-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat!: add support for secrets in manifests
This adds support for secrets in wasmCloud application manifests. The secrets themselves are actually _secret references_ as outlined in wasmCloud/wasmCloud#2190. Just like config, secrets can be specified at the component or provider level or on a link. Secret references themselves are actually implemented as an additional kind of config stored in the same config data bucket. However, I opted to implement a dedicated scaler for secrets that is largely a clone of the existing ConfigScaler since the underlying data type is very different than the arbitrary set of key/value pairs we use for config. An example of what this looks like in a component is shown below: ```yaml spec: components: - name: http-component type: component properties: image: ghcr.io/wasmcloud/test-fetch-with-token:0.1.0-fake secrets: - name: some-api-token source: backend: nats-kv key: test-value version: 1 - name: my-other-secret source: backend: aws-secrets-manager value: secret-name version: "be01a5fb-7ebb-4ae9-8ea0-0902e8940bc0" ``` This contains a breaking change to the way that we specify config on links: ```yaml - type: link properties: namespace: wasmcloud package: postgres interfaces: [managed-query] target: name: sql-postgres secrets: - name: db-password source: backend: nats-kv key: myapp_db-password version: 1 ``` Instead of using `target_config` and `source_config`, this renames them to `target` and `source` respectively and adds keys for `config` and `secrets`. The name of the target is now now a key at the top level of the `target` block, as seen above. Signed-off-by: Dan Norris <protochron@users.noreply.github.com>
- Loading branch information
1 parent
8199789
commit ca0028a
Showing
78 changed files
with
3,658 additions
and
369 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -48,4 +48,4 @@ jobs: | |
# Run all tests | ||
- name: Run tests | ||
run: | | ||
cargo test -- --nocapture | ||
cargo test --workspace -- --nocapture |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: config-example | ||
annotations: | ||
description: 'This is my app' | ||
spec: | ||
components: | ||
- name: http | ||
type: component | ||
properties: | ||
image: ghcr.io/wasmcloud/components/http-hello-world-rust:0.1.0 | ||
# You can pass any config data you'd like sent to your component as a string->string map | ||
config: | ||
- name: component_config | ||
properties: | ||
lang: EN-US | ||
|
||
- name: webcap | ||
type: capability | ||
properties: | ||
image: ghcr.io/wasmcloud/http-server:0.21.0 | ||
# You can pass any config data you'd like sent to your provider as a string->string map | ||
config: | ||
- name: provider_config | ||
properties: | ||
default-port: '8080' | ||
cache_file: '/tmp/mycache.json' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: my-example-app | ||
annotations: | ||
description: "This is my app revision 2" | ||
spec: | ||
components: | ||
- name: userinfo | ||
type: component | ||
properties: | ||
image: wasmcloud.azurecr.io/fake:1 | ||
traits: | ||
# NOTE: This demonstrates what a custom scaler could look like. This functionality does not currently exist | ||
- type: customscaler | ||
properties: | ||
instances: 4 | ||
clouds: | ||
- aws | ||
- azure | ||
scale_profile: mini | ||
|
||
- name: webcap | ||
type: capability | ||
properties: | ||
image: wasmcloud.azurecr.io/httpserver:0.13.1 | ||
traits: | ||
- type: link | ||
properties: | ||
target: | ||
name: userinfo | ||
namespace: wasi | ||
package: http | ||
interfaces: | ||
- incoming-handler | ||
source: | ||
config: | ||
- name: default-port | ||
properties: | ||
port: "8080" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: echo | ||
annotations: | ||
description: 'This is my app' | ||
spec: | ||
components: | ||
- name: echo | ||
type: component | ||
properties: | ||
image: wasmcloud.azurecr.io/echo:0.3.7 | ||
traits: | ||
- type: spreadscaler | ||
properties: | ||
instances: 1 | ||
|
||
- name: httpserver | ||
type: capability | ||
properties: | ||
image: wasmcloud.azurecr.io/httpserver:0.17.0 | ||
traits: | ||
- type: spreadscaler | ||
properties: | ||
instances: 1 | ||
- type: link | ||
properties: | ||
target: | ||
name: echo | ||
namespace: wasi | ||
package: http | ||
interfaces: | ||
- incoming-handler | ||
source: | ||
config: | ||
- name: default-port | ||
properties: | ||
address: 0.0.0.0:8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Metadata | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: hello-world | ||
annotations: | ||
description: 'HTTP hello world demo' | ||
spec: | ||
components: | ||
- name: http-component | ||
type: component | ||
properties: | ||
# Run components from OCI registries as below or from a local .wasm component binary. | ||
image: ghcr.io/wasmcloud/components/http-hello-world-rust:0.1.0 | ||
traits: | ||
