diff --git a/Cargo.lock b/Cargo.lock index 759a94a031..fa590cc70d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5103,6 +5103,7 @@ checksum = "4edc8853320c2a0dab800fbda86253c8938f6ea88510dc92c5f1ed20e794afc1" dependencies = [ "cfg-if", "miette-derive 7.2.0", + "serde", "thiserror 1.0.69", "unicode-width 0.1.14", ] @@ -5591,6 +5592,30 @@ dependencies = [ "unicase", ] +[[package]] +name = "oci-distribution" +version = "0.11.0" +source = "git+https://github.com/fermyon/oci-distribution?rev=7e4ce9be9bcd22e78a28f06204931f10c44402ba#7e4ce9be9bcd22e78a28f06204931f10c44402ba" +dependencies = [ + "bytes", + "chrono", + "futures-util", + "http 1.1.0", + "http-auth", + "jwt 0.16.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.5.0", + "olpc-cjson", + "regex", + "reqwest 0.12.9", + "serde", + "serde_json", + "sha2", + "thiserror 1.0.69", + "tokio", + "tracing", + "unicase", +] + [[package]] name = "oci-spec" version = "0.7.1" @@ -7914,6 +7939,7 @@ dependencies = [ "anyhow", "serde", "spin-common", + "spin-environments", "spin-manifest", "subprocess", "terminal", @@ -7965,6 +7991,7 @@ dependencies = [ "spin-build", "spin-common", "spin-doctor", + "spin-environments", "spin-factor-outbound-networking", "spin-http", "spin-loader", @@ -8047,7 +8074,7 @@ dependencies = [ "spin-serde", "thiserror 2.0.12", "tokio", - "wac-graph", + "wac-graph 0.6.1", ] [[package]] @@ -8089,6 +8116,41 @@ dependencies = [ "ui-testing", ] +[[package]] +name = "spin-environments" +version = "3.4.0-pre0" +dependencies = [ + "anyhow", + "async-trait", + "bytes", + "chrono", + "futures", + "futures-util", + "id-arena", + "indexmap 2.7.1", + "oci-distribution 0.11.0 (git+https://github.com/fermyon/oci-distribution?rev=7e4ce9be9bcd22e78a28f06204931f10c44402ba)", + "semver", + "serde", + "serde_json", + "spin-common", + "spin-componentize", + "spin-compose", + "spin-loader", + "spin-manifest", + "spin-serde", + "tokio", + "toml", + "tracing", + "wac-parser", + "wac-resolver", + "wac-types 0.7.0", + "wasm-pkg-client", + "wasmparser 0.235.0", + "wit-component 0.235.0", + "wit-encoder", + "wit-parser 0.235.0", +] + [[package]] name = "spin-expressions" version = "3.4.0-pre0" @@ -8556,7 +8618,7 @@ dependencies = [ "docker_credential", "futures-util", "itertools 0.14.0", - "oci-distribution", + "oci-distribution 0.11.0 (git+https://github.com/fermyon/oci-distribution?rev=7b291a39f74d1a3c9499d934a56cae6580fc8e37)", "reqwest 0.12.9", "serde", "serde_json", @@ -10116,12 +10178,74 @@ dependencies = [ "petgraph", "semver", "thiserror 1.0.69", - "wac-types", + "wac-types 0.6.1", "wasm-encoder 0.202.0", "wasm-metadata 0.202.0", "wasmparser 0.202.0", ] +[[package]] +name = "wac-graph" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dcc86eda3243819bb0b8cd37ec1ac3c104e8dd3a63303efaae3f598a325b11c" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "petgraph", + "semver", + "thiserror 1.0.69", + "wac-types 0.7.0", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", +] + +[[package]] +name = "wac-parser" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82a2cc4df92a70e611e6cf6525cfde180a6bd472e559380152cead78ecc9a097" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "logos", + "miette 7.2.0", + "semver", + "serde", + "thiserror 1.0.69", + "wac-graph 0.7.0", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", +] + +[[package]] +name = "wac-resolver" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f66dec428bef6544e119f8e45361f768bf840765e4e05697774f7a29e4693453" +dependencies = [ + "anyhow", + "futures", + "indexmap 2.7.1", + "log", + "miette 7.2.0", + "semver", + "thiserror 1.0.69", + "tokio", + "wac-parser", + "wac-types 0.7.0", + "warg-client", + "warg-crypto", + "warg-protocol", + "wit-component 0.229.0", +] + [[package]] name = "wac-types" version = "0.6.1" @@ -10136,6 +10260,20 @@ dependencies = [ "wasmparser 0.202.0", ] +[[package]] +name = "wac-types" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271949d040a6b9a20bda4942bad2c85fb10636a9e86d10fda8092b3dd9467f7c" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "semver", + "wasm-encoder 0.229.0", + "wasmparser 0.229.0", +] + [[package]] name = "waker-fn" version = "1.2.0" @@ -10443,6 +10581,16 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wasm-encoder" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38ba1d491ecacb085a2552025c10a675a6fddcbd03b1fc9b36c536010ce265d2" +dependencies = [ + "leb128fmt", + "wasmparser 0.229.0", +] + [[package]] name = "wasm-encoder" version = "0.235.0" @@ -10486,6 +10634,25 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wasm-metadata" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78fdb7d29a79191ab363dc90c1ddd3a1e880ffd5348d92d48482393a9e6c5f4d" +dependencies = [ + "anyhow", + "auditable-serde", + "flate2", + "indexmap 2.7.1", + "serde", + "serde_derive", + "serde_json", + "spdx", + "url", + "wasm-encoder 0.229.0", + "wasmparser 0.229.0", +] + [[package]] name = "wasm-metadata" version = "0.235.0" @@ -10607,6 +10774,19 @@ dependencies = [ "semver", ] +[[package]] +name = "wasmparser" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc3b1f053f5d41aa55640a1fa9b6d1b8a9e4418d118ce308d20e24ff3575a8c" +dependencies = [ + "bitflags 2.6.0", + "hashbrown 0.15.2", + "indexmap 2.7.1", + "semver", + "serde", +] + [[package]] name = "wasmparser" version = "0.235.0" @@ -11564,6 +11744,25 @@ dependencies = [ "wit-parser 0.224.1", ] +[[package]] +name = "wit-component" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f550067740e223bfe6c4878998e81cdbe2529dd9a793dc49248dd6613394e8b" +dependencies = [ + "anyhow", + "bitflags 2.6.0", + "indexmap 2.7.1", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder 0.229.0", + "wasm-metadata 0.229.0", + "wasmparser 0.229.0", + "wit-parser 0.229.0", +] + [[package]] name = "wit-component" version = "0.235.0" @@ -11584,6 +11783,19 @@ dependencies = [ "wit-parser 0.235.0", ] +[[package]] +name = "wit-encoder" +version = "0.235.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5abc86f193399192a2aced6ca89ad4e2ac11420092ea981578ab674fe4de11eb" +dependencies = [ + "id-arena", + "pretty_assertions", + "semver", + "serde", + "wit-parser 0.235.0", +] + [[package]] name = "wit-parser" version = "0.224.1" @@ -11602,6 +11814,24 @@ dependencies = [ "wasmparser 0.224.1", ] +[[package]] +name = "wit-parser" +version = "0.229.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "459c6ba62bf511d6b5f2a845a2a736822e38059c1cfa0b644b467bbbfae4efa6" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.7.1", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser 0.229.0", +] + [[package]] name = "wit-parser" version = "0.235.0" diff --git a/Cargo.toml b/Cargo.toml index 576bf6f06f..feb2b516d7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,6 +55,7 @@ spin-app = { path = "crates/app" } spin-build = { path = "crates/build" } spin-common = { path = "crates/common" } spin-doctor = { path = "crates/doctor" } +spin-environments = { path = "crates/environments" } spin-factor-outbound-networking = { path = "crates/factor-outbound-networking" } spin-http = { path = "crates/http" } spin-loader = { path = "crates/loader" } diff --git a/crates/build/Cargo.toml b/crates/build/Cargo.toml index aa698b566c..29eb585ab1 100644 --- a/crates/build/Cargo.toml +++ b/crates/build/Cargo.toml @@ -8,6 +8,7 @@ edition = { workspace = true } anyhow = { workspace = true } serde = { workspace = true } spin-common = { path = "../common" } +spin-environments = { path = "../environments" } spin-manifest = { path = "../manifest" } subprocess = "0.2" terminal = { path = "../terminal" } diff --git a/crates/build/src/lib.rs b/crates/build/src/lib.rs index c122d183e6..1c0f33c55d 100644 --- a/crates/build/src/lib.rs +++ b/crates/build/src/lib.rs @@ -16,31 +16,87 @@ use subprocess::{Exec, Redirection}; use crate::manifest::component_build_configs; /// If present, run the build command of each component. -pub async fn build(manifest_file: &Path, component_ids: &[String]) -> Result<()> { - let (components, manifest_err) = - component_build_configs(manifest_file) - .await - .with_context(|| { - format!( - "Cannot read manifest file from {}", - quoted_path(manifest_file) - ) - })?; +pub async fn build( + manifest_file: &Path, + component_ids: &[String], + target_checks: TargetChecking, + cache_root: Option, +) -> Result<()> { + let build_info = component_build_configs(manifest_file) + .await + .with_context(|| { + format!( + "Cannot read manifest file from {}", + quoted_path(manifest_file) + ) + })?; let app_dir = parent_dir(manifest_file)?; - let build_result = build_components(component_ids, components, app_dir); + let build_result = build_components(component_ids, build_info.components(), &app_dir); - if let Some(e) = manifest_err { + // Emit any required warnings now, so that they don't bury any errors. + if let Some(e) = build_info.load_error() { + // The manifest had errors. We managed to attempt a build anyway, but we want to + // let the user know about them. terminal::warn!("The manifest has errors not related to the Wasm component build. Error details:\n{e:#}"); + // Checking deployment targets requires a healthy manifest (because trigger types etc.), + // if any of these were specified, warn they are being skipped. + let should_have_checked_targets = + target_checks.check() && build_info.has_deployment_targets(); + if should_have_checked_targets { + terminal::warn!( + "The manifest error(s) prevented Spin from checking the deployment targets." + ); + } } - build_result + // If the build failed, exit with an error at this point. + build_result?; + + let Some(manifest) = build_info.manifest() else { + // We can't proceed to checking (because that needs a full healthy manifest), and we've + // already emitted any necessary warning, so quit. + return Ok(()); + }; + + if target_checks.check() { + let application = spin_environments::ApplicationToValidate::new( + manifest.clone(), + manifest_file.parent().unwrap(), + ) + .await + .context("unable to load application for checking against deployment targets")?; + let target_validation = spin_environments::validate_application_against_environment_ids( + &application, + build_info.deployment_targets(), + cache_root.clone(), + &app_dir, + ) + .await + .context("unable to check if the application is compatible with deployment targets")?; + + if !target_validation.is_ok() { + for error in target_validation.errors() { + terminal::error!("{error}"); + } + anyhow::bail!("All components built successfully, but one or more was incompatible with one or more of the deployment targets."); + } + } + + Ok(()) +} + +/// Run all component build commands, using the default options (build all +/// components, perform target checking). We run a "default build" in several +/// places and this centralises the logic of what such a "default build" means. +pub async fn build_default(manifest_file: &Path, cache_root: Option) -> Result<()> { + build(manifest_file, &[], TargetChecking::Check, cache_root).await } fn build_components( component_ids: &[String], components: Vec, - app_dir: PathBuf, + app_dir: &Path, ) -> Result<(), anyhow::Error> { let components_to_build = if component_ids.is_empty() { components @@ -70,7 +126,7 @@ fn build_components( components_to_build .into_iter() - .map(|c| build_component(c, &app_dir)) + .map(|c| build_component(c, app_dir)) .collect::, _>>()?; terminal::step!("Finished", "building all Spin components"); @@ -159,6 +215,21 @@ fn construct_workdir(app_dir: &Path, workdir: Option>) -> Resul Ok(cwd) } +/// Specifies target environment checking behaviour +pub enum TargetChecking { + /// The build should check that all components are compatible with all target environments. + Check, + /// The build should not check target environments. + Skip, +} + +impl TargetChecking { + /// Should the build check target environments? + fn check(&self) -> bool { + matches!(self, Self::Check) + } +} + #[cfg(test)] mod tests { use super::*; @@ -171,6 +242,60 @@ mod tests { #[tokio::test] async fn can_load_even_if_trigger_invalid() { let bad_trigger_file = test_data_root().join("bad_trigger.toml"); - build(&bad_trigger_file, &[]).await.unwrap(); + build(&bad_trigger_file, &[], TargetChecking::Skip, None) + .await + .unwrap(); + } + + #[tokio::test] + async fn succeeds_if_target_env_matches() { + let manifest_path = test_data_root().join("good_target_env.toml"); + build(&manifest_path, &[], TargetChecking::Check, None) + .await + .unwrap(); + } + + #[tokio::test] + async fn fails_if_target_env_does_not_match() { + let manifest_path = test_data_root().join("bad_target_env.toml"); + let err = build(&manifest_path, &[], TargetChecking::Check, None) + .await + .expect_err("should have failed") + .to_string(); + + // build prints validation errors rather than returning them to top level + // (because there could be multiple errors) - see has_meaningful_error_if_target_env_does_not_match + assert!( + err.contains("one or more was incompatible with one or more of the deployment targets") + ); + } + + #[tokio::test] + async fn has_meaningful_error_if_target_env_does_not_match() { + let manifest_file = test_data_root().join("bad_target_env.toml"); + let manifest = spin_manifest::manifest_from_file(&manifest_file).unwrap(); + let application = spin_environments::ApplicationToValidate::new( + manifest.clone(), + manifest_file.parent().unwrap(), + ) + .await + .context("unable to load application for checking against deployment targets") + .unwrap(); + + let target_validation = spin_environments::validate_application_against_environment_ids( + &application, + &manifest.application.targets, + None, + manifest_file.parent().unwrap(), + ) + .await + .context("unable to check if the application is compatible with deployment targets") + .unwrap(); + + assert_eq!(1, target_validation.errors().len()); + + let err = target_validation.errors()[0].to_string(); + + assert!(err.contains("world wasi:cli/command@0.2.0 does not provide an import named")); } } diff --git a/crates/build/src/manifest.rs b/crates/build/src/manifest.rs index 2fcd68dadb..db570e4145 100644 --- a/crates/build/src/manifest.rs +++ b/crates/build/src/manifest.rs @@ -4,37 +4,120 @@ use std::{collections::BTreeMap, path::Path}; use spin_manifest::{schema::v2, ManifestVersion}; +#[allow(clippy::large_enum_variant)] // only ever constructed once +pub enum ManifestBuildInfo { + Loadable { + components: Vec, + deployment_targets: Vec, + manifest: spin_manifest::schema::v2::AppManifest, + }, + Unloadable { + components: Vec, + has_deployment_targets: bool, + load_error: spin_manifest::Error, + }, +} + +impl ManifestBuildInfo { + pub fn components(&self) -> Vec { + match self { + Self::Loadable { components, .. } => components.clone(), + Self::Unloadable { components, .. } => components.clone(), + } + } + + pub fn load_error(&self) -> Option<&spin_manifest::Error> { + match self { + Self::Loadable { .. } => None, + Self::Unloadable { load_error, .. } => Some(load_error), + } + } + + pub fn deployment_targets(&self) -> &[spin_manifest::schema::v2::TargetEnvironmentRef] { + match self { + Self::Loadable { + deployment_targets, .. + } => deployment_targets, + Self::Unloadable { .. } => &[], + } + } + + pub fn has_deployment_targets(&self) -> bool { + match self { + Self::Loadable { + deployment_targets, .. + } => !deployment_targets.is_empty(), + Self::Unloadable { + has_deployment_targets, + .. + } => *has_deployment_targets, + } + } + + pub fn manifest(&self) -> Option<&spin_manifest::schema::v2::AppManifest> { + match self { + Self::Loadable { manifest, .. } => Some(manifest), + Self::Unloadable { .. } => None, + } + } +} + /// Returns a map of component IDs to [`v2::ComponentBuildConfig`]s for the /// given (v1 or v2) manifest path. If the manifest cannot be loaded, the /// function attempts fallback: if fallback succeeds, result is Ok but the load error /// is also returned via the second part of the return value tuple. -pub async fn component_build_configs( - manifest_file: impl AsRef, -) -> Result<(Vec, Option)> { +pub async fn component_build_configs(manifest_file: impl AsRef) -> Result { let manifest = spin_manifest::manifest_from_file(&manifest_file); match manifest { - Ok(manifest) => Ok((build_configs_from_manifest(manifest), None)), - Err(e) => fallback_load_build_configs(&manifest_file) - .await - .map(|bc| (bc, Some(e))), + Ok(mut manifest) => { + spin_manifest::normalize::normalize_manifest(&mut manifest); + let components = build_configs_from_manifest(&manifest); + let deployment_targets = deployment_targets_from_manifest(&manifest); + Ok(ManifestBuildInfo::Loadable { + components, + deployment_targets, + manifest, + }) + } + Err(load_error) => { + // The manifest didn't load, but the problem might not be build-affecting. + // Try to fall back by parsing out only the bits we need. And if something + // goes wrong with the fallback, give up and return the original manifest load + // error. + let Ok(components) = fallback_load_build_configs(&manifest_file).await else { + return Err(load_error.into()); + }; + let Ok(has_deployment_targets) = has_deployment_targets(&manifest_file).await else { + return Err(load_error.into()); + }; + Ok(ManifestBuildInfo::Unloadable { + components, + has_deployment_targets, + load_error, + }) + } } } fn build_configs_from_manifest( - mut manifest: spin_manifest::schema::v2::AppManifest, + manifest: &spin_manifest::schema::v2::AppManifest, ) -> Vec { - spin_manifest::normalize::normalize_manifest(&mut manifest); - manifest .components - .into_iter() + .iter() .map(|(id, c)| ComponentBuildInfo { id: id.to_string(), - build: c.build, + build: c.build.clone(), }) .collect() } +fn deployment_targets_from_manifest( + manifest: &spin_manifest::schema::v2::AppManifest, +) -> Vec { + manifest.application.targets.clone() +} + async fn fallback_load_build_configs( manifest_file: impl AsRef, ) -> Result> { @@ -57,7 +140,23 @@ async fn fallback_load_build_configs( }) } -#[derive(Deserialize)] +async fn has_deployment_targets(manifest_file: impl AsRef) -> Result { + let manifest_text = tokio::fs::read_to_string(manifest_file).await?; + Ok(match ManifestVersion::detect(&manifest_text)? { + ManifestVersion::V1 => false, + ManifestVersion::V2 => { + let table: toml::value::Table = toml::from_str(&manifest_text)?; + table + .get("application") + .and_then(|a| a.as_table()) + .and_then(|t| t.get("targets")) + .and_then(|arr| arr.as_array()) + .is_some_and(|arr| !arr.is_empty()) + } + }) +} + +#[derive(Clone, Deserialize)] pub struct ComponentBuildInfo { #[serde(default)] pub id: String, diff --git a/crates/build/tests/bad_target_env.toml b/crates/build/tests/bad_target_env.toml new file mode 100644 index 0000000000..591d66aa30 --- /dev/null +++ b/crates/build/tests/bad_target_env.toml @@ -0,0 +1,8 @@ +spin_manifest_version = 2 + +[application] +name = "bad" +targets = [{ path = "env/wasi-minimal.toml" }] + +[[trigger.command]] +component = { source = "test-components/test-command.wasm" } diff --git a/crates/build/tests/env/wasi-all.toml b/crates/build/tests/env/wasi-all.toml new file mode 100644 index 0000000000..9f00d1c374 --- /dev/null +++ b/crates/build/tests/env/wasi-all.toml @@ -0,0 +1,2 @@ +[triggers] +command = { worlds = [{ path = "../wit/cmd-full", world = "wasi:cli/command@0.2.0"}] } diff --git a/crates/build/tests/env/wasi-minimal.toml b/crates/build/tests/env/wasi-minimal.toml new file mode 100644 index 0000000000..6dd9bc6fef --- /dev/null +++ b/crates/build/tests/env/wasi-minimal.toml @@ -0,0 +1,2 @@ +[triggers] +command = { worlds = [{ path = "../wit/cmd-minimal", world = "wasi:cli/command@0.2.0"}] } diff --git a/crates/build/tests/good_target_env.toml b/crates/build/tests/good_target_env.toml new file mode 100644 index 0000000000..dc2acc941c --- /dev/null +++ b/crates/build/tests/good_target_env.toml @@ -0,0 +1,8 @@ +spin_manifest_version = 2 + +[application] +name = "good" +targets = [{ path = "env/wasi-all.toml" }] + +[[trigger.command]] +component = { source = "test-components/test-command.wasm" } diff --git a/crates/build/tests/test-components/README.md b/crates/build/tests/test-components/README.md new file mode 100644 index 0000000000..c33c4df938 --- /dev/null +++ b/crates/build/tests/test-components/README.md @@ -0,0 +1,10 @@ +# Recreating the test components + +``` +cd source/test-command +cargo build --release --target wasm32-wasip1 +``` + +then copy from `target/wasm32-wasip1/release/` to this directory. + +**IMPORTANT:** Do not use the `wasm32-wasip2` target. It generates to the 0.2.x world (0.2.3 at time of writing), and Component Model tooling does not yet accept that as compatible with the 0.2.0 world. diff --git a/crates/build/tests/test-components/source/test-command/Cargo.toml b/crates/build/tests/test-components/source/test-command/Cargo.toml new file mode 100644 index 0000000000..904e9ac781 --- /dev/null +++ b/crates/build/tests/test-components/source/test-command/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "test-command" +version = "0.1.0" +edition = "2024" + +[dependencies] + +[workspace] diff --git a/crates/build/tests/test-components/source/test-command/src/main.rs b/crates/build/tests/test-components/source/test-command/src/main.rs new file mode 100644 index 0000000000..e7a11a969c --- /dev/null +++ b/crates/build/tests/test-components/source/test-command/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +} diff --git a/crates/build/tests/test-components/test-command.wasm b/crates/build/tests/test-components/test-command.wasm new file mode 100755 index 0000000000..cc6df8850a Binary files /dev/null and b/crates/build/tests/test-components/test-command.wasm differ diff --git a/crates/build/tests/wit/cmd-full/command.wit b/crates/build/tests/wit/cmd-full/command.wit new file mode 100644 index 0000000000..d8005bd388 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/command.wit @@ -0,0 +1,7 @@ +package wasi:cli@0.2.0; + +world command { + include imports; + + export run; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit b/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit new file mode 100644 index 0000000000..4e4dc3a199 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/monotonic-clock.wit @@ -0,0 +1,45 @@ +package wasi:clocks@0.2.0; +/// WASI Monotonic Clock is a clock API intended to let users measure elapsed +/// time. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A monotonic clock is a clock which has an unspecified initial value, and +/// successive reads of the clock will produce non-decreasing values. +/// +/// It is intended for measuring elapsed time. +interface monotonic-clock { + use wasi:io/poll@0.2.0.{pollable}; + + /// An instant in time, in nanoseconds. An instant is relative to an + /// unspecified initial value, and can only be compared to instances from + /// the same monotonic-clock. + type instant = u64; + + /// A duration of time, in nanoseconds. + type duration = u64; + + /// Read the current value of the clock. + /// + /// The clock is monotonic, therefore calling this function repeatedly will + /// produce a sequence of non-decreasing values. + now: func() -> instant; + + /// Query the resolution of the clock. Returns the duration of time + /// corresponding to a clock tick. + resolution: func() -> duration; + + /// Create a `pollable` which will resolve once the specified instant + /// occured. + subscribe-instant: func( + when: instant, + ) -> pollable; + + /// Create a `pollable` which will resolve once the given duration has + /// elapsed, starting at the time at which this function was called. + /// occured. + subscribe-duration: func( + when: duration, + ) -> pollable; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit b/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit new file mode 100644 index 0000000000..440ca0f336 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/wall-clock.wit @@ -0,0 +1,42 @@ +package wasi:clocks@0.2.0; +/// WASI Wall Clock is a clock API intended to let users query the current +/// time. The name "wall" makes an analogy to a "clock on the wall", which +/// is not necessarily monotonic as it may be reset. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A wall clock is a clock which measures the date and time according to +/// some external reference. +/// +/// External references may be reset, so this clock is not necessarily +/// monotonic, making it unsuitable for measuring elapsed time. +/// +/// It is intended for reporting the current date and time for humans. +interface wall-clock { + /// A time and date in seconds plus nanoseconds. + record datetime { + seconds: u64, + nanoseconds: u32, + } + + /// Read the current value of the clock. + /// + /// This clock is not monotonic, therefore calling this function repeatedly + /// will not necessarily produce a sequence of non-decreasing values. + /// + /// The returned timestamps represent the number of seconds since + /// 1970-01-01T00:00:00Z, also known as [POSIX's Seconds Since the Epoch], + /// also known as [Unix Time]. + /// + /// The nanoseconds field of the output is always less than 1000000000. + /// + /// [POSIX's Seconds Since the Epoch]: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html#tag_21_04_16 + /// [Unix Time]: https://en.wikipedia.org/wiki/Unix_time + now: func() -> datetime; + + /// Query the resolution of the clock. + /// + /// The nanoseconds field of the output is always less than 1000000000. + resolution: func() -> datetime; +} diff --git a/crates/build/tests/wit/cmd-full/deps/clocks/world.wit b/crates/build/tests/wit/cmd-full/deps/clocks/world.wit new file mode 100644 index 0000000000..c0224572a5 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/clocks/world.wit @@ -0,0 +1,6 @@ +package wasi:clocks@0.2.0; + +world imports { + import monotonic-clock; + import wall-clock; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit new file mode 100644 index 0000000000..da801f6d60 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/preopens.wit @@ -0,0 +1,8 @@ +package wasi:filesystem@0.2.0; + +interface preopens { + use types.{descriptor}; + + /// Return the set of preopened directories, and their path. + get-directories: func() -> list>; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit new file mode 100644 index 0000000000..11108fcda2 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/types.wit @@ -0,0 +1,634 @@ +package wasi:filesystem@0.2.0; +/// WASI filesystem is a filesystem API primarily intended to let users run WASI +/// programs that access their files on their existing filesystems, without +/// significant overhead. +/// +/// It is intended to be roughly portable between Unix-family platforms and +/// Windows, though it does not hide many of the major differences. +/// +/// Paths are passed as interface-type `string`s, meaning they must consist of +/// a sequence of Unicode Scalar Values (USVs). Some filesystems may contain +/// paths which are not accessible by this API. +/// +/// The directory separator in WASI is always the forward-slash (`/`). +/// +/// All paths in WASI are relative paths, and are interpreted relative to a +/// `descriptor` referring to a base directory. If a `path` argument to any WASI +/// function starts with `/`, or if any step of resolving a `path`, including +/// `..` and symbolic link steps, reaches a directory outside of the base +/// directory, or reaches a symlink to an absolute or rooted path in the +/// underlying filesystem, the function fails with `error-code::not-permitted`. +/// +/// For more information about WASI path resolution and sandboxing, see +/// [WASI filesystem path resolution]. +/// +/// [WASI filesystem path resolution]: https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md +interface types { + use wasi:io/streams@0.2.0.{input-stream, output-stream, error}; + use wasi:clocks/wall-clock@0.2.0.