Skip to content

Commit

Permalink
feat!: add support for secrets in manifests
Browse files Browse the repository at this point in the history 
This adds support for secrets in wasmCloud application manifests. The
secrets themselves are actually _secret references_ as outlined in
wasmCloud/wasmCloud#2190. Just like config, secrets can be specified at
the component or provider level or on a link.

Secret references themselves are actually implemented as an additional
kind of config stored in the same config data bucket. However, I opted
to implement a dedicated scaler for secrets that is largely a clone of
the existing ConfigScaler since the underlying data type is very
different than the arbitrary set of key/value pairs we use for config.

An example of what this looks like in a component is shown below:

```yaml
spec:
  components:
    - name: http-component
      type: component
      properties:
        image: ghcr.io/wasmcloud/test-fetch-with-token:0.1.0-fake
        secrets:
          - name: some-api-token
            source:
              backend: nats-kv
              key: test-value
              version: 1
          - name: my-other-secret
            source:
              backend: aws-secrets-manager
              value: secret-name
              version: "be01a5fb-7ebb-4ae9-8ea0-0902e8940bc0"
```

This contains a breaking change to the way that we specify config on
links:

```yaml
- type: link
  properties:
    namespace: wasmcloud
    package: postgres
    interfaces: [managed-query]
    target:
      name: sql-postgres
      secrets:
        - name: db-password
          source:
            backend: nats-kv
            key: myapp_db-password
            version: 1
```

Instead of using `target_config` and `source_config`, this renames them
to `target` and `source` respectively and adds keys for `config` and
`secrets`. The name of the target is now now a key at the top level of
the `target` block, as seen above.

Signed-off-by: Dan Norris <protochron@users.noreply.github.com>
  • Loading branch information
@protochron
protochron committed Jul 19, 2024
1 parent 8199789 commit 91ce72d
Show file tree
Hide file tree
Showing 77 changed files with 3,571 additions and 369 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,4 @@ jobs:
# Run all tests
- name: Run tests
run: |
cargo test -- --nocapture
cargo test --workspace -- --nocapture
6 changes: 3 additions & 3 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 28 additions & 0 deletions crates/wadm-types/oam/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: config-example
annotations:
description: 'This is my app'
spec:
components:
- name: http
type: component
properties:
image: ghcr.io/wasmcloud/components/http-hello-world-rust:0.1.0
# You can pass any config data you'd like sent to your component as a string->string map
config:
- name: component_config
properties:
lang: EN-US

- name: webcap
type: capability
properties:
image: ghcr.io/wasmcloud/http-server:0.21.0
# You can pass any config data you'd like sent to your provider as a string->string map
config:
- name: provider_config
properties:
default-port: '8080'
cache_file: '/tmp/mycache.json'
40 changes: 40 additions & 0 deletions crates/wadm-types/oam/custom.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: my-example-app
annotations:
description: "This is my app revision 2"
spec:
components:
- name: userinfo
type: component
properties:
image: wasmcloud.azurecr.io/fake:1
traits:
# NOTE: This demonstrates what a custom scaler could look like. This functionality does not currently exist
- type: customscaler
properties:
instances: 4
clouds:
- aws
- azure
scale_profile: mini

- name: webcap
type: capability
properties:
image: wasmcloud.azurecr.io/httpserver:0.13.1
traits:
- type: link
properties:
target:
name: userinfo
namespace: wasi
package: http
interfaces:
- incoming-handler
source:
config:
- name: default-port
properties:
port: "8080"
38 changes: 38 additions & 0 deletions crates/wadm-types/oam/echo.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: echo
annotations:
description: 'This is my app'
spec:
components:
- name: echo
type: component
properties:
image: wasmcloud.azurecr.io/echo:0.3.7
traits:
- type: spreadscaler
properties:
instances: 1