# One replica of this component will run | ||
- type: spreadscaler | ||
properties: | ||
instances: 1 | ||
# The httpserver capability provider, started from the official wasmCloud OCI artifact | ||
- name: httpserver | ||
type: capability | ||
properties: | ||
image: ghcr.io/wasmcloud/http-server:0.21.0 | ||
traits: | ||
# Link the HTTP server and set it to listen on the local machine's port 8080 | ||
- type: link | ||
properties: | ||
target: | ||
name: http-component | ||
namespace: wasi | ||
package: http | ||
interfaces: [incoming-handler] | ||
source: | ||
config: | ||
- name: default-http | ||
properties: | ||
ADDRESS: 127.0.0.1:8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: kvcounter-rust | ||
annotations: | ||
description: 'Kvcounter demo in Rust, using the WebAssembly Component Model and WebAssembly Interfaces Types (WIT)' | ||
labels: | ||
app.oam.io/name: kvcounter-rust | ||
spec: | ||
components: | ||
- name: kvcounter | ||
type: component | ||
properties: | ||
image: file:///Users/brooks/github.com/wasmcloud/wadm/kvc/build/http_hello_world_s.wasm | ||
traits: | ||
# Govern the spread/scheduling of the component | ||
- type: spreadscaler | ||
properties: | ||
instances: 1 | ||
# Compose with KVRedis for wasi:keyvalue calls | ||
- type: link | ||
properties: | ||
target: | ||
name: kvredis | ||
config: | ||
- name: redis-connect-local | ||
properties: | ||
url: redis://127.0.0.1:6379 | ||
|
||
namespace: wasi | ||
package: keyvalue | ||
interfaces: | ||
- atomic | ||
- eventual | ||
|
||
# Add a capability provider that mediates HTTP access | ||
- name: httpserver | ||
type: capability | ||
properties: | ||
image: ghcr.io/wasmcloud/http-server:0.21.0 | ||
traits: | ||
# Compose with component to handle wasi:http calls | ||
- type: link | ||
properties: | ||
target: | ||
name: kvcounter | ||
namespace: wasi | ||
package: http | ||
interfaces: | ||
- incoming-handler | ||
source: | ||
config: | ||
- name: listen-config | ||
properties: | ||
address: 127.0.0.1:8080 | ||
# Add a capability provider that interfaces with the Redis key-value store | ||
- name: kvredis | ||
type: capability | ||
properties: | ||
image: ghcr.io/wasmcloud/keyvalue-redis:0.23.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
{ | ||
"apiVersion": "core.oam.dev/v1beta1", | ||
"kind": "Application", | ||
"metadata": { | ||
"name": "my-example-app", | ||
"annotations": { | ||
"description": "This is my app" | ||
} | ||
}, | ||
"spec": { | ||
"components": [ | ||
{ | ||
"name": "userinfo", | ||
"type": "actor", | ||
"properties": { | ||
"image": "wasmcloud.azurecr.io/fake:1" | ||
}, | ||
"traits": [ | ||
{ | ||
"type": "spreadscaler", | ||
"properties": { | ||
"instances": 4, | ||
"spread": [ | ||
{ | ||
"name": "eastcoast", | ||
"requirements": { | ||
"zone": "us-east-1" | ||
}, | ||
"weight": 80 | ||
}, | ||
{ | ||
"name": "westcoast", | ||
"requirements": { | ||
"zone": "us-west-1" | ||
}, | ||
"weight": 20 | ||
} | ||
] | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"name": "webcap", | ||
"type": "capability", | ||
"properties": { | ||
"image": "wasmcloud.azurecr.io/httpserver:0.13.1" | ||
}, | ||
"traits": [ | ||
{ | ||
"type": "link", | ||
"properties": { | ||
"target": "webcap", | ||
"namespace": "wasi", | ||
"package": "http", | ||
"interfaces": ["incoming-handler"], | ||
"name": "default" | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"name": "ledblinky", | ||
"type": "capability", | ||
"properties": { | ||
"image": "wasmcloud.azurecr.io/ledblinky:0.0.1" | ||
}, | ||
"traits": [ | ||
{ | ||
"type": "spreadscaler", | ||
"properties": { | ||
"instances": 1, | ||
"spread": [ | ||
{ | ||
"name": "haslights", | ||
"requirements": { | ||
"ledenabled": "true" | ||
} | ||
} | ||
] | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
apiVersion: core.oam.dev/v1beta1 | ||
kind: Application | ||
metadata: | ||
name: my-example-app | ||
annotations: | ||
description: "This is my app" | ||
spec: | ||
components: | ||
- name: userinfo | ||
type: actor | ||
properties: | ||
image: wasmcloud.azurecr.io/fake:1 | ||
traits: | ||
- type: spreadscaler | ||
properties: | ||
instances: 4 | ||
spread: | ||
- name: eastcoast | ||
requirements: | ||
zone: us-east-1 | ||
weight: 80 | ||
- name: westcoast | ||
requirements: | ||
zone: us-west-1 | ||
weight: 20 | ||
|
||
- name: webcap | ||
type: capability | ||
properties: | ||
image: wasmcloud.azurecr.io/httpserver:0.13.1 | ||
traits: | ||
- type: link | ||
properties: | ||
target: | ||
name: webcap | ||
namespace: wasi | ||
package: http | ||
interfaces: ["incoming-handler"] | ||
name: default | ||
|
||
- name: ledblinky | ||
type: capability | ||
properties: | ||
image: wasmcloud.azurecr.io/ledblinky:0.0.1 | ||
traits: | ||
- type: spreadscaler | ||
properties: | ||
instances: 1 | ||
spread: | ||
- name: haslights | ||
requirements: | ||
ledenabled: "true" |
Oops, something went wrong.