{datetime}; + + /// File size or length of a region within a file. + type filesize = u64; + + /// The type of a filesystem object referenced by a descriptor. + /// + /// Note: This was called `filetype` in earlier versions of WASI. + enum descriptor-type { + /// The type of the descriptor or file is unknown or is different from + /// any of the other types specified. + unknown, + /// The descriptor refers to a block device inode. + block-device, + /// The descriptor refers to a character device inode. + character-device, + /// The descriptor refers to a directory inode. + directory, + /// The descriptor refers to a named pipe. + fifo, + /// The file refers to a symbolic link inode. + symbolic-link, + /// The descriptor refers to a regular file inode. + regular-file, + /// The descriptor refers to a socket. + socket, + } + + /// Descriptor flags. + /// + /// Note: This was called `fdflags` in earlier versions of WASI. + flags descriptor-flags { + /// Read mode: Data can be read. + read, + /// Write mode: Data can be written to. + write, + /// Request that writes be performed according to synchronized I/O file + /// integrity completion. The data stored in the file and the file's + /// metadata are synchronized. This is similar to `O_SYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + file-integrity-sync, + /// Request that writes be performed according to synchronized I/O data + /// integrity completion. Only the data stored in the file is + /// synchronized. This is similar to `O_DSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + data-integrity-sync, + /// Requests that reads be performed at the same level of integrety + /// requested for writes. This is similar to `O_RSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + requested-write-sync, + /// Mutating directories mode: Directory contents may be mutated. + /// + /// When this flag is unset on a descriptor, operations using the + /// descriptor which would create, rename, delete, modify the data or + /// metadata of filesystem objects, or obtain another handle which + /// would permit any of those, shall fail with `error-code::read-only` if + /// they would otherwise succeed. + /// + /// This may only be set on directories. + mutate-directory, + } + + /// File attributes. + /// + /// Note: This was called `filestat` in earlier versions of WASI. + record descriptor-stat { + /// File type. + %type: descriptor-type, + /// Number of hard links to the file. + link-count: link-count, + /// For regular files, the file size in bytes. For symbolic links, the + /// length in bytes of the pathname contained in the symbolic link. + size: filesize, + /// Last data access timestamp. + /// + /// If the `option` is none, the platform doesn't maintain an access + /// timestamp for this file. + data-access-timestamp: option, + /// Last data modification timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// modification timestamp for this file. + data-modification-timestamp: option, + /// Last file status-change timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// status-change timestamp for this file. + status-change-timestamp: option, + } + + /// Flags determining the method of how paths are resolved. + flags path-flags { + /// As long as the resolved path corresponds to a symbolic link, it is + /// expanded. + symlink-follow, + } + + /// Open flags used by `open-at`. + flags open-flags { + /// Create file if it does not exist, similar to `O_CREAT` in POSIX. + create, + /// Fail if not a directory, similar to `O_DIRECTORY` in POSIX. + directory, + /// Fail if file already exists, similar to `O_EXCL` in POSIX. + exclusive, + /// Truncate file to size 0, similar to `O_TRUNC` in POSIX. + truncate, + } + + /// Number of hard links to an inode. + type link-count = u64; + + /// When setting a timestamp, this gives the value to set it to. + variant new-timestamp { + /// Leave the timestamp set to its previous value. + no-change, + /// Set the timestamp to the current time of the system clock associated + /// with the filesystem. + now, + /// Set the timestamp to the given value. + timestamp(datetime), + } + + /// A directory entry. + record directory-entry { + /// The type of the file referred to by this directory entry. + %type: descriptor-type, + + /// The name of the object. + name: string, + } + + /// Error codes returned by functions, similar to `errno` in POSIX. + /// Not all of these error codes are returned by the functions provided by this + /// API; some are used in higher-level library layers, and others are provided + /// merely for alignment with POSIX. + enum error-code { + /// Permission denied, similar to `EACCES` in POSIX. + access, + /// Resource unavailable, or operation would block, similar to `EAGAIN` and `EWOULDBLOCK` in POSIX. + would-block, + /// Connection already in progress, similar to `EALREADY` in POSIX. + already, + /// Bad descriptor, similar to `EBADF` in POSIX. + bad-descriptor, + /// Device or resource busy, similar to `EBUSY` in POSIX. + busy, + /// Resource deadlock would occur, similar to `EDEADLK` in POSIX. + deadlock, + /// Storage quota exceeded, similar to `EDQUOT` in POSIX. + quota, + /// File exists, similar to `EEXIST` in POSIX. + exist, + /// File too large, similar to `EFBIG` in POSIX. + file-too-large, + /// Illegal byte sequence, similar to `EILSEQ` in POSIX. + illegal-byte-sequence, + /// Operation in progress, similar to `EINPROGRESS` in POSIX. + in-progress, + /// Interrupted function, similar to `EINTR` in POSIX. + interrupted, + /// Invalid argument, similar to `EINVAL` in POSIX. + invalid, + /// I/O error, similar to `EIO` in POSIX. + io, + /// Is a directory, similar to `EISDIR` in POSIX. + is-directory, + /// Too many levels of symbolic links, similar to `ELOOP` in POSIX. + loop, + /// Too many links, similar to `EMLINK` in POSIX. + too-many-links, + /// Message too large, similar to `EMSGSIZE` in POSIX. + message-size, + /// Filename too long, similar to `ENAMETOOLONG` in POSIX. + name-too-long, + /// No such device, similar to `ENODEV` in POSIX. + no-device, + /// No such file or directory, similar to `ENOENT` in POSIX. + no-entry, + /// No locks available, similar to `ENOLCK` in POSIX. + no-lock, + /// Not enough space, similar to `ENOMEM` in POSIX. + insufficient-memory, + /// No space left on device, similar to `ENOSPC` in POSIX. + insufficient-space, + /// Not a directory or a symbolic link to a directory, similar to `ENOTDIR` in POSIX. + not-directory, + /// Directory not empty, similar to `ENOTEMPTY` in POSIX. + not-empty, + /// State not recoverable, similar to `ENOTRECOVERABLE` in POSIX. + not-recoverable, + /// Not supported, similar to `ENOTSUP` and `ENOSYS` in POSIX. + unsupported, + /// Inappropriate I/O control operation, similar to `ENOTTY` in POSIX. + no-tty, + /// No such device or address, similar to `ENXIO` in POSIX. + no-such-device, + /// Value too large to be stored in data type, similar to `EOVERFLOW` in POSIX. + overflow, + /// Operation not permitted, similar to `EPERM` in POSIX. + not-permitted, + /// Broken pipe, similar to `EPIPE` in POSIX. + pipe, + /// Read-only file system, similar to `EROFS` in POSIX. + read-only, + /// Invalid seek, similar to `ESPIPE` in POSIX. + invalid-seek, + /// Text file busy, similar to `ETXTBSY` in POSIX. + text-file-busy, + /// Cross-device link, similar to `EXDEV` in POSIX. + cross-device, + } + + /// File or memory access pattern advisory information. + enum advice { + /// The application has no advice to give on its behavior with respect + /// to the specified data. + normal, + /// The application expects to access the specified data sequentially + /// from lower offsets to higher offsets. + sequential, + /// The application expects to access the specified data in a random + /// order. + random, + /// The application expects to access the specified data in the near + /// future. + will-need, + /// The application expects that it will not access the specified data + /// in the near future. + dont-need, + /// The application expects to access the specified data once and then + /// not reuse it thereafter. + no-reuse, + } + + /// A 128-bit hash value, split into parts because wasm doesn't have a + /// 128-bit integer type. + record metadata-hash-value { + /// 64 bits of a 128-bit hash value. + lower: u64, + /// Another 64 bits of a 128-bit hash value. + upper: u64, + } + + /// A descriptor is a reference to a filesystem object, which may be a file, + /// directory, named pipe, special file, or other object on which filesystem + /// calls may be made. + resource descriptor { + /// Return a stream for reading from a file, if available. + /// + /// May fail with an error-code describing why the file cannot be read. + /// + /// Multiple read, write, and append streams may be active on the same open + /// file and they do not interfere with each other. + /// + /// Note: This allows using `read-stream`, which is similar to `read` in POSIX. + read-via-stream: func( + /// The offset within the file at which to start reading. + offset: filesize, + ) -> result; + + /// Return a stream for writing to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be written. + /// + /// Note: This allows using `write-stream`, which is similar to `write` in + /// POSIX. + write-via-stream: func( + /// The offset within the file at which to start writing. + offset: filesize, + ) -> result; + + /// Return a stream for appending to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be appended. + /// + /// Note: This allows using `write-stream`, which is similar to `write` with + /// `O_APPEND` in in POSIX. + append-via-stream: func() -> result; + + /// Provide file advisory information on a descriptor. + /// + /// This is similar to `posix_fadvise` in POSIX. + advise: func( + /// The offset within the file to which the advisory applies. + offset: filesize, + /// The length of the region to which the advisory applies. + length: filesize, + /// The advice. + advice: advice + ) -> result<_, error-code>; + + /// Synchronize the data of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fdatasync` in POSIX. + sync-data: func() -> result<_, error-code>; + + /// Get flags associated with a descriptor. + /// + /// Note: This returns similar flags to `fcntl(fd, F_GETFL)` in POSIX. + /// + /// Note: This returns the value that was the `fs_flags` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-flags: func() -> result; + + /// Get the dynamic type of a descriptor. + /// + /// Note: This returns the same value as the `type` field of the `fd-stat` + /// returned by `stat`, `stat-at` and similar. + /// + /// Note: This returns similar flags to the `st_mode & S_IFMT` value provided + /// by `fstat` in POSIX. + /// + /// Note: This returns the value that was the `fs_filetype` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-type: func() -> result; + + /// Adjust the size of an open file. If this increases the file's size, the + /// extra bytes are filled with zeros. + /// + /// Note: This was called `fd_filestat_set_size` in earlier versions of WASI. + set-size: func(size: filesize) -> result<_, error-code>; + + /// Adjust the timestamps of an open file or directory. + /// + /// Note: This is similar to `futimens` in POSIX. + /// + /// Note: This was called `fd_filestat_set_times` in earlier versions of WASI. + set-times: func( + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Read from a descriptor, without using and updating the descriptor's offset. + /// + /// This function returns a list of bytes containing the data that was + /// read, along with a bool which, when true, indicates that the end of the + /// file was reached. The returned list will contain up to `length` bytes; it + /// may return fewer than requested, if the end of the file is reached or + /// if the I/O operation is interrupted. + /// + /// In the future, this may change to return a `stream`. + /// + /// Note: This is similar to `pread` in POSIX. + read: func( + /// The maximum number of bytes to read. + length: filesize, + /// The offset within the file at which to read. + offset: filesize, + ) -> result, bool>, error-code>; + + /// Write to a descriptor, without using and updating the descriptor's offset. + /// + /// It is valid to write past the end of a file; the file is extended to the + /// extent of the write, with bytes between the previous end and the start of + /// the write set to zero. + /// + /// In the future, this may change to take a `stream`. + /// + /// Note: This is similar to `pwrite` in POSIX. + write: func( + /// Data to write + buffer: list, + /// The offset within the file at which to write. + offset: filesize, + ) -> result; + + /// Read directory entries from a directory. + /// + /// On filesystems where directories contain entries referring to themselves + /// and their parents, often named `.` and `..` respectively, these entries + /// are omitted. + /// + /// This always returns a new stream which starts at the beginning of the + /// directory. Multiple streams may be active on the same directory, and they + /// do not interfere with each other. + read-directory: func() -> result; + + /// Synchronize the data and metadata of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fsync` in POSIX. + sync: func() -> result<_, error-code>; + + /// Create a directory. + /// + /// Note: This is similar to `mkdirat` in POSIX. + create-directory-at: func( + /// The relative path at which to create the directory. + path: string, + ) -> result<_, error-code>; + + /// Return the attributes of an open file or directory. + /// + /// Note: This is similar to `fstat` in POSIX, except that it does not return + /// device and inode information. For testing whether two descriptors refer to + /// the same underlying filesystem object, use `is-same-object`. To obtain + /// additional data that can be used do determine whether a file has been + /// modified, use `metadata-hash`. + /// + /// Note: This was called `fd_filestat_get` in earlier versions of WASI. + stat: func() -> result; + + /// Return the attributes of a file or directory. + /// + /// Note: This is similar to `fstatat` in POSIX, except that it does not + /// return device and inode information. See the `stat` description for a + /// discussion of alternatives. + /// + /// Note: This was called `path_filestat_get` in earlier versions of WASI. + stat-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + + /// Adjust the timestamps of a file or directory. + /// + /// Note: This is similar to `utimensat` in POSIX. + /// + /// Note: This was called `path_filestat_set_times` in earlier versions of + /// WASI. + set-times-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to operate on. + path: string, + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Create a hard link. + /// + /// Note: This is similar to `linkat` in POSIX. + link-at: func( + /// Flags determining the method of how the path is resolved. + old-path-flags: path-flags, + /// The relative source path from which to link. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path at which to create the hard link. + new-path: string, + ) -> result<_, error-code>; + + /// Open a file or directory. + /// + /// The returned descriptor is not guaranteed to be the lowest-numbered + /// descriptor not currently open/ it is randomized to prevent applications + /// from depending on making assumptions about indexes, since this is + /// error-prone in multi-threaded contexts. The returned descriptor is + /// guaranteed to be less than 2**31. + /// + /// If `flags` contains `descriptor-flags::mutate-directory`, and the base + /// descriptor doesn't have `descriptor-flags::mutate-directory` set, + /// `open-at` fails with `error-code::read-only`. + /// + /// If `flags` contains `write` or `mutate-directory`, or `open-flags` + /// contains `truncate` or `create`, and the base descriptor doesn't have + /// `descriptor-flags::mutate-directory` set, `open-at` fails with + /// `error-code::read-only`. + /// + /// Note: This is similar to `openat` in POSIX. + open-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the object to open. + path: string, + /// The method by which to open the file. + open-flags: open-flags, + /// Flags to use for the resulting descriptor. + %flags: descriptor-flags, + ) -> result; + + /// Read the contents of a symbolic link. + /// + /// If the contents contain an absolute or rooted path in the underlying + /// filesystem, this function fails with `error-code::not-permitted`. + /// + /// Note: This is similar to `readlinkat` in POSIX. + readlink-at: func( + /// The relative path of the symbolic link from which to read. + path: string, + ) -> result; + + /// Remove a directory. + /// + /// Return `error-code::not-empty` if the directory is not empty. + /// + /// Note: This is similar to `unlinkat(fd, path, AT_REMOVEDIR)` in POSIX. + remove-directory-at: func( + /// The relative path to a directory to remove. + path: string, + ) -> result<_, error-code>; + + /// Rename a filesystem object. + /// + /// Note: This is similar to `renameat` in POSIX. + rename-at: func( + /// The relative source path of the file or directory to rename. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path to which to rename the file or directory. + new-path: string, + ) -> result<_, error-code>; + + /// Create a symbolic link (also known as a "symlink"). + /// + /// If `old-path` starts with `/`, the function fails with + /// `error-code::not-permitted`. + /// + /// Note: This is similar to `symlinkat` in POSIX. + symlink-at: func( + /// The contents of the symbolic link. + old-path: string, + /// The relative destination path at which to create the symbolic link. + new-path: string, + ) -> result<_, error-code>; + + /// Unlink a filesystem object that is not a directory. + /// + /// Return `error-code::is-directory` if the path refers to a directory. + /// Note: This is similar to `unlinkat(fd, path, 0)` in POSIX. + unlink-file-at: func( + /// The relative path to a file to unlink. + path: string, + ) -> result<_, error-code>; + + /// Test whether two descriptors refer to the same filesystem object. + /// + /// In POSIX, this corresponds to testing whether the two descriptors have the + /// same device (`st_dev`) and inode (`st_ino` or `d_ino`) numbers. + /// wasi-filesystem does not expose device and inode numbers, so this function + /// may be used instead. + is-same-object: func(other: borrow) -> bool; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a descriptor. + /// + /// This returns a hash of the last-modification timestamp and file size, and + /// may also include the inode number, device number, birth timestamp, and + /// other metadata fields that may change when the file is modified or + /// replaced. It may also include a secret value chosen by the + /// implementation and not otherwise exposed. + /// + /// Implementations are encourated to provide the following properties: + /// + /// - If the file is not modified or replaced, the computed hash value should + /// usually not change. + /// - If the object is modified or replaced, the computed hash value should + /// usually change. + /// - The inputs to the hash should not be easily computable from the + /// computed hash. + /// + /// However, none of these is required. + metadata-hash: func() -> result; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a directory descriptor and a relative path. + /// + /// This performs the same hash computation as `metadata-hash`. + metadata-hash-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + } + + /// A stream of directory entries. + resource directory-entry-stream { + /// Read a single directory entry from a `directory-entry-stream`. + read-directory-entry: func() -> result, error-code>; + } + + /// Attempts to extract a filesystem-related `error-code` from the stream + /// `error` provided. + /// + /// Stream operations which return `stream-error::last-operation-failed` + /// have a payload with more information about the operation that failed. + /// This payload can be passed through to this function to see if there's + /// filesystem-related information about the error to return. + /// + /// Note that this function is fallible because not all stream-related + /// errors are filesystem-related errors. + filesystem-error-code: func(err: borrow) -> option; +} diff --git a/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit b/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit new file mode 100644 index 0000000000..663f57920d --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/filesystem/world.wit @@ -0,0 +1,6 @@ +package wasi:filesystem@0.2.0; + +world imports { + import types; + import preopens; +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/error.wit b/crates/build/tests/wit/cmd-full/deps/io/error.wit new file mode 100644 index 0000000000..22e5b64894 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/error.wit @@ -0,0 +1,34 @@ +package wasi:io@0.2.0; + + +interface error { + /// A resource which represents some error information. + /// + /// The only method provided by this resource is `to-debug-string`, + /// which provides some human-readable information about the error. + /// + /// In the `wasi:io` package, this resource is returned through the + /// `wasi:io/streams/stream-error` type. + /// + /// To provide more specific error information, other interfaces may + /// provide functions to further "downcast" this error into more specific + /// error information. For example, `error`s returned in streams derived + /// from filesystem types to be described using the filesystem's own + /// error-code type, using the function + /// `wasi:filesystem/types/filesystem-error-code`, which takes a parameter + /// `borrow` and returns + /// `option`. + /// + /// The set of functions which can "downcast" an `error` into a more + /// concrete type is open. + resource error { + /// Returns a string that is suitable to assist humans in debugging + /// this error. + /// + /// WARNING: The returned string should not be consumed mechanically! + /// It may change across platforms, hosts, or other implementation + /// details. Parsing this string is a major platform-compatibility + /// hazard. + to-debug-string: func() -> string; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/poll.wit b/crates/build/tests/wit/cmd-full/deps/io/poll.wit new file mode 100644 index 0000000000..ddc67f8b7a --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/poll.wit @@ -0,0 +1,41 @@ +package wasi:io@0.2.0; + +/// A poll API intended to let users wait for I/O events on multiple handles +/// at once. +interface poll { + /// `pollable` represents a single I/O event which may be ready, or not. + resource pollable { + + /// Return the readiness of a pollable. This function never blocks. + /// + /// Returns `true` when the pollable is ready, and `false` otherwise. + ready: func() -> bool; + + /// `block` returns immediately if the pollable is ready, and otherwise + /// blocks until ready. + /// + /// This function is equivalent to calling `poll.poll` on a list + /// containing only this pollable. + block: func(); + } + + /// Poll for completion on a set of pollables. + /// + /// This function takes a list of pollables, which identify I/O sources of + /// interest, and waits until one or more of the events is ready for I/O. + /// + /// The result `list` contains one or more indices of handles in the + /// argument list that is ready for I/O. + /// + /// If the list contains more elements than can be indexed with a `u32` + /// value, this function traps. + /// + /// A timeout can be implemented by adding a pollable from the + /// wasi-clocks API to the list. + /// + /// This function does not return a `result`; polling in itself does not + /// do any I/O so it doesn't fail. If any of the I/O sources identified by + /// the pollables has an error, it is indicated by marking the source as + /// being reaedy for I/O. + poll: func(in: list>) -> list; +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/streams.wit b/crates/build/tests/wit/cmd-full/deps/io/streams.wit new file mode 100644 index 0000000000..6d2f871e3b --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/streams.wit @@ -0,0 +1,262 @@ +package wasi:io@0.2.0; + +/// WASI I/O is an I/O abstraction API which is currently focused on providing +/// stream types. +/// +/// In the future, the component model is expected to add built-in stream types; +/// when it does, they are expected to subsume this API. +interface streams { + use error.{error}; + use poll.