggerAppEngine::new( - engine, - app_name, - app, - self.hooks, - &prepared_resolver, - runtime_config.client_tls_opts()?, - ) - .await?, - ) - .await - } -} - -/// Initialization data for host components. -#[derive(Default)] // TODO: the implementation of Default is only for tests - would like to get rid of -pub struct HostComponentInitData { - kv: Vec<(String, String)>, - sqlite: Vec, - llm: LLmOptions, -} - -impl HostComponentInitData { - /// Create an instance of `HostComponentInitData`. `key_value_init_values` - /// will be added to the default key-value store; `sqlite_init_statements` - /// will be run against the default SQLite database. - pub fn new( - key_value_init_values: impl Into>, - sqlite_init_statements: impl Into>, - llm: LLmOptions, - ) -> Self { - Self { - kv: key_value_init_values.into(), - sqlite: sqlite_init_statements.into(), - llm, - } - } -} - -/// Execution context for a TriggerExecutor executing a particular App. -pub struct TriggerAppEngine { - /// Engine to be used with this executor. - pub engine: Engine, - /// Name of the app for e.g. logging. - pub app_name: String, - // An owned wrapper of the App. - app: OwnedApp, - // Trigger hooks - hooks: Vec>, - // Trigger configs for this trigger type, with order matching `app.triggers_with_type(Executor::TRIGGER_TYPE)` - trigger_configs: Vec, - // Map of {Component ID -> InstancePre} for each component. - component_instance_pres: HashMap, - // Resolver for value template expressions - resolver: std::sync::Arc, - // Map of { Component ID -> Map of { Authority -> ParsedClientTlsOpts} } - client_tls_opts: HashMap>, -} - -impl TriggerAppEngine { - /// Returns a new TriggerAppEngine. May return an error if trigger config validation or - /// component pre-instantiation fails. - pub async fn new( - engine: Engine, - app_name: String, - app: OwnedApp, - hooks: Vec>, - resolver: &std::sync::Arc, - client_tls_opts: HashMap>, - ) -> Result - where - ::TriggerConfig: DeserializeOwned, - { - let trigger_configs = app - .borrowed() - .triggers_with_type(Executor::TRIGGER_TYPE) - .map(|trigger| { - Ok(( - trigger.component()?.id().to_owned(), - trigger.typed_config().with_context(|| { - format!("invalid trigger configuration for {:?}", trigger.id()) - })?, - )) - }) - .collect::>>()?; - - let mut component_instance_pres = HashMap::default(); - for component in app.borrowed().components() { - let id = component.id(); - // There is an issue here for triggers that consider the trigger config during - // preinstantiation. We defer this for now because the only case is the HTTP - // `executor` field and that should not differ from trigger to trigger. - let trigger_config = trigger_configs - .iter() - .find(|(c, _)| c == id) - .map(|(_, cfg)| cfg); - if let Some(config) = trigger_config { - component_instance_pres.insert( - id.to_owned(), - Executor::InstancePre::instantiate_pre(&engine, &component, config) - .await - .with_context(|| format!("Failed to instantiate component '{id}'"))?, - ); - } else { - tracing::warn!( - "component '{id}' is not used by any triggers in app '{app_name}'", - id = id, - app_name = app_name - ) - } - } - - Ok(Self { - engine, - app_name, - app, - hooks, - trigger_configs: trigger_configs.into_iter().map(|(_, v)| v).collect(), - component_instance_pres, - resolver: resolver.clone(), - client_tls_opts, - }) - } - - /// Returns a reference to the App. - pub fn app(&self) -> &App { - self.app.borrowed() - } - - pub fn trigger_metadata(&self) -> spin_app::Result> { - self.app().get_trigger_metadata(Executor::TRIGGER_TYPE) - } - - /// Returns AppTriggers and typed TriggerConfigs for this executor type. - pub fn trigger_configs(&self) -> impl Iterator { - self.app() - .triggers_with_type(Executor::TRIGGER_TYPE) - .zip(&self.trigger_configs) - } - - /// Returns a new StoreBuilder for the given component ID. - pub fn store_builder( - &self, - component_id: &str, - wasi_version: WasiVersion, - ) -> Result { - let mut builder = self.engine.store_builder(wasi_version); - let component = self.get_component(component_id)?; - self.hooks - .iter() - .try_for_each(|h| h.component_store_builder(&component, &mut builder))?; - Ok(builder) - } - - /// Returns a new Store and Instance for the given component ID. - pub async fn prepare_instance( - &self, - component_id: &str, - ) -> Result<(ExecutorInstance, Store)> { - let store_builder = self.store_builder(component_id, WasiVersion::Preview2)?; - self.prepare_instance_with_store(component_id, store_builder) - .await - } - - /// Returns a new Store and Instance for the given component ID and StoreBuilder. - pub async fn prepare_instance_with_store( - &self, - component_id: &str, - mut store_builder: StoreBuilder, - ) -> Result<(ExecutorInstance, Store)> { - let component = self.get_component(component_id)?; - - // Build Store - component.apply_store_config(&mut store_builder).await?; - let mut store = store_builder.build()?; - - // Instantiate - let pre = self - .component_instance_pres - .get(component_id) - .expect("component_instance_pres missing valid component_id"); - - let instance = pre.instantiate(&mut store).await.with_context(|| { - format!( - "app {:?} component {:?} instantiation failed", - self.app_name, component_id - ) - })?; - - Ok((instance, store)) - } - - pub fn get_component(&self, component_id: &str) -> Result { - self.app().get_component(component_id).with_context(|| { - format!( - "app {:?} has no component {:?}", - self.app_name, component_id - ) - }) - } - - pub fn get_client_tls_opts( - &self, - component_id: &str, - ) -> Option> { - self.client_tls_opts.get(component_id).cloned() - } - - pub fn resolve_template( - &self, - template: &spin_expressions::Template, - ) -> Result { - self.resolver.resolve_template(template) - } -} - -/// TriggerHooks allows a Spin environment to hook into a TriggerAppEngine's -/// configuration and execution processes. -pub trait TriggerHooks: Send + Sync { - #![allow(unused_variables)] - - /// Called once, immediately after an App is loaded. - fn app_loaded( - &mut self, - app: &App, - runtime_config: &RuntimeConfig, - resolver: &std::sync::Arc, - ) -> Result<()> { - Ok(()) - } - - /// Called while an AppComponent is being prepared for execution. - /// Implementations may update the given StoreBuilder to change the - /// environment of the instance to be executed. - fn component_store_builder( - &self, - component: &AppComponent, - store_builder: &mut StoreBuilder, - ) -> Result<()> { - Ok(()) - } -} - -impl TriggerHooks for () {} diff --git a/crates/trigger/src/loader.rs b/crates/trigger/src/loader.rs deleted file mode 100644 index e46fab1044..0000000000 --- a/crates/trigger/src/loader.rs +++ /dev/null @@ -1,256 +0,0 @@ -use std::path::{Path, PathBuf}; - -use anyhow::{ensure, Context, Result}; -use async_trait::async_trait; -use spin_app::{ - locked::{LockedApp, LockedComponentSource}, - AppComponent, Loader, -}; -use spin_componentize::bugs::WasiLibc377Bug; -use spin_core::StoreBuilder; -use tokio::fs; - -use spin_common::{ui::quoted_path, url::parse_file_url}; - -/// Compilation status of all components of a Spin application -pub enum AotCompilationStatus { - /// No components are ahead of time (AOT) compiled. - Disabled, - #[cfg(feature = "unsafe-aot-compilation")] - /// All components are componentized and ahead of time (AOT) compiled to cwasm. - Enabled, -} - -/// Loader for the Spin runtime -pub struct TriggerLoader { - /// Working directory where files for mounting exist. - working_dir: PathBuf, - /// Set the static assets of the components in the temporary directory as writable. - allow_transient_write: bool, - /// Declares the compilation status of all components of a Spin application. - aot_compilation_status: AotCompilationStatus, -} - -impl TriggerLoader { - pub fn new(working_dir: impl Into, allow_transient_write: bool) -> Self { - Self { - working_dir: working_dir.into(), - allow_transient_write, - aot_compilation_status: AotCompilationStatus::Disabled, - } - } - - /// Updates the TriggerLoader to load AOT precompiled components - /// - /// **Warning: This feature may bypass important security guarantees of the - /// Wasmtime - // security sandbox if used incorrectly! Read this documentation - // carefully.** - /// - /// Usually, components are compiled just-in-time from portable Wasm - /// sources. This method causes components to instead be loaded - /// ahead-of-time as Wasmtime-precompiled native executable binaries. - /// Precompiled binaries must be produced with a compatible Wasmtime engine - /// using the same Wasmtime version and compiler target settings - typically - /// by a host with the same processor that will be executing them. See the - /// Wasmtime documentation for more information: - /// https://docs.rs/wasmtime/latest/wasmtime/struct.Module.html#method.deserialize - /// - /// # Safety - /// - /// This method is marked as `unsafe` because it enables potentially unsafe - /// behavior if - // used to load malformed or malicious precompiled binaries. Loading sources - // from an - /// incompatible Wasmtime engine will fail but is otherwise safe. This - /// method is safe if it can be guaranteed that `::load_component` will only ever be called with a trusted - /// `LockedComponentSource`. **Precompiled binaries must never be loaded - /// from untrusted sources.** - #[cfg(feature = "unsafe-aot-compilation")] - pub unsafe fn enable_loading_aot_compiled_components(&mut self) { - self.aot_compilation_status = AotCompilationStatus::Enabled; - } -} - -#[async_trait] -impl Loader for TriggerLoader { - async fn load_app(&self, url: &str) -> Result { - let path = parse_file_url(url)?; - let contents = std::fs::read(&path) - .with_context(|| format!("failed to read manifest at {}", quoted_path(&path)))?; - let app = - serde_json::from_slice(&contents).context("failed to parse app lock file JSON")?; - Ok(app) - } - - async fn load_component( - &self, - engine: &spin_core::wasmtime::Engine, - source: &LockedComponentSource, - ) -> Result { - let source = source - .content - .source - .as_ref() - .context("LockedComponentSource missing source field")?; - let path = parse_file_url(source)?; - match self.aot_compilation_status { - #[cfg(feature = "unsafe-aot-compilation")] - AotCompilationStatus::Enabled => { - match engine.detect_precompiled_file(&path)?{ - Some(wasmtime::Precompiled::Component) => { - unsafe { - spin_core::Component::deserialize_file(engine, &path) - .with_context(|| format!("deserializing module {}", quoted_path(&path))) - } - }, - Some(wasmtime::Precompiled::Module) => anyhow::bail!("Spin loader is configured to load only AOT compiled components but an AOT compiled module provided at {}", quoted_path(&path)), - None => { - anyhow::bail!("Spin loader is configured to load only AOT compiled components, but {} is not precompiled", quoted_path(&path)) - } - } - } - AotCompilationStatus::Disabled => { - let bytes = fs::read(&path).await.with_context(|| { - format!