wasm: refactor common codes around configurations

source/common/protobuf/utility.h

@@ -329,6 +329,26 @@ class MessageUtil {
    */
   static void unpackTo(const ProtobufWkt::Any& any_message, Protobuf::Message& message);
 
+  /**
+   * Convert from google.protobuf.Any to bytes as std::string
+   * @param message source google.protobuf.Any message.
+   *
+   * @return std::string consists of bytes in the input message.
+   */
+  static std::string anyToBytes(const ProtobufWkt::Any& any) {
+    if (any.Is<ProtobufWkt::StringValue>()) {
+      ProtobufWkt::StringValue s;
+      MessageUtil::unpackTo(any, s);
+      return s.value();
+    }
+    if (any.Is<ProtobufWkt::BytesValue>()) {
+      Protobuf::BytesValue b;
+      MessageUtil::unpackTo(any, b);
+      return b.value();
+    }
+    return any.value();
+  };
+
   /**
    * Convert from google.protobuf.Any to a typed message.
    * @param message source google.protobuf.Any message.

source/extensions/access_loggers/wasm/config.cc

@@ -24,13 +24,8 @@ WasmAccessLogFactory::createAccessLogInstance(const Protobuf::Message& proto_con
       const envoy::extensions::access_loggers::wasm::v3::WasmAccessLog&>(
       proto_config, context.messageValidationVisitor());
 
-  // Create a base WASM to verify that the code loads before setting/cloning the for the
-  // individual threads.
   auto plugin = std::make_shared<Common::Wasm::Plugin>(
-      config.config().name(), config.config().root_id(), config.config().vm_config().vm_id(),
-      config.config().vm_config().runtime(),
-      Common::Wasm::anyToBytes(config.config().configuration()), config.config().fail_open(),
-      envoy::config::core::v3::TrafficDirection::UNSPECIFIED, context.localInfo(),
+      config.config(), envoy::config::core::v3::TrafficDirection::UNSPECIFIED, context.localInfo(),
       nullptr /* listener_metadata */);
 
   auto access_log = std::make_shared<WasmAccessLog>(plugin, nullptr, std::move(filter));
@@ -45,11 +40,10 @@ WasmAccessLogFactory::createAccessLogInstance(const Protobuf::Message& proto_con
     access_log->setTlsSlot(std::move(tls_slot));
   };
 
-  if (!Common::Wasm::createWasm(
-          config.config().vm_config(), config.config().capability_restriction_config(), plugin,
-          context.scope().createScope(""), context.clusterManager(), context.initManager(),
-          context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
-          std::move(callback))) {
+  if (!Common::Wasm::createWasm(plugin, context.scope().createScope(""), context.clusterManager(),
+                                context.initManager(), context.dispatcher(), context.api(),
+                                context.lifecycleNotifier(), remote_data_provider_,
+                                std::move(callback))) {
     throw Common::Wasm::WasmException(
         fmt::format("Unable to create Wasm access log {}", plugin->name_));
   }

source/extensions/bootstrap/wasm/config.cc

@@ -18,10 +18,8 @@ void WasmServiceExtension::onServerInitialized() { createWasm(context_); }
 
 void WasmServiceExtension::createWasm(Server::Configuration::ServerFactoryContext& context) {
   auto plugin = std::make_shared<Common::Wasm::Plugin>(
-      config_.config().name(), config_.config().root_id(), config_.config().vm_config().vm_id(),
-      config_.config().vm_config().runtime(),
-      Common::Wasm::anyToBytes(config_.config().configuration()), config_.config().fail_open(),
-      envoy::config::core::v3::TrafficDirection::UNSPECIFIED, context.localInfo(), nullptr);
+      config_.config(), envoy::config::core::v3::TrafficDirection::UNSPECIFIED, context.localInfo(),
+      nullptr);
 
   auto callback = [this, &context, plugin](Common::Wasm::WasmHandleSharedPtr base_wasm) {
     if (!base_wasm) {
@@ -49,11 +47,10 @@ void WasmServiceExtension::createWasm(Server::Configuration::ServerFactoryContex
     wasm_service_ = std::make_unique<WasmService>(plugin, std::move(tls_slot));
   };
 