{pollable}; + + /// An error for input-stream and output-stream operations. + variant stream-error { + /// The last operation (a write or flush) failed before completion. + /// + /// More information is available in the `error` payload. + last-operation-failed(error), + /// The stream is closed: no more input will be accepted by the + /// stream. A closed output-stream will return this error on all + /// future operations. + closed + } + + /// An input bytestream. + /// + /// `input-stream`s are *non-blocking* to the extent practical on underlying + /// platforms. I/O operations always return promptly; if fewer bytes are + /// promptly available than requested, they return the number of bytes promptly + /// available, which could even be zero. To wait for data to be available, + /// use the `subscribe` function to obtain a `pollable` which can be polled + /// for using `wasi:io/poll`. + resource input-stream { + /// Perform a non-blocking read from the stream. + /// + /// When the source of a `read` is binary data, the bytes from the source + /// are returned verbatim. When the source of a `read` is known to the + /// implementation to be text, bytes containing the UTF-8 encoding of the + /// text are returned. + /// + /// This function returns a list of bytes containing the read data, + /// when successful. The returned list will contain up to `len` bytes; + /// it may return fewer than requested, but not more. The list is + /// empty when no bytes are available for reading at this time. The + /// pollable given by `subscribe` will be ready when more bytes are + /// available. + /// + /// This function fails with a `stream-error` when the operation + /// encounters an error, giving `last-operation-failed`, or when the + /// stream is closed, giving `closed`. + /// + /// When the caller gives a `len` of 0, it represents a request to + /// read 0 bytes. If the stream is still open, this call should + /// succeed and return an empty list, or otherwise fail with `closed`. + /// + /// The `len` parameter is a `u64`, which could represent a list of u8 which + /// is not possible to allocate in wasm32, or not desirable to allocate as + /// as a return value by the callee. The callee may return a list of bytes + /// less than `len` in size while more bytes are available for reading. + read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Read bytes from a stream, after blocking until at least one byte can + /// be read. Except for blocking, behavior is identical to `read`. + blocking-read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Skip bytes from a stream. Returns number of bytes skipped. + /// + /// Behaves identical to `read`, except instead of returning a list + /// of bytes, returns the number of bytes consumed from the stream. + skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Skip bytes from a stream, after blocking until at least one byte + /// can be skipped. Except for blocking behavior, identical to `skip`. + blocking-skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Create a `pollable` which will resolve once either the specified stream + /// has bytes available to read or the other end of the stream has been + /// closed. + /// The created `pollable` is a child resource of the `input-stream`. + /// Implementations may trap if the `input-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + } + + + /// An output bytestream. + /// + /// `output-stream`s are *non-blocking* to the extent practical on + /// underlying platforms. Except where specified otherwise, I/O operations also + /// always return promptly, after the number of bytes that can be written + /// promptly, which could even be zero. To wait for the stream to be ready to + /// accept data, the `subscribe` function to obtain a `pollable` which can be + /// polled for using `wasi:io/poll`. + resource output-stream { + /// Check readiness for writing. This function never blocks. + /// + /// Returns the number of bytes permitted for the next call to `write`, + /// or an error. Calling `write` with more bytes than this function has + /// permitted will trap. + /// + /// When this function returns 0 bytes, the `subscribe` pollable will + /// become ready when this function will report at least 1 byte, or an + /// error. + check-write: func() -> result; + + /// Perform a write. This function never blocks. + /// + /// When the destination of a `write` is binary data, the bytes from + /// `contents` are written verbatim. When the destination of a `write` is + /// known to the implementation to be text, the bytes of `contents` are + /// transcoded from UTF-8 into the encoding of the destination and then + /// written. + /// + /// Precondition: check-write gave permit of Ok(n) and contents has a + /// length of less than or equal to n. Otherwise, this function will trap. + /// + /// returns Err(closed) without writing if the stream has closed since + /// the last call to check-write provided a permit. + write: func( + contents: list + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 bytes, and then flush the stream. Block + /// until all of these operations are complete, or an error occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write`, and `flush`, and is implemented with the + /// following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while !contents.is_empty() { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, contents.len()); + /// let (chunk, rest) = contents.split_at(len); + /// this.write(chunk ); // eliding error handling + /// contents = rest; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-and-flush: func( + contents: list + ) -> result<_, stream-error>; + + /// Request to flush buffered output. This function never blocks. + /// + /// This tells the output-stream that the caller intends any buffered + /// output to be flushed. the output which is expected to be flushed + /// is all that has been passed to `write` prior to this call. + /// + /// Upon calling this function, the `output-stream` will not accept any + /// writes (`check-write` will return `ok(0)`) until the flush has + /// completed. The `subscribe` pollable will become ready when the + /// flush has completed and the stream can accept more writes. + flush: func() -> result<_, stream-error>; + + /// Request to flush buffered output, and block until flush completes + /// and stream is ready for writing again. + blocking-flush: func() -> result<_, stream-error>; + + /// Create a `pollable` which will resolve once the output-stream + /// is ready for more writing, or an error has occured. When this + /// pollable is ready, `check-write` will return `ok(n)` with n>0, or an + /// error. + /// + /// If the stream is closed, this pollable is always ready immediately. + /// + /// The created `pollable` is a child resource of the `output-stream`. + /// Implementations may trap if the `output-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + + /// Write zeroes to a stream. + /// + /// This should be used precisely like `write` with the exact same + /// preconditions (must use check-write first), but instead of + /// passing a list of bytes, you simply pass the number of zero-bytes + /// that should be written. + write-zeroes: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 zeroes, and then flush the stream. + /// Block until all of these operations are complete, or an error + /// occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write-zeroes`, and `flush`, and is implemented with + /// the following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while num_zeroes != 0 { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, num_zeroes); + /// this.write-zeroes(len); // eliding error handling + /// num_zeroes -= len; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-zeroes-and-flush: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Read from one stream and write to another. + /// + /// The behavior of splice is equivelant to: + /// 1. calling `check-write` on the `output-stream` + /// 2. calling `read` on the `input-stream` with the smaller of the + /// `check-write` permitted length and the `len` provided to `splice` + /// 3. calling `write` on the `output-stream` with that read data. + /// + /// Any error reported by the call to `check-write`, `read`, or + /// `write` ends the splice and reports that error. + /// + /// This function returns the number of bytes transferred; it may be less + /// than `len`. + splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + + /// Read from one stream and write to another, with blocking. + /// + /// This is similar to `splice`, except that it blocks until the + /// `output-stream` is ready for writing, and the `input-stream` + /// is ready for reading, before performing the `splice`. + blocking-splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/io/world.wit b/crates/build/tests/wit/cmd-full/deps/io/world.wit new file mode 100644 index 0000000000..5f0b43fe50 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/io/world.wit @@ -0,0 +1,6 @@ +package wasi:io@0.2.0; + +world imports { + import streams; + import poll; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit b/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit new file mode 100644 index 0000000000..47210ac6bd --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/insecure-seed.wit @@ -0,0 +1,25 @@ +package wasi:random@0.2.0; +/// The insecure-seed interface for seeding hash-map DoS resistance. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure-seed { + /// Return a 128-bit value that may contain a pseudo-random value. + /// + /// The returned value is not required to be computed from a CSPRNG, and may + /// even be entirely deterministic. Host implementations are encouraged to + /// provide pseudo-random values to any program exposed to + /// attacker-controlled content, to enable DoS protection built into many + /// languages' hash-map implementations. + /// + /// This function is intended to only be called once, by a source language + /// to initialize Denial Of Service (DoS) protection in its hash-map + /// implementation. + /// + /// # Expected future evolution + /// + /// This will likely be changed to a value import, to prevent it from being + /// called multiple times and potentially used for purposes other than DoS + /// protection. + insecure-seed: func() -> tuple; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/insecure.wit b/crates/build/tests/wit/cmd-full/deps/random/insecure.wit new file mode 100644 index 0000000000..c58f4ee852 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/insecure.wit @@ -0,0 +1,22 @@ +package wasi:random@0.2.0; +/// The insecure interface for insecure pseudo-random numbers. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure { + /// Return `len` insecure pseudo-random bytes. + /// + /// This function is not cryptographically secure. Do not use it for + /// anything related to security. + /// + /// There are no requirements on the values of the returned bytes, however + /// implementations are encouraged to return evenly distributed values with + /// a long period. + get-insecure-random-bytes: func(len: u64) -> list; + + /// Return an insecure pseudo-random `u64` value. + /// + /// This function returns the same type of pseudo-random data as + /// `get-insecure-random-bytes`, represented as a `u64`. + get-insecure-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/random.wit b/crates/build/tests/wit/cmd-full/deps/random/random.wit new file mode 100644 index 0000000000..0c017f0934 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/random.wit @@ -0,0 +1,26 @@ +package wasi:random@0.2.0; +/// WASI Random is a random data API. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface random { + /// Return `len` cryptographically-secure random or pseudo-random bytes. + /// + /// This function must produce data at least as cryptographically secure and + /// fast as an adequately seeded cryptographically-secure pseudo-random + /// number generator (CSPRNG). It must not block, from the perspective of + /// the calling program, under any circumstances, including on the first + /// request and on requests for numbers of bytes. The returned data must + /// always be unpredictable. + /// + /// This function must always return fresh data. Deterministic environments + /// must omit this function, rather than implementing it with deterministic + /// data. + get-random-bytes: func(len: u64) -> list; + + /// Return a cryptographically-secure random or pseudo-random `u64` value. + /// + /// This function returns the same type of data as `get-random-bytes`, + /// represented as a `u64`. + get-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-full/deps/random/world.wit b/crates/build/tests/wit/cmd-full/deps/random/world.wit new file mode 100644 index 0000000000..3da34914a4 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/random/world.wit @@ -0,0 +1,7 @@ +package wasi:random@0.2.0; + +world imports { + import random; + import insecure; + import insecure-seed; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit b/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit new file mode 100644 index 0000000000..e455d0ff7b --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/instance-network.wit @@ -0,0 +1,9 @@ + +/// This interface provides a value-export of the default network handle.. +interface instance-network { + use network.{network}; + + /// Get a handle to the default network. + instance-network: func() -> network; + +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit b/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit new file mode 100644 index 0000000000..8e639ec596 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/ip-name-lookup.wit @@ -0,0 +1,51 @@ + +interface ip-name-lookup { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-address}; + + + /// Resolve an internet host name to a list of IP addresses. + /// + /// Unicode domain names are automatically converted to ASCII using IDNA encoding. + /// If the input is an IP address string, the address is parsed and returned + /// as-is without making any external requests. + /// + /// See the wasi-socket proposal README.md for a comparison with getaddrinfo. + /// + /// This function never blocks. It either immediately fails or immediately + /// returns successfully with a `resolve-address-stream` that can be used + /// to (asynchronously) fetch the results. + /// + /// # Typical errors + /// - `invalid-argument`: `name` is a syntactically invalid domain name or IP address. + /// + /// # References: + /// - + /// - + /// - + /// - + resolve-addresses: func(network: borrow, name: string) -> result; + + resource resolve-address-stream { + /// Returns the next address from the resolver. + /// + /// This function should be called multiple times. On each call, it will + /// return the next address in connection order preference. If all + /// addresses have been exhausted, this function returns `none`. + /// + /// This function never returns IPv4-mapped IPv6 addresses. + /// + /// # Typical errors + /// - `name-unresolvable`: Name does not exist or has no suitable associated IP addresses. (EAI_NONAME, EAI_NODATA, EAI_ADDRFAMILY) + /// - `temporary-resolver-failure`: A temporary failure in name resolution occurred. (EAI_AGAIN) + /// - `permanent-resolver-failure`: A permanent failure in name resolution occurred. (EAI_FAIL) + /// - `would-block`: A result is not available yet. (EWOULDBLOCK, EAGAIN) + resolve-next-address: func() -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/network.wit b/crates/build/tests/wit/cmd-full/deps/sockets/network.wit new file mode 100644 index 0000000000..9cadf0650a --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/network.wit @@ -0,0 +1,145 @@ + +interface network { + /// An opaque resource that represents access to (a subset of) the network. + /// This enables context-based security for networking. + /// There is no need for this to map 1:1 to a physical network interface. + resource network; + + /// Error codes. + /// + /// In theory, every API can return any error code. + /// In practice, API's typically only return the errors documented per API + /// combined with a couple of errors that are always possible: + /// - `unknown` + /// - `access-denied` + /// - `not-supported` + /// - `out-of-memory` + /// - `concurrency-conflict` + /// + /// See each individual API for what the POSIX equivalents are. They sometimes differ per API. + enum error-code { + /// Unknown error + unknown, + + /// Access denied. + /// + /// POSIX equivalent: EACCES, EPERM + access-denied, + + /// The operation is not supported. + /// + /// POSIX equivalent: EOPNOTSUPP + not-supported, + + /// One of the arguments is invalid. + /// + /// POSIX equivalent: EINVAL + invalid-argument, + + /// Not enough memory to complete the operation. + /// + /// POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY + out-of-memory, + + /// The operation timed out before it could finish completely. + timeout, + + /// This operation is incompatible with another asynchronous operation that is already in progress. + /// + /// POSIX equivalent: EALREADY + concurrency-conflict, + + /// Trying to finish an asynchronous operation that: + /// - has not been started yet, or: + /// - was already finished by a previous `finish-*` call. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + not-in-progress, + + /// The operation has been aborted because it could not be completed immediately. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + would-block, + + + /// The operation is not valid in the socket's current state. + invalid-state, + + /// A new socket resource could not be created because of a system limit. + new-socket-limit, + + /// A bind operation failed because the provided address is not an address that the `network` can bind to. + address-not-bindable, + + /// A bind operation failed because the provided address is already in use or because there are no ephemeral ports available. + address-in-use, + + /// The remote address is not reachable + remote-unreachable, + + + /// The TCP connection was forcefully rejected + connection-refused, + + /// The TCP connection was reset. + connection-reset, + + /// A TCP connection was aborted. + connection-aborted, + + + /// The size of a datagram sent to a UDP socket exceeded the maximum + /// supported size. + datagram-too-large, + + + /// Name does not exist or has no suitable associated IP addresses. + name-unresolvable, + + /// A temporary failure in name resolution occurred. + temporary-resolver-failure, + + /// A permanent failure in name resolution occurred. + permanent-resolver-failure, + } + + enum ip-address-family { + /// Similar to `AF_INET` in POSIX. + ipv4, + + /// Similar to `AF_INET6` in POSIX. + ipv6, + } + + type ipv4-address = tuple; + type ipv6-address = tuple; + + variant ip-address { + ipv4(ipv4-address), + ipv6(ipv6-address), + } + + record ipv4-socket-address { + /// sin_port + port: u16, + /// sin_addr + address: ipv4-address, + } + + record ipv6-socket-address { + /// sin6_port + port: u16, + /// sin6_flowinfo + flow-info: u32, + /// sin6_addr + address: ipv6-address, + /// sin6_scope_id + scope-id: u32, + } + + variant ip-socket-address { + ipv4(ipv4-socket-address), + ipv6(ipv6-socket-address), + } + +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit b/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit new file mode 100644 index 0000000000..c7ddf1f228 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/tcp-create-socket.wit @@ -0,0 +1,27 @@ + +interface tcp-create-socket { + use network.{network, error-code, ip-address-family}; + use tcp.{tcp-socket}; + + /// Create a new TCP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_STREAM, IPPROTO_TCP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`connect` + /// is called, the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + create-tcp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit b/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit new file mode 100644 index 0000000000..5902b9ee05 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/tcp.wit @@ -0,0 +1,353 @@ + +interface tcp { + use wasi:io/streams@0.2.0.{input-stream, output-stream}; + use wasi:io/poll@0.2.0.{pollable}; + use wasi:clocks/monotonic-clock@0.2.0.{duration}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + enum shutdown-type { + /// Similar to `SHUT_RD` in POSIX. + receive, + + /// Similar to `SHUT_WR` in POSIX. + send, + + /// Similar to `SHUT_RDWR` in POSIX. + both, + } + + /// A TCP socket resource. + /// + /// The socket can be in one of the following states: + /// - `unbound` + /// - `bind-in-progress` + /// - `bound` (See note below) + /// - `listen-in-progress` + /// - `listening` + /// - `connect-in-progress` + /// - `connected` + /// - `closed` + /// See + /// for a more information. + /// + /// Note: Except where explicitly mentioned, whenever this documentation uses + /// the term "bound" without backticks it actually means: in the `bound` state *or higher*. + /// (i.e. `bound`, `listen-in-progress`, `listening`, `connect-in-progress` or `connected`) + /// + /// In addition to the general error codes documented on the + /// `network::error-code` type, TCP socket methods may always return + /// `error(invalid-state)` when in the `closed` state. + resource tcp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the TCP/UDP port is zero, the socket will be bound to a random free port. + /// + /// Bind can be attempted multiple times on the same socket, even with + /// different arguments on each iteration. But never concurrently and + /// only as long as the previous bind failed. Once a bind succeeds, the + /// binding can't be changed anymore. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-argument`: `local-address` is not a unicast address. (EINVAL) + /// - `invalid-argument`: `local-address` is an IPv4-mapped IPv6 address. (EINVAL) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// When binding to a non-zero port, this bind operation shouldn't be affected by the TIME_WAIT + /// state of a recently closed socket on the same local address. In practice this means that the SO_REUSEADDR + /// socket option should be set implicitly on all platforms, except on Windows where this is the default behavior + /// and SO_REUSEADDR performs something different entirely. + /// + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Connect to a remote endpoint. + /// + /// On success: + /// - the socket is transitioned into the `connection` state. + /// - a pair of streams is returned that can be used to read & write to the connection + /// + /// After a failed connection attempt, the socket will be in the `closed` + /// state and the only valid action left is to `drop` the socket. A single + /// socket can not be used to connect more than once. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: `remote-address` is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS) + /// - `invalid-argument`: `remote-address` is an IPv4-mapped IPv6 address. (EINVAL, EADDRNOTAVAIL on Illumos) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`. + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN) + /// - `invalid-state`: The socket is already in the `listening` state. (EOPNOTSUPP, EINVAL on Windows) + /// - `timeout`: Connection timed out. (ETIMEDOUT) + /// - `connection-refused`: The connection was forcefully rejected. (ECONNREFUSED) + /// - `connection-reset`: The connection was reset. (ECONNRESET) + /// - `connection-aborted`: The connection was aborted. (ECONNABORTED) + /// - `remote-unreachable`: The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `not-in-progress`: A connect operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// The POSIX equivalent of `start-connect` is the regular `connect` syscall. + /// Because all WASI sockets are non-blocking this is expected to return + /// EINPROGRESS, which should be translated to `ok()` in WASI. + /// + /// The POSIX equivalent of `finish-connect` is a `poll` for event `POLLOUT` + /// with a timeout of 0 on the socket descriptor. Followed by a check for + /// the `SO_ERROR` socket option, in case the poll signaled readiness. + /// + /// # References + /// - + /// - + /// - + /// - + start-connect: func(network: borrow, remote-address: ip-socket-address) -> result<_, error-code>; + finish-connect: func() -> result, error-code>; + + /// Start listening for new connections. + /// + /// Transitions the socket into the `listening` state. + /// + /// Unlike POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. (EDESTADDRREQ) + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN, EINVAL on BSD) + /// - `invalid-state`: The socket is already in the `listening` state. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE) + /// - `not-in-progress`: A listen operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the listen operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `listen` as part of either `start-listen` or `finish-listen`. + /// + /// # References + /// - + /// - + /// - + /// - + start-listen: func() -> result<_, error-code>; + finish-listen: func() -> result<_, error-code>; + + /// Accept a new client socket. + /// + /// The returned socket is bound and in the `connected` state. The following properties are inherited from the listener socket: + /// - `address-family` + /// - `keep-alive-enabled` + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// - `hop-limit` + /// - `receive-buffer-size` + /// - `send-buffer-size` + /// + /// On success, this function returns the newly accepted client socket along with + /// a pair of streams that can be used to read & write to the connection. + /// + /// # Typical errors + /// - `invalid-state`: Socket is not in the `listening` state. (EINVAL) + /// - `would-block`: No pending connections at the moment. (EWOULDBLOCK, EAGAIN) + /// - `connection-aborted`: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + accept: func() -> result, error-code>; + + /// Get the bound local address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the remote address. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not connected to a remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether the socket is in the `listening` state. + /// + /// Equivalent to the SO_ACCEPTCONN socket option. + is-listening: func() -> bool; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Hints the desired listen queue size. Implementations are free to ignore this. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// + /// # Typical errors + /// - `not-supported`: (set) The platform does not support changing the backlog size after the initial listen. + /// - `invalid-argument`: (set) The provided value was 0. + /// - `invalid-state`: (set) The socket is in the `connect-in-progress` or `connected` state. + set-listen-backlog-size: func(value: u64) -> result<_, error-code>; + + /// Enables or disables keepalive. + /// + /// The keepalive behavior can be adjusted using: + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// These properties can be configured while `keep-alive-enabled` is false, but only come into effect when `keep-alive-enabled` is true. + /// + /// Equivalent to the SO_KEEPALIVE socket option. + keep-alive-enabled: func() -> result; + set-keep-alive-enabled: func(value: bool) -> result<_, error-code>; + + /// Amount of time the connection has to be idle before TCP starts sending keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS) + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-idle-time: func() -> result; + set-keep-alive-idle-time: func(value: duration) -> result<_, error-code>; + + /// The time between keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPINTVL socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-interval: func() -> result; + set-keep-alive-interval: func(value: duration) -> result<_, error-code>; + + /// The maximum amount of keepalive packets TCP should send before aborting the connection. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPCNT socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-count: func() -> result; + set-keep-alive-count: func(value: u32) -> result<_, error-code>; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + hop-limit: func() -> result; + set-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which can be used to poll for, or block on, + /// completion of any of the asynchronous operations of this socket. + /// + /// When `finish-bind`, `finish-listen`, `finish-connect` or `accept` + /// return `error(would-block)`, this pollable can be used to wait for + /// their success or failure, after which the method can be retried. + /// + /// The pollable is not limited to the async operation that happens to be + /// in progress at the time of calling `subscribe` (if any). Theoretically, + /// `subscribe` only has to be called once per socket and can then be + /// (re)used for the remainder of the socket's lifetime. + /// + /// See + /// for a more information. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + + /// Initiate a graceful shutdown. + /// + /// - `receive`: The socket is not expecting to receive any data from + /// the peer. The `input-stream` associated with this socket will be + /// closed. Any data still in the receive queue at time of calling + /// this method will be discarded. + /// - `send`: The socket has no more data to send to the peer. The `output-stream` + /// associated with this socket will be closed and a FIN packet will be sent. + /// - `both`: Same effect as `receive` & `send` combined. + /// + /// This function is idempotent. Shutting a down a direction more than once + /// has no effect and returns `ok`. + /// + /// The shutdown function does not close (drop) the socket. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not in the `connected` state. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + shutdown: func(shutdown-type: shutdown-type) -> result<_, error-code>; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit b/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit new file mode 100644 index 0000000000..0482d1fe73 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/udp-create-socket.wit @@ -0,0 +1,27 @@ + +interface udp-create-socket { + use network.{network, error-code, ip-address-family}; + use udp.{udp-socket}; + + /// Create a new UDP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind` is called, + /// the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References: + /// - + /// - + /// - + /// - + create-udp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit b/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit new file mode 100644 index 0000000000..d987a0a908 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/udp.wit @@ -0,0 +1,266 @@ + +interface udp { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + /// A received datagram. + record incoming-datagram { + /// The payload. + /// + /// Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes. + data: list, + + /// The source address. + /// + /// This field is guaranteed to match the remote address the stream was initialized with, if any. + /// + /// Equivalent to the `src_addr` out parameter of `recvfrom`. + remote-address: ip-socket-address, + } + + /// A datagram to be sent out. + record outgoing-datagram { + /// The payload. + data: list, + + /// The destination address. + /// + /// The requirements on this field depend on how the stream was initialized: + /// - with a remote address: this field must be None or match the stream's remote address exactly. + /// - without a remote address: this field is required. + /// + /// If this value is None, the send operation is equivalent to `send` in POSIX. Otherwise it is equivalent to `sendto`. + remote-address: option, + } + + + + /// A UDP socket handle. + resource udp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the port is zero, the socket will be bound to a random free port. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Set up inbound & outbound communication channels, optionally to a specific peer. + /// + /// This function only changes the local socket configuration and does not generate any network traffic. + /// On success, the `remote-address` of the socket is updated. The `local-address` may be updated as well, + /// based on the best network path to `remote-address`. + /// + /// When a `remote-address` is provided, the returned streams are limited to communicating with that specific peer: + /// - `send` can only be used to send to this destination. + /// - `receive` will only return datagrams sent from the provided `remote-address`. + /// + /// This method may be called multiple times on the same socket to change its association, but + /// only the most recently returned pair of streams will be operational. Implementations may trap if + /// the streams returned by a previous invocation haven't been dropped yet before calling `stream` again. + /// + /// The POSIX equivalent in pseudo-code is: + /// ```text + /// if (was previously connected) { + /// connect(s, AF_UNSPEC) + /// } + /// if (remote_address is Some) { + /// connect(s, remote_address) + /// } + /// ``` + /// + /// Unlike in POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-state`: The socket is not bound. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + %stream: func(remote-address: option) -> result, error-code>; + + /// Get the current bound address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the address the socket is currently streaming to. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not streaming to a specific remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + unicast-hop-limit: func() -> result; + set-unicast-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which will resolve once the socket is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource incoming-datagram-stream { + /// Receive messages on the socket. + /// + /// This function attempts to receive up to `max-results` datagrams on the socket without blocking. + /// The returned list may contain fewer elements than requested, but never more. + /// + /// This function returns successfully with an empty list when either: + /// - `max-results` is 0, or: + /// - `max-results` is greater than 0, but no results are immediately available. + /// This function never returns `error(would-block)`. + /// + /// # Typical errors + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + receive: func(max-results: u64) -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready to receive again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource outgoing-datagram-stream { + /// Check readiness for sending. This function never blocks. + /// + /// Returns the number of datagrams permitted for the next call to `send`, + /// or an error. Calling `send` with more datagrams than this function has + /// permitted will trap. + /// + /// When this function returns ok(0), the `subscribe` pollable will + /// become ready when this function will report at least ok(1), or an + /// error. + /// + /// Never returns `would-block`. + check-send: func() -> result; + + /// Send messages on the socket. + /// + /// This function attempts to send all provided `datagrams` on the socket without blocking and + /// returns how many messages were actually sent (or queued for sending). This function never + /// returns `error(would-block)`. If none of the datagrams were able to be sent, `ok(0)` is returned. + /// + /// This function semantically behaves the same as iterating the `datagrams` list and sequentially + /// sending each individual datagram until either the end of the list has been reached or the first error occurred. + /// If at least one datagram has been sent successfully, this function never returns an error. + /// + /// If the input list is empty, the function returns `ok(0)`. + /// + /// Each call to `send` must be permitted by a preceding `check-send`. Implementations must trap if + /// either `check-send` was not called or `datagrams` contains more items than `check-send` permitted. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The socket is in "connected" mode and `remote-address` is `some` value that does not match the address passed to `stream`. (EISCONN) + /// - `invalid-argument`: The socket is not "connected" and no value for `remote-address` was provided. (EDESTADDRREQ) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// - `datagram-too-large`: The datagram is too large. (EMSGSIZE) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + send: func(datagrams: list) -> result; + + /// Create a `pollable` which will resolve once the stream is ready to send again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-full/deps/sockets/world.wit b/crates/build/tests/wit/cmd-full/deps/sockets/world.wit new file mode 100644 index 0000000000..f8bb92ae04 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/deps/sockets/world.wit @@ -0,0 +1,11 @@ +package wasi:sockets@0.2.0; + +world imports { + import instance-network; + import network; + import udp; + import udp-create-socket; + import tcp; + import tcp-create-socket; + import ip-name-lookup; +} diff --git a/crates/build/tests/wit/cmd-full/environment.wit b/crates/build/tests/wit/cmd-full/environment.wit new file mode 100644 index 0000000000..70065233e8 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/environment.wit @@ -0,0 +1,18 @@ +interface environment { + /// Get the POSIX-style environment variables. + /// + /// Each environment variable is provided as a pair of string variable names + /// and string value. + /// + /// Morally, these are a value import, but until value imports are available + /// in the component model, this import function should return the same + /// values each time it is called. + get-environment: func() -> list>; + + /// Get the POSIX-style arguments to the program. + get-arguments: func() -> list; + + /// Return a path that programs should use as their initial current working + /// directory, interpreting `.` as shorthand for this. + initial-cwd: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-full/exit.wit b/crates/build/tests/wit/cmd-full/exit.wit new file mode 100644 index 0000000000..d0c2b82ae2 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/exit.wit @@ -0,0 +1,4 @@ +interface exit { + /// Exit the current instance and any linked instances. + exit: func(status: result); +} diff --git a/crates/build/tests/wit/cmd-full/imports.wit b/crates/build/tests/wit/cmd-full/imports.wit new file mode 100644 index 0000000000..083b84a036 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/imports.wit @@ -0,0 +1,20 @@ +package wasi:cli@0.2.0; + +world imports { + include wasi:clocks/imports@0.2.0; + include wasi:filesystem/imports@0.2.0; + include wasi:sockets/imports@0.2.0; + include wasi:random/imports@0.2.0; + include wasi:io/imports@0.2.0; + + import environment; + import exit; + import stdin; + import stdout; + import stderr; + import terminal-input; + import terminal-output; + import terminal-stdin; + import terminal-stdout; + import terminal-stderr; +} diff --git a/crates/build/tests/wit/cmd-full/run.wit b/crates/build/tests/wit/cmd-full/run.wit new file mode 100644 index 0000000000..a70ee8c038 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/run.wit @@ -0,0 +1,4 @@ +interface run { + /// Run the program. + run: func() -> result; +} diff --git a/crates/build/tests/wit/cmd-full/stdio.wit b/crates/build/tests/wit/cmd-full/stdio.wit new file mode 100644 index 0000000000..31ef35b5a7 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/stdio.wit @@ -0,0 +1,17 @@ +interface stdin { + use wasi:io/streams@0.2.0.{input-stream}; + + get-stdin: func() -> input-stream; +} + +interface stdout { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stdout: func() -> output-stream; +} + +interface stderr { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stderr: func() -> output-stream; +} diff --git a/crates/build/tests/wit/cmd-full/terminal.wit b/crates/build/tests/wit/cmd-full/terminal.wit new file mode 100644 index 0000000000..38c724efc8 --- /dev/null +++ b/crates/build/tests/wit/cmd-full/terminal.wit @@ -0,0 +1,49 @@ +/// Terminal input. +/// +/// In the future, this may include functions for disabling echoing, +/// disabling input buffering so that keyboard events are sent through +/// immediately, querying supported features, and so on. +interface terminal-input { + /// The input side of a terminal. + resource terminal-input; +} + +/// Terminal output. +/// +/// In the future, this may include functions for querying the terminal +/// size, being notified of terminal size changes, querying supported +/// features, and so on. +interface terminal-output { + /// The output side of a terminal. + resource terminal-output; +} + +/// An interface providing an optional `terminal-input` for stdin as a +/// link-time authority. +interface terminal-stdin { + use terminal-input.{terminal-input}; + + /// If stdin is connected to a terminal, return a `terminal-input` handle + /// allowing further interaction with it. + get-terminal-stdin: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stdout as a +/// link-time authority. +interface terminal-stdout { + use terminal-output.{terminal-output}; + + /// If stdout is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stdout: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stderr as a +/// link-time authority. +interface terminal-stderr { + use terminal-output.{terminal-output}; + + /// If stderr is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stderr: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/command.wit b/crates/build/tests/wit/cmd-minimal/command.wit new file mode 100644 index 0000000000..d8005bd388 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/command.wit @@ -0,0 +1,7 @@ +package wasi:cli@0.2.0; + +world command { + include imports; + + export run; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit new file mode 100644 index 0000000000..4e4dc3a199 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/monotonic-clock.wit @@ -0,0 +1,45 @@ +package wasi:clocks@0.2.0; +/// WASI Monotonic Clock is a clock API intended to let users measure elapsed +/// time. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A monotonic clock is a clock which has an unspecified initial value, and +/// successive reads of the clock will produce non-decreasing values. +/// +/// It is intended for measuring elapsed time. +interface monotonic-clock { + use wasi:io/poll@0.2.0.{pollable}; + + /// An instant in time, in nanoseconds. An instant is relative to an + /// unspecified initial value, and can only be compared to instances from + /// the same monotonic-clock. + type instant = u64; + + /// A duration of time, in nanoseconds. + type duration = u64; + + /// Read the current value of the clock. + /// + /// The clock is monotonic, therefore calling this function repeatedly will + /// produce a sequence of non-decreasing values. + now: func() -> instant; + + /// Query the resolution of the clock. Returns the duration of time + /// corresponding to a clock tick. + resolution: func() -> duration; + + /// Create a `pollable` which will resolve once the specified instant + /// occured. + subscribe-instant: func( + when: instant, + ) -> pollable; + + /// Create a `pollable` which will resolve once the given duration has + /// elapsed, starting at the time at which this function was called. + /// occured. + subscribe-duration: func( + when: duration, + ) -> pollable; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit new file mode 100644 index 0000000000..440ca0f336 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/wall-clock.wit @@ -0,0 +1,42 @@ +package wasi:clocks@0.2.0; +/// WASI Wall Clock is a clock API intended to let users query the current +/// time. The name "wall" makes an analogy to a "clock on the wall", which +/// is not necessarily monotonic as it may be reset. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +/// +/// A wall clock is a clock which measures the date and time according to +/// some external reference. +/// +/// External references may be reset, so this clock is not necessarily +/// monotonic, making it unsuitable for measuring elapsed time. +/// +/// It is intended for reporting the current date and time for humans. +interface wall-clock { + /// A time and date in seconds plus nanoseconds. + record datetime { + seconds: u64, + nanoseconds: u32, + } + + /// Read the current value of the clock. + /// + /// This clock is not monotonic, therefore calling this function repeatedly + /// will not necessarily produce a sequence of non-decreasing values. + /// + /// The returned timestamps represent the number of seconds since + /// 1970-01-01T00:00:00Z, also known as [POSIX's Seconds Since the Epoch], + /// also known as [Unix Time]. + /// + /// The nanoseconds field of the output is always less than 1000000000. + /// + /// [POSIX's Seconds Since the Epoch]: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html#tag_21_04_16 + /// [Unix Time]: https://en.wikipedia.org/wiki/Unix_time + now: func() -> datetime; + + /// Query the resolution of the clock. + /// + /// The nanoseconds field of the output is always less than 1000000000. + resolution: func() -> datetime; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit b/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit new file mode 100644 index 0000000000..c0224572a5 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/clocks/world.wit @@ -0,0 +1,6 @@ +package wasi:clocks@0.2.0; + +world imports { + import monotonic-clock; + import wall-clock; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit new file mode 100644 index 0000000000..da801f6d60 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/preopens.wit @@ -0,0 +1,8 @@ +package wasi:filesystem@0.2.0; + +interface preopens { + use types.{descriptor}; + + /// Return the set of preopened directories, and their path. + get-directories: func() -> list>; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit new file mode 100644 index 0000000000..11108fcda2 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/types.wit @@ -0,0 +1,634 @@ +package wasi:filesystem@0.2.0; +/// WASI filesystem is a filesystem API primarily intended to let users run WASI +/// programs that access their files on their existing filesystems, without +/// significant overhead. +/// +/// It is intended to be roughly portable between Unix-family platforms and +/// Windows, though it does not hide many of the major differences. +/// +/// Paths are passed as interface-type `string`s, meaning they must consist of +/// a sequence of Unicode Scalar Values (USVs). Some filesystems may contain +/// paths which are not accessible by this API. +/// +/// The directory separator in WASI is always the forward-slash (`/`). +/// +/// All paths in WASI are relative paths, and are interpreted relative to a +/// `descriptor` referring to a base directory. If a `path` argument to any WASI +/// function starts with `/`, or if any step of resolving a `path`, including +/// `..` and symbolic link steps, reaches a directory outside of the base +/// directory, or reaches a symlink to an absolute or rooted path in the +/// underlying filesystem, the function fails with `error-code::not-permitted`. +/// +/// For more information about WASI path resolution and sandboxing, see +/// [WASI filesystem path resolution]. +/// +/// [WASI filesystem path resolution]: https://github.com/WebAssembly/wasi-filesystem/blob/main/path-resolution.md +interface types { + use wasi:io/streams@0.2.0.{input-stream, output-stream, error}; + use wasi:clocks/wall-clock@0.2.0.{datetime}; + + /// File size or length of a region within a file. + type filesize = u64; + + /// The type of a filesystem object referenced by a descriptor. + /// + /// Note: This was called `filetype` in earlier versions of WASI. + enum descriptor-type { + /// The type of the descriptor or file is unknown or is different from + /// any of the other types specified. + unknown, + /// The descriptor refers to a block device inode. + block-device, + /// The descriptor refers to a character device inode. + character-device, + /// The descriptor refers to a directory inode. + directory, + /// The descriptor refers to a named pipe. + fifo, + /// The file refers to a symbolic link inode. + symbolic-link, + /// The descriptor refers to a regular file inode. + regular-file, + /// The descriptor refers to a socket. + socket, + } + + /// Descriptor flags. + /// + /// Note: This was called `fdflags` in earlier versions of WASI. + flags descriptor-flags { + /// Read mode: Data can be read. + read, + /// Write mode: Data can be written to. + write, + /// Request that writes be performed according to synchronized I/O file + /// integrity completion. The data stored in the file and the file's + /// metadata are synchronized. This is similar to `O_SYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + file-integrity-sync, + /// Request that writes be performed according to synchronized I/O data + /// integrity completion. Only the data stored in the file is + /// synchronized. This is similar to `O_DSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + data-integrity-sync, + /// Requests that reads be performed at the same level of integrety + /// requested for writes. This is similar to `O_RSYNC` in POSIX. + /// + /// The precise semantics of this operation have not yet been defined for + /// WASI. At this time, it should be interpreted as a request, and not a + /// requirement. + requested-write-sync, + /// Mutating directories mode: Directory contents may be mutated. + /// + /// When this flag is unset on a descriptor, operations using the + /// descriptor which would create, rename, delete, modify the data or + /// metadata of filesystem objects, or obtain another handle which + /// would permit any of those, shall fail with `error-code::read-only` if + /// they would otherwise succeed. + /// + /// This may only be set on directories. + mutate-directory, + } + + /// File attributes. + /// + /// Note: This was called `filestat` in earlier versions of WASI. + record descriptor-stat { + /// File type. + %type: descriptor-type, + /// Number of hard links to the file. + link-count: link-count, + /// For regular files, the file size in bytes. For symbolic links, the + /// length in bytes of the pathname contained in the symbolic link. + size: filesize, + /// Last data access timestamp. + /// + /// If the `option` is none, the platform doesn't maintain an access + /// timestamp for this file. + data-access-timestamp: option, + /// Last data modification timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// modification timestamp for this file. + data-modification-timestamp: option, + /// Last file status-change timestamp. + /// + /// If the `option` is none, the platform doesn't maintain a + /// status-change timestamp for this file. + status-change-timestamp: option, + } + + /// Flags determining the method of how paths are resolved. + flags path-flags { + /// As long as the resolved path corresponds to a symbolic link, it is + /// expanded. + symlink-follow, + } + + /// Open flags used by `open-at`. + flags open-flags { + /// Create file if it does not exist, similar to `O_CREAT` in POSIX. + create, + /// Fail if not a directory, similar to `O_DIRECTORY` in POSIX. + directory, + /// Fail if file already exists, similar to `O_EXCL` in POSIX. + exclusive, + /// Truncate file to size 0, similar to `O_TRUNC` in POSIX. + truncate, + } + + /// Number of hard links to an inode. + type link-count = u64; + + /// When setting a timestamp, this gives the value to set it to. + variant new-timestamp { + /// Leave the timestamp set to its previous value. + no-change, + /// Set the timestamp to the current time of the system clock associated + /// with the filesystem. + now, + /// Set the timestamp to the given value. + timestamp(datetime), + } + + /// A directory entry. + record directory-entry { + /// The type of the file referred to by this directory entry. + %type: descriptor-type, + + /// The name of the object. + name: string, + } + + /// Error codes returned by functions, similar to `errno` in POSIX. + /// Not all of these error codes are returned by the functions provided by this + /// API; some are used in higher-level library layers, and others are provided + /// merely for alignment with POSIX. + enum error-code { + /// Permission denied, similar to `EACCES` in POSIX. + access, + /// Resource unavailable, or operation would block, similar to `EAGAIN` and `EWOULDBLOCK` in POSIX. + would-block, + /// Connection already in progress, similar to `EALREADY` in POSIX. + already, + /// Bad descriptor, similar to `EBADF` in POSIX. + bad-descriptor, + /// Device or resource busy, similar to `EBUSY` in POSIX. + busy, + /// Resource deadlock would occur, similar to `EDEADLK` in POSIX. + deadlock, + /// Storage quota exceeded, similar to `EDQUOT` in POSIX. + quota, + /// File exists, similar to `EEXIST` in POSIX. + exist, + /// File too large, similar to `EFBIG` in POSIX. + file-too-large, + /// Illegal byte sequence, similar to `EILSEQ` in POSIX. + illegal-byte-sequence, + /// Operation in progress, similar to `EINPROGRESS` in POSIX. + in-progress, + /// Interrupted function, similar to `EINTR` in POSIX. + interrupted, + /// Invalid argument, similar to `EINVAL` in POSIX. + invalid, + /// I/O error, similar to `EIO` in POSIX. + io, + /// Is a directory, similar to `EISDIR` in POSIX. + is-directory, + /// Too many levels of symbolic links, similar to `ELOOP` in POSIX. + loop, + /// Too many links, similar to `EMLINK` in POSIX. + too-many-links, + /// Message too large, similar to `EMSGSIZE` in POSIX. + message-size, + /// Filename too long, similar to `ENAMETOOLONG` in POSIX. + name-too-long, + /// No such device, similar to `ENODEV` in POSIX. + no-device, + /// No such file or directory, similar to `ENOENT` in POSIX. + no-entry, + /// No locks available, similar to `ENOLCK` in POSIX. + no-lock, + /// Not enough space, similar to `ENOMEM` in POSIX. + insufficient-memory, + /// No space left on device, similar to `ENOSPC` in POSIX. + insufficient-space, + /// Not a directory or a symbolic link to a directory, similar to `ENOTDIR` in POSIX. + not-directory, + /// Directory not empty, similar to `ENOTEMPTY` in POSIX. + not-empty, + /// State not recoverable, similar to `ENOTRECOVERABLE` in POSIX. + not-recoverable, + /// Not supported, similar to `ENOTSUP` and `ENOSYS` in POSIX. + unsupported, + /// Inappropriate I/O control operation, similar to `ENOTTY` in POSIX. + no-tty, + /// No such device or address, similar to `ENXIO` in POSIX. + no-such-device, + /// Value too large to be stored in data type, similar to `EOVERFLOW` in POSIX. + overflow, + /// Operation not permitted, similar to `EPERM` in POSIX. + not-permitted, + /// Broken pipe, similar to `EPIPE` in POSIX. + pipe, + /// Read-only file system, similar to `EROFS` in POSIX. + read-only, + /// Invalid seek, similar to `ESPIPE` in POSIX. + invalid-seek, + /// Text file busy, similar to `ETXTBSY` in POSIX. + text-file-busy, + /// Cross-device link, similar to `EXDEV` in POSIX. + cross-device, + } + + /// File or memory access pattern advisory information. + enum advice { + /// The application has no advice to give on its behavior with respect + /// to the specified data. + normal, + /// The application expects to access the specified data sequentially + /// from lower offsets to higher offsets. + sequential, + /// The application expects to access the specified data in a random + /// order. + random, + /// The application expects to access the specified data in the near + /// future. + will-need, + /// The application expects that it will not access the specified data + /// in the near future. + dont-need, + /// The application expects to access the specified data once and then + /// not reuse it thereafter. + no-reuse, + } + + /// A 128-bit hash value, split into parts because wasm doesn't have a + /// 128-bit integer type. + record metadata-hash-value { + /// 64 bits of a 128-bit hash value. + lower: u64, + /// Another 64 bits of a 128-bit hash value. + upper: u64, + } + + /// A descriptor is a reference to a filesystem object, which may be a file, + /// directory, named pipe, special file, or other object on which filesystem + /// calls may be made. + resource descriptor { + /// Return a stream for reading from a file, if available. + /// + /// May fail with an error-code describing why the file cannot be read. + /// + /// Multiple read, write, and append streams may be active on the same open + /// file and they do not interfere with each other. + /// + /// Note: This allows using `read-stream`, which is similar to `read` in POSIX. + read-via-stream: func( + /// The offset within the file at which to start reading. + offset: filesize, + ) -> result; + + /// Return a stream for writing to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be written. + /// + /// Note: This allows using `write-stream`, which is similar to `write` in + /// POSIX. + write-via-stream: func( + /// The offset within the file at which to start writing. + offset: filesize, + ) -> result; + + /// Return a stream for appending to a file, if available. + /// + /// May fail with an error-code describing why the file cannot be appended. + /// + /// Note: This allows using `write-stream`, which is similar to `write` with + /// `O_APPEND` in in POSIX. + append-via-stream: func() -> result; + + /// Provide file advisory information on a descriptor. + /// + /// This is similar to `posix_fadvise` in POSIX. + advise: func( + /// The offset within the file to which the advisory applies. + offset: filesize, + /// The length of the region to which the advisory applies. + length: filesize, + /// The advice. + advice: advice + ) -> result<_, error-code>; + + /// Synchronize the data of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fdatasync` in POSIX. + sync-data: func() -> result<_, error-code>; + + /// Get flags associated with a descriptor. + /// + /// Note: This returns similar flags to `fcntl(fd, F_GETFL)` in POSIX. + /// + /// Note: This returns the value that was the `fs_flags` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-flags: func() -> result; + + /// Get the dynamic type of a descriptor. + /// + /// Note: This returns the same value as the `type` field of the `fd-stat` + /// returned by `stat`, `stat-at` and similar. + /// + /// Note: This returns similar flags to the `st_mode & S_IFMT` value provided + /// by `fstat` in POSIX. + /// + /// Note: This returns the value that was the `fs_filetype` value returned + /// from `fdstat_get` in earlier versions of WASI. + get-type: func() -> result; + + /// Adjust the size of an open file. If this increases the file's size, the + /// extra bytes are filled with zeros. + /// + /// Note: This was called `fd_filestat_set_size` in earlier versions of WASI. + set-size: func(size: filesize) -> result<_, error-code>; + + /// Adjust the timestamps of an open file or directory. + /// + /// Note: This is similar to `futimens` in POSIX. + /// + /// Note: This was called `fd_filestat_set_times` in earlier versions of WASI. + set-times: func( + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Read from a descriptor, without using and updating the descriptor's offset. + /// + /// This function returns a list of bytes containing the data that was + /// read, along with a bool which, when true, indicates that the end of the + /// file was reached. The returned list will contain up to `length` bytes; it + /// may return fewer than requested, if the end of the file is reached or + /// if the I/O operation is interrupted. + /// + /// In the future, this may change to return a `stream`. + /// + /// Note: This is similar to `pread` in POSIX. + read: func( + /// The maximum number of bytes to read. + length: filesize, + /// The offset within the file at which to read. + offset: filesize, + ) -> result, bool>, error-code>; + + /// Write to a descriptor, without using and updating the descriptor's offset. + /// + /// It is valid to write past the end of a file; the file is extended to the + /// extent of the write, with bytes between the previous end and the start of + /// the write set to zero. + /// + /// In the future, this may change to take a `stream`. + /// + /// Note: This is similar to `pwrite` in POSIX. + write: func( + /// Data to write + buffer: list, + /// The offset within the file at which to write. + offset: filesize, + ) -> result; + + /// Read directory entries from a directory. + /// + /// On filesystems where directories contain entries referring to themselves + /// and their parents, often named `.