( - "failed to read component source from disk at path {}", - quoted_path(&path) - ) - })?; - let component = spin_componentize::componentize_if_necessary(&bytes)?; - spin_core::Component::new(engine, component.as_ref()) - .with_context(|| format!("loading module {}", quoted_path(&path))) - } - } - } - - async fn load_module( - &self, - engine: &spin_core::wasmtime::Engine, - source: &LockedComponentSource, - ) -> Result { - let source = source - .content - .source - .as_ref() - .context("LockedComponentSource missing source field")?; - let path = parse_file_url(source)?; - check_uncomponentizable_module_deprecation(&path); - spin_core::Module::from_file(engine, &path) - .with_context(|| format!("loading module {}", quoted_path(&path))) - } - - async fn mount_files( - &self, - store_builder: &mut StoreBuilder, - component: &AppComponent, - ) -> Result<()> { - for content_dir in component.files() { - let source_uri = content_dir - .content - .source - .as_deref() - .with_context(|| format!("Missing 'source' on files mount {content_dir:?}"))?; - let source_path = self.working_dir.join(parse_file_url(source_uri)?); - ensure!( - source_path.is_dir(), - "TriggerLoader only supports directory mounts; {} is not a directory", - quoted_path(&source_path), - ); - let guest_path = content_dir.path.clone(); - if self.allow_transient_write { - store_builder.read_write_preopened_dir(source_path, guest_path)?; - } else { - store_builder.read_only_preopened_dir(source_path, guest_path)?; - } - } - Ok(()) - } -} - -// Check whether the given module is (likely) susceptible to a wasi-libc bug -// that makes it unsafe to componentize. If so, print a deprecation warning; -// this will turn into a hard error in a future release. -fn check_uncomponentizable_module_deprecation(module_path: &Path) { - let module = match std::fs::read(module_path) { - Ok(module) => module, - Err(err) => { - tracing::warn!("Failed to read {module_path:?}: {err:#}"); - return; - } - }; - match WasiLibc377Bug::detect(&module) { - Ok(WasiLibc377Bug::ProbablySafe) => {} - not_safe @ Ok(WasiLibc377Bug::ProbablyUnsafe | WasiLibc377Bug::Unknown) => { - println!( - "\n!!! DEPRECATION WARNING !!!\n\ - The Wasm module at {path}\n\ - {verbs} have been compiled with wasi-sdk version <19 and is likely to\n\ - contain a critical memory safety bug. Spin has deprecated execution of these\n\ - modules; they will stop working in a future release.\n\ - For more information, see: https://github.com/fermyon/spin/issues/2552\n", - path = module_path.display(), - verbs = if not_safe.unwrap() == WasiLibc377Bug::ProbablyUnsafe { - "appears to" - } else { - "may" - } - ); - } - Err(err) => { - tracing::warn!("Failed to apply wasi-libc bug heuristic on {module_path:?}: {err:#}"); - } - } -} - -#[cfg(test)] -mod tests { - use super::*; - use spin_app::locked::ContentRef; - use std::io::Write; - use tempfile::NamedTempFile; - - fn precompiled_component(file: &mut NamedTempFile) -> LockedComponentSource { - let wasmtime_engine = wasmtime::Engine::default(); - let component = wasmtime::component::Component::new(&wasmtime_engine, "(component)") - .unwrap() - .serialize() - .unwrap(); - let file_uri = format!("file://{}", file.path().to_str().unwrap()); - file.write_all(&component).unwrap(); - LockedComponentSource { - content: ContentRef { - source: Some(file_uri), - ..Default::default() - }, - content_type: "application/wasm".to_string(), - } - } - - #[cfg(feature = "unsafe-aot-compilation")] - #[tokio::test] - async fn load_component_succeeds_for_precompiled_component() { - let mut file = NamedTempFile::new().unwrap(); - let source = precompiled_component(&mut file); - let mut loader = super::TriggerLoader::new("/unreferenced", false); - unsafe { - loader.enable_loading_aot_compiled_components(); - } - loader - .load_component(&spin_core::wasmtime::Engine::default(), &source) - .await - .unwrap(); - } - - #[tokio::test] - async fn load_component_fails_for_precompiled_component() { - let mut file = NamedTempFile::new().unwrap(); - let source = precompiled_component(&mut file); - let loader = super::TriggerLoader::new("/unreferenced", false); - let result = loader - .load_component(&spin_core::wasmtime::Engine::default(), &source) - .await; - assert!(result.is_err()); - } -} diff --git a/crates/trigger/src/network.rs b/crates/trigger/src/network.rs deleted file mode 100644 index ce7af9988b..0000000000 --- a/crates/trigger/src/network.rs +++ /dev/null @@ -1,88 +0,0 @@ -use std::sync::Arc; - -use crate::TriggerHooks; - -#[derive(Default)] -pub struct Network { - resolver: Arc, -} - -impl TriggerHooks for Network { - fn app_loaded( - &mut self, - _app: &spin_app::App, - _runtime_config: &crate::RuntimeConfig, - resolver: &Arc, - ) -> anyhow::Result<()> { - self.resolver = resolver.clone(); - Ok(()) - } - - fn component_store_builder( - &self, - component: &spin_app::AppComponent, - store_builder: &mut spin_core::StoreBuilder, - ) -> anyhow::Result<()> { - let hosts = component - .get_metadata(spin_outbound_networking::ALLOWED_HOSTS_KEY)? - .unwrap_or_default(); - let allowed_hosts = - spin_outbound_networking::AllowedHostsConfig::parse(&hosts, &self.resolver)?; - match allowed_hosts { - spin_outbound_networking::AllowedHostsConfig::All => store_builder.inherit_network(), - spin_outbound_networking::AllowedHostsConfig::SpecificHosts(configs) => { - for config in configs { - if config.scheme().allows_any() { - match config.host() { - spin_outbound_networking::HostConfig::Any => { - store_builder.inherit_network() - } - spin_outbound_networking::HostConfig::AnySubdomain(_) => continue, - spin_outbound_networking::HostConfig::ToSelf => {} - spin_outbound_networking::HostConfig::List(hosts) => { - for host in hosts { - let Ok(ip_net) = - // Parse the host as an `IpNet` cidr block and if it fails - // then try parsing again with `/32` appended to the end. - host.parse().or_else(|_| format!("{host}/32").parse()) - else { - continue; - }; - add_ip_net(store_builder, ip_net, config.port()); - } - } - spin_outbound_networking::HostConfig::Cidr(ip_net) => { - add_ip_net(store_builder, *ip_net, config.port()) - } - } - } - } - } - } - Ok(()) - } -} - -fn add_ip_net( - store_builder: &mut spin_core::StoreBuilder, - ip_net: ipnet::IpNet, - port: &spin_outbound_networking::PortConfig, -) { - match port { - spin_outbound_networking::PortConfig::Any => { - store_builder.insert_ip_net_port_range(ip_net, 0, None); - } - spin_outbound_networking::PortConfig::List(ports) => { - for port in ports { - match port { - spin_outbound_networking::IndividualPortConfig::Port(p) => { - store_builder.insert_ip_net_port_range(ip_net, *p, p.checked_add(1)); - } - spin_outbound_networking::IndividualPortConfig::Range(r) => { - store_builder.insert_ip_net_port_range(ip_net, r.start, Some(r.end)) - } - } - } - } - } -} diff --git a/crates/trigger/src/runtime_config.rs b/crates/trigger/src/runtime_config.rs deleted file mode 100644 index 4d22c48bcd..0000000000 --- a/crates/trigger/src/runtime_config.rs +++ /dev/null @@ -1,840 +0,0 @@ -pub mod client_tls; -pub mod key_value; -pub mod llm; -pub mod sqlite; -pub mod variables_provider; - -use std::{ - collections::HashMap, - fs, - path::{Path, PathBuf}, - sync::Arc, -}; - -use anyhow::{Context, Result}; -use http::uri::Authority; -use serde::Deserialize; -use spin_common::ui::quoted_path; -use spin_sqlite::Connection; - -use crate::TriggerHooks; - -use self::{ - client_tls::{load_certs, load_key, ClientTlsOpts}, - key_value::{KeyValueStore, KeyValueStoreOpts}, - llm::LlmComputeOpts, - sqlite::SqliteDatabaseOpts, - variables_provider::{VariablesProvider, VariablesProviderOpts}, -}; - -pub const DEFAULT_STATE_DIR: &str = ".spin"; -const DEFAULT_LOGS_DIR: &str = "logs"; -/// RuntimeConfig allows multiple sources of runtime configuration to be -/// queried uniformly. -#[derive(Debug, Default)] -pub struct RuntimeConfig { - local_app_dir: Option, - files: Vec, - overrides: RuntimeConfigOpts, -} - -impl RuntimeConfig { - // Gives more consistent conditional branches - #![allow(clippy::manual_map)] - - pub fn new(local_app_dir: Option) -> Self { - Self { - local_app_dir, - ..Default::default() - } - } - - /// Load a runtime config file from the given path. Options specified in a - /// later-loaded file take precedence over any earlier-loaded files. - pub fn merge_config_file(&mut self, path: impl Into) -> Result<()> { - let path = path.into(); - let mut opts = RuntimeConfigOpts::parse_file(&path)?; - opts.file_path = Some(path); - self.files.push(opts); - Ok(()) - } - - /// Return a Vec of configured [`VariablesProvider`]s. - pub fn variables_providers(&self) -> Result> { - let default_provider = - VariablesProviderOpts::default_provider_opts(self).build_provider()?; - let mut providers: Vec = vec![default_provider]; - for opts in self.opts_layers() { - for var_provider in &opts.variables_providers { - let provider = var_provider.build_provider()?; - providers.push(provider); - } - } - Ok(providers) - } - - /// Return an iterator of named configured [`KeyValueStore`]s. - pub fn key_value_stores(&self) -> Result> { - let mut stores = HashMap::new(); - // Insert explicitly-configured stores - for opts in self.opts_layers() { - for (name, store) in &opts.key_value_stores { - if !stores.contains_key(name) { - let store = store.build_store(opts)?; - stores.insert(name.to_owned(), store); - } - } - } - // Upsert default store - if !stores.contains_key("default") { - let store = KeyValueStoreOpts::default_store_opts(self) - .build_store(&RuntimeConfigOpts::default())?; - stores.insert("default".into(), store); - } - Ok(stores.into_iter()) - } - - // Return the "default" key value store config. - fn default_key_value_opts(&self) -> KeyValueStoreOpts { - self.opts_layers() - .find_map(|opts| opts.key_value_stores.get("default")) - .cloned() - .unwrap_or_else(|| KeyValueStoreOpts::default_store_opts(self)) - } - - // Return the "default" key value store config. - fn default_sqlite_opts(&self) -> SqliteDatabaseOpts { - self.opts_layers() - .find_map(|opts| opts.sqlite_databases.get("default")) - .cloned() - .unwrap_or_else(|| SqliteDatabaseOpts::default(self)) - } - - /// Return an iterator of named configured [`SqliteDatabase`]s. - pub async fn sqlite_databases( - &self, - ) -> Result)>> { - let mut databases = HashMap::new(); - // Insert explicitly-configured databases - for opts in self.opts_layers() { - for (name, database) in &opts.sqlite_databases { - if !databases.contains_key(name) { - let store = database.build(opts).await?; - databases.insert(name.to_owned(), store); - } - } - } - // Upsert default store - if !databases.contains_key("default") { - let store = SqliteDatabaseOpts::default(self) - .build(&RuntimeConfigOpts::default()) - .await?; - databases.insert("default".into(), store); - } - Ok(databases.into_iter()) - } - - /// Set