-  if (!Common::Wasm::createWasm(
-          config_.config().vm_config(), config_.config().capability_restriction_config(), plugin,
-          context.scope().createScope(""), context.clusterManager(), context.initManager(),
-          context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
-          std::move(callback))) {
+  if (!Common::Wasm::createWasm(plugin, context.scope().createScope(""), context.clusterManager(),
+                                context.initManager(), context.dispatcher(), context.api(),
+                                context.lifecycleNotifier(), remote_data_provider_,
+                                std::move(callback))) {
     // NB: throw if we get a synchronous configuration failures as this is how such failures are
     // reported to xDS.
     throw Common::Wasm::WasmException(

source/extensions/common/wasm/BUILD

@@ -31,6 +31,7 @@ envoy_cc_library(
     name = "wasm_hdr",
     hdrs = [
         "context.h",
+        "plugin.h",
         "wasm.h",
         "wasm_extension.h",
         "wasm_vm.h",
@@ -62,6 +63,7 @@ envoy_cc_library(
     srcs = [
         "context.cc",
         "foreign.cc",
+        "plugin.cc",
         "wasm.cc",
         "wasm_extension.cc",
         "wasm_vm.cc",

source/extensions/common/wasm/context.cc

@@ -25,6 +25,7 @@
 #include "common/http/utility.h"
 #include "common/tracing/http_tracer_impl.h"
 
+#include "extensions/common/wasm/plugin.h"
 #include "extensions/common/wasm/wasm.h"
 #include "extensions/common/wasm/well_known_names.h"
 #include "extensions/filters/common/expr/context.h"
@@ -148,7 +149,7 @@ WasmResult Buffer::copyFrom(size_t start, size_t length, absl::string_view data)
 Context::Context() = default;
 Context::Context(Wasm* wasm) : ContextBase(wasm) {}
 Context::Context(Wasm* wasm, const PluginSharedPtr& plugin) : ContextBase(wasm, plugin) {
-  root_local_info_ = &std::static_pointer_cast<Plugin>(plugin)->local_info_;
+  root_local_info_ = &std::static_pointer_cast<Plugin>(plugin)->localInfo();
 }
 Context::Context(Wasm* wasm, uint32_t root_context_id, const PluginSharedPtr& plugin)
     : ContextBase(wasm, root_context_id, plugin) {}
@@ -493,7 +494,7 @@ Context::findValue(absl::string_view name, Protobuf::Arena* arena, bool last) co
     if (root_local_info_) {
       return CelProtoWrapper::CreateMessage(&root_local_info_->node(), arena);
     } else if (plugin_) {
-      return CelProtoWrapper::CreateMessage(&plugin()->local_info_.node(), arena);
+      return CelProtoWrapper::CreateMessage(&plugin()->localInfo().node(), arena);
     }
     break;
   case PropertyToken::SOURCE:
@@ -510,12 +511,12 @@ Context::findValue(absl::string_view name, Protobuf::Arena* arena, bool last) co
     break;
   case PropertyToken::LISTENER_DIRECTION:
     if (plugin_) {
-      return CelValue::CreateInt64(plugin()->direction_);
+      return CelValue::CreateInt64(plugin()->direction());
     }
     break;
   case PropertyToken::LISTENER_METADATA:
     if (plugin_) {
-      return CelProtoWrapper::CreateMessage(plugin()->listener_metadata_, arena);
+      return CelProtoWrapper::CreateMessage(plugin()->listenerMetadata(), arena);
     }
     break;
   case PropertyToken::CLUSTER_NAME:

source/extensions/common/wasm/context.h

@@ -14,6 +14,7 @@
 #include "common/common/assert.h"
 #include "common/common/logger.h"
 
+#include "extensions/common/wasm/plugin.h"
 #include "extensions/filters/common/expr/cel_state.h"
 #include "extensions/filters/common/expr/evaluator.h"
 
@@ -99,22 +100,6 @@ class Buffer : public proxy_wasm::BufferBase {
   ::Envoy::Buffer::Instance* buffer_instance_{};
 };
 