` and `..` respectively, these entries + /// are omitted. + /// + /// This always returns a new stream which starts at the beginning of the + /// directory. Multiple streams may be active on the same directory, and they + /// do not interfere with each other. + read-directory: func() -> result; + + /// Synchronize the data and metadata of a file to disk. + /// + /// This function succeeds with no effect if the file descriptor is not + /// opened for writing. + /// + /// Note: This is similar to `fsync` in POSIX. + sync: func() -> result<_, error-code>; + + /// Create a directory. + /// + /// Note: This is similar to `mkdirat` in POSIX. + create-directory-at: func( + /// The relative path at which to create the directory. + path: string, + ) -> result<_, error-code>; + + /// Return the attributes of an open file or directory. + /// + /// Note: This is similar to `fstat` in POSIX, except that it does not return + /// device and inode information. For testing whether two descriptors refer to + /// the same underlying filesystem object, use `is-same-object`. To obtain + /// additional data that can be used do determine whether a file has been + /// modified, use `metadata-hash`. + /// + /// Note: This was called `fd_filestat_get` in earlier versions of WASI. + stat: func() -> result; + + /// Return the attributes of a file or directory. + /// + /// Note: This is similar to `fstatat` in POSIX, except that it does not + /// return device and inode information. See the `stat` description for a + /// discussion of alternatives. + /// + /// Note: This was called `path_filestat_get` in earlier versions of WASI. + stat-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + + /// Adjust the timestamps of a file or directory. + /// + /// Note: This is similar to `utimensat` in POSIX. + /// + /// Note: This was called `path_filestat_set_times` in earlier versions of + /// WASI. + set-times-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to operate on. + path: string, + /// The desired values of the data access timestamp. + data-access-timestamp: new-timestamp, + /// The desired values of the data modification timestamp. + data-modification-timestamp: new-timestamp, + ) -> result<_, error-code>; + + /// Create a hard link. + /// + /// Note: This is similar to `linkat` in POSIX. + link-at: func( + /// Flags determining the method of how the path is resolved. + old-path-flags: path-flags, + /// The relative source path from which to link. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path at which to create the hard link. + new-path: string, + ) -> result<_, error-code>; + + /// Open a file or directory. + /// + /// The returned descriptor is not guaranteed to be the lowest-numbered + /// descriptor not currently open/ it is randomized to prevent applications + /// from depending on making assumptions about indexes, since this is + /// error-prone in multi-threaded contexts. The returned descriptor is + /// guaranteed to be less than 2**31. + /// + /// If `flags` contains `descriptor-flags::mutate-directory`, and the base + /// descriptor doesn't have `descriptor-flags::mutate-directory` set, + /// `open-at` fails with `error-code::read-only`. + /// + /// If `flags` contains `write` or `mutate-directory`, or `open-flags` + /// contains `truncate` or `create`, and the base descriptor doesn't have + /// `descriptor-flags::mutate-directory` set, `open-at` fails with + /// `error-code::read-only`. + /// + /// Note: This is similar to `openat` in POSIX. + open-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the object to open. + path: string, + /// The method by which to open the file. + open-flags: open-flags, + /// Flags to use for the resulting descriptor. + %flags: descriptor-flags, + ) -> result; + + /// Read the contents of a symbolic link. + /// + /// If the contents contain an absolute or rooted path in the underlying + /// filesystem, this function fails with `error-code::not-permitted`. + /// + /// Note: This is similar to `readlinkat` in POSIX. + readlink-at: func( + /// The relative path of the symbolic link from which to read. + path: string, + ) -> result; + + /// Remove a directory. + /// + /// Return `error-code::not-empty` if the directory is not empty. + /// + /// Note: This is similar to `unlinkat(fd, path, AT_REMOVEDIR)` in POSIX. + remove-directory-at: func( + /// The relative path to a directory to remove. + path: string, + ) -> result<_, error-code>; + + /// Rename a filesystem object. + /// + /// Note: This is similar to `renameat` in POSIX. + rename-at: func( + /// The relative source path of the file or directory to rename. + old-path: string, + /// The base directory for `new-path`. + new-descriptor: borrow, + /// The relative destination path to which to rename the file or directory. + new-path: string, + ) -> result<_, error-code>; + + /// Create a symbolic link (also known as a "symlink"). + /// + /// If `old-path` starts with `/`, the function fails with + /// `error-code::not-permitted`. + /// + /// Note: This is similar to `symlinkat` in POSIX. + symlink-at: func( + /// The contents of the symbolic link. + old-path: string, + /// The relative destination path at which to create the symbolic link. + new-path: string, + ) -> result<_, error-code>; + + /// Unlink a filesystem object that is not a directory. + /// + /// Return `error-code::is-directory` if the path refers to a directory. + /// Note: This is similar to `unlinkat(fd, path, 0)` in POSIX. + unlink-file-at: func( + /// The relative path to a file to unlink. + path: string, + ) -> result<_, error-code>; + + /// Test whether two descriptors refer to the same filesystem object. + /// + /// In POSIX, this corresponds to testing whether the two descriptors have the + /// same device (`st_dev`) and inode (`st_ino` or `d_ino`) numbers. + /// wasi-filesystem does not expose device and inode numbers, so this function + /// may be used instead. + is-same-object: func(other: borrow) -> bool; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a descriptor. + /// + /// This returns a hash of the last-modification timestamp and file size, and + /// may also include the inode number, device number, birth timestamp, and + /// other metadata fields that may change when the file is modified or + /// replaced. It may also include a secret value chosen by the + /// implementation and not otherwise exposed. + /// + /// Implementations are encourated to provide the following properties: + /// + /// - If the file is not modified or replaced, the computed hash value should + /// usually not change. + /// - If the object is modified or replaced, the computed hash value should + /// usually change. + /// - The inputs to the hash should not be easily computable from the + /// computed hash. + /// + /// However, none of these is required. + metadata-hash: func() -> result; + + /// Return a hash of the metadata associated with a filesystem object referred + /// to by a directory descriptor and a relative path. + /// + /// This performs the same hash computation as `metadata-hash`. + metadata-hash-at: func( + /// Flags determining the method of how the path is resolved. + path-flags: path-flags, + /// The relative path of the file or directory to inspect. + path: string, + ) -> result; + } + + /// A stream of directory entries. + resource directory-entry-stream { + /// Read a single directory entry from a `directory-entry-stream`. + read-directory-entry: func() -> result, error-code>; + } + + /// Attempts to extract a filesystem-related `error-code` from the stream + /// `error` provided. + /// + /// Stream operations which return `stream-error::last-operation-failed` + /// have a payload with more information about the operation that failed. + /// This payload can be passed through to this function to see if there's + /// filesystem-related information about the error to return. + /// + /// Note that this function is fallible because not all stream-related + /// errors are filesystem-related errors. + filesystem-error-code: func(err: borrow) -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit b/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit new file mode 100644 index 0000000000..663f57920d --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/filesystem/world.wit @@ -0,0 +1,6 @@ +package wasi:filesystem@0.2.0; + +world imports { + import types; + import preopens; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/error.wit b/crates/build/tests/wit/cmd-minimal/deps/io/error.wit new file mode 100644 index 0000000000..22e5b64894 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/error.wit @@ -0,0 +1,34 @@ +package wasi:io@0.2.0; + + +interface error { + /// A resource which represents some error information. + /// + /// The only method provided by this resource is `to-debug-string`, + /// which provides some human-readable information about the error. + /// + /// In the `wasi:io` package, this resource is returned through the + /// `wasi:io/streams/stream-error` type. + /// + /// To provide more specific error information, other interfaces may + /// provide functions to further "downcast" this error into more specific + /// error information. For example, `error`s returned in streams derived + /// from filesystem types to be described using the filesystem's own + /// error-code type, using the function + /// `wasi:filesystem/types/filesystem-error-code`, which takes a parameter + /// `borrow` and returns + /// `option`. + /// + /// The set of functions which can "downcast" an `error` into a more + /// concrete type is open. + resource error { + /// Returns a string that is suitable to assist humans in debugging + /// this error. + /// + /// WARNING: The returned string should not be consumed mechanically! + /// It may change across platforms, hosts, or other implementation + /// details. Parsing this string is a major platform-compatibility + /// hazard. + to-debug-string: func() -> string; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit b/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit new file mode 100644 index 0000000000..ddc67f8b7a --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/poll.wit @@ -0,0 +1,41 @@ +package wasi:io@0.2.0; + +/// A poll API intended to let users wait for I/O events on multiple handles +/// at once. +interface poll { + /// `pollable` represents a single I/O event which may be ready, or not. + resource pollable { + + /// Return the readiness of a pollable. This function never blocks. + /// + /// Returns `true` when the pollable is ready, and `false` otherwise. + ready: func() -> bool; + + /// `block` returns immediately if the pollable is ready, and otherwise + /// blocks until ready. + /// + /// This function is equivalent to calling `poll.poll` on a list + /// containing only this pollable. + block: func(); + } + + /// Poll for completion on a set of pollables. + /// + /// This function takes a list of pollables, which identify I/O sources of + /// interest, and waits until one or more of the events is ready for I/O. + /// + /// The result `list` contains one or more indices of handles in the + /// argument list that is ready for I/O. + /// + /// If the list contains more elements than can be indexed with a `u32` + /// value, this function traps. + /// + /// A timeout can be implemented by adding a pollable from the + /// wasi-clocks API to the list. + /// + /// This function does not return a `result`; polling in itself does not + /// do any I/O so it doesn't fail. If any of the I/O sources identified by + /// the pollables has an error, it is indicated by marking the source as + /// being reaedy for I/O. + poll: func(in: list>) -> list; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit b/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit new file mode 100644 index 0000000000..6d2f871e3b --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/streams.wit @@ -0,0 +1,262 @@ +package wasi:io@0.2.0; + +/// WASI I/O is an I/O abstraction API which is currently focused on providing +/// stream types. +/// +/// In the future, the component model is expected to add built-in stream types; +/// when it does, they are expected to subsume this API. +interface streams { + use error.{error}; + use poll.{pollable}; + + /// An error for input-stream and output-stream operations. + variant stream-error { + /// The last operation (a write or flush) failed before completion. + /// + /// More information is available in the `error` payload. + last-operation-failed(error), + /// The stream is closed: no more input will be accepted by the + /// stream. A closed output-stream will return this error on all + /// future operations. + closed + } + + /// An input bytestream. + /// + /// `input-stream`s are *non-blocking* to the extent practical on underlying + /// platforms. I/O operations always return promptly; if fewer bytes are + /// promptly available than requested, they return the number of bytes promptly + /// available, which could even be zero. To wait for data to be available, + /// use the `subscribe` function to obtain a `pollable` which can be polled + /// for using `wasi:io/poll`. + resource input-stream { + /// Perform a non-blocking read from the stream. + /// + /// When the source of a `read` is binary data, the bytes from the source + /// are returned verbatim. When the source of a `read` is known to the + /// implementation to be text, bytes containing the UTF-8 encoding of the + /// text are returned. + /// + /// This function returns a list of bytes containing the read data, + /// when successful. The returned list will contain up to `len` bytes; + /// it may return fewer than requested, but not more. The list is + /// empty when no bytes are available for reading at this time. The + /// pollable given by `subscribe` will be ready when more bytes are + /// available. + /// + /// This function fails with a `stream-error` when the operation + /// encounters an error, giving `last-operation-failed`, or when the + /// stream is closed, giving `closed`. + /// + /// When the caller gives a `len` of 0, it represents a request to + /// read 0 bytes. If the stream is still open, this call should + /// succeed and return an empty list, or otherwise fail with `closed`. + /// + /// The `len` parameter is a `u64`, which could represent a list of u8 which + /// is not possible to allocate in wasm32, or not desirable to allocate as + /// as a return value by the callee. The callee may return a list of bytes + /// less than `len` in size while more bytes are available for reading. + read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Read bytes from a stream, after blocking until at least one byte can + /// be read. Except for blocking, behavior is identical to `read`. + blocking-read: func( + /// The maximum number of bytes to read + len: u64 + ) -> result, stream-error>; + + /// Skip bytes from a stream. Returns number of bytes skipped. + /// + /// Behaves identical to `read`, except instead of returning a list + /// of bytes, returns the number of bytes consumed from the stream. + skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Skip bytes from a stream, after blocking until at least one byte + /// can be skipped. Except for blocking behavior, identical to `skip`. + blocking-skip: func( + /// The maximum number of bytes to skip. + len: u64, + ) -> result; + + /// Create a `pollable` which will resolve once either the specified stream + /// has bytes available to read or the other end of the stream has been + /// closed. + /// The created `pollable` is a child resource of the `input-stream`. + /// Implementations may trap if the `input-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + } + + + /// An output bytestream. + /// + /// `output-stream`s are *non-blocking* to the extent practical on + /// underlying platforms. Except where specified otherwise, I/O operations also + /// always return promptly, after the number of bytes that can be written + /// promptly, which could even be zero. To wait for the stream to be ready to + /// accept data, the `subscribe` function to obtain a `pollable` which can be + /// polled for using `wasi:io/poll`. + resource output-stream { + /// Check readiness for writing. This function never blocks. + /// + /// Returns the number of bytes permitted for the next call to `write`, + /// or an error. Calling `write` with more bytes than this function has + /// permitted will trap. + /// + /// When this function returns 0 bytes, the `subscribe` pollable will + /// become ready when this function will report at least 1 byte, or an + /// error. + check-write: func() -> result; + + /// Perform a write. This function never blocks. + /// + /// When the destination of a `write` is binary data, the bytes from + /// `contents` are written verbatim. When the destination of a `write` is + /// known to the implementation to be text, the bytes of `contents` are + /// transcoded from UTF-8 into the encoding of the destination and then + /// written. + /// + /// Precondition: check-write gave permit of Ok(n) and contents has a + /// length of less than or equal to n. Otherwise, this function will trap. + /// + /// returns Err(closed) without writing if the stream has closed since + /// the last call to check-write provided a permit. + write: func( + contents: list + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 bytes, and then flush the stream. Block + /// until all of these operations are complete, or an error occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write`, and `flush`, and is implemented with the + /// following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while !contents.is_empty() { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, contents.len()); + /// let (chunk, rest) = contents.split_at(len); + /// this.write(chunk ); // eliding error handling + /// contents = rest; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-and-flush: func( + contents: list + ) -> result<_, stream-error>; + + /// Request to flush buffered output. This function never blocks. + /// + /// This tells the output-stream that the caller intends any buffered + /// output to be flushed. the output which is expected to be flushed + /// is all that has been passed to `write` prior to this call. + /// + /// Upon calling this function, the `output-stream` will not accept any + /// writes (`check-write` will return `ok(0)`) until the flush has + /// completed. The `subscribe` pollable will become ready when the + /// flush has completed and the stream can accept more writes. + flush: func() -> result<_, stream-error>; + + /// Request to flush buffered output, and block until flush completes + /// and stream is ready for writing again. + blocking-flush: func() -> result<_, stream-error>; + + /// Create a `pollable` which will resolve once the output-stream + /// is ready for more writing, or an error has occured. When this + /// pollable is ready, `check-write` will return `ok(n)` with n>0, or an + /// error. + /// + /// If the stream is closed, this pollable is always ready immediately. + /// + /// The created `pollable` is a child resource of the `output-stream`. + /// Implementations may trap if the `output-stream` is dropped before + /// all derived `pollable`s created with this function are dropped. + subscribe: func() -> pollable; + + /// Write zeroes to a stream. + /// + /// This should be used precisely like `write` with the exact same + /// preconditions (must use check-write first), but instead of + /// passing a list of bytes, you simply pass the number of zero-bytes + /// that should be written. + write-zeroes: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Perform a write of up to 4096 zeroes, and then flush the stream. + /// Block until all of these operations are complete, or an error + /// occurs. + /// + /// This is a convenience wrapper around the use of `check-write`, + /// `subscribe`, `write-zeroes`, and `flush`, and is implemented with + /// the following pseudo-code: + /// + /// ```text + /// let pollable = this.subscribe(); + /// while num_zeroes != 0 { + /// // Wait for the stream to become writable + /// pollable.block(); + /// let Ok(n) = this.check-write(); // eliding error handling + /// let len = min(n, num_zeroes); + /// this.write-zeroes(len); // eliding error handling + /// num_zeroes -= len; + /// } + /// this.flush(); + /// // Wait for completion of `flush` + /// pollable.block(); + /// // Check for any errors that arose during `flush` + /// let _ = this.check-write(); // eliding error handling + /// ``` + blocking-write-zeroes-and-flush: func( + /// The number of zero-bytes to write + len: u64 + ) -> result<_, stream-error>; + + /// Read from one stream and write to another. + /// + /// The behavior of splice is equivelant to: + /// 1. calling `check-write` on the `output-stream` + /// 2. calling `read` on the `input-stream` with the smaller of the + /// `check-write` permitted length and the `len` provided to `splice` + /// 3. calling `write` on the `output-stream` with that read data. + /// + /// Any error reported by the call to `check-write`, `read`, or + /// `write` ends the splice and reports that error. + /// + /// This function returns the number of bytes transferred; it may be less + /// than `len`. + splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + + /// Read from one stream and write to another, with blocking. + /// + /// This is similar to `splice`, except that it blocks until the + /// `output-stream` is ready for writing, and the `input-stream` + /// is ready for reading, before performing the `splice`. + blocking-splice: func( + /// The stream to read from + src: borrow, + /// The number of bytes to splice + len: u64, + ) -> result; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/io/world.wit b/crates/build/tests/wit/cmd-minimal/deps/io/world.wit new file mode 100644 index 0000000000..5f0b43fe50 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/io/world.wit @@ -0,0 +1,6 @@ +package wasi:io@0.2.0; + +world imports { + import streams; + import poll; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit b/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit new file mode 100644 index 0000000000..47210ac6bd --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/insecure-seed.wit @@ -0,0 +1,25 @@ +package wasi:random@0.2.0; +/// The insecure-seed interface for seeding hash-map DoS resistance. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure-seed { + /// Return a 128-bit value that may contain a pseudo-random value. + /// + /// The returned value is not required to be computed from a CSPRNG, and may + /// even be entirely deterministic. Host implementations are encouraged to + /// provide pseudo-random values to any program exposed to + /// attacker-controlled content, to enable DoS protection built into many + /// languages' hash-map implementations. + /// + /// This function is intended to only be called once, by a source language + /// to initialize Denial Of Service (DoS) protection in its hash-map + /// implementation. + /// + /// # Expected future evolution + /// + /// This will likely be changed to a value import, to prevent it from being + /// called multiple times and potentially used for purposes other than DoS + /// protection. + insecure-seed: func() -> tuple; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit b/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit new file mode 100644 index 0000000000..c58f4ee852 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/insecure.wit @@ -0,0 +1,22 @@ +package wasi:random@0.2.0; +/// The insecure interface for insecure pseudo-random numbers. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface insecure { + /// Return `len` insecure pseudo-random bytes. + /// + /// This function is not cryptographically secure. Do not use it for + /// anything related to security. + /// + /// There are no requirements on the values of the returned bytes, however + /// implementations are encouraged to return evenly distributed values with + /// a long period. + get-insecure-random-bytes: func(len: u64) -> list; + + /// Return an insecure pseudo-random `u64` value. + /// + /// This function returns the same type of pseudo-random data as + /// `get-insecure-random-bytes`, represented as a `u64`. + get-insecure-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/random.wit b/crates/build/tests/wit/cmd-minimal/deps/random/random.wit new file mode 100644 index 0000000000..0c017f0934 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/random.wit @@ -0,0 +1,26 @@ +package wasi:random@0.2.0; +/// WASI Random is a random data API. +/// +/// It is intended to be portable at least between Unix-family platforms and +/// Windows. +interface random { + /// Return `len` cryptographically-secure random or pseudo-random bytes. + /// + /// This function must produce data at least as cryptographically secure and + /// fast as an adequately seeded cryptographically-secure pseudo-random + /// number generator (CSPRNG). It must not block, from the perspective of + /// the calling program, under any circumstances, including on the first + /// request and on requests for numbers of bytes. The returned data must + /// always be unpredictable. + /// + /// This function must always return fresh data. Deterministic environments + /// must omit this function, rather than implementing it with deterministic + /// data. + get-random-bytes: func(len: u64) -> list; + + /// Return a cryptographically-secure random or pseudo-random `u64` value. + /// + /// This function returns the same type of data as `get-random-bytes`, + /// represented as a `u64`. + get-random-u64: func() -> u64; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/random/world.wit b/crates/build/tests/wit/cmd-minimal/deps/random/world.wit new file mode 100644 index 0000000000..3da34914a4 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/random/world.wit @@ -0,0 +1,7 @@ +package wasi:random@0.2.0; + +world imports { + import random; + import insecure; + import insecure-seed; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit new file mode 100644 index 0000000000..e455d0ff7b --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/instance-network.wit @@ -0,0 +1,9 @@ + +/// This interface provides a value-export of the default network handle.. +interface instance-network { + use network.