the state dir, overriding any other runtime config source. - pub fn set_state_dir(&mut self, state_dir: impl Into) { - self.overrides.state_dir = Some(state_dir.into()); - } - - /// Return the state dir if set. - pub fn state_dir(&self) -> Option { - if let Some(path_str) = self.find_opt(|opts| &opts.state_dir) { - if path_str.is_empty() { - None // An empty string forces the state dir to be unset - } else { - Some(path_str.into()) - } - } else if let Some(app_dir) = &self.local_app_dir { - // If we're running a local app, return the default state dir - Some(app_dir.join(DEFAULT_STATE_DIR)) - } else { - None - } - } - - /// Set the log dir, overriding any other runtime config source. - pub fn set_log_dir(&mut self, log_dir: impl Into) { - self.overrides.log_dir = Some(log_dir.into()); - } - - /// Return the log dir if set. - pub fn log_dir(&self) -> Option { - if let Some(path) = self.find_opt(|opts| &opts.log_dir) { - if path.as_os_str().is_empty() { - // If the log dir is explicitly set to "", disable logging - None - } else { - // If there is an explicit log dir set, return it - Some(path.into()) - } - } else if let Some(state_dir) = self.state_dir() { - // If the state dir is set, build the default path - Some(state_dir.join(DEFAULT_LOGS_DIR)) - } else { - None - } - } - - pub fn llm_compute(&self) -> &LlmComputeOpts { - if let Some(compute) = self.find_opt(|opts| &opts.llm_compute) { - compute - } else { - &LlmComputeOpts::Spin - } - } - - // returns the client tls options in form of nested - // HashMap of { Component ID -> HashMap of { Host -> ParsedClientTlsOpts} } - pub fn client_tls_opts( - &self, - ) -> Result>> { - let mut components_map: HashMap> = - HashMap::new(); - - // if available, use the existing client tls opts value for a given component-id and host-authority - // to ensure first-one wins incase of duplicate options - fn use_existing_if_available( - existing_opts: Option<&HashMap>, - host: Authority, - newopts: ParsedClientTlsOpts, - ) -> (Authority, ParsedClientTlsOpts) { - match existing_opts { - None => (host, newopts), - Some(opts) => match opts.get(&host) { - Some(existing_opts_for_component_and_host) => { - (host, existing_opts_for_component_and_host.to_owned()) - } - None => (host, newopts), - }, - } - } - - for opt_layer in self.opts_layers() { - for opts in &opt_layer.client_tls_opts { - let parsed = parse_client_tls_opts(opts).context("parsing client tls options")?; - for component_id in &opts.component_ids { - let existing_opts_for_component = components_map.get(component_id.as_ref()); - #[allow(clippy::mutable_key_type)] - let hostmap = parsed - .hosts - .clone() - .into_iter() - .map(|host| { - use_existing_if_available( - existing_opts_for_component, - host, - parsed.clone(), - ) - }) - .collect::>(); - components_map.insert(component_id.to_string(), hostmap); - } - } - } - - Ok(components_map) - } - - /// Returns an iterator of RuntimeConfigOpts in order of decreasing precedence - fn opts_layers(&self) -> impl Iterator { - std::iter::once(&self.overrides).chain(self.files.iter().rev()) - } - - /// Returns the highest precedence RuntimeConfigOpts Option that is set - fn find_opt(&self, mut f: impl FnMut(&RuntimeConfigOpts) -> &Option) -> Option<&T> { - self.opts_layers().find_map(|opts| f(opts).as_ref()) - } -} - -#[derive(Debug, Default, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct RuntimeConfigOpts { - #[serde(default)] - pub state_dir: Option, - - #[serde(default)] - pub log_dir: Option, - - #[serde(default)] - pub llm_compute: Option, - - #[serde(rename = "variables_provider", alias = "config_provider", default)] - pub variables_providers: Vec, - - #[serde(rename = "key_value_store", default)] - pub key_value_stores: HashMap, - - #[serde(rename = "sqlite_database", default)] - pub sqlite_databases: HashMap, - - #[serde(skip)] - pub file_path: Option, - - #[serde(rename = "client_tls", default)] - pub client_tls_opts: Vec, -} - -impl RuntimeConfigOpts { - fn parse_file(path: &Path) -> Result { - let contents = fs::read_to_string(path) - .with_context(|| format!("Failed to read runtime config file {}", quoted_path(path)))?; - let ext = path.extension().unwrap_or_default(); - let is_json = ext != "toml" && (ext == "json" || contents.trim_start().starts_with('{')); - if is_json { - serde_json::from_str(&contents).with_context(|| { - format!( - "Failed to parse runtime config JSON file {}", - quoted_path(path) - ) - }) - } else { - toml::from_str(&contents).with_context(|| { - format!( - "Failed to parse runtime config TOML file {}", - quoted_path(path) - ) - }) - } - } -} - -fn resolve_config_path(path: &Path, config_opts: &RuntimeConfigOpts) -> Result { - if path.is_absolute() { - return Ok(path.to_owned()); - } - let base_path = match &config_opts.file_path { - Some(file_path) => file_path - .parent() - .with_context(|| { - format!( - "failed to get parent of runtime config file path {}", - quoted_path(file_path) - ) - })? - .to_owned(), - None => std::env::current_dir().context("failed to get current directory")?, - }; - Ok(base_path.join(path)) -} - -pub(crate) struct SummariseRuntimeConfigHook { - runtime_config_file: Option, -} - -impl SummariseRuntimeConfigHook { - pub(crate) fn new(runtime_config_file: &Option) -> Self { - Self { - runtime_config_file: runtime_config_file.clone(), - } - } -} - -impl TriggerHooks for SummariseRuntimeConfigHook { - fn app_loaded( - &mut self, - _app: &spin_app::App, - runtime_config: &RuntimeConfig, - _resolver: &Arc, - ) -> anyhow::Result<()> { - if let Some(path) = &self.runtime_config_file { - let mut opts = vec![]; - for opt in runtime_config.opts_layers() { - for (id, opt) in &opt.key_value_stores { - opts.push(Self::summarise_kv(id, opt)); - } - for (id, opt) in &opt.sqlite_databases { - opts.push(Self::summarise_sqlite(id, opt)); - } - if let Some(opt) = &opt.llm_compute { - opts.push(Self::summarise_llm(opt)); - } - } - if !opts.is_empty() { - let opts_text = opts.join(", "); - println!( - "Using {opts_text} runtime config from {}", - quoted_path(path) - ); - } - } - Ok(()) - } -} - -impl SummariseRuntimeConfigHook { - fn summarise_kv(id: &str, opt: &KeyValueStoreOpts) -> String { - let source = match opt { - KeyValueStoreOpts::Spin(_) => "spin", - KeyValueStoreOpts::Redis(_) => "redis", - KeyValueStoreOpts::AzureCosmos(_) => "cosmos", - }; - format!("[key_value_store.{id}: {}]", source) - } - - fn summarise_sqlite(id: &str, opt: &SqliteDatabaseOpts) -> String { - let source = match opt { - SqliteDatabaseOpts::Spin(_) => "spin", - SqliteDatabaseOpts::Libsql(_) => "libsql", - }; - format!("[sqlite_database.{id}: {}]", source) - } - - fn summarise_llm(opt: &LlmComputeOpts) -> String { - let source = match opt { - LlmComputeOpts::Spin => "spin", - LlmComputeOpts::RemoteHttp(_) => "remote-http", - }; - format!("[llm_compute: {}]", source) - } -} - -#[cfg(test)] -mod tests { - use std::io::Write; - - use tempfile::NamedTempFile; - use toml::toml; - - use super::*; - - #[test] - fn defaults_without_local_app_dir() -> Result<()> { - let config = RuntimeConfig::new(None); - - assert_eq!(config.state_dir(), None); - assert_eq!(config.log_dir(), None); - assert_eq!(default_spin_store_path(&config), None); - - Ok(()) - } - - #[test] - fn defaults_with_local_app_dir() -> Result<()> { - let app_dir = tempfile::tempdir()?; - let config = RuntimeConfig::new(Some(app_dir.path().into())); - - let state_dir = config.state_dir().unwrap(); - assert!(state_dir.starts_with(&app_dir)); - - let log_dir = config.log_dir().unwrap(); - assert!(log_dir.starts_with(&state_dir)); - - let default_db_path = default_spin_store_path(&config).unwrap(); - assert!(default_db_path.starts_with(&state_dir)); - - Ok(()) - } - - #[test] - fn state_dir_force_unset() -> Result<()> { - let app_dir = tempfile::tempdir()?; - let mut config = RuntimeConfig::new(Some(app_dir.path().into())); - assert!(config.state_dir().is_some()); - - config.set_state_dir(""); - assert!(config.state_dir().is_none()); - - Ok(()) - } - - #[test] - fn opts_layers_precedence() -> Result<()> { - let mut config = RuntimeConfig::new(None); - - merge_config_toml( - &mut config, - toml! { - state_dir = "file-state-dir" - log_dir = "file-log-dir" - }, - ); - - let state_dir = config.state_dir().unwrap(); - assert_eq!(state_dir.as_os_str(), "file-state-dir"); - - let log_dir = config.log_dir().unwrap(); - assert_eq!(log_dir.as_os_str(), "file-log-dir"); - - config.set_state_dir("override-state-dir"); - config.set_log_dir("override-log-dir"); - - let state_dir = config.state_dir().unwrap(); - assert_eq!(state_dir.as_os_str(), "override-state-dir"); - - let log_dir = config.log_dir().unwrap(); - assert_eq!(log_dir.as_os_str(), "override-log-dir"); - - Ok(()) - } - - #[test] - fn deprecated_config_provider_in_runtime_config_file() -> Result<()> { - let mut config = RuntimeConfig::new(None); - - // One default provider - assert_eq!(config.variables_providers()?.len(), 1); - - merge_config_toml( - &mut config, - toml! { - [[config_provider]] - type = "vault" - url = "http://vault" - token = "secret" - mount = "root" - }, - ); - assert_eq!(config.variables_providers()?.len(), 2); - - Ok(()) - } - - #[test] - fn variables_providers_from_file() -> Result<()> { - let mut config = RuntimeConfig::new(None); - - // One default provider - assert_eq!(config.variables_providers()?.len(), 1); - - merge_config_toml( - &mut config, - toml! { - [[variables_provider]] - type = "vault" - url = "http://vault" - token = "secret" - mount = "root" - }, - ); - assert_eq!(config.variables_providers()?.len(), 2); - - Ok(()) - } - - #[test] - fn key_value_stores_from_file() -> Result<()> { - let mut config = RuntimeConfig::new(None); - - // One default store - assert_eq!(config.key_value_stores().unwrap().into_iter().count(), 1); - - merge_config_toml( - &mut config, - toml! { - [key_value_store.default] - type = "spin" - path = "override.db" - - [key_value_store.other] - type = "spin" - path = "other.db" - }, - ); - assert_eq!(config.key_value_stores().unwrap().into_iter().count(), 2); - - Ok(()) - } - - #[test] - fn default_redis_key_value_store_from_file() -> Result<()> { - let mut config = RuntimeConfig::new(None); - - merge_config_toml( - &mut config, - toml! { - [key_value_store.default] - type = "redis" - url = "redis://127.0.0.1/" - }, - ); - assert_eq!(config.key_value_stores().unwrap().into_iter().count(), 1); - - assert!( - matches!(config.default_key_value_opts(), KeyValueStoreOpts::Redis(_)), - "expected default Redis store", - ); - - Ok(()) - } - - fn to_component_id(inp: &str) -> spin_serde::KebabId { - spin_serde::KebabId::try_from(inp.to_string()).expect("parse component id into kebab id") - } - - #[test] - fn test_parsing_valid_hosts_in_client_tls_opts() { - let input = ClientTlsOpts { - component_ids: vec![to_component_id("component-id-foo")], - hosts: vec!