- name: httpserver
type: capability
properties:
image: wasmcloud.azurecr.io/httpserver:0.17.0
traits:
- type: spreadscaler
properties:
instances: 1
- type: link
properties:
target:
name: echo
namespace: wasi
package: http
interfaces:
- incoming-handler
source:
config:
- name: default-port
properties:
address: 0.0.0.0:8080
38 changes: 38 additions & 0 deletions crates/wadm-types/oam/hello.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Metadata
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: hello-world
annotations:
description: 'HTTP hello world demo'
spec:
components:
- name: http-component
type: component
properties:
# Run components from OCI registries as below or from a local .wasm component binary.
image: ghcr.io/wasmcloud/components/http-hello-world-rust:0.1.0
traits:
# One replica of this component will run
- type: spreadscaler
properties:
instances: 1
# The httpserver capability provider, started from the official wasmCloud OCI artifact
- name: httpserver
type: capability
properties:
image: ghcr.io/wasmcloud/http-server:0.21.0
traits:
# Link the HTTP server and set it to listen on the local machine's port 8080
- type: link
properties:
target:
name: http-component
namespace: wasi
package: http
interfaces: [incoming-handler]
source:
config:
- name: default-http
properties:
ADDRESS: 127.0.0.1:8080
60 changes: 60 additions & 0 deletions crates/wadm-types/oam/kvcounter.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: kvcounter-rust
annotations:
description: 'Kvcounter demo in Rust, using the WebAssembly Component Model and WebAssembly Interfaces Types (WIT)'
labels:
app.oam.io/name: kvcounter-rust
spec:
components:
- name: kvcounter
type: component
properties:
image: file:///Users/brooks/github.com/wasmcloud/wadm/kvc/build/http_hello_world_s.wasm
traits:
# Govern the spread/scheduling of the component
- type: spreadscaler
properties:
instances: 1
# Compose with KVRedis for wasi:keyvalue calls
- type: link
properties:
target:
name: kvredis
config:
- name: redis-connect-local
properties:
url: redis://127.0.0.1:6379

namespace: wasi
package: keyvalue
interfaces:
- atomic
- eventual

# Add a capability provider that mediates HTTP access
- name: httpserver
type: capability
properties:
image: ghcr.io/wasmcloud/http-server:0.21.0
traits:
# Compose with component to handle wasi:http calls
- type: link
properties:
target:
name: kvcounter
namespace: wasi
package: http
interfaces:
- incoming-handler
source:
config:
- name: listen-config
properties:
address: 127.0.0.1:8080
# Add a capability provider that interfaces with the Redis key-value store
- name: kvredis
type: capability
properties:
image: ghcr.io/wasmcloud/keyvalue-redis:0.23.0
52 changes: 52 additions & 0 deletions crates/wadm-types/oam/simple1.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: my-example-app
annotations:
description: "This is my app"
spec:
components:
- name: userinfo
type: actor
properties:
image: wasmcloud.azurecr.io/fake:1
traits:
- type: spreadscaler
properties:
instances: 4
spread:
- name: eastcoast
requirements:
zone: us-east-1
weight: 80
- name: westcoast
requirements:
zone: us-west-1
weight: 20

- name: webcap
type: capability
properties:
image: wasmcloud.azurecr.io/httpserver:0.13.1
traits:
- type: link
properties:
target:
name: webcap
namespace: wasi
package: http
interfaces: ["incoming-handler"]
name: default

- name: ledblinky
type: capability
properties:
image: wasmcloud.azurecr.io/ledblinky:0.0.1
traits:
- type: spreadscaler
properties:
instances: 1
spread:
- name: haslights
requirements:
ledenabled: "true"
55 changes: 55 additions & 0 deletions crates/wadm-types/oam/simple2.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: my-example-app
annotations:
description: "This is my app revision 2"
spec:
components:
- name: userinfo
type: component
properties:
image: wasmcloud.azurecr.io/fake:1
traits:
- type: spreadscaler
properties:
instances: 4
spread:
- name: eastcoast
requirements:
zone: us-east-1
weight: 80
- name: westcoast
requirements:
zone: us-west-1
weight: 20

- name: webcap
type: capability
properties:
image: wasmcloud.azurecr.io/httpserver:0.13.1
traits:
- type: link
properties:
target:
name: userinfo
config: []
namespace: wasi
package: http
interfaces:
- incoming-handler
source:
config: []

- name: ledblinky
type: capability
properties:
image: wasmcloud.azurecr.io/ledblinky:0.0.1
traits:
- type: spreadscaler
properties:
instances: 1
spread:
- name: haslights
requirements:
ledenabled: "true"
Loading

0 comments on commit 91ce72d

Please sign in to comment.