{network}; + + /// Get a handle to the default network. + instance-network: func() -> network; + +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit new file mode 100644 index 0000000000..8e639ec596 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/ip-name-lookup.wit @@ -0,0 +1,51 @@ + +interface ip-name-lookup { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-address}; + + + /// Resolve an internet host name to a list of IP addresses. + /// + /// Unicode domain names are automatically converted to ASCII using IDNA encoding. + /// If the input is an IP address string, the address is parsed and returned + /// as-is without making any external requests. + /// + /// See the wasi-socket proposal README.md for a comparison with getaddrinfo. + /// + /// This function never blocks. It either immediately fails or immediately + /// returns successfully with a `resolve-address-stream` that can be used + /// to (asynchronously) fetch the results. + /// + /// # Typical errors + /// - `invalid-argument`: `name` is a syntactically invalid domain name or IP address. + /// + /// # References: + /// - + /// - + /// - + /// - + resolve-addresses: func(network: borrow, name: string) -> result; + + resource resolve-address-stream { + /// Returns the next address from the resolver. + /// + /// This function should be called multiple times. On each call, it will + /// return the next address in connection order preference. If all + /// addresses have been exhausted, this function returns `none`. + /// + /// This function never returns IPv4-mapped IPv6 addresses. + /// + /// # Typical errors + /// - `name-unresolvable`: Name does not exist or has no suitable associated IP addresses. (EAI_NONAME, EAI_NODATA, EAI_ADDRFAMILY) + /// - `temporary-resolver-failure`: A temporary failure in name resolution occurred. (EAI_AGAIN) + /// - `permanent-resolver-failure`: A permanent failure in name resolution occurred. (EAI_FAIL) + /// - `would-block`: A result is not available yet. (EWOULDBLOCK, EAGAIN) + resolve-next-address: func() -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit new file mode 100644 index 0000000000..9cadf0650a --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/network.wit @@ -0,0 +1,145 @@ + +interface network { + /// An opaque resource that represents access to (a subset of) the network. + /// This enables context-based security for networking. + /// There is no need for this to map 1:1 to a physical network interface. + resource network; + + /// Error codes. + /// + /// In theory, every API can return any error code. + /// In practice, API's typically only return the errors documented per API + /// combined with a couple of errors that are always possible: + /// - `unknown` + /// - `access-denied` + /// - `not-supported` + /// - `out-of-memory` + /// - `concurrency-conflict` + /// + /// See each individual API for what the POSIX equivalents are. They sometimes differ per API. + enum error-code { + /// Unknown error + unknown, + + /// Access denied. + /// + /// POSIX equivalent: EACCES, EPERM + access-denied, + + /// The operation is not supported. + /// + /// POSIX equivalent: EOPNOTSUPP + not-supported, + + /// One of the arguments is invalid. + /// + /// POSIX equivalent: EINVAL + invalid-argument, + + /// Not enough memory to complete the operation. + /// + /// POSIX equivalent: ENOMEM, ENOBUFS, EAI_MEMORY + out-of-memory, + + /// The operation timed out before it could finish completely. + timeout, + + /// This operation is incompatible with another asynchronous operation that is already in progress. + /// + /// POSIX equivalent: EALREADY + concurrency-conflict, + + /// Trying to finish an asynchronous operation that: + /// - has not been started yet, or: + /// - was already finished by a previous `finish-*` call. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + not-in-progress, + + /// The operation has been aborted because it could not be completed immediately. + /// + /// Note: this is scheduled to be removed when `future`s are natively supported. + would-block, + + + /// The operation is not valid in the socket's current state. + invalid-state, + + /// A new socket resource could not be created because of a system limit. + new-socket-limit, + + /// A bind operation failed because the provided address is not an address that the `network` can bind to. + address-not-bindable, + + /// A bind operation failed because the provided address is already in use or because there are no ephemeral ports available. + address-in-use, + + /// The remote address is not reachable + remote-unreachable, + + + /// The TCP connection was forcefully rejected + connection-refused, + + /// The TCP connection was reset. + connection-reset, + + /// A TCP connection was aborted. + connection-aborted, + + + /// The size of a datagram sent to a UDP socket exceeded the maximum + /// supported size. + datagram-too-large, + + + /// Name does not exist or has no suitable associated IP addresses. + name-unresolvable, + + /// A temporary failure in name resolution occurred. + temporary-resolver-failure, + + /// A permanent failure in name resolution occurred. + permanent-resolver-failure, + } + + enum ip-address-family { + /// Similar to `AF_INET` in POSIX. + ipv4, + + /// Similar to `AF_INET6` in POSIX. + ipv6, + } + + type ipv4-address = tuple; + type ipv6-address = tuple; + + variant ip-address { + ipv4(ipv4-address), + ipv6(ipv6-address), + } + + record ipv4-socket-address { + /// sin_port + port: u16, + /// sin_addr + address: ipv4-address, + } + + record ipv6-socket-address { + /// sin6_port + port: u16, + /// sin6_flowinfo + flow-info: u32, + /// sin6_addr + address: ipv6-address, + /// sin6_scope_id + scope-id: u32, + } + + variant ip-socket-address { + ipv4(ipv4-socket-address), + ipv6(ipv6-socket-address), + } + +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit new file mode 100644 index 0000000000..c7ddf1f228 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp-create-socket.wit @@ -0,0 +1,27 @@ + +interface tcp-create-socket { + use network.{network, error-code, ip-address-family}; + use tcp.{tcp-socket}; + + /// Create a new TCP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_STREAM, IPPROTO_TCP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind`/`connect` + /// is called, the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + create-tcp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit new file mode 100644 index 0000000000..5902b9ee05 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/tcp.wit @@ -0,0 +1,353 @@ + +interface tcp { + use wasi:io/streams@0.2.0.{input-stream, output-stream}; + use wasi:io/poll@0.2.0.{pollable}; + use wasi:clocks/monotonic-clock@0.2.0.{duration}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + enum shutdown-type { + /// Similar to `SHUT_RD` in POSIX. + receive, + + /// Similar to `SHUT_WR` in POSIX. + send, + + /// Similar to `SHUT_RDWR` in POSIX. + both, + } + + /// A TCP socket resource. + /// + /// The socket can be in one of the following states: + /// - `unbound` + /// - `bind-in-progress` + /// - `bound` (See note below) + /// - `listen-in-progress` + /// - `listening` + /// - `connect-in-progress` + /// - `connected` + /// - `closed` + /// See + /// for a more information. + /// + /// Note: Except where explicitly mentioned, whenever this documentation uses + /// the term "bound" without backticks it actually means: in the `bound` state *or higher*. + /// (i.e. `bound`, `listen-in-progress`, `listening`, `connect-in-progress` or `connected`) + /// + /// In addition to the general error codes documented on the + /// `network::error-code` type, TCP socket methods may always return + /// `error(invalid-state)` when in the `closed` state. + resource tcp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the TCP/UDP port is zero, the socket will be bound to a random free port. + /// + /// Bind can be attempted multiple times on the same socket, even with + /// different arguments on each iteration. But never concurrently and + /// only as long as the previous bind failed. Once a bind succeeds, the + /// binding can't be changed anymore. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-argument`: `local-address` is not a unicast address. (EINVAL) + /// - `invalid-argument`: `local-address` is an IPv4-mapped IPv6 address. (EINVAL) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// When binding to a non-zero port, this bind operation shouldn't be affected by the TIME_WAIT + /// state of a recently closed socket on the same local address. In practice this means that the SO_REUSEADDR + /// socket option should be set implicitly on all platforms, except on Windows where this is the default behavior + /// and SO_REUSEADDR performs something different entirely. + /// + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Connect to a remote endpoint. + /// + /// On success: + /// - the socket is transitioned into the `connection` state. + /// - a pair of streams is returned that can be used to read & write to the connection + /// + /// After a failed connection attempt, the socket will be in the `closed` + /// state and the only valid action left is to `drop` the socket. A single + /// socket can not be used to connect more than once. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: `remote-address` is not a unicast address. (EINVAL, ENETUNREACH on Linux, EAFNOSUPPORT on MacOS) + /// - `invalid-argument`: `remote-address` is an IPv4-mapped IPv6 address. (EINVAL, EADDRNOTAVAIL on Illumos) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EADDRNOTAVAIL on Windows) + /// - `invalid-argument`: The socket is already attached to a different network. The `network` passed to `connect` must be identical to the one passed to `bind`. + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN) + /// - `invalid-state`: The socket is already in the `listening` state. (EOPNOTSUPP, EINVAL on Windows) + /// - `timeout`: Connection timed out. (ETIMEDOUT) + /// - `connection-refused`: The connection was forcefully rejected. (ECONNREFUSED) + /// - `connection-reset`: The connection was reset. (ECONNRESET) + /// - `connection-aborted`: The connection was aborted. (ECONNABORTED) + /// - `remote-unreachable`: The remote address is not reachable. (EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `not-in-progress`: A connect operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// The POSIX equivalent of `start-connect` is the regular `connect` syscall. + /// Because all WASI sockets are non-blocking this is expected to return + /// EINPROGRESS, which should be translated to `ok()` in WASI. + /// + /// The POSIX equivalent of `finish-connect` is a `poll` for event `POLLOUT` + /// with a timeout of 0 on the socket descriptor. Followed by a check for + /// the `SO_ERROR` socket option, in case the poll signaled readiness. + /// + /// # References + /// - + /// - + /// - + /// - + start-connect: func(network: borrow, remote-address: ip-socket-address) -> result<_, error-code>; + finish-connect: func() -> result, error-code>; + + /// Start listening for new connections. + /// + /// Transitions the socket into the `listening` state. + /// + /// Unlike POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. (EDESTADDRREQ) + /// - `invalid-state`: The socket is already in the `connected` state. (EISCONN, EINVAL on BSD) + /// - `invalid-state`: The socket is already in the `listening` state. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE) + /// - `not-in-progress`: A listen operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the listen operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `listen` as part of either `start-listen` or `finish-listen`. + /// + /// # References + /// - + /// - + /// - + /// - + start-listen: func() -> result<_, error-code>; + finish-listen: func() -> result<_, error-code>; + + /// Accept a new client socket. + /// + /// The returned socket is bound and in the `connected` state. The following properties are inherited from the listener socket: + /// - `address-family` + /// - `keep-alive-enabled` + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// - `hop-limit` + /// - `receive-buffer-size` + /// - `send-buffer-size` + /// + /// On success, this function returns the newly accepted client socket along with + /// a pair of streams that can be used to read & write to the connection. + /// + /// # Typical errors + /// - `invalid-state`: Socket is not in the `listening` state. (EINVAL) + /// - `would-block`: No pending connections at the moment. (EWOULDBLOCK, EAGAIN) + /// - `connection-aborted`: An incoming connection was pending, but was terminated by the client before this listener could accept it. (ECONNABORTED) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References + /// - + /// - + /// - + /// - + accept: func() -> result, error-code>; + + /// Get the bound local address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the remote address. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not connected to a remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether the socket is in the `listening` state. + /// + /// Equivalent to the SO_ACCEPTCONN socket option. + is-listening: func() -> bool; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Hints the desired listen queue size. Implementations are free to ignore this. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// + /// # Typical errors + /// - `not-supported`: (set) The platform does not support changing the backlog size after the initial listen. + /// - `invalid-argument`: (set) The provided value was 0. + /// - `invalid-state`: (set) The socket is in the `connect-in-progress` or `connected` state. + set-listen-backlog-size: func(value: u64) -> result<_, error-code>; + + /// Enables or disables keepalive. + /// + /// The keepalive behavior can be adjusted using: + /// - `keep-alive-idle-time` + /// - `keep-alive-interval` + /// - `keep-alive-count` + /// These properties can be configured while `keep-alive-enabled` is false, but only come into effect when `keep-alive-enabled` is true. + /// + /// Equivalent to the SO_KEEPALIVE socket option. + keep-alive-enabled: func() -> result; + set-keep-alive-enabled: func(value: bool) -> result<_, error-code>; + + /// Amount of time the connection has to be idle before TCP starts sending keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPIDLE socket option. (TCP_KEEPALIVE on MacOS) + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-idle-time: func() -> result; + set-keep-alive-idle-time: func(value: duration) -> result<_, error-code>; + + /// The time between keepalive packets. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPINTVL socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-interval: func() -> result; + set-keep-alive-interval: func(value: duration) -> result<_, error-code>; + + /// The maximum amount of keepalive packets TCP should send before aborting the connection. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the TCP_KEEPCNT socket option. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + keep-alive-count: func() -> result; + set-keep-alive-count: func(value: u32) -> result<_, error-code>; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + hop-limit: func() -> result; + set-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which can be used to poll for, or block on, + /// completion of any of the asynchronous operations of this socket. + /// + /// When `finish-bind`, `finish-listen`, `finish-connect` or `accept` + /// return `error(would-block)`, this pollable can be used to wait for + /// their success or failure, after which the method can be retried. + /// + /// The pollable is not limited to the async operation that happens to be + /// in progress at the time of calling `subscribe` (if any). Theoretically, + /// `subscribe` only has to be called once per socket and can then be + /// (re)used for the remainder of the socket's lifetime. + /// + /// See + /// for a more information. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + + /// Initiate a graceful shutdown. + /// + /// - `receive`: The socket is not expecting to receive any data from + /// the peer. The `input-stream` associated with this socket will be + /// closed. Any data still in the receive queue at time of calling + /// this method will be discarded. + /// - `send`: The socket has no more data to send to the peer. The `output-stream` + /// associated with this socket will be closed and a FIN packet will be sent. + /// - `both`: Same effect as `receive` & `send` combined. + /// + /// This function is idempotent. Shutting a down a direction more than once + /// has no effect and returns `ok`. + /// + /// The shutdown function does not close (drop) the socket. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not in the `connected` state. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + shutdown: func(shutdown-type: shutdown-type) -> result<_, error-code>; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit new file mode 100644 index 0000000000..0482d1fe73 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp-create-socket.wit @@ -0,0 +1,27 @@ + +interface udp-create-socket { + use network.{network, error-code, ip-address-family}; + use udp.{udp-socket}; + + /// Create a new UDP socket. + /// + /// Similar to `socket(AF_INET or AF_INET6, SOCK_DGRAM, IPPROTO_UDP)` in POSIX. + /// On IPv6 sockets, IPV6_V6ONLY is enabled by default and can't be configured otherwise. + /// + /// This function does not require a network capability handle. This is considered to be safe because + /// at time of creation, the socket is not bound to any `network` yet. Up to the moment `bind` is called, + /// the socket is effectively an in-memory configuration object, unable to communicate with the outside world. + /// + /// All sockets are non-blocking. Use the wasi-poll interface to block on asynchronous operations. + /// + /// # Typical errors + /// - `not-supported`: The specified `address-family` is not supported. (EAFNOSUPPORT) + /// - `new-socket-limit`: The new socket resource could not be created because of a system limit. (EMFILE, ENFILE) + /// + /// # References: + /// - + /// - + /// - + /// - + create-udp-socket: func(address-family: ip-address-family) -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit new file mode 100644 index 0000000000..d987a0a908 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/udp.wit @@ -0,0 +1,266 @@ + +interface udp { + use wasi:io/poll@0.2.0.{pollable}; + use network.{network, error-code, ip-socket-address, ip-address-family}; + + /// A received datagram. + record incoming-datagram { + /// The payload. + /// + /// Theoretical max size: ~64 KiB. In practice, typically less than 1500 bytes. + data: list, + + /// The source address. + /// + /// This field is guaranteed to match the remote address the stream was initialized with, if any. + /// + /// Equivalent to the `src_addr` out parameter of `recvfrom`. + remote-address: ip-socket-address, + } + + /// A datagram to be sent out. + record outgoing-datagram { + /// The payload. + data: list, + + /// The destination address. + /// + /// The requirements on this field depend on how the stream was initialized: + /// - with a remote address: this field must be None or match the stream's remote address exactly. + /// - without a remote address: this field is required. + /// + /// If this value is None, the send operation is equivalent to `send` in POSIX. Otherwise it is equivalent to `sendto`. + remote-address: option, + } + + + + /// A UDP socket handle. + resource udp-socket { + /// Bind the socket to a specific network on the provided IP address and port. + /// + /// If the IP address is zero (`0.0.0.0` in IPv4, `::` in IPv6), it is left to the implementation to decide which + /// network interface(s) to bind to. + /// If the port is zero, the socket will be bound to a random free port. + /// + /// # Typical errors + /// - `invalid-argument`: The `local-address` has the wrong address family. (EAFNOSUPPORT, EFAULT on Windows) + /// - `invalid-state`: The socket is already bound. (EINVAL) + /// - `address-in-use`: No ephemeral ports available. (EADDRINUSE, ENOBUFS on Windows) + /// - `address-in-use`: Address is already in use. (EADDRINUSE) + /// - `address-not-bindable`: `local-address` is not an address that the `network` can bind to. (EADDRNOTAVAIL) + /// - `not-in-progress`: A `bind` operation is not in progress. + /// - `would-block`: Can't finish the operation, it is still in progress. (EWOULDBLOCK, EAGAIN) + /// + /// # Implementors note + /// Unlike in POSIX, in WASI the bind operation is async. This enables + /// interactive WASI hosts to inject permission prompts. Runtimes that + /// don't want to make use of this ability can simply call the native + /// `bind` as part of either `start-bind` or `finish-bind`. + /// + /// # References + /// - + /// - + /// - + /// - + start-bind: func(network: borrow, local-address: ip-socket-address) -> result<_, error-code>; + finish-bind: func() -> result<_, error-code>; + + /// Set up inbound & outbound communication channels, optionally to a specific peer. + /// + /// This function only changes the local socket configuration and does not generate any network traffic. + /// On success, the `remote-address` of the socket is updated. The `local-address` may be updated as well, + /// based on the best network path to `remote-address`. + /// + /// When a `remote-address` is provided, the returned streams are limited to communicating with that specific peer: + /// - `send` can only be used to send to this destination. + /// - `receive` will only return datagrams sent from the provided `remote-address`. + /// + /// This method may be called multiple times on the same socket to change its association, but + /// only the most recently returned pair of streams will be operational. Implementations may trap if + /// the streams returned by a previous invocation haven't been dropped yet before calling `stream` again. + /// + /// The POSIX equivalent in pseudo-code is: + /// ```text + /// if (was previously connected) { + /// connect(s, AF_UNSPEC) + /// } + /// if (remote_address is Some) { + /// connect(s, remote_address) + /// } + /// ``` + /// + /// Unlike in POSIX, the socket must already be explicitly bound. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-state`: The socket is not bound. + /// - `address-in-use`: Tried to perform an implicit bind, but there were no ephemeral ports available. (EADDRINUSE, EADDRNOTAVAIL on Linux, EAGAIN on BSD) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + %stream: func(remote-address: option) -> result, error-code>; + + /// Get the current bound address. + /// + /// POSIX mentions: + /// > If the socket has not been bound to a local name, the value + /// > stored in the object pointed to by `address` is unspecified. + /// + /// WASI is stricter and requires `local-address` to return `invalid-state` when the socket hasn't been bound yet. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not bound to any local address. + /// + /// # References + /// - + /// - + /// - + /// - + local-address: func() -> result; + + /// Get the address the socket is currently streaming to. + /// + /// # Typical errors + /// - `invalid-state`: The socket is not streaming to a specific remote address. (ENOTCONN) + /// + /// # References + /// - + /// - + /// - + /// - + remote-address: func() -> result; + + /// Whether this is a IPv4 or IPv6 socket. + /// + /// Equivalent to the SO_DOMAIN socket option. + address-family: func() -> ip-address-family; + + /// Equivalent to the IP_TTL & IPV6_UNICAST_HOPS socket options. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The TTL value must be 1 or higher. + unicast-hop-limit: func() -> result; + set-unicast-hop-limit: func(value: u8) -> result<_, error-code>; + + /// The kernel buffer space reserved for sends/receives on this socket. + /// + /// If the provided value is 0, an `invalid-argument` error is returned. + /// Any other value will never cause an error, but it might be silently clamped and/or rounded. + /// I.e. after setting a value, reading the same setting back may return a different value. + /// + /// Equivalent to the SO_RCVBUF and SO_SNDBUF socket options. + /// + /// # Typical errors + /// - `invalid-argument`: (set) The provided value was 0. + receive-buffer-size: func() -> result; + set-receive-buffer-size: func(value: u64) -> result<_, error-code>; + send-buffer-size: func() -> result; + set-send-buffer-size: func(value: u64) -> result<_, error-code>; + + /// Create a `pollable` which will resolve once the socket is ready for I/O. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource incoming-datagram-stream { + /// Receive messages on the socket. + /// + /// This function attempts to receive up to `max-results` datagrams on the socket without blocking. + /// The returned list may contain fewer elements than requested, but never more. + /// + /// This function returns successfully with an empty list when either: + /// - `max-results` is 0, or: + /// - `max-results` is greater than 0, but no results are immediately available. + /// This function never returns `error(would-block)`. + /// + /// # Typical errors + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + receive: func(max-results: u64) -> result, error-code>; + + /// Create a `pollable` which will resolve once the stream is ready to receive again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } + + resource outgoing-datagram-stream { + /// Check readiness for sending. This function never blocks. + /// + /// Returns the number of datagrams permitted for the next call to `send`, + /// or an error. Calling `send` with more datagrams than this function has + /// permitted will trap. + /// + /// When this function returns ok(0), the `subscribe` pollable will + /// become ready when this function will report at least ok(1), or an + /// error. + /// + /// Never returns `would-block`. + check-send: func() -> result; + + /// Send messages on the socket. + /// + /// This function attempts to send all provided `datagrams` on the socket without blocking and + /// returns how many messages were actually sent (or queued for sending). This function never + /// returns `error(would-block)`. If none of the datagrams were able to be sent, `ok(0)` is returned. + /// + /// This function semantically behaves the same as iterating the `datagrams` list and sequentially + /// sending each individual datagram until either the end of the list has been reached or the first error occurred. + /// If at least one datagram has been sent successfully, this function never returns an error. + /// + /// If the input list is empty, the function returns `ok(0)`. + /// + /// Each call to `send` must be permitted by a preceding `check-send`. Implementations must trap if + /// either `check-send` was not called or `datagrams` contains more items than `check-send` permitted. + /// + /// # Typical errors + /// - `invalid-argument`: The `remote-address` has the wrong address family. (EAFNOSUPPORT) + /// - `invalid-argument`: The IP address in `remote-address` is set to INADDR_ANY (`0.0.0.0` / `::`). (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The port in `remote-address` is set to 0. (EDESTADDRREQ, EADDRNOTAVAIL) + /// - `invalid-argument`: The socket is in "connected" mode and `remote-address` is `some` value that does not match the address passed to `stream`. (EISCONN) + /// - `invalid-argument`: The socket is not "connected" and no value for `remote-address` was provided. (EDESTADDRREQ) + /// - `remote-unreachable`: The remote address is not reachable. (ECONNRESET, ENETRESET on Windows, EHOSTUNREACH, EHOSTDOWN, ENETUNREACH, ENETDOWN, ENONET) + /// - `connection-refused`: The connection was refused. (ECONNREFUSED) + /// - `datagram-too-large`: The datagram is too large. (EMSGSIZE) + /// + /// # References + /// - + /// - + /// - + /// - + /// - + /// - + /// - + /// - + send: func(datagrams: list) -> result; + + /// Create a `pollable` which will resolve once the stream is ready to send again. + /// + /// Note: this function is here for WASI Preview2 only. + /// It's planned to be removed when `future` is natively supported in Preview3. + subscribe: func() -> pollable; + } +} diff --git a/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit b/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit new file mode 100644 index 0000000000..f8bb92ae04 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/deps/sockets/world.wit @@ -0,0 +1,11 @@ +package wasi:sockets@0.2.0; + +world imports { + import instance-network; + import network; + import udp; + import udp-create-socket; + import tcp; + import tcp-create-socket; + import ip-name-lookup; +} diff --git a/crates/build/tests/wit/cmd-minimal/environment.wit b/crates/build/tests/wit/cmd-minimal/environment.wit new file mode 100644 index 0000000000..70065233e8 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/environment.wit @@ -0,0 +1,18 @@ +interface environment { + /// Get the POSIX-style environment variables. + /// + /// Each environment variable is provided as a pair of string variable names + /// and string value. + /// + /// Morally, these are a value import, but until value imports are available + /// in the component model, this import function should return the same + /// values each time it is called. + get-environment: func() -> list>; + + /// Get the POSIX-style arguments to the program. + get-arguments: func() -> list; + + /// Return a path that programs should use as their initial current working + /// directory, interpreting `.