["fermyon.com".to_string(), "fermyon.com:5443".to_string()], - ca_roots_file: None, - cert_chain_file: None, - private_key_file: None, - ca_webpki_roots: None, - }; - - let parsed = parse_client_tls_opts(&input); - assert!(parsed.is_ok()); - assert_eq!(parsed.unwrap().hosts.len(), 2) - } - - #[test] - fn test_parsing_empty_hosts_in_client_tls_opts() { - let input = ClientTlsOpts { - component_ids: vec![to_component_id("component-id-foo")], - hosts: vec!["".to_string(), "fermyon.com:5443".to_string()], - ca_roots_file: None, - cert_chain_file: None, - private_key_file: None, - ca_webpki_roots: None, - }; - - let parsed = parse_client_tls_opts(&input); - assert!(parsed.is_err()); - assert_eq!( - "failed to parse uri ''. error: InvalidUri(Empty)", - parsed.unwrap_err().to_string() - ) - } - - #[test] - fn test_parsing_invalid_hosts_in_client_tls_opts() { - let input = ClientTlsOpts { - component_ids: vec![to_component_id("component-id-foo")], - hosts: vec!["perc%ent:443".to_string(), "fermyon.com:5443".to_string()], - ca_roots_file: None, - cert_chain_file: None, - private_key_file: None, - ca_webpki_roots: None, - }; - - let parsed = parse_client_tls_opts(&input); - assert!(parsed.is_err()); - assert_eq!( - "failed to parse uri 'perc%ent:443'. error: InvalidUri(InvalidAuthority)", - parsed.unwrap_err().to_string() - ) - } - - #[test] - fn test_parsing_multiple_client_tls_opts() { - let custom_root_ca = r#" ------BEGIN CERTIFICATE----- -MIIBeDCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3Mtc2Vy -dmVyLWNhQDE3MTc3ODA1MjAwHhcNMjQwNjA3MTcxNTIwWhcNMzQwNjA1MTcxNTIw -WjAjMSEwHwYDVQQDDBhrM3Mtc2VydmVyLWNhQDE3MTc3ODA1MjAwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAAQnhGmz/r5E+ZBgkg/kpeSliS4LjMFaeFNM3C0SUksV -cVDbymRZt+D2loVpSIn9PnBHUIiR9kz+cmWJaJDhcY6Ho0IwQDAOBgNVHQ8BAf8E -BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzXLACkzCDPAXXERIxQim -NdG07zEwCgYIKoZIzj0EAwIDSQAwRgIhALwsHX2R7a7GXfgmn7h8rNRRvlQwyRaG -9hyv0a1cyJr2AiEA8+2vF0CZ/S0MG6rT0Y6xZ+iqi/vhcDnmBhJCxx2rwAI= ------END CERTIFICATE----- -"#; - let mut custom_root_ca_file = NamedTempFile::new().expect("temp file for custom root ca"); - custom_root_ca_file - .write_all(custom_root_ca.as_bytes()) - .expect("write custom root ca file"); - - let runtimeconfig_data = format!( - r#" -[[client_tls]] -hosts = ["localhost:6551"] -component_ids = ["component-no1"] -[[client_tls]] -hosts = ["localhost:6551"] -component_ids = ["component-no2"] -ca_roots_file = "{}" -"#, - custom_root_ca_file.path().to_str().unwrap() - ); - - let mut config = RuntimeConfig::new(None); - merge_config_toml(&mut config, toml::from_str(&runtimeconfig_data).unwrap()); - - let client_tls_opts = config.client_tls_opts(); - assert!(client_tls_opts.is_ok()); - - //assert that component level mapping works as expected - let client_tls_opts_ok = client_tls_opts.as_ref().unwrap(); - - // assert for component-no1 - assert!(client_tls_opts_ok - .get(&"component-no1".to_string()) - .is_some()); - - #[allow(clippy::mutable_key_type)] - let component_no1_client_tls_opts = client_tls_opts_ok - .get(&"component-no1".to_string()) - .expect("get opts for component-no1"); - assert!(component_no1_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .is_some()); - - let component_no1_host_client_tls_opts = component_no1_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .unwrap(); - assert!(component_no1_host_client_tls_opts.custom_root_ca.is_none()); - - // assert for component-no2 - assert!(client_tls_opts_ok - .get(&"component-no2".to_string()) - .is_some()); - - #[allow(clippy::mutable_key_type)] - let component_no2_client_tls_opts = client_tls_opts_ok - .get(&"component-no2".to_string()) - .expect("get opts for component-no2"); - assert!(component_no2_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .is_some()); - - let component_no2_host_client_tls_opts = component_no2_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .unwrap(); - assert!(component_no2_host_client_tls_opts.custom_root_ca.is_some()) - } - - #[test] - fn test_parsing_multiple_overlapping_client_tls_opts() { - let custom_root_ca = r#" ------BEGIN CERTIFICATE----- -MIIBeDCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3Mtc2Vy -dmVyLWNhQDE3MTc3ODA1MjAwHhcNMjQwNjA3MTcxNTIwWhcNMzQwNjA1MTcxNTIw -WjAjMSEwHwYDVQQDDBhrM3Mtc2VydmVyLWNhQDE3MTc3ODA1MjAwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAAQnhGmz/r5E+ZBgkg/kpeSliS4LjMFaeFNM3C0SUksV -cVDbymRZt+D2loVpSIn9PnBHUIiR9kz+cmWJaJDhcY6Ho0IwQDAOBgNVHQ8BAf8E -BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzXLACkzCDPAXXERIxQim -NdG07zEwCgYIKoZIzj0EAwIDSQAwRgIhALwsHX2R7a7GXfgmn7h8rNRRvlQwyRaG -9hyv0a1cyJr2AiEA8+2vF0CZ/S0MG6rT0Y6xZ+iqi/vhcDnmBhJCxx2rwAI= ------END CERTIFICATE----- -"#; - let mut custom_root_ca_file = NamedTempFile::new().expect("temp file for custom root ca"); - custom_root_ca_file - .write_all(custom_root_ca.as_bytes()) - .expect("write custom root ca file"); - - let runtimeconfig_data = format!( - r#" -[[client_tls]] -hosts = ["localhost:6551"] -component_ids = ["component-no1"] -[[client_tls]] -hosts = ["localhost:6551"] -component_ids = ["component-no1"] -ca_roots_file = "{}" -"#, - custom_root_ca_file.path().to_str().unwrap() - ); - - let mut config = RuntimeConfig::new(None); - merge_config_toml(&mut config, toml::from_str(&runtimeconfig_data).unwrap()); - - let client_tls_opts = config.client_tls_opts(); - assert!(client_tls_opts.is_ok()); - - //assert that component level mapping works as expected - let client_tls_opts_ok = client_tls_opts.as_ref().unwrap(); - - // assert for component-no1 - assert!(client_tls_opts_ok - .get(&"component-no1".to_string()) - .is_some()); - - #[allow(clippy::mutable_key_type)] - let component_no1_client_tls_opts = client_tls_opts_ok - .get(&"component-no1".to_string()) - .expect("get opts for component-no1"); - assert!(component_no1_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .is_some()); - - let component_no1_host_client_tls_opts = component_no1_client_tls_opts - .get(&"localhost:6551".parse::().unwrap()) - .unwrap(); - - // verify that the last client_tls block wins for same component-id and host combination - assert!(component_no1_host_client_tls_opts.custom_root_ca.is_none()); - } - - fn merge_config_toml(config: &mut RuntimeConfig, value: toml::Value) { - let data = toml::to_vec(&value).expect("encode toml"); - let mut file = NamedTempFile::new().expect("temp file"); - file.write_all(&data).expect("write toml"); - config.merge_config_file(file.path()).expect("merge config"); - } - - fn default_spin_store_path(config: &RuntimeConfig) -> Option { - match config.default_key_value_opts() { - KeyValueStoreOpts::Spin(opts) => opts.path, - other => panic!("unexpected default store opts {other:?}"), - } - } -} - -// parsed client tls options -#[derive(Debug, Clone)] -pub struct ParsedClientTlsOpts { - pub components: Vec, - pub hosts: Vec, - pub custom_root_ca: Option>>, - pub cert_chain: Option>>, - pub private_key: Option>>, - pub ca_webpki_roots: bool, -} - -fn parse_client_tls_opts(inp: &ClientTlsOpts) -> Result { - let custom_root_ca = match &inp.ca_roots_file { - Some(path) => Some(load_certs(path).context("loading custom root ca")?), - None => None, - }; - - let cert_chain = match &inp.cert_chain_file { - Some(file) => Some(load_certs(file).context("loading client tls certs")?), - None => None, - }; - - let private_key = match &inp.private_key_file { - Some(file) => { - let privatekey = load_key(file).context("loading private key")?; - Some(Arc::from(privatekey)) - } - None => None, - }; - - let parsed_hosts: Vec = inp - .hosts - .clone() - .into_iter() - .map(|s| { - s.parse::() - .map_err(|e| anyhow::anyhow!("failed to parse uri '{}'. error: {:?}", s, e)) - }) - .collect::, anyhow::Error>>()?; - - let custom_root_ca_provided = custom_root_ca.is_some(); - - // use_ca_webpki_roots is true if - // 1. ca_webpki_roots is explicitly true in runtime config OR - // 2. custom_root_ca is not provided - // - // if custom_root_ca is provided, use_ca_webpki_roots defaults to false - let ca_webpki_roots = inp.ca_webpki_roots.unwrap_or(!custom_root_ca_provided); - - let parsed_component_ids: Vec = inp - .component_ids - .clone() - .into_iter() - .map(|s| s.to_string()) - .collect(); - - Ok(ParsedClientTlsOpts { - hosts: parsed_hosts, - components: parsed_component_ids, - custom_root_ca, - cert_chain, - private_key, - ca_webpki_roots, - }) -} diff --git a/crates/trigger/src/runtime_config/client_tls.rs b/crates/trigger/src/runtime_config/client_tls.rs deleted file mode 100644 index 59390841e7..0000000000 --- a/crates/trigger/src/runtime_config/client_tls.rs +++ /dev/null @@ -1,50 +0,0 @@ -use anyhow::Context; -use rustls_pemfile::private_key; -use std::io; -use std::{ - fs, - path::{Path, PathBuf}, -}; - -#[derive(Debug, serde::Deserialize)] -#[serde(rename_all = "snake_case", tag = "type")] -pub struct ClientTlsOpts { - pub component_ids: Vec, - pub hosts: Vec, - pub ca_roots_file: Option, - pub cert_chain_file: Option, - pub private_key_file: Option, - pub ca_webpki_roots: Option, -} - -// load_certs parse and return the certs from the provided file -pub fn load_certs( - path: impl AsRef, -) -> io::Result>> { - rustls_pemfile::certs(&mut io::BufReader::new(fs::File::open(path).map_err( - |err| { - io::Error::new( - io::ErrorKind::InvalidInput, - format!("failed to read cert file {:?}", err), - ) - }, - )?)) - .collect::>>>() -} - -// load_keys parse and return the first private key from the provided file -pub fn load_key( - path: impl AsRef, -) -> anyhow::Result> { - private_key(&mut io::BufReader::new( - fs::File::open(path).context("loading private key")?, - )) - .map_err(|_| anyhow::anyhow!("invalid input")) - .transpose() - .ok_or_else(|| { - io::Error::new( - io::ErrorKind::InvalidInput, - "private key file contains no private keys", - ) - })? -} diff --git a/crates/trigger/src/runtime_config/key_value.rs b/crates/trigger/src/runtime_config/key_value.rs deleted file mode 100644 index bbfd83572b..0000000000 --- a/crates/trigger/src/runtime_config/key_value.rs +++ /dev/null @@ -1,195 +0,0 @@ -use std::{collections::HashMap, fs, path::PathBuf, sync::Arc}; - -use crate::{runtime_config::RuntimeConfig, TriggerHooks}; -use anyhow::{bail, Context, Result}; -use serde::Deserialize; -use spin_common::ui::quoted_path; -use spin_key_value::{ - CachingStoreManager, DelegatingStoreManager, KeyValueComponent, StoreManager, - KEY_VALUE_STORES_KEY, -}; -use spin_key_value_azure::{ - KeyValueAzureCosmos, KeyValueAzureCosmosAuthOptions, KeyValueAzureCosmosRuntimeConfigOptions, -}; -use spin_key_value_sqlite::{DatabaseLocation, KeyValueSqlite}; - -use super::{resolve_config_path, RuntimeConfigOpts}; - -const DEFAULT_SPIN_STORE_FILENAME: &str = "sqlite_key_value.db"; - -pub type KeyValueStore = Arc; - -/// Builds a [`KeyValueComponent`] from the given [`RuntimeConfig`]. -pub async fn build_key_value_component( - runtime_config: &RuntimeConfig, - init_data: &[(String, String)], -) -> Result { - let stores: HashMap<_, _> = runtime_config - .key_value_stores() - .context("Failed to build key-value component")? - .into_iter() - .collect(); - - // Avoid creating a database as a side-effect if one is not needed. - if !init_data.is_empty() { - if let Some(manager) = stores.get("default") { - let default_store = manager - .get("default") - .await - .context("Failed to access key-value store to set requested entries")?; - for (key, value) in init_data { - default_store - .set(key, value.as_bytes()) - .await - .with_context(|| { - format!