-// Plugin contains the information for a filter/service.
-struct Plugin : public PluginBase {
-  Plugin(absl::string_view name, absl::string_view root_id, absl::string_view vm_id,
-         absl::string_view runtime, absl::string_view plugin_configuration, bool fail_open,
-         envoy::config::core::v3::TrafficDirection direction,
-         const LocalInfo::LocalInfo& local_info,
-         const envoy::config::core::v3::Metadata* listener_metadata)
-      : PluginBase(name, root_id, vm_id, runtime, plugin_configuration, fail_open),
-        direction_(direction), local_info_(local_info), listener_metadata_(listener_metadata) {}
-
-  envoy::config::core::v3::TrafficDirection direction_;
-  const LocalInfo::LocalInfo& local_info_;
-  const envoy::config::core::v3::Metadata* listener_metadata_;
-};
-using PluginSharedPtr = std::shared_ptr<Plugin>;
-
 // A context which will be the target of callbacks for a particular session
 // e.g. a handler of a stream.
 class Context : public proxy_wasm::ContextBase,

source/extensions/common/wasm/plugin.cc

@@ -0,0 +1,28 @@
+#include "extensions/common/wasm/plugin.h"
+
+#include <memory>
+
+#include "envoy/extensions/wasm/v3/wasm.pb.validate.h"
+#include "envoy/local_info/local_info.h"
+
+#include "common/protobuf/protobuf.h"
+#include "common/protobuf/utility.h"
+
+#include "include/proxy-wasm/wasm.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace Common {
+namespace Wasm {
+
+WasmConfig::WasmConfig(const envoy::extensions::wasm::v3::PluginConfig& config) : config_(config) {
+  for (auto& capability : config_.capability_restriction_config().allowed_capabilities()) {
+    // TODO(rapilado): Set the SanitizationConfig fields once sanitization is implemented.
+    allowed_capabilities_[capability.first] = proxy_wasm::SanitizationConfig();
+  }
+}
+
+} // namespace Wasm
+} // namespace Common
+} // namespace Extensions
+} // namespace Envoy

source/extensions/common/wasm/plugin.h

@@ -0,0 +1,61 @@
+#pragma once
+
+#include <memory>
+
+#include "envoy/extensions/wasm/v3/wasm.pb.validate.h"
+#include "envoy/local_info/local_info.h"
+
+#include "common/protobuf/protobuf.h"
+#include "common/protobuf/utility.h"
+
+#include "include/proxy-wasm/wasm.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace Common {
+namespace Wasm {
+
+class WasmConfig {
+public:
+  WasmConfig(const envoy::extensions::wasm::v3::PluginConfig& config);
+  const envoy::extensions::wasm::v3::PluginConfig& config() { return config_; }
+  proxy_wasm::AllowedCapabilitiesMap& allowedCapabilities() { return allowed_capabilities_; }
+
+private:
+  const envoy::extensions::wasm::v3::PluginConfig& config_;
+  proxy_wasm::AllowedCapabilitiesMap allowed_capabilities_{};
+};
+
+using WasmConfigPtr = std::unique_ptr<WasmConfig>;
+
+// Plugin contains the information for a filter/service.
+class Plugin : public proxy_wasm::PluginBase {
+public:
+  Plugin(const envoy::extensions::wasm::v3::PluginConfig& config,
+         envoy::config::core::v3::TrafficDirection direction,
+         const LocalInfo::LocalInfo& local_info,
+         const envoy::config::core::v3::Metadata* listener_metadata)
+      : PluginBase(config.name(), config.root_id(), config.vm_config().vm_id(),
+                   config.vm_config().runtime(), MessageUtil::anyToBytes(config.configuration()),
+                   config.fail_open()),
+        direction_(direction), local_info_(local_info), listener_metadata_(listener_metadata),
+        wasm_config_(std::make_unique<WasmConfig>(config)) {}
+
+  envoy::config::core::v3::TrafficDirection& direction() { return direction_; }
+  const LocalInfo::LocalInfo& localInfo() { return local_info_; }
+  const envoy::config::core::v3::Metadata* listenerMetadata() { return listener_metadata_; }
+  WasmConfig& wasmConfig() { return *wasm_config_; }
+
+private:
+  envoy::config::core::v3::TrafficDirection direction_;
+  const LocalInfo::LocalInfo& local_info_;
+  const envoy::config::core::v3::Metadata* listener_metadata_;
+  WasmConfigPtr wasm_config_;
+};
+
+using PluginSharedPtr = std::shared_ptr<Plugin>;
+
+} // namespace Wasm
+} // namespace Common
+} // namespace Extensions
+} // namespace Envoy