` as shorthand for this. + initial-cwd: func() -> option; +} diff --git a/crates/build/tests/wit/cmd-minimal/exit.wit b/crates/build/tests/wit/cmd-minimal/exit.wit new file mode 100644 index 0000000000..d0c2b82ae2 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/exit.wit @@ -0,0 +1,4 @@ +interface exit { + /// Exit the current instance and any linked instances. + exit: func(status: result); +} diff --git a/crates/build/tests/wit/cmd-minimal/imports.wit b/crates/build/tests/wit/cmd-minimal/imports.wit new file mode 100644 index 0000000000..8017dc784e --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/imports.wit @@ -0,0 +1,5 @@ +package wasi:cli@0.2.0; + +world imports { + import environment; +} diff --git a/crates/build/tests/wit/cmd-minimal/run.wit b/crates/build/tests/wit/cmd-minimal/run.wit new file mode 100644 index 0000000000..a70ee8c038 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/run.wit @@ -0,0 +1,4 @@ +interface run { + /// Run the program. + run: func() -> result; +} diff --git a/crates/build/tests/wit/cmd-minimal/stdio.wit b/crates/build/tests/wit/cmd-minimal/stdio.wit new file mode 100644 index 0000000000..31ef35b5a7 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/stdio.wit @@ -0,0 +1,17 @@ +interface stdin { + use wasi:io/streams@0.2.0.{input-stream}; + + get-stdin: func() -> input-stream; +} + +interface stdout { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stdout: func() -> output-stream; +} + +interface stderr { + use wasi:io/streams@0.2.0.{output-stream}; + + get-stderr: func() -> output-stream; +} diff --git a/crates/build/tests/wit/cmd-minimal/terminal.wit b/crates/build/tests/wit/cmd-minimal/terminal.wit new file mode 100644 index 0000000000..38c724efc8 --- /dev/null +++ b/crates/build/tests/wit/cmd-minimal/terminal.wit @@ -0,0 +1,49 @@ +/// Terminal input. +/// +/// In the future, this may include functions for disabling echoing, +/// disabling input buffering so that keyboard events are sent through +/// immediately, querying supported features, and so on. +interface terminal-input { + /// The input side of a terminal. + resource terminal-input; +} + +/// Terminal output. +/// +/// In the future, this may include functions for querying the terminal +/// size, being notified of terminal size changes, querying supported +/// features, and so on. +interface terminal-output { + /// The output side of a terminal. + resource terminal-output; +} + +/// An interface providing an optional `terminal-input` for stdin as a +/// link-time authority. +interface terminal-stdin { + use terminal-input.{terminal-input}; + + /// If stdin is connected to a terminal, return a `terminal-input` handle + /// allowing further interaction with it. + get-terminal-stdin: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stdout as a +/// link-time authority. +interface terminal-stdout { + use terminal-output.{terminal-output}; + + /// If stdout is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stdout: func() -> option; +} + +/// An interface providing an optional `terminal-output` for stderr as a +/// link-time authority. +interface terminal-stderr { + use terminal-output.{terminal-output}; + + /// If stderr is connected to a terminal, return a `terminal-output` handle + /// allowing further interaction with it. + get-terminal-stderr: func() -> option; +} diff --git a/crates/compose/src/lib.rs b/crates/compose/src/lib.rs index a7bd7eed31..8bc973e5b4 100644 --- a/crates/compose/src/lib.rs +++ b/crates/compose/src/lib.rs @@ -1,7 +1,7 @@ use anyhow::Context; use indexmap::IndexMap; use semver::Version; -use spin_app::locked::{self, InheritConfiguration, LockedComponent, LockedComponentDependency}; +use spin_app::locked::InheritConfiguration as LockedInheritConfiguration; use spin_common::{ui::quoted_path, url::parse_file_url}; use spin_serde::{DependencyName, KebabId}; use std::collections::BTreeMap; @@ -29,18 +29,72 @@ use wac_graph::{CompositionGraph, NodeId}; /// composition graph into a byte array and return it. pub async fn compose( loader: &L, - component: &LockedComponent, + component: &L::Component, ) -> Result, ComposeError> { Composer::new(loader).compose(component).await } +/// A Spin component dependency. This abstracts over the metadata associated with the +/// dependency. The abstraction allows both manifest and lockfile types to participate in composition. +#[async_trait::async_trait] +pub trait DependencyLike { + fn inherit(&self) -> InheritConfiguration; + fn export(&self) -> &Option; +} + +pub enum InheritConfiguration { + All, + Some(Vec), +} + +/// A Spin component. This abstracts over the list of dependencies for the component. +/// The abstraction allows both manifest and lockfile types to participate in composition. +#[async_trait::async_trait] +pub trait ComponentLike { + type Dependency: DependencyLike; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator; + fn id(&self) -> &str; +} + +#[async_trait::async_trait] +impl ComponentLike for spin_app::locked::LockedComponent { + type Dependency = spin_app::locked::LockedComponentDependency; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator { + self.dependencies.iter() + } + + fn id(&self) -> &str { + &self.id + } +} + +#[async_trait::async_trait] +impl DependencyLike for spin_app::locked::LockedComponentDependency { + fn inherit(&self) -> InheritConfiguration { + match &self.inherit { + LockedInheritConfiguration::All => InheritConfiguration::All, + LockedInheritConfiguration::Some(cfgs) => InheritConfiguration::Some(cfgs.clone()), + } + } + + fn export(&self) -> &Option { + &self.export + } +} + /// This trait is used to load component source code from a locked component source across various embdeddings. #[async_trait::async_trait] pub trait ComponentSourceLoader { - async fn load_component_source( - &self, - source: &locked::LockedComponentSource, - ) -> anyhow::Result>; + type Component: ComponentLike; + type Dependency: DependencyLike; + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result>; + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result>; } /// A ComponentSourceLoader that loads component sources from the filesystem. @@ -48,9 +102,21 @@ pub struct ComponentSourceLoaderFs; #[async_trait::async_trait] impl ComponentSourceLoader for ComponentSourceLoaderFs { - async fn load_component_source( - &self, - source: &locked::LockedComponentSource, + type Component = spin_app::locked::LockedComponent; + type Dependency = spin_app::locked::LockedComponentDependency; + + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result> { + Self::load_from_locked_source(&source.source).await + } + + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result> { + Self::load_from_locked_source(&source.source).await + } +} + +impl ComponentSourceLoaderFs { + async fn load_from_locked_source( + source: &spin_app::locked::LockedComponentSource, ) -> anyhow::Result> { let source = source .content @@ -67,7 +133,8 @@ impl ComponentSourceLoader for ComponentSourceLoaderFs { ) })?; - let component = spin_componentize::componentize_if_necessary(&bytes)?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("failed to componentize {}", quoted_path(&path)))?; Ok(component.into()) } @@ -129,19 +196,19 @@ struct Composer<'a, L> { } impl<'a, L: ComponentSourceLoader> Composer<'a, L> { - async fn compose(mut self, component: &LockedComponent) -> Result, ComposeError> { + async fn compose(mut self, component: &L::Component) -> Result, ComposeError> { let source = self .loader - .load_component_source(&component.source) + .load_component_source(component) .await .map_err(ComposeError::PrepareError)?; - if component.dependencies.is_empty() { + if component.dependencies().len() == 0 { return Ok(source); } let (world_id, instantiation_id) = self - .register_package(&component.id, None, source) + .register_package(component.id(), None, source) .map_err(ComposeError::PrepareError)?; let prepared = self.prepare_dependencies(world_id, component).await?; @@ -180,7 +247,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { async fn prepare_dependencies( &mut self, world_id: WorldId, - component: &LockedComponent, + component: &L::Component, ) -> Result, ComposeError> { let imports = self.graph.types()[world_id].imports.clone(); @@ -188,7 +255,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { let mut mappings: BTreeMap> = BTreeMap::new(); - for (dependency_name, dependency) in &component.dependencies { + for (dependency_name, dependency) in component.dependencies() { let mut matched = Vec::new(); for import_name in &import_keys { @@ -201,7 +268,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { if matched.is_empty() { return Err(ComposeError::UnmatchedDependencyName { - component_id: component.id.clone(), + component_id: component.id().to_owned(), dependency_name: dependency_name.clone(), }); } @@ -225,7 +292,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { if !conflicts.is_empty() { return Err(ComposeError::DependencyConflicts { - component_id: component.id.clone(), + component_id: component.id().to_owned(), conflicts: conflicts .into_iter() .map(|(import_name, infos)| { @@ -330,19 +397,16 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { async fn register_dependency( &mut self, dependency_name: DependencyName, - dependency: &LockedComponentDependency, + dependency: &L::Dependency, ) -> anyhow::Result { - let mut dependency_source = self - .loader - .load_component_source(&dependency.source) - .await?; + let mut dependency_source = self.loader.load_dependency_source(dependency).await?; let package_name = match &dependency_name { DependencyName::Package(name) => name.package.to_string(), DependencyName::Plain(name) => name.to_string(), }; - match &dependency.inherit { + match dependency.inherit() { InheritConfiguration::Some(configurations) => { if configurations.is_empty() { // Configuration inheritance is disabled, apply deny_all adapter @@ -363,7 +427,7 @@ impl<'a, L: ComponentSourceLoader> Composer<'a, L> { manifest_name: dependency_name, instantiation_id, world_id, - export_name: dependency.export.clone(), + export_name: dependency.export().clone(), }) } diff --git a/crates/environments/Cargo.toml b/crates/environments/Cargo.toml new file mode 100644 index 0000000000..92b187a522 --- /dev/null +++ b/crates/environments/Cargo.toml @@ -0,0 +1,42 @@ +[package] +name = "spin-environments" +version = { workspace = true } +authors = { workspace = true } +edition = { workspace = true } + +[dependencies] +anyhow = { workspace = true } +async-trait = "0.1" +bytes = "1.1" +chrono = { workspace = true } +futures = "0.3" +futures-util = "0.3" +id-arena = "2" +indexmap = "2" +oci-distribution = { git = "https://github.com/fermyon/oci-distribution", rev = "7e4ce9be9bcd22e78a28f06204931f10c44402ba" } +semver = "1" +serde = { version = "1", features = ["derive"] } +serde_json = "1" +spin-common = { path = "../common" } +spin-componentize = { path = "../componentize" } +spin-compose = { path = "../compose" } +spin-loader = { path = "../loader" } +spin-manifest = { path = "../manifest" } +spin-serde = { path = "../serde" } +toml = { workspace = true } +tokio = { version = "1.23", features = ["fs"] } +tracing = { workspace = true } +wac-parser = "0.7.0" +wac-resolver = "0.7.0" +wac-types = "0.7.0" +wasm-pkg-client = { workspace = true } +wasmparser = { workspace = true } +wit-component = { workspace = true } +wit-parser = { workspace = true } + +[dev-dependencies] +wit-component = { workspace = true, features = ["dummy-module"] } +wit-encoder = "0.235" + +[lints] +workspace = true diff --git a/crates/environments/src/environment.rs b/crates/environments/src/environment.rs new file mode 100644 index 0000000000..757c4f09f6 --- /dev/null +++ b/crates/environments/src/environment.rs @@ -0,0 +1,474 @@ +use std::{collections::HashMap, path::Path}; + +use anyhow::Context; +use spin_common::ui::quoted_path; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +mod definition; +mod env_loader; +mod lockfile; + +use definition::WorldName; + +/// A fully realised deployment environment, e.g. Spin 2.7, +/// SpinKube 3.1, Fermyon Cloud. The `TargetEnvironment` provides a mapping +/// from the Spin trigger types supported in the environment to the Component Model worlds +/// supported by that trigger type. (A trigger type may support more than one world, +/// for example when it supports multiple versions of the Spin or WASI interfaces.) +pub struct TargetEnvironment { + name: String, + trigger_worlds: HashMap, + trigger_capabilities: HashMap>, + unknown_trigger: UnknownTrigger, + unknown_capabilities: Vec, +} + +impl TargetEnvironment { + /// Loads the specified list of environments. This fetches all required + /// environment definitions from their references, and then chases packages + /// references until the entire target environment is fully loaded. + /// The function also caches registry references in the application directory, + /// to avoid loading from the network when the app is validated again. + pub async fn load_all( + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, + ) -> anyhow::Result> { + env_loader::load_environments(env_ids, cache_root, app_dir).await + } + + /// The environment name for UI purposes + pub fn name(&self) -> &str { + &self.name + } + + /// Returns true if the given trigger type can run in this environment. + pub fn supports_trigger_type(&self, trigger_type: &TriggerType) -> bool { + self.unknown_trigger.allows(trigger_type) || self.trigger_worlds.contains_key(trigger_type) + } + + /// Lists all worlds supported for the given trigger type in this environment. + pub fn worlds(&self, trigger_type: &TriggerType) -> &CandidateWorlds { + self.trigger_worlds + .get(trigger_type) + .or_else(|| self.unknown_trigger.worlds()) + .unwrap_or(NO_WORLDS) + } + + /// Lists all host capabilities supported for the given trigger type in this environment. + pub fn capabilities(&self, trigger_type: &TriggerType) -> &[String] { + self.trigger_capabilities + .get(trigger_type) + .unwrap_or(&self.unknown_capabilities) + } +} + +/// How a `TargetEnvironment` should validate components associated with trigger types +/// not listed in the/ environment definition. This is used for best-effort validation in +/// extensible environments. +/// +/// For example, a "forgiving" definition of Spin CLI environment would +/// validate that components associated with `cron` or `sqs` triggers adhere +/// to the platform world, even though it cannot validate that the exports are correct +/// or that the plugins are installed or up to date. This can result in failure at +/// runtime, but that may be better than refusing to let cron jobs run! +/// +/// On the other hand, the SpinKube environment rejects unknown triggers +/// because SpinKube does not allow arbitrary triggers to be linked at +/// runtime: the set of triggers is static for a given version. +enum UnknownTrigger { + /// Components for unknown trigger types fail validation. + Deny, + /// Components for unknown trigger types pass validation if they + /// conform to (at least) one of the listed worlds. + Allow(CandidateWorlds), +} + +impl UnknownTrigger { + fn allows(&self, _trigger_type: &TriggerType) -> bool { + matches!(self, Self::Allow(_)) + } + + fn worlds(&self) -> Option<&CandidateWorlds> { + match self { + Self::Deny => None, + Self::Allow(cw) => Some(cw), + } + } +} + +/// The set of worlds that a particular trigger type (in a given environment) +/// can accept. For example, the Spin 3.2 CLI `http` trigger accepts various +/// versions of the `spin:up/http-trigger` world. +/// +/// A component will pass target validation if it conforms to +/// at least one of these worlds. +#[derive(Default)] +pub struct CandidateWorlds { + worlds: Vec, +} + +impl<'a> IntoIterator for &'a CandidateWorlds { + type Item = &'a CandidateWorld; + + type IntoIter = std::slice::Iter<'a, CandidateWorld>; + + fn into_iter(self) -> Self::IntoIter { + self.worlds.iter() + } +} + +const NO_WORLDS: &CandidateWorlds = &CandidateWorlds { worlds: vec![] }; + +/// A WIT world; specifically, a WIT world provided by a Spin host, against which +/// a component can be validated. +pub struct CandidateWorld { + world: WorldName, + package: wit_parser::Package, + package_bytes: Vec, +} + +impl std::fmt::Display for CandidateWorld { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + self.world.fmt(f) + } +} + +impl CandidateWorld { + /// Namespaced but unversioned package name (e.g. spin:up) + pub fn package_namespaced_name(&self) -> String { + format!("{}:{}", self.package.name.namespace, self.package.name.name) + } + + /// The package version for the environment package. + pub fn package_version(&self) -> Option<&semver::Version> { + self.package.name.version.as_ref() + } + + /// The Wasm-encoded bytes of the environment package. + pub fn package_bytes(&self) -> &[u8] { + &self.package_bytes + } + + fn from_package_bytes(world: &WorldName, bytes: Vec) -> anyhow::Result { + let decoded = wit_component::decode(&bytes) + .with_context(|| format!("Failed to decode package for environment {world}"))?; + let package_id = decoded.package(); + let package = decoded + .resolve() + .packages + .get(package_id) + .with_context(|| { + format!("The {world} package is invalid (no package for decoded package ID)") + })? + .clone(); + + Ok(Self { + world: world.to_owned(), + package, + package_bytes: bytes, + }) + } + + fn from_decoded_wasm( + world: &WorldName, + source: &Path, + decoded: wit_parser::decoding::DecodedWasm, + ) -> anyhow::Result { + let package_id = decoded.package(); + let package = decoded + .resolve() + .packages + .get(package_id) + .with_context(|| { + format!( + "The {} environment is invalid (no package for decoded package ID)", + quoted_path(source) + ) + })? + .clone(); + + let bytes = wit_component::encode(decoded.resolve(), package_id)?; + + Ok(Self { + world: world.to_owned(), + package, + package_bytes: bytes, + }) + } +} + +pub(super) fn is_versioned(env_id: &str) -> bool { + env_id.contains(':') +} + +pub type TriggerType = String; + +#[cfg(test)] +mod test { + use super::*; + + use std::path::PathBuf; + + const SIMPLE_WIT_DIR: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/tests/simple-wit"); + + /// Construct a CandidateWorlds that matches only the named" world. + fn load_simple_world(wit_path: &Path, world: &str) -> CandidateWorlds { + let mut resolve = wit_parser::Resolve::default(); + let (id, _) = resolve + .push_dir(wit_path) + .expect("should have pushed WIT dir"); + let package_bytes = + wit_component::encode(&resolve, id).expect("should have encoded world package"); + + let world_name = WorldName::try_from(world.to_owned()).unwrap(); + let simple_world = CandidateWorld::from_package_bytes(&world_name, package_bytes) + .expect("should have loaded world package"); + + CandidateWorlds { + worlds: vec![simple_world], + } + } + + /// Build an environment using the given WIT that maps the "s" trigger + /// to the "spin:test/simple@1.0.0" world (and denies all other triggers). + fn target_simple_world(wit_path: &Path) -> TargetEnvironment { + let candidate_worlds = load_simple_world(wit_path, "spin:test/simple@1.0.0"); + + TargetEnvironment { + name: "test".to_owned(), + trigger_worlds: [("s".to_owned(), candidate_worlds)].into_iter().collect(), + trigger_capabilities: Default::default(), + unknown_trigger: UnknownTrigger::Deny, + unknown_capabilities: Default::default(), + } + } + + /// Build an environment using the given WIT that maps all triggers to + /// the "spin:test/simple-import-only@1.0.0" world. (This isn't a very realistic example + /// because a fallback world would usually be imports-only.) + fn target_import_only_forgiving(wit_path: &Path) -> TargetEnvironment { + let candidate_worlds = load_simple_world(wit_path, "spin:test/simple-import-only@1.0.0"); + + TargetEnvironment { + name: "test".to_owned(), + trigger_worlds: [].into_iter().collect(), + trigger_capabilities: Default::default(), + unknown_trigger: UnknownTrigger::Allow(candidate_worlds), + unknown_capabilities: Default::default(), + } + } + + #[tokio::test] + async fn can_validate_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new("scomp", "scomp.wasm", wasm, vec![]); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + + #[tokio::test] + async fn can_validate_component_for_unknown_trigger() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + // The actual component has an export, although the target world can't check that + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_import_only_forgiving(&wit_path); + + // E.g. a plugin trigger that isn't part of the Spin CLI + let non_existent_trigger = "farmer-buckleys-trousers-explode".to_owned(); + + assert!(env.supports_trigger_type(&non_existent_trigger)); + + let component = crate::ComponentToValidate::new("comp", "comp.wasm", wasm, vec![]); + let errs = crate::validate_component_against_environments( + &[env], + &non_existent_trigger, + &component, + ) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + + #[tokio::test] + async fn can_validate_component_with_host_requirement() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let mut env = target_simple_world(&wit_path); + env.trigger_capabilities.insert( + "s".to_owned(), + vec![ + "local_spline_reticulation".to_owned(), + "nice_cup_of_tea".to_owned(), + ], + ); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new( + "cscomp", + "cscomp.wasm", + wasm, + vec!["nice_cup_of_tea".to_string()], + ); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!( + errs.is_empty(), + "{}", + errs.iter() + .map(|e| e.to_string()) + .collect::>() + .join("\n") + ); + } + + #[tokio::test] + async fn unavailable_import_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/not-so-simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + let component = crate::ComponentToValidate::new("nscomp", "nscomp.wasm", wasm, vec![]); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component nscomp (nscomp.wasm) can't run in environment test"), + "unexpected error {err}" + ); + assert!(err.contains( + "world spin:test/simple@1.0.0 does not provide an import named spin:test/evil@1.0.0" + ), "unexpected error {err}"); + } + + #[tokio::test] + async fn unprovided_export_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/too-darn-simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + let component = crate::ComponentToValidate::new("tdscomp", "tdscomp.wasm", wasm, vec![]); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component tdscomp (tdscomp.wasm) can't run in environment test"), + "unexpected error {err}" + ); + } + + #[tokio::test] + async fn unsupported_host_req_invalidates_component() { + let wit_path = PathBuf::from(SIMPLE_WIT_DIR); + + let wit_text = tokio::fs::read_to_string(wit_path.join("world.wit")) + .await + .unwrap(); + let wasm = generate_dummy_component(&wit_text, "spin:test/simple@1.0.0"); + + let env = target_simple_world(&wit_path); + + assert!(env.supports_trigger_type(&"s".to_owned())); + assert!(!env.supports_trigger_type(&"t".to_owned())); + + let component = crate::ComponentToValidate::new( + "cscomp", + "cscomp.wasm", + wasm, + vec!["nice_cup_of_tea".to_string()], + ); + let errs = + crate::validate_component_against_environments(&[env], &"s".to_owned(), &component) + .await; + assert!(!errs.is_empty()); + + let err = errs[0].to_string(); + assert!( + err.contains("Component cscomp can't run in environment test"), + "unexpected error {err}" + ); + assert!(err.contains("nice_cup_of_tea"), "unexpected error {err}"); + } + + fn generate_dummy_component(wit: &str, world: &str) -> Vec { + let mut resolve = wit_parser::Resolve::default(); + let package_id = resolve.push_str("test", wit).expect("should parse WIT"); + let world_id = resolve + .select_world(package_id, Some(world)) + .expect("should select world"); + + let mut wasm = wit_component::dummy_module( + &resolve, + world_id, + wit_parser::ManglingAndAbi::Legacy(wit_parser::LiftLowerAbi::Sync), + ); + wit_component::embed_component_metadata( + &mut wasm, + &resolve, + world_id, + wit_component::StringEncoding::UTF8, + ) + .expect("should embed component metadata"); + + let mut encoder = wit_component::ComponentEncoder::default() + .validate(true) + .module(&wasm) + .expect("should set module"); + encoder.encode().expect("should encode component") + } +} diff --git a/crates/environments/src/environment/definition.rs b/crates/environments/src/environment/definition.rs new file mode 100644 index 0000000000..2bdf4a3645 --- /dev/null +++ b/crates/environments/src/environment/definition.rs @@ -0,0 +1,187 @@ +//! Environment definition types and serialisation (TOML) formats +//! +//! This module does *not* cover loading those definitions from remote +//! sources, or materialising WIT packages from files or registry references - +//! only the types. + +use std::collections::HashMap; + +use anyhow::Context; + +/// An environment definition, usually deserialised from a TOML document. +/// Example: +/// +/// ```ignore +/// # spin-up.3.2.toml +/// [triggers] +/// http = { worlds = ["spin:up/http-trigger@3.2.0", "spin:up/http-trigger-rc20231018@3.2.0"], capabilities = ["local_service_chaining"] } +/// redis = { worlds = ["spin:up/redis-trigger@3.2.0"] } +/// ``` +#[derive(Debug, serde::Deserialize)] +#[serde(deny_unknown_fields)] +pub struct EnvironmentDefinition { + triggers: HashMap, + #[serde(default)] + default: Option, +} + +/// The environment definition for a trigger, comprising the worlds which are +/// compatible with that trigger and the host capabilities which the trigger +/// supports. +#[derive(Debug, serde::Deserialize)] +#[serde(deny_unknown_fields)] +pub struct TriggerEnvironment { + worlds: Vec, + #[serde(default)] + capabilities: Vec, +} + +impl TriggerEnvironment { + pub fn world_refs(&self) -> &[WorldRef] { + &self.worlds + } + + pub fn capabilities(&self) -> Vec { + self.capabilities.clone() + } +} + +impl EnvironmentDefinition { + pub fn triggers(&self) -> &HashMap { + &self.triggers + } + + pub fn default(&self) -> Option<&TriggerEnvironment> { + self.default.as_ref() + } +} + +/// A reference to a world in an [EnvironmentDefinition]. This is formed +/// of a fully qualified (ns:pkg/id) world name, optionally with +/// a location from which to get the package (a registry or WIT directory). +#[derive(Clone, Debug, serde::Deserialize)] +#[serde(untagged, deny_unknown_fields)] +pub enum WorldRef { + DefaultRegistry(WorldName), + Registry { + registry: String, + world: WorldName, + }, + WitDirectory { + path: std::path::PathBuf, + world: WorldName, + }, +} + +/// The qualified name of a world, e.g. spin:up/http-trigger@3.2.0. +/// +/// (Internally it is represented as a PackageName plus unqualified +/// world name, but it stringises to the standard WIT qualified name.) +#[derive(Clone, Debug, serde::Deserialize)] +#[serde(try_from = "String")] +pub struct WorldName { + package: wit_parser::PackageName, + world: String, +} + +impl WorldName { + pub fn package(&self) -> &wit_parser::PackageName { + &self.package + } + + pub fn package_namespaced_name(&self) -> String { + format!