("Failed to set requested entry {key} in key-value store") - })?; - } - } else { - bail!("Failed to access key-value store to set requested entries"); - } - } - // This is a temporary addition while factors work is in progress - // The default manager should already be added for all default labels - // and this should never be called. - let default_manager_fn = |_: &str| -> Option> { None }; - let delegating_manager = DelegatingStoreManager::new(stores, Arc::new(default_manager_fn)); - let caching_manager = Arc::new(CachingStoreManager::new(delegating_manager)); - Ok(KeyValueComponent::new(spin_key_value::manager(move |_| { - caching_manager.clone() - }))) -} - -// Holds deserialized options from a `[key_value_store.]` runtime config section. -#[derive(Clone, Debug, Deserialize)] -#[serde(rename_all = "snake_case", tag = "type")] -pub enum KeyValueStoreOpts { - Spin(SpinKeyValueStoreOpts), - Redis(RedisKeyValueStoreOpts), - AzureCosmos(AzureCosmosConfig), -} - -impl KeyValueStoreOpts { - pub fn default_store_opts(runtime_config: &RuntimeConfig) -> Self { - Self::Spin(SpinKeyValueStoreOpts::default_store_opts(runtime_config)) - } - - pub fn build_store(&self, config_opts: &RuntimeConfigOpts) -> Result { - match self { - Self::Spin(opts) => opts.build_store(config_opts), - Self::Redis(opts) => opts.build_store(), - Self::AzureCosmos(opts) => opts.build_store(), - } - } -} - -#[derive(Clone, Debug, Default, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct SpinKeyValueStoreOpts { - pub path: Option, -} - -impl SpinKeyValueStoreOpts { - fn default_store_opts(runtime_config: &RuntimeConfig) -> Self { - // If the state dir is set, build the default path - let path = runtime_config - .state_dir() - .map(|dir| dir.join(DEFAULT_SPIN_STORE_FILENAME)); - Self { path } - } - - fn build_store(&self, config_opts: &RuntimeConfigOpts) -> Result { - let location = match self.path.as_ref() { - Some(path) => { - let path = resolve_config_path(path, config_opts)?; - // Create the store's parent directory if necessary - fs::create_dir_all(path.parent().unwrap()) - .context("Failed to create key value store")?; - DatabaseLocation::Path(path) - } - None => DatabaseLocation::InMemory, - }; - Ok(Arc::new(KeyValueSqlite::new(location))) - } -} - -#[derive(Clone, Debug, Deserialize)] -pub struct RedisKeyValueStoreOpts { - pub url: String, -} - -impl RedisKeyValueStoreOpts { - fn build_store(&self) -> Result { - let kv_redis = spin_key_value_redis::KeyValueRedis::new(self.url.clone())?; - Ok(Arc::new(kv_redis)) - } -} - -#[derive(Clone, Debug, Deserialize)] -pub struct AzureCosmosConfig { - key: Option, - account: String, - database: String, - container: String, -} - -impl AzureCosmosConfig { - pub fn build_store(&self) -> Result> { - let auth_options = match self.key.clone() { - Some(key) => { - tracing::debug!("Azure key value is using key auth."); - let config_values = KeyValueAzureCosmosRuntimeConfigOptions::new(key); - KeyValueAzureCosmosAuthOptions::RuntimeConfigValues(config_values) - } - None => { - tracing::debug!("Azure key value is using environmental auth."); - KeyValueAzureCosmosAuthOptions::Environmental - } - }; - let kv_azure_cosmos = KeyValueAzureCosmos::new( - self.account.clone(), - self.database.clone(), - self.container.clone(), - auth_options, - )?; - Ok(Arc::new(kv_azure_cosmos)) - } -} - -// Prints startup messages about the default key value store config. -pub struct KeyValuePersistenceMessageHook; - -impl TriggerHooks for KeyValuePersistenceMessageHook { - fn app_loaded( - &mut self, - app: &spin_app::App, - runtime_config: &RuntimeConfig, - _resolver: &Arc, - ) -> Result<()> { - // Only print if the app actually uses KV - if app.components().all(|c| { - c.get_metadata(KEY_VALUE_STORES_KEY) - .unwrap_or_default() - .unwrap_or_default() - .is_empty() - }) { - return Ok(()); - } - match runtime_config.default_key_value_opts() { - KeyValueStoreOpts::Redis(_store_opts) => { - println!("Storing default key-value data to Redis"); - } - KeyValueStoreOpts::Spin(store_opts) => { - if let Some(path) = &store_opts.path { - println!("Storing default key-value data to {}", quoted_path(path)); - } else { - println!("Using in-memory default key-value store; data will not be saved!"); - } - } - KeyValueStoreOpts::AzureCosmos(store_opts) => { - println!("Storing default key-value data to Azure CosmosDB: account: {}, database: {}, container: {}", store_opts.account, store_opts.database, store_opts.container); - } - } - Ok(()) - } -} diff --git a/crates/trigger/src/runtime_config/llm.rs b/crates/trigger/src/runtime_config/llm.rs deleted file mode 100644 index aed48f639c..0000000000 --- a/crates/trigger/src/runtime_config/llm.rs +++ /dev/null @@ -1,82 +0,0 @@ -use spin_llm_remote_http::RemoteHttpLlmEngine; -use url::Url; - -#[derive(Default)] -pub struct LLmOptions { - pub use_gpu: bool, -} - -pub(crate) async fn build_component( - runtime_config: &crate::RuntimeConfig, - use_gpu: bool, -) -> spin_llm::LlmComponent { - match runtime_config.llm_compute() { - #[cfg(feature = "llm")] - LlmComputeOpts::Spin => { - let path = runtime_config - .state_dir() - .unwrap_or_default() - .join("ai-models"); - let engine = spin_llm_local::LocalLlmEngine::new(path, use_gpu).await; - spin_llm::LlmComponent::new(move || Box::new(engine.clone())) - } - #[cfg(not(feature = "llm"))] - LlmComputeOpts::Spin => { - let _ = use_gpu; - spin_llm::LlmComponent::new(move || Box::new(noop::NoopLlmEngine.clone())) - } - LlmComputeOpts::RemoteHttp(config) => { - tracing::info!("Using remote compute for LLMs"); - let engine = - RemoteHttpLlmEngine::new(config.url.to_owned(), config.auth_token.to_owned()); - spin_llm::LlmComponent::new(move || Box::new(engine.clone())) - } - } -} - -#[derive(Debug, serde::Deserialize)] -#[serde(rename_all = "snake_case", tag = "type")] -pub enum LlmComputeOpts { - Spin, - RemoteHttp(RemoteHttpComputeOpts), -} - -#[derive(Debug, serde::Deserialize)] -pub struct RemoteHttpComputeOpts { - url: Url, - auth_token: String, -} - -#[cfg(not(feature = "llm"))] -mod noop { - use async_trait::async_trait; - use spin_llm::LlmEngine; - use spin_world::v2::llm as wasi_llm; - - #[derive(Clone)] - pub(super) struct NoopLlmEngine; - - #[async_trait] - impl LlmEngine for NoopLlmEngine { - async fn infer( - &mut self, - _model: wasi_llm::InferencingModel, - _prompt: String, - _params: wasi_llm::InferencingParams, - ) -> Result { - Err(wasi_llm::Error::RuntimeError( - "Local LLM operations are not supported in this version of Spin.".into(), - )) - } - - async fn generate_embeddings( - &mut self, - _model: wasi_llm::EmbeddingModel, - _data: Vec, - ) -> Result { - Err(wasi_llm::Error::RuntimeError( - "Local LLM operations are not supported in this version of Spin.".into(), - )) - } - } -} diff --git a/crates/trigger/src/runtime_config/sqlite.rs b/crates/trigger/src/runtime_config/sqlite.rs deleted file mode 100644 index 5163791e92..0000000000 --- a/crates/trigger/src/runtime_config/sqlite.rs +++ /dev/null @@ -1,240 +0,0 @@ -use std::{collections::HashMap, path::PathBuf, sync::Arc}; - -use crate::{runtime_config::RuntimeConfig, TriggerHooks}; -use anyhow::Context; -use spin_common::ui::quoted_path; -use spin_sqlite::{Connection, ConnectionsStore, SqliteComponent, DATABASES_KEY}; - -use super::RuntimeConfigOpts; - -const DEFAULT_SQLITE_DB_FILENAME: &str = "sqlite_db.db"; - -pub(crate) async fn build_component( - runtime_config: &RuntimeConfig, - sqlite_statements: &[String], -) -> anyhow::Result { - let databases: HashMap<_, _> = runtime_config - .sqlite_databases() - .await - .context("Failed to build sqlite component")? - .into_iter() - .collect(); - execute_statements(sqlite_statements, &databases).await?; - let connections_store = - Arc::new(SimpleConnectionsStore(databases)) as Arc; - Ok(SqliteComponent::new(move |_| connections_store.clone())) -} - -/// A `ConnectionStore` based on a `HashMap` -struct SimpleConnectionsStore(HashMap>); - -#[async_trait::async_trait] -impl ConnectionsStore for SimpleConnectionsStore { - async fn get_connection( - &self, - database: &str, - ) -> Result>, spin_world::v2::sqlite::Error> { - Ok(self.0.get(database).cloned()) - } - - fn has_connection_for(&self, database: &str) -> bool { - self.0.contains_key(database) - } -} - -async fn execute_statements( - statements: &[String], - databases: &HashMap>, -) -> anyhow::Result<()> { - if statements.is_empty() { - return Ok(()); - } - - for m in statements { - if let Some(config) = m.strip_prefix('@') { - let (file, database) = parse_file_and_label(config)?; - let database = databases.get(database).with_context(|| { - format!( - "based on the '@{config}' a registered database named '{database}' was expected but not found. The registered databases are '{:?}'", databases.keys() - ) - })?; - let sql = std::fs::read_to_string(file).with_context(|| { - format!("could not read file '{file}' containing sql statements") - })?; - database - .execute_batch(&sql) - .await - .with_context(|| format!("failed to execute sql from file '{file}'"))?; - } else { - let Some(default) = databases.get("default") else { - debug_assert!(false, "the 'default' sqlite database should always be available but for some reason was not"); - return Ok(()); - }; - default - .query(m, Vec::new()) - .await - .with_context(|| format!("failed to execute statement: '{m}'"))?; - } - } - Ok(()) -} - -/// Parses a @{file:label} sqlite statement -fn parse_file_and_label(config: &str) -> anyhow::Result<(&str, &str)> { - let config = config.trim(); - let (file, label) = match config.split_once(':') { - Some((_, label)) if label.trim().is_empty() => { - anyhow::bail!("database label is empty in the '@{config}' sqlite statement") - } - Some((file, label)) => (file.trim(), label.trim()), - None => (config, "default"), - }; - Ok((file, label)) -} - -// Holds deserialized options from a `[sqlite_database.]` runtime config section. -#[derive(Clone, Debug, serde::Deserialize)] -#[serde(rename_all = "snake_case", tag = "type")] -pub enum SqliteDatabaseOpts { - Spin(SpinSqliteDatabaseOpts), - Libsql(LibsqlOpts), -} - -impl SqliteDatabaseOpts { - pub fn default(runtime_config: &RuntimeConfig) -> Self { - Self::Spin(SpinSqliteDatabaseOpts::default(runtime_config)) - } - - pub async fn build( - &self, - config_opts: &RuntimeConfigOpts, - ) -> anyhow::Result> { - match self { - Self::Spin(opts) => opts.build(config_opts), - Self::Libsql(opts) => opts.build().await, - } - } -} - -#[derive(Clone, Debug, serde::Deserialize)] -#[serde(deny_unknown_fields)] -pub struct SpinSqliteDatabaseOpts { - pub path: Option, -} - -impl SpinSqliteDatabaseOpts { - pub fn default(runtime_config: &RuntimeConfig) -> Self { - let path = runtime_config - .state_dir() - .map(|dir| dir.join(DEFAULT_SQLITE_DB_FILENAME)); - Self { path } - } - - fn build(&self, config_opts: &RuntimeConfigOpts) -> anyhow::Result> { - use spin_sqlite_inproc::{InProcConnection, InProcDatabaseLocation}; - - let location = match self.path.as_ref() { - Some(path) => { - let path = super::resolve_config_path(path, config_opts)?; - // Create the store's parent directory if necessary - std::fs::create_dir_all(path.parent().unwrap()) - .context("Failed to create sqlite database directory")?; - InProcDatabaseLocation::Path(path) - } - None => InProcDatabaseLocation::InMemory, - }; - Ok(Arc::new(InProcConnection::new(location)?)) - } -} - -#[derive(Clone, Debug, serde::Deserialize)] -#[serde(deny_unknown_fields)] -pub struct LibsqlOpts { - url: String, - token: String, -} - -impl LibsqlOpts { - async fn build(&self) -> anyhow::Result> { - let url = check_url(&self.url) - .with_context(|| { - format!( - "unexpected libSQL URL '{}' in runtime config file ", - self.url - ) - })? - .to_owned(); - let client = spin_sqlite_libsql::LibsqlClient::create(url, self.token.clone()) - .await - .context("failed to create SQLite client")?; - Ok(Arc::new(client)) - } -} - -// Checks an incoming url is in the shape we expect -fn check_url(url: &str) -> anyhow::Result<&str> { - if url.starts_with("https://") || url.starts_with("http://") { - Ok(url) - } else { - Err(anyhow::anyhow!( - "URL does not start with 'https://' or 'http://'. Spin currently only supports talking to libSQL databases over HTTP(S)" - )) - } -} - -pub struct SqlitePersistenceMessageHook; - -impl TriggerHooks for SqlitePersistenceMessageHook { - fn app_loaded( - &mut self, - app: &spin_app::App, - runtime_config: &RuntimeConfig, - _resolver: &Arc, - ) -> anyhow::Result<()> { - if app.components().all(|c| { - c.get_metadata(DATABASES_KEY) - .unwrap_or_default() - .unwrap_or_default() - .is_empty() - }) { - return Ok(()); - } - - match runtime_config.default_sqlite_opts() { - SqliteDatabaseOpts::Spin(s) => { - if let Some(path) = &s.path { - println!("Storing default SQLite data to {}", quoted_path(path)); - } else { - println!("Using in-memory default SQLite database; data will not be saved!"); - } - } - SqliteDatabaseOpts::Libsql(l) => { - println!( - "Storing default SQLite data to a libsql database at {}", - l.url - ); - } - } - Ok(()) - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn can_parse_file_and_label() { - let config = "file:label"; - let result = parse_file_and_label(config).unwrap(); - assert_eq!(result, ("file", "label")); - - let config = "file:"; - let result = parse_file_and_label(config); - assert!(result.is_err()); - - let config = "file"; - let result = parse_file_and_label(config).unwrap(); - assert_eq!(result, ("file", "default")); - } -} diff --git a/crates/trigger/src/runtime_config/variables_provider.rs b/crates/trigger/src/runtime_config/variables_provider.rs deleted file mode 100644 index 3cfc5c1de5..0000000000 --- a/crates/trigger/src/runtime_config/variables_provider.rs +++ /dev/null @@ -1,134 +0,0 @@ -use std::path::PathBuf; - -use anyhow::{anyhow, Result}; -use serde::Deserialize; -use spin_variables::provider::azure_key_vault::{ - AzureKeyVaultAuthOptions, AzureKeyVaultRuntimeConfigOptions, -}; -use spin_variables::provider::{ - azure_key_vault::{AzureAuthorityHost, AzureKeyVaultProvider}, - env::EnvProvider, - vault::VaultProvider, -}; - -use super::RuntimeConfig; - -pub type VariablesProvider = Box; - -// Holds deserialized options from a `[[config_provider]]` runtime config section. -#[derive(Debug, Deserialize)] -#[serde(rename_all = "snake_case", tag = "type")] -pub enum VariablesProviderOpts { - Env(EnvVariablesProviderOpts), - Vault(VaultVariablesProviderOpts), - AzureKeyVault(AzureKeyVaultVariablesProviderOpts), -} - -impl VariablesProviderOpts { - pub fn default_provider_opts(runtime_config: &RuntimeConfig) -> Self { - Self::Env(EnvVariablesProviderOpts::default_provider_opts( - runtime_config, - )) - } - - pub fn build_provider(&self) -> Result { - match self { - Self::Env(opts) => opts.build_provider(), - Self::Vault(opts) => opts.build_provider(), - Self::AzureKeyVault(opts) => opts.build_provider(), - } - } -} - -#[derive(Debug, Default, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct EnvVariablesProviderOpts { - /// A prefix to add to variable names when resolving from the environment. - /// Unless empty, joined to the variable name with an underscore. - #[serde(default)] - pub prefix: Option, - /// Optional path to a 'dotenv' file which will be merged into the environment. - #[serde(default)] - pub dotenv_path: Option, -} - -impl EnvVariablesProviderOpts { - pub fn default_provider_opts(runtime_config: &RuntimeConfig) -> Self { - let dotenv_path = runtime_config - .local_app_dir - .as_deref() - .map(|path| path.join(".env")); - Self { - prefix: None, - dotenv_path, - } - } - - pub fn build_provider(&self) -> Result { - Ok(Box::new(EnvProvider::new( - self.prefix.clone(), - self.dotenv_path.clone(), - ))) - } -} - -#[derive(Debug, Default, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct VaultVariablesProviderOpts { - pub url: String, - pub token: String, - pub mount: String, - #[serde(default)] - pub prefix: Option, -} - -impl VaultVariablesProviderOpts { - pub fn build_provider(&self) -> Result { - Ok(Box::new(VaultProvider::new( - &self.url, - &self.token, - &self.mount, - self.prefix.as_deref(), - ))) - } -} - -#[derive(Debug, Default, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct AzureKeyVaultVariablesProviderOpts { - pub vault_url: String, - pub client_id: Option, - pub client_secret: Option, - pub tenant_id: Option, - pub authority_host: Option, -} - -impl AzureKeyVaultVariablesProviderOpts { - pub fn build_provider(&self) -> Result { - let auth_config_runtime_vars = [&self.client_id, &self.tenant_id, &self.client_secret]; - let any_some = auth_config_runtime_vars.iter().any(|&var| var.is_some()); - let any_none = auth_config_runtime_vars.iter().any(|&var| var.is_none()); - - if any_none && any_some { - // some of the service principal auth options were specified, but not enough to authenticate. - return Err(anyhow!("The current runtime config specifies some but not all of the Azure KeyVault 'client_id', 'client_secret', and 'tenant_id' values. Provide the missing values to authenticate to Azure KeyVault with the given service principal, or remove all these values to authenticate using ambient authentication (e.g. env vars, Azure CLI, Managed Identity, Workload Identity).")); - } - - let auth_options = if any_some { - // all the service principal auth options were specified in the runtime config - AzureKeyVaultAuthOptions::RuntimeConfigValues(AzureKeyVaultRuntimeConfigOptions::new( - self.client_id.clone().unwrap(), - self.client_secret.clone().unwrap(), - self.tenant_id.clone().unwrap(), - self.authority_host, - )) - } else { - AzureKeyVaultAuthOptions::Environmental - }; - - Ok(Box::new(AzureKeyVaultProvider::new( - &self.vault_url, - auth_options, - )?)) - } -} diff --git a/crates/trigger/src/stdio.rs b/crates/trigger/src/stdio.rs deleted file mode 100644 index e23a7f8b67..0000000000 --- a/crates/trigger/src/stdio.rs +++ /dev/null @@ -1,336 +0,0 @@ -use std::{ - collections::HashSet, - path::{Path, PathBuf}, - task::Poll, -}; - -use anyhow::{Context, Result}; -use spin_common::ui::quoted_path; -use tokio::io::AsyncWrite; - -use crate::{runtime_config::RuntimeConfig, TriggerHooks}; - -/// Which components should have their logs followed on stdout/stderr. -#[derive(Clone, Debug)] -pub enum FollowComponents { - /// No components should have their logs followed. - None, - /// Only the specified components should have their logs followed. - Named(HashSet), - /// All components should have their logs followed. - All, -} - -impl FollowComponents { - /// Whether a given component should have its logs followed on stdout/stderr. - pub fn should_follow(&self, component_id: &str) -> bool { - match self { - Self::None => false, - Self::All => true, - Self::Named(ids) => ids.contains(component_id), - } - } -} - -impl Default for FollowComponents { - fn default() -> Self { - Self::None - } -} - -/// Implements TriggerHooks, writing logs to a log file and (optionally) stderr -pub struct StdioLoggingTriggerHooks { - follow_components: FollowComponents, - log_dir: Option, -} - -impl StdioLoggingTriggerHooks { - pub fn new(follow_components: FollowComponents) -> Self { - Self { - follow_components, - log_dir: None, - } - } - - fn component_stdio_writer( - &self, - component_id: &str, - log_suffix: &str, - log_dir: Option<&Path>, - ) -> Result { - let sanitized_component_id = sanitize_filename::sanitize(component_id); - let log_path = log_dir - .map(|log_dir| log_dir.join(format!("{sanitized_component_id}_{log_suffix}.txt",))); - let log_path = log_path.as_deref(); - - let follow = self.follow_components.should_follow(component_id); - match log_path { - Some(log_path) => ComponentStdioWriter::new_forward(log_path, follow) - .with_context(|| format!("Failed to open log file {}", quoted_path(log_path))), - None => ComponentStdioWriter::new_inherit(), - } - } - - fn validate_follows(&self, app: &spin_app::App) -> anyhow::Result<()> { - match &self.follow_components { - FollowComponents::Named(names) => { - let component_ids: HashSet<_> = - app.components().map(|c| c.id().to_owned()).collect(); - let unknown_names: Vec<_> = names.difference(&component_ids).collect(); - if unknown_names.is_empty() { - Ok(()) - } else { - let unknown_list = bullet_list(&unknown_names); - let actual_list = bullet_list(&component_ids); - let message = anyhow::anyhow!("The following component(s) specified in --follow do not exist in the application:\n{unknown_list}\nThe following components exist:\n{actual_list}"); - Err(message) - } - } - _ => Ok(()), - } - } -} - -impl TriggerHooks for StdioLoggingTriggerHooks { - fn app_loaded( - &mut self, - app: &spin_app::App, - runtime_config: &RuntimeConfig, - _resolver: &std::sync::Arc, - ) -> anyhow::Result<()> { - self.log_dir = runtime_config.log_dir(); - - self.validate_follows(app)?; - - if let Some(dir) = &self.log_dir { - // Ensure log dir exists if set - std::fs::create_dir_all(dir) - .with_context(|| format!("Failed to create log dir {}", quoted_path(dir)))?; - - println!("Logging component stdio to {}", quoted_path(dir.join(""))) - } - - Ok(()) - } - - fn component_store_builder( - &self, - component: &spin_app::AppComponent, - builder: &mut spin_core::StoreBuilder, - ) -> anyhow::Result<()> { - builder.stdout_pipe(self.component_stdio_writer( - component.id(), - "stdout", - self.log_dir.as_deref(), - )?); - builder.stderr_pipe(self.component_stdio_writer( - component.id(), - "stderr", - self.log_dir.as_deref(), - )?); - - Ok(()) - } -} - -/// ComponentStdioWriter forwards output to a log file, (optionally) stderr, and (optionally) to a -/// tracing compatibility layer. -pub struct ComponentStdioWriter { - inner: ComponentStdioWriterInner, -} - -enum ComponentStdioWriterInner { - /// Inherit stdout/stderr from the parent process. - Inherit, - /// Forward stdout/stderr to a file in addition to the inherited stdout/stderr. - Forward { - sync_file: std::fs::File, - async_file: tokio::fs::File, - state: ComponentStdioWriterState, - follow: bool, - }, -} - -#[derive(Debug)] -enum ComponentStdioWriterState { - File, - Follow(std::ops::Range), -} - -impl ComponentStdioWriter { - fn new_forward(log_path: &Path, follow: bool) -> anyhow::Result { - let sync_file = std::fs::File::options() - .create(true) - .append(true) - .open(log_path)?; - - let async_file = sync_file - .try_clone() - .context("could not get async file handle")? - .into(); - - Ok(Self { - inner: ComponentStdioWriterInner::Forward { - sync_file, - async_file, - state: ComponentStdioWriterState::File, - follow, - }, - }) - } - - fn new_inherit() -> anyhow::Result { - Ok(Self { - inner: ComponentStdioWriterInner::Inherit, - }) - } -} - -impl AsyncWrite for ComponentStdioWriter { - fn poll_write( - self: std::pin::Pin<&mut Self>, - cx: &mut std::task::Context<'_>, - buf: &[u8], - ) -> Poll> { - let this = self.get_mut(); - - loop { - match &mut this.inner { - ComponentStdioWriterInner::Inherit => { - let written = futures::ready!( - std::pin::Pin::new(&mut tokio::io::stderr()).poll_write(cx, buf) - ); - let written = match written { - Ok(w) => w, - Err(e) => return Poll::Ready(Err(e)), - }; - return Poll::Ready(Ok(written)); - } - ComponentStdioWriterInner::Forward { - async_file, - state, - follow, - .. - } => match &state { - ComponentStdioWriterState::File => { - let written = - futures::ready!(std::pin::Pin::new(async_file).poll_write(cx, buf)); - let written = match written { - Ok(w) => w, - Err(e) => return Poll::Ready(Err(e)), - }; - if *follow { - *state = ComponentStdioWriterState::Follow(0..written); - } else { - return Poll::Ready(Ok(written)); - } - } - ComponentStdioWriterState::Follow(range) => { - let written = futures::ready!(std::pin::Pin::new(&mut tokio::io::stderr()) - .poll_write(cx, &buf[range.clone()])); - let written = match written { - Ok(w) => w, - Err(e) => return Poll::Ready(Err(e)), - }; - if range.start + written >= range.end { - let end = range.end; - *state = ComponentStdioWriterState::File; - return Poll::Ready(Ok(end)); - } else { - *state = ComponentStdioWriterState::Follow( - (range.start + written)..range.end, - ); - }; - } - }, - } - } - } - - fn poll_flush( - self: std::pin::Pin<&mut Self>, - cx: &mut std::task::Context<'_>, - ) -> Poll> { - let this = self.get_mut(); - - match &mut this.inner { - ComponentStdioWriterInner::Inherit => { - std::pin::Pin::new(&mut tokio::io::stderr()).poll_flush(cx) - } - ComponentStdioWriterInner::Forward { - async_file, state, .. - } => match state { - ComponentStdioWriterState::File => std::pin::Pin::new(async_file).poll_flush(cx), - ComponentStdioWriterState::Follow(_) => { - std::pin::Pin::new(&mut tokio::io::stderr()).poll_flush(cx) - } - }, - } - } - - fn poll_shutdown( - self: std::pin::Pin<&mut Self>, - cx: &mut std::task::Context<'_>, - ) -> Poll> { - let this = self.get_mut(); - - match &mut this.inner { - ComponentStdioWriterInner::Inherit => { - std::pin::Pin::new(&mut tokio::io::stderr()).poll_flush(cx) - } - ComponentStdioWriterInner::Forward { - async_file, state, .. - } => match state { - ComponentStdioWriterState::File => std::pin::Pin::new(async_file).poll_shutdown(cx), - ComponentStdioWriterState::Follow(_) => { - std::pin::Pin::new(&mut tokio::io::stderr()).poll_flush(cx) - } - }, - } - } -} - -impl std::io::Write for ComponentStdioWriter { - fn write(&mut self, buf: &[u8]) -> std::io::Result { - spin_telemetry::logs::handle_app_log(buf); - - match &mut self.inner { - ComponentStdioWriterInner::Inherit => { - std::io::stderr().write_all(buf)?; - Ok(buf.len()) - } - ComponentStdioWriterInner::Forward { - sync_file, follow, .. - } => { - let written = sync_file.write(buf)?; - if *follow { - std::io::stderr().write_all(&buf[..written])?; - } - Ok(written) - } - } - } - - fn flush(&mut self) -> std::io::Result<()> { - match &mut self.inner { - ComponentStdioWriterInner::Inherit => std::io::stderr().flush(), - ComponentStdioWriterInner::Forward { - sync_file, follow, .. - } => { - sync_file.flush()?; - if *follow { - std::io::stderr().flush()?; - } - Ok(()) - } - } - } -} - -fn bullet_list(items: impl IntoIterator) -> String { - items - .into_iter() - .map(|item| format!(" - {item}")) - .collect::>() - .join("\n") -} diff --git a/crates/variables/Cargo.toml b/crates/variables/Cargo.toml deleted file mode 100644 index f5de219e41..0000000000 --- a/crates/variables/Cargo.toml +++ /dev/null @@ -1,29 +0,0 @@ -[package] -name = "spin-variables" -version = { workspace = true } -authors = { workspace = true } -edition = { workspace = true } - -[dependencies] -anyhow = "1.0" -async-trait = "0.1" -dotenvy = "0.15" -once_cell = "1" -spin-app = { path = "../app" } -spin-core = { path = "../core" } -spin-expressions = { path = "../expressions" } -spin-world = { path = "../world" } -thiserror = "1" -tokio = { version = "1", features = ["rt-multi-thread"] } -vaultrs = "0.6.2" -serde = "1.0.188" -tracing = { workspace = true } -azure_security_keyvault = { git = "https://github.com/azure/azure-sdk-for-rust.git", rev = "8c4caa251c3903d5eae848b41bb1d02a4d65231c" } -azure_core = { git = "https://github.com/azure/azure-sdk-for-rust.git", rev = "8c4caa251c3903d5eae848b41bb1d02a4d65231c" } -azure_identity = { git = "https://github.com/azure/azure-sdk-for-rust.git", rev = "8c4caa251c3903d5eae848b41bb1d02a4d65231c" } - -[dev-dependencies] -toml = "0.5" - -[lints] -workspace = true diff --git a/crates/variables/src/host_component.rs b/crates/variables/src/host_component.rs deleted file mode 100644 index 821191add6..0000000000 --- a/crates/variables/src/host_component.rs +++ /dev/null @@ -1,122 +0,0 @@ -use std::sync::{Arc, Mutex}; - -use anyhow::Result; -use once_cell::sync::OnceCell; -use spin_app::{AppComponent, DynamicHostComponent}; -use spin_core::{async_trait, HostComponent}; -use spin_world::v1::config::Error as V1ConfigError; -use spin_world::v2::variables; - -use spin_expressions::{Error, Key, Provider, ProviderResolver}; - -pub struct VariablesHostComponent { - providers: Mutex>>, - resolver: Arc>, -} - -impl VariablesHostComponent { - pub fn new(providers: Vec>) -> Self { - Self { - providers: Mutex::new(providers), - resolver: Default::default(), - } - } -} - -impl HostComponent for VariablesHostComponent { - type Data = ComponentVariables; - - fn add_to_linker( - linker: &mut spin_core::Linker, - get: impl Fn(&mut spin_core::Data) -> &mut Self::Data + Send + Sync + Copy + 'static, - ) -> anyhow::Result<()> { - spin_world::v1::config::add_to_linker(linker, get)?; - variables::add_to_linker(linker, get) - } - - fn build_data(&self) -> Self::Data { - ComponentVariables { - resolver: self.resolver.clone(), - component_id: None, - } - } -} - -impl DynamicHostComponent for VariablesHostComponent { - fn update_data(&self, data: &mut Self::Data, component: &AppComponent) -> anyhow::Result<()> { - self.resolver.get_or_try_init(|| { - make_resolver(component.app, self.providers.lock().unwrap().drain(..)) - })?; - data.component_id = Some(component.id().to_string()); - Ok(()) - } -} - -pub fn make_resolver( - app: &spin_app::App, - providers: impl IntoIterator>, -) -> anyhow::Result { - let mut resolver = - ProviderResolver::new(app.variables().map(|(key, var)| (key.clone(), var.clone())))?; - for component in app.components() { - resolver.add_component_variables( - component.id(), - component.config().map(|(k, v)| (k.into(), v.into())), - )?; - } - for provider in providers { - resolver.add_provider(provider); - } - Ok(resolver) -} - -/// A component variables interface implementation. -pub struct ComponentVariables { - resolver: Arc>, - component_id: Option, -} - -#[async_trait] -impl variables::Host for ComponentVariables { - async fn get(&mut self, key: String) -> Result { - // Set by DynamicHostComponent::update_data - let component_id = self.component_id.as_deref().unwrap(); - let key = Key::new(&key).map_err(as_wit)?; - self.resolver - .get() - .unwrap() - .resolve(component_id, key) - .await - .map_err(as_wit) - } - - fn convert_error(&mut self, error: variables::Error) -> Result { - Ok(error) - } -} - -#[async_trait] -impl spin_world::v1::config::Host for ComponentVariables { - async fn get_config(&mut self, key: String) -> Result { - ::get(self, key) - .await - .map_err(|err| match err { - variables::Error::InvalidName(msg) => V1ConfigError::InvalidKey(msg), - variables::Error::Undefined(msg) => V1ConfigError::Provider(msg), - other => V1ConfigError::Other(format!("{other}")), - }) - } - - fn convert_error(&mut self, error: V1ConfigError) -> Result { - Ok(error) - } -} - -fn as_wit(err: Error) -> variables::Error { - match err { - Error::InvalidName(msg) => variables::Error::InvalidName(msg), - Error::Undefined(msg) => variables::Error::Undefined(msg), - Error::Provider(err) => variables::Error::Provider(err.to_string()), - other => variables::Error::Other(format!("{other}")), - } -} diff --git a/crates/variables/src/lib.rs b/crates/variables/src/lib.rs deleted file mode 100644 index 620e6171c9..0000000000 --- a/crates/variables/src/lib.rs +++ /dev/null @@ -1,4 +0,0 @@ -mod host_component; -pub mod provider; - -pub use host_component::{make_resolver, VariablesHostComponent}; diff --git a/crates/variables/src/provider.rs b/crates/variables/src/provider.rs deleted file mode 100644 index e311b3d014..0000000000 --- a/crates/variables/src/provider.rs +++ /dev/null @@ -1,3 +0,0 @@ -pub mod azure_key_vault; -pub mod env; -pub mod vault; diff --git a/crates/variables/src/provider/azure_key_vault.rs b/crates/variables/src/provider/azure_key_vault.rs deleted file mode 100644 index c9009a52fd..0000000000 --- a/crates/variables/src/provider/azure_key_vault.rs +++ /dev/null @@ -1,143 +0,0 @@ -use std::sync::Arc; - -use anyhow::{Context, Result}; -use async_trait::async_trait; -use azure_core::auth::TokenCredential; -use azure_core::Url; -use azure_security_keyvault::SecretClient; -use serde::Deserialize; -use spin_expressions::{Key, Provider}; -use tracing::{instrument, Level}; - -/// Azure KeyVault runtime config literal options for authentication -#[derive(Clone, Debug)] -pub struct AzureKeyVaultRuntimeConfigOptions { - client_id: String, - client_secret: String, - tenant_id: String, - authority_host: AzureAuthorityHost, -} - -impl AzureKeyVaultRuntimeConfigOptions { - pub fn new( - client_id: String, - client_secret: String, - tenant_id: String, - authority_host: Option, - ) -> Self { - Self { - client_id, - client_secret, - tenant_id, - authority_host: authority_host.unwrap_or_default(), - } - } -} - -/// Azure Cosmos Key / Value enumeration for the possible authentication options -#[derive(Clone, Debug)] -pub enum AzureKeyVaultAuthOptions { - /// Runtime Config values indicates the service principal credentials have been supplied - RuntimeConfigValues(AzureKeyVaultRuntimeConfigOptions), - /// Environmental indicates that the environment variables of the process should be used to - /// create the TokenCredential for the Cosmos client. This will use the Azure Rust SDK's - /// DefaultCredentialChain to derive the TokenCredential based on what environment variables - /// have been set. - /// - /// Service Principal with client secret: - /// - `AZURE_TENANT_ID`: ID of the service principal's Azure tenant. - /// - `AZURE_CLIENT_ID`: the service principal's client ID. - /// - `AZURE_CLIENT_SECRET`: one of the service principal's secrets. - /// - /// Service Principal with certificate: - /// - `AZURE_TENANT_ID`: ID of the service principal's Azure tenant. - /// - `AZURE_CLIENT_ID`: the service principal's client ID. - /// - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key. - /// - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file. - /// - /// Workload Identity (Kubernetes, injected by the Workload Identity mutating webhook): - /// - `AZURE_TENANT_ID`: ID of the service principal's Azure tenant. - /// - `AZURE_CLIENT_ID`: the service principal's client ID. - /// - `AZURE_FEDERATED_TOKEN_FILE`: TokenFilePath is the path of a file containing a Kubernetes service account token. - /// - /// Managed Identity (User Assigned or System Assigned identities): - /// - `AZURE_CLIENT_ID`: (optional) if using a user assigned identity, this will be the client ID of the identity. - /// - /// Azure CLI: - /// - `AZURE_TENANT_ID`: (optional) use a specific tenant via the Azure CLI. - /// - /// Common across each: - /// - `AZURE_AUTHORITY_HOST`: (optional) the host for the identity provider. For example, for Azure public cloud the host defaults to "https://login.microsoftonline.com". - /// See also: https://github.com/Azure/azure-sdk-for-rust/blob/main/sdk/identity/README.md - Environmental, -} - -#[derive(Debug)] -pub struct AzureKeyVaultProvider { - secret_client: SecretClient, -} - -impl AzureKeyVaultProvider { - pub fn new( - vault_url: impl Into, - auth_options: AzureKeyVaultAuthOptions, - ) -> Result { - let http_client = azure_core::new_http_client(); - let token_credential = match auth_options.clone() { - AzureKeyVaultAuthOptions::RuntimeConfigValues(config) => { - let credential = azure_identity::ClientSecretCredential::new( - http_client, - config.authority_host.into(), - config.tenant_id.to_string(), - config.client_id.to_string(), - config.client_secret.to_string(), - ); - Arc::new(credential) as Arc - } - AzureKeyVaultAuthOptions::Environmental => azure_identity::create_default_credential()?, - }; - - Ok(Self { - secret_client: SecretClient::new(&vault_url.into(), token_credential)?, - }) - } -} - -#[async_trait] -impl Provider for AzureKeyVaultProvider { - #[instrument(name = "spin_variables.get_from_azure_key_vault", skip(self), err(level = Level::INFO), fields(otel.kind = "client"))] - async fn get(&self, key: &Key) -> Result> { - let secret = self - .secret_client - .get(key.as_str()) - .await - .context("Failed to read variable from Azure Key Vault")?; - Ok(Some(secret.value)) - } -} - -#[derive(Debug, Copy, Clone, Deserialize)] -pub enum AzureAuthorityHost { - AzurePublicCloud, - AzureChina, - AzureGermany, - AzureGovernment, -} - -impl Default for AzureAuthorityHost { - fn default() -> Self { - Self::AzurePublicCloud - } -} - -impl From for Url { - fn from(value: AzureAuthorityHost) -> Self { - let url = match value { - AzureAuthorityHost::AzureChina => "https://login.chinacloudapi.cn/", - AzureAuthorityHost::AzureGovernment => "https://login.microsoftonline.us/", - AzureAuthorityHost::AzureGermany => "https://login.microsoftonline.de/", - AzureAuthorityHost::AzurePublicCloud => "https://login.microsoftonline.com/", - }; - Url::parse(url).unwrap() - } -} diff --git a/crates/variables/src/provider/env.rs b/crates/variables/src/provider/env.rs deleted file mode 100644 index 90ba581f31..0000000000 --- a/crates/variables/src/provider/env.rs +++ /dev/null @@ -1,141 +0,0 @@ -use std::{collections::HashMap, path::PathBuf, sync::Mutex}; - -use anyhow::{Context, Result}; -use async_trait::async_trait; - -use spin_expressions::{Key, Provider}; -use tracing::{instrument, Level}; - -const DEFAULT_ENV_PREFIX: &str = "SPIN_VARIABLE"; -const LEGACY_ENV_PREFIX: &str = "SPIN_CONFIG"; - -/// A config Provider that uses environment variables. -#[derive(Debug)] -pub struct EnvProvider { - prefix: Option, - dotenv_path: Option, - dotenv_cache: Mutex>>, -} - -impl EnvProvider { - /// Creates a new EnvProvider. - pub fn new(prefix: Option>, dotenv_path: Option) -> Self { - Self { - prefix: prefix.map(Into::into), - dotenv_path, - dotenv_cache: Default::default(), - } - } - - fn query_env(&self, env_key: &str) -> Result> { - match std::env::var(env_key) { - Err(std::env::VarError::NotPresent) => self.get_dotenv(env_key), - other => other - .map(Some) - .with_context(|| format!("failed to resolve env var {env_key}")), - } - } - - fn get_sync(&self, key: &Key) -> Result> { - let prefix = self - .prefix - .clone() - .unwrap_or(DEFAULT_ENV_PREFIX.to_string()); - let use_fallback = self.prefix.is_none(); - - let upper_key = key.as_ref().to_ascii_uppercase(); - let env_key = format!("{prefix}_{upper_key}"); - - match self.query_env(&env_key)? { - None if use_fallback => { - let old_key = format!("{LEGACY_ENV_PREFIX}_{upper_key}"); - let result = self.query_env(&old_key); - if let Ok(Some(_)) = &result { - eprintln!("Warning: variable '{key}': {env_key} was not set, so used {old_key}. The {LEGACY_ENV_PREFIX} prefix is deprecated; please switch to the {DEFAULT_ENV_PREFIX} prefix.", key = key.as_ref()); - } - result - } - other => Ok(other), - } - } - - fn get_dotenv(&self, key: &str) -> Result> { - if self.dotenv_path.is_none() { - return Ok(None); - } - let mut maybe_cache = self - .dotenv_cache - .lock() - .expect("dotenv_cache lock poisoned"); - let cache = match maybe_cache.as_mut() { - Some(cache) => cache, - None => maybe_cache.insert(self.load_dotenv()?), - }; - Ok(cache.get(key).cloned()) - } - - fn load_dotenv(&self) -> Result> { - let path = self.dotenv_path.as_deref().unwrap(); - Ok(dotenvy::from_path_iter(path) - .into_iter() - .flatten() - .collect::, _>>()?) - } -} - -#[async_trait] -impl Provider for EnvProvider { - #[instrument(name = "spin_variables.get_from_env", skip(self), err(level = Level::INFO))] - async fn get(&self, key: &Key) -> Result> { - tokio::task::block_in_place(|| self.get_sync(key)) - } -} - -#[cfg(test)] -mod test { - use std::env::temp_dir; - - use super::*; - - #[test] - fn provider_get() { - std::env::set_var("TESTING_SPIN_ENV_KEY1", "val"); - let key1 = Key::new("env_key1").unwrap(); - let mut envs = HashMap::new(); - envs.insert( - "TESTING_SPIN_ENV_KEY1".to_string(), - "dotenv_val".to_string(), - ); - assert_eq!( - EnvProvider::new(Some("TESTING_SPIN"), None) - .get_sync(&key1) - .unwrap(), - Some("val".to_string()) - ); - } - - #[test] - fn provider_get_dotenv() { - let dotenv_path = temp_dir().join("spin-env-provider-test"); - std::fs::write(&dotenv_path, b"TESTING_SPIN_ENV_KEY2=dotenv_val").unwrap(); - - let key = Key::new("env_key2").unwrap(); - assert_eq!( - EnvProvider::new(Some("TESTING_SPIN"), Some(dotenv_path)) - .get_sync(&key) - .unwrap(), - Some("dotenv_val".to_string()) - ); - } - - #[test] - fn provider_get_missing() { - let key = Key::new("please_do_not_ever_set_this_during_tests").unwrap(); - assert_eq!( - EnvProvider::new(Some("TESTING_SPIN"), Default::default()) - .get_sync(&key) - .unwrap(), - None - ); - } -} diff --git a/crates/variables/src/provider/vault.rs b/crates/variables/src/provider/vault.rs deleted file mode 100644 index d48505c38c..0000000000 --- a/crates/variables/src/provider/vault.rs +++ /dev/null @@ -1,65 +0,0 @@ -use anyhow::{Context, Result}; -use async_trait::async_trait; -use serde::{Deserialize, Serialize}; -use tracing::{instrument, Level}; -use vaultrs::{ - client::{VaultClient, VaultClientSettingsBuilder}, - error::ClientError, - kv2, -}; - -use spin_expressions::{Key, Provider}; - -/// A config Provider that uses HashiCorp Vault. -#[derive(Debug)] -pub struct VaultProvider { - url: String, - token: String, - mount: String, - prefix: Option, -} - -impl VaultProvider { - pub fn new( - url: impl Into, - token: impl Into, - mount: impl Into, - prefix: Option>, - ) -> Self { - Self { - url: url.into(), - token: token.into(), - mount: mount.into(), - prefix: prefix.map(Into::into), - } - } -} - -#[derive(Deserialize, Serialize)] -struct Secret { - value: String, -} - -#[async_trait] -impl Provider for VaultProvider { - #[instrument(name = "spin_variables.get_from_vault", skip(self), err(level = Level::INFO), fields(otel.kind = "client"))] - async fn get(&self, key: &Key) -> Result> { - let client = VaultClient::new( - VaultClientSettingsBuilder::default() - .address(&self.url) - .token(&self.token) - .build()?, - )?; - let path = match &self.prefix { - Some(prefix) => format!("{}/{}", prefix, key.as_str()), - None => key.as_str().to_string(), - }; - match kv2::read::(&client, &self.mount, &path).await { - Ok(secret) => Ok(Some(secret.value)), - // Vault doesn't have this entry so pass along the chain - Err(ClientError::APIError { code: 404, .. }) => Ok(None), - // Other Vault error so bail rather than looking elsewhere - Err(e) => Err(e).context("Failed to check Vault for config"), - } - } -} diff --git a/examples/spin-timer/Cargo.lock b/examples/spin-timer/Cargo.lock index 425b5c4b74..9a04ac97ff 100644 --- a/examples/spin-timer/Cargo.lock +++ b/examples/spin-timer/Cargo.lock @@ -5730,12 +5730,9 @@ version = "2.8.0-pre0" dependencies = [ "anyhow", "http 0.2.11", - "llm", "reqwest 0.11.24", "serde 1.0.203", "serde_json", - "spin-core", - "spin-llm", "spin-telemetry", "spin-world", "tracing", diff --git a/examples/spin-timer/Cargo.toml b/examples/spin-timer/Cargo.toml index 43472f0ec5..ec535dcf01 100644 --- a/examples/spin-timer/Cargo.toml +++ b/examples/spin-timer/Cargo.toml @@ -11,7 +11,7 @@ futures = "0.3.25" serde = "1.0.188" spin-app = { path = "../../crates/app" } spin-core = { path = "../../crates/core" } -spin-trigger = { path = "../../crates/trigger" } +# spin-trigger = { path = "../../crates/trigger" } tokio = { version = "1.11", features = ["full"] } tokio-scoped = "0.2.0" wasmtime = "22.0.0"