("{}:{}", self.package.namespace, self.package.name) + } + + pub fn package_ref(&self) -> anyhow::Result { + let pkg_name = self.package_namespaced_name(); + pkg_name + .parse() + .with_context(|| format!("Environment {pkg_name} is not a valid package name")) + } + + pub fn package_version(&self) -> Option<&semver::Version> { + self.package.version.as_ref() + } +} + +impl TryFrom for WorldName { + type Error = anyhow::Error; + + fn try_from(value: String) -> Result { + use wasmparser::names::{ComponentName, ComponentNameKind}; + + // World qnames have the same syntactic form as interface qnames + let parsed = ComponentName::new(&value, 0)?; + let ComponentNameKind::Interface(itf) = parsed.kind() else { + anyhow::bail!("{value} is not a well-formed world name"); + }; + + let package = wit_parser::PackageName { + namespace: itf.namespace().to_string(), + name: itf.package().to_string(), + version: itf.version(), + }; + + let world = itf.interface().to_string(); + + Ok(Self { package, world }) + } +} + +impl std::fmt::Display for WorldName { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.write_str(&self.package.namespace)?; + f.write_str(":")?; + f.write_str(&self.package.name)?; + f.write_str("/")?; + f.write_str(&self.world)?; + + if let Some(v) = self.package.version.as_ref() { + f.write_str("@")?; + f.write_str(&v.to_string())?; + } + + Ok(()) + } +} + +#[cfg(test)] +mod test { + use super::*; + + #[test] + fn can_parse_versioned_world_name() { + let text = "ns:name/world@1.0.0"; + let w = WorldName::try_from(text.to_owned()).unwrap(); + + assert_eq!("ns", w.package().namespace); + assert_eq!("name", w.package().name); + assert_eq!("ns:name", w.package_namespaced_name()); + assert_eq!("ns", w.package_ref().unwrap().namespace().to_string()); + assert_eq!("name", w.package_ref().unwrap().name().to_string()); + assert_eq!("world", w.world); + assert_eq!( + &semver::Version::new(1, 0, 0), + w.package().version.as_ref().unwrap() + ); + + assert_eq!(text, w.to_string()); + } + + #[test] + fn can_parse_unversioned_world_name() { + let text = "ns:name/world"; + let w = WorldName::try_from("ns:name/world".to_owned()).unwrap(); + + assert_eq!("ns", w.package().namespace); + assert_eq!("name", w.package().name); + assert_eq!("ns:name", w.package_namespaced_name()); + assert_eq!("ns", w.package_ref().unwrap().namespace().to_string()); + assert_eq!("name", w.package_ref().unwrap().name().to_string()); + assert_eq!("world", w.world); + assert!(w.package().version.is_none()); + + assert_eq!(text, w.to_string()); + } +} diff --git a/crates/environments/src/environment/env_loader.rs b/crates/environments/src/environment/env_loader.rs new file mode 100644 index 0000000000..aea9f6aafc --- /dev/null +++ b/crates/environments/src/environment/env_loader.rs @@ -0,0 +1,362 @@ +//! Loading target environments, from a list of references through to +//! a fully realised collection of WIT packages with their worlds and +//! mappings. + +use std::{collections::HashMap, path::Path}; + +use anyhow::{anyhow, Context}; +use futures::future::try_join_all; +use spin_common::ui::quoted_path; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +use super::definition::{EnvironmentDefinition, WorldName, WorldRef}; +use super::lockfile::TargetEnvironmentLockfile; +use super::{is_versioned, CandidateWorld, CandidateWorlds, TargetEnvironment, UnknownTrigger}; + +const DEFAULT_ENV_DEF_REGISTRY_PREFIX: &str = "ghcr.io/spinframework/environments"; +const DEFAULT_PACKAGE_REGISTRY: &str = "spinframework.dev"; + +/// Load all the listed environments from their registries or paths. +/// Registry data will be cached, with a lockfile under `.spin` mapping +/// environment IDs to digests (to allow cache lookup without needing +/// to fetch the digest from the registry). +pub async fn load_environments( + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, +) -> anyhow::Result> { + if env_ids.is_empty() { + return Ok(Default::default()); + } + + let cache = spin_loader::cache::Cache::new(cache_root) + .await + .context("Unable to create cache")?; + let lockfile_dir = app_dir.join(".spin"); + let lockfile_path = lockfile_dir.join("target-environments.lock"); + + let orig_lockfile: TargetEnvironmentLockfile = tokio::fs::read_to_string(&lockfile_path) + .await + .ok() + .and_then(|s| serde_json::from_str(&s).ok()) + .unwrap_or_default(); + let lockfile = std::sync::Arc::new(tokio::sync::RwLock::new(orig_lockfile.clone())); + + let envs = try_join_all( + env_ids + .iter() + .map(|e| load_environment(e, app_dir, &cache, &lockfile)), + ) + .await?; + + let final_lockfile = &*lockfile.read().await; + if *final_lockfile != orig_lockfile { + if let Ok(lockfile_json) = serde_json::to_string_pretty(&final_lockfile) { + _ = tokio::fs::create_dir_all(lockfile_dir).await; + _ = tokio::fs::write(&lockfile_path, lockfile_json).await; // failure to update lockfile is not an error + } + } + + Ok(envs) +} + +/// Loads the given `TargetEnvironment` from a registry or directory. +async fn load_environment( + env_id: &TargetEnvironmentRef, + app_dir: &Path, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + match env_id { + TargetEnvironmentRef::DefaultRegistry(id) => { + load_environment_from_registry(DEFAULT_ENV_DEF_REGISTRY_PREFIX, id, cache, lockfile) + .await + } + TargetEnvironmentRef::Registry { registry, id } => { + load_environment_from_registry(registry, id, cache, lockfile).await + } + TargetEnvironmentRef::File { path } => { + load_environment_from_file(app_dir.join(path), cache, lockfile).await + } + } +} + +/// Loads a `TargetEnvironment` from the environment definition at the given +/// registry location. The environment and any remote packages it references will be used +/// from cache if available; otherwise, they will be saved to the cache, and the +/// in-memory lockfile object updated. +async fn load_environment_from_registry( + registry: &str, + env_id: &str, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let env_def_toml = load_env_def_toml_from_registry(registry, env_id, cache, lockfile).await?; + load_environment_from_toml(env_id, &env_def_toml, None, cache, lockfile).await +} + +/// Loads a `TargetEnvironment` from the given TOML file. Any remote packages +/// it references will be used from cache if available; otherwise, they will be saved +/// to the cache, and the in-memory lockfile object updated. +async fn load_environment_from_file( + path: impl AsRef, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let path = path.as_ref(); + let env_def_dir = path.parent(); + let name = path + .file_stem() + .and_then(|s| s.to_str()) + .map(|s| s.to_owned()) + .unwrap(); + let toml_text = tokio::fs::read_to_string(path).await.with_context(|| { + format!( + "unable to read target environment from {}", + quoted_path(path) + ) + })?; + load_environment_from_toml(&name, &toml_text, env_def_dir, cache, lockfile).await +} + +/// Loads a `TargetEnvironment` from the given TOML text. Any remote packages +/// it references will be used from cache if available; otherwise, they will be saved +/// to the cache, and the in-memory lockfile object updated. +async fn load_environment_from_toml( + name: &str, + toml_text: &str, + relative_to_dir: Option<&Path>, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let env: EnvironmentDefinition = toml::from_str(toml_text)?; + + let mut trigger_worlds = HashMap::new(); + let mut trigger_capabilities = HashMap::new(); + + // TODO: parallel all the things + // TODO: this loads _all_ triggers not just the ones we need + for (trigger_type, trigger_env) in env.triggers() { + trigger_worlds.insert( + trigger_type.to_owned(), + load_worlds(trigger_env.world_refs(), relative_to_dir, cache, lockfile).await?, + ); + trigger_capabilities.insert(trigger_type.to_owned(), trigger_env.capabilities()); + } + + let unknown_trigger = match env.default() { + None => UnknownTrigger::Deny, + Some(env) => UnknownTrigger::Allow( + load_worlds(env.world_refs(), relative_to_dir, cache, lockfile).await?, + ), + }; + let unknown_capabilities = match env.default() { + None => vec![], + Some(env) => env.capabilities(), + }; + + Ok(TargetEnvironment { + name: name.to_owned(), + trigger_worlds, + trigger_capabilities, + unknown_trigger, + unknown_capabilities, + }) +} + +/// Loads the text (assumed to be TOML) from the environment definition at the given +/// registry location. The environment will be used from cache if available; otherwise, +/// it be saved to the cache, and the in-memory lockfile object updated. +async fn load_env_def_toml_from_registry( + registry: &str, + env_id: &str, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + if let Some(digest) = lockfile.read().await.env_digest(registry, env_id) { + if let Ok(cache_file) = cache.data_file(digest) { + if let Ok(bytes) = tokio::fs::read(&cache_file).await { + return Ok(String::from_utf8_lossy(&bytes).to_string()); + } + } + } + + let (bytes, digest) = download_env_def_file(registry, env_id) + .await + .with_context(|| format!("downloading target environment {env_id} from {registry}"))?; + + let toml_text = String::from_utf8_lossy(&bytes).to_string(); + + _ = cache.write_data(bytes, &digest).await; + lockfile + .write() + .await + .set_env_digest(registry, env_id, &digest); + + Ok(toml_text) +} + +/// Downloads a single-layer document from the given registry. +/// (You can create a suitable document with e.g. `oras push ghcr.io/my/envs/sample:1.0 sample.toml`.) +/// The image must be publicly accessible (which is *NOT* the default with GHCR). +/// +/// The return value is a tuple of (content, digest). +async fn download_env_def_file(registry: &str, env_id: &str) -> anyhow::Result<(Vec, String)> { + // This implies env_id is in the format spin-up:3.2 + let registry_id = if is_versioned(env_id) { + env_id.to_string() + } else { + // Testing versionless tags with GHCR it didn't work + // TODO: is this expected or am I being a dolt + // TODO: is this a suitable workaround + format!("{env_id}:latest") + }; + + let reference = format!("{registry}/{registry_id}"); + let reference = oci_distribution::Reference::try_from(reference)?; + + let config = oci_distribution::client::ClientConfig::default(); + let client = oci_distribution::client::Client::new(config); + let auth = oci_distribution::secrets::RegistryAuth::Anonymous; + + let (manifest, digest) = client.pull_manifest(&reference, &auth).await?; + + let im = match manifest { + oci_distribution::manifest::OciManifest::Image(im) => im, + oci_distribution::manifest::OciManifest::ImageIndex(_) => { + anyhow::bail!("unexpected registry format for {reference}") + } + }; + + let count = im.layers.len(); + + if count != 1 { + anyhow::bail!("artifact {reference} should have had exactly one layer"); + } + + let the_layer = &im.layers[0]; + let mut out = Vec::with_capacity(the_layer.size.try_into().unwrap_or_default()); + client.pull_blob(&reference, the_layer, &mut out).await?; + + Ok((out, digest)) +} + +async fn load_worlds( + world_refs: &[WorldRef], + relative_to_dir: Option<&Path>, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + let mut worlds = vec![]; + + for world_ref in world_refs { + worlds.push(load_world(world_ref, relative_to_dir, cache, lockfile).await?); + } + + Ok(CandidateWorlds { worlds }) +} + +async fn load_world( + world_ref: &WorldRef, + relative_to_dir: Option<&Path>, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + match world_ref { + WorldRef::DefaultRegistry(world) => { + load_world_from_registry(DEFAULT_PACKAGE_REGISTRY, world, cache, lockfile).await + } + WorldRef::Registry { registry, world } => { + load_world_from_registry(registry, world, cache, lockfile).await + } + WorldRef::WitDirectory { path, world } => { + let path = match relative_to_dir { + Some(dir) => dir.join(path), + None => path.to_owned(), + }; + load_world_from_dir(&path, world) + } + } +} + +fn load_world_from_dir( + path: impl AsRef, + world: &WorldName, +) -> anyhow::Result { + let path = path.as_ref(); + let mut resolve = wit_parser::Resolve::default(); + let (pkg_id, _) = resolve.push_dir(path)?; + let decoded = wit_parser::decoding::DecodedWasm::WitPackage(resolve, pkg_id); + CandidateWorld::from_decoded_wasm(world, path, decoded) +} + +/// Loads the given `TargetEnvironment` from the given registry, or +/// from cache if available. If the environment is not in cache, the +/// encoded WIT will be cached, and the in-memory lockfile object +/// updated. +async fn load_world_from_registry( + registry: &str, + world_name: &WorldName, + cache: &spin_loader::cache::Cache, + lockfile: &std::sync::Arc>, +) -> anyhow::Result { + use futures_util::TryStreamExt; + + if let Some(digest) = lockfile + .read() + .await + .package_digest(registry, world_name.package()) + { + if let Ok(cache_file) = cache.wasm_file(digest) { + if let Ok(bytes) = tokio::fs::read(&cache_file).await { + return CandidateWorld::from_package_bytes(world_name, bytes); + } + } + } + + let pkg_name = world_name.package_namespaced_name(); + let pkg_ref = world_name.package_ref()?; + + let wkg_registry: wasm_pkg_client::Registry = registry + .parse() + .with_context(|| format!("Registry {registry} is not a valid registry name"))?; + + let mut wkg_config = wasm_pkg_client::Config::global_defaults().await?; + wkg_config.set_package_registry_override( + pkg_ref, + wasm_pkg_client::RegistryMapping::Registry(wkg_registry), + ); + + let client = wasm_pkg_client::Client::new(wkg_config); + + let package = pkg_name + .to_owned() + .try_into() + .with_context(|| format!("Failed to parse environment name {pkg_name} as package name"))?; + let version = world_name + .package_version() // TODO: surely we can cope with worlds from unversioned packages? surely? + .ok_or_else(|| anyhow!("{world_name} is unversioned: this is not currently supported"))?; + + let release = client + .get_release(&package, version) + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))?; + let stm = client + .stream_content(&package, &release) + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))?; + let bytes = stm + .try_collect::() + .await + .with_context(|| format!("Failed to get {} from registry", world_name.package()))? + .to_vec(); + + let digest = release.content_digest.to_string(); + _ = cache.write_wasm(&bytes, &digest).await; // Failure to cache is not fatal + lockfile + .write() + .await + .set_package_digest(registry, world_name.package(), &digest); + + CandidateWorld::from_package_bytes(world_name, bytes) +} diff --git a/crates/environments/src/environment/lockfile.rs b/crates/environments/src/environment/lockfile.rs new file mode 100644 index 0000000000..e9019b23a8 --- /dev/null +++ b/crates/environments/src/environment/lockfile.rs @@ -0,0 +1,210 @@ +use std::collections::HashMap; + +use super::is_versioned; + +const DIGEST_TTL_HOURS: i64 = 24; + +/// Serialisation format for the lockfile: registry -> env|pkg -> { name -> digest } +#[derive(Clone, Debug, Default, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +pub struct TargetEnvironmentLockfile(HashMap); + +#[derive(Clone, Debug, Default, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +struct Digests { + env: HashMap, + package: HashMap, +} + +#[derive(Clone, Debug, PartialEq, Eq, serde::Serialize, serde::Deserialize)] +#[serde(untagged)] +enum ExpirableDigest { + Forever(String), + Expiring { + digest: String, + correct_at: chrono::DateTime, + }, +} + +impl TargetEnvironmentLockfile { + pub fn env_digest(&self, registry: &str, env_id: &str) -> Option<&str> { + self.0 + .get(registry) + .and_then(|ds| ds.env.get(env_id)) + .and_then(|s| s.current()) + } + + pub fn set_env_digest(&mut self, registry: &str, env_id: &str, digest: &str) { + // If the environment is versioned, we assume it will not change (that is, any changes will + // be reflected as a new version). If the environment is *not* versioned, it represents + // a hosted service which may change over time: allow the cached definition to expire every day or + // so that we do not use a definition that is out of sync with the actual service. + let expirable_digest = if is_versioned(env_id) { + ExpirableDigest::forever(digest) + } else { + ExpirableDigest::expiring(digest) + }; + + match self.0.get_mut(registry) { + Some(ds) => { + ds.env.insert(env_id.to_string(), expirable_digest); + } + None => { + let map = vec![(env_id.to_string(), expirable_digest)] + .into_iter() + .collect(); + let ds = Digests { + env: map, + package: Default::default(), + }; + self.0.insert(registry.to_string(), ds); + } + } + } + + pub fn package_digest( + &self, + registry: &str, + package: &wit_parser::PackageName, + ) -> Option<&str> { + self.0 + .get(registry) + .and_then(|ds| ds.package.get(&package.to_string())) + .map(|s| s.as_str()) + } + + pub fn set_package_digest( + &mut self, + registry: &str, + package: &wit_parser::PackageName, + digest: &str, + ) { + match self.0.get_mut(registry) { + Some(ds) => { + ds.package.insert(package.to_string(), digest.to_string()); + } + None => { + let map = vec![(package.to_string(), digest.to_string())] + .into_iter() + .collect(); + let ds = Digests { + env: Default::default(), + package: map, + }; + self.0.insert(registry.to_string(), ds); + } + } + } +} + +impl ExpirableDigest { + fn current(&self) -> Option<&str> { + match self { + Self::Forever(digest) => Some(digest), + Self::Expiring { digest, correct_at } => { + let now = chrono::Utc::now(); + let time_since = now - correct_at; + if time_since.abs().num_hours() > DIGEST_TTL_HOURS { + None + } else { + Some(digest) + } + } + } + } + + fn forever(digest: &str) -> Self { + Self::Forever(digest.to_string()) + } + + fn expiring(digest: &str) -> Self { + Self::Expiring { + digest: digest.to_string(), + correct_at: chrono::Utc::now(), + } + } +} + +#[cfg(test)] +mod test { + use super::*; + + const DUMMY_REG: &str = "reggy-mc-regface"; + + #[test] + fn versioned_envs_have_no_expiry() { + const TEST_ENV: &str = "my-env:1.0"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + + let json = serde_json::to_value(&lockfile).unwrap(); + + let saved_digest = json + .get(DUMMY_REG) + .and_then(|j| j.get("env")) + .and_then(|j| j.get(TEST_ENV)) + .expect("should have had recorded a digest"); + let saved_digest = saved_digest + .as_str() + .expect("saved digest should have been a string"); + assert_eq!(TEST_DIGEST, saved_digest); + } + + #[test] + fn unversioned_envs_expire() { + const TEST_ENV: &str = "my-env"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + + let json = serde_json::to_value(&lockfile).unwrap(); + + let saved_digest = json + .get(DUMMY_REG) + .and_then(|j| j.get("env")) + .and_then(|j| j.get(TEST_ENV)) + .expect("should have recorded a digest"); + let saved_digest = saved_digest + .as_object() + .expect("saved digest should have been an object"); + assert_eq!(TEST_DIGEST, saved_digest.get("digest").unwrap()); + assert!(saved_digest + .get("correct_at") + .is_some_and(|v| v.is_string())); + } + + #[test] + fn expired_env_digests_are_not_returned() { + const TEST_ENV: &str = "my-env"; + const TEST_DIGEST: &str = "12345"; + + let mut lockfile = TargetEnvironmentLockfile::default(); + lockfile.set_env_digest(DUMMY_REG, TEST_ENV, TEST_DIGEST); + assert_eq!( + TEST_DIGEST, + lockfile + .env_digest(DUMMY_REG, TEST_ENV) + .expect("should have returned env digest") + ); + + // Pass this legit lockfile through JSON and massage the digest date to be old. NEARLY AS OLD AS ME + let mut json = serde_json::to_value(&lockfile).unwrap(); + let digest = json + .get_mut(DUMMY_REG) + .and_then(|j| j.get_mut("env")) + .and_then(|j| j.get_mut(TEST_ENV)) + .expect("should have recorded a digest"); + let digest = digest + .as_object_mut() + .expect("saved digest should have been an object"); + digest.insert( + "correct_at".to_string(), + serde_json::to_value("1969-12-31T01:01:01.001001001Z").unwrap(), + ); + let stale_lockfile: TargetEnvironmentLockfile = serde_json::from_value(json).unwrap(); + + // It should not give us the potentially stale digest + assert!(stale_lockfile.env_digest(DUMMY_REG, TEST_ENV).is_none()); + } +} diff --git a/crates/environments/src/lib.rs b/crates/environments/src/lib.rs new file mode 100644 index 0000000000..7b0c83f9b6 --- /dev/null +++ b/crates/environments/src/lib.rs @@ -0,0 +1,244 @@ +use anyhow::{anyhow, Context}; + +mod environment; +mod loader; + +use environment::{CandidateWorld, CandidateWorlds, TargetEnvironment, TriggerType}; +pub use loader::ApplicationToValidate; +use loader::ComponentToValidate; +use spin_manifest::schema::v2::TargetEnvironmentRef; + +/// The result of validating an application against a list of target environments. +/// If `is_ok` returns true (or equivalently if the `errors` collection is empty), +/// the application passed validation, and can run in all the environments against +/// which it was checked. Otherwise, at least one component cannot run in at least +/// one target environment, and the `errors` collection contains the details. +#[derive(Default)] +pub struct TargetEnvironmentValidation(Vec); + +impl TargetEnvironmentValidation { + pub fn is_ok(&self) -> bool { + self.0.is_empty() + } + + pub fn errors(&self) -> &[anyhow::Error] { + &self.0 + } +} + +/// Validates *all* application components against the list of referenced target enviroments. Each component must conform +/// to *all* environments to pass. +/// +/// If the return value is `Ok(...)`, this means only that we were able to perform the validation. +/// The caller **MUST** still check the returned [TargetEnvironmentValidation] to determine the +/// outcome of validation. +/// +/// If the return value is `Err(...)`, then we weren't able even to attempt validation. +pub async fn validate_application_against_environment_ids( + application: &ApplicationToValidate, + env_ids: &[TargetEnvironmentRef], + cache_root: Option, + app_dir: &std::path::Path, +) -> anyhow::Result { + if env_ids.is_empty() { + return Ok(Default::default()); + } + + let envs = TargetEnvironment::load_all(env_ids, cache_root, app_dir).await?; + validate_application_against_environments(application, &envs).await +} + +/// Validates *all* application components against the list of (realised) target enviroments. Each component must conform +/// to *all* environments to pass. +/// +/// For the slightly funky return type, see [validate_application_against_environment_ids]. +async fn validate_application_against_environments( + application: &ApplicationToValidate, + envs: &[TargetEnvironment], +) -> anyhow::Result { + for trigger_type in application.trigger_types() { + if let Some(env) = envs.iter().find(|e| !e.supports_trigger_type(trigger_type)) { + anyhow::bail!( + "Environment {} does not support trigger type {trigger_type}", + env.name() + ); + } + } + + let components_by_trigger_type = application.components_by_trigger_type().await?; + + let mut errs = vec![]; + + for (trigger_type, component) in components_by_trigger_type { + for component in &component { + errs.extend( + validate_component_against_environments(envs, &trigger_type, component).await, + ); + } + } + + Ok(TargetEnvironmentValidation(errs)) +} + +/// Validates the component against the list of target enviroments. The component must conform +/// to *all* environments to pass. +/// +/// The return value contains the list of validation errors. There may be up to one error per +/// target environment, explaining why the component cannot run in that environment. +/// An empty list means the component has passed validation and is compatible with +/// all target environments. +async fn validate_component_against_environments( + envs: &[TargetEnvironment], + trigger_type: &TriggerType, + component: &ComponentToValidate<'_>, +) -> Vec { + let mut errs = vec![]; + + for env in envs { + let worlds = env.worlds(trigger_type); + if let Some(e) = validate_wasm_against_any_world(env, worlds, component) + .await + .err() + { + errs.push(e); + } + + let host_caps = env.capabilities(trigger_type); + if let Some(e) = validate_host_reqs(env, host_caps, component).err() { + errs.push(e); + } + } + + if errs.is_empty() { + tracing::info!( + "Validated component {} {} against all target worlds", + component.id(), + component.source_description() + ); + } + + errs +} + +/// Validates the component against the list of candidate worlds. The component must conform +/// to *at least one* candidate world to pass (since if it can run in one world provided by +/// the target environment, it can run in the target environment). +async fn validate_wasm_against_any_world( + env: &TargetEnvironment, + worlds: &CandidateWorlds, + component: &ComponentToValidate<'_>, +) -> anyhow::Result<()> { + let mut result = Ok(()); + for target_world in worlds { + tracing::debug!( + "Trying component {} {} against target world {target_world}", + component.id(), + component.source_description(), + ); + match validate_wasm_against_world(env, target_world, component).await { + Ok(()) => { + tracing::info!( + "Validated component {} {} against target world {target_world}", + component.id(), + component.source_description(), + ); + return Ok(()); + } + Err(e) => { + // Record the error, but continue in case a different world succeeds + tracing::info!( + "Rejecting component {} {} for target world {target_world} because {e:?}", + component.id(), + component.source_description(), + ); + result = Err(e); + } + } + } + result +} + +async fn validate_wasm_against_world( + env: &TargetEnvironment, + target_world: &CandidateWorld, + component: &ComponentToValidate<'_>, +) -> anyhow::Result<()> { + // Because we are abusing a composition tool to do validation, we have to + // provide a name by which to refer to the component in the dummy composition. + let component_name = "root:component"; + let component_key = wac_types::BorrowedPackageKey::from_name_and_version(component_name, None); + + // wac is going to get the world from the environment package bytes. + // This constructs a key for that mapping. + let env_pkg_name = target_world.package_namespaced_name(); + let env_pkg_key = wac_types::BorrowedPackageKey::from_name_and_version( + &env_pkg_name, + target_world.package_version(), + ); + + let env_name = env.name(); + + let wac_text = format!( + r#" + package validate:component@1.0.0 targets {target_world}; + let c = new {component_name} {{ ... }}; + export c...; + "# + ); + + let doc = wac_parser::Document::parse(&wac_text) + .context("Internal error constructing WAC document for target checking")?; + + let mut packages: indexmap::IndexMap> = + Default::default(); + + packages.insert(env_pkg_key, target_world.package_bytes().to_vec()); + packages.insert(component_key, component.wasm_bytes().to_vec()); + + match doc.resolve(packages) { + Ok(_) => Ok(()), + Err(wac_parser::resolution::Error::TargetMismatch { kind, name, world, .. }) => { + // This one doesn't seem to get hit at the moment - we get MissingTargetExport or ImportNotInTarget instead + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} expects an {} named {name}", component.id(), component.source_description(), kind.to_string().to_lowercase())) + } + Err(wac_parser::resolution::Error::MissingTargetExport { name, world, .. }) => { + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} requires an export named {name}, which the component does not provide", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::PackageMissingExport { export, .. }) => { + // TODO: The export here seems wrong - it seems to contain the world name rather than the interface name + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {target_world} requires an export named {export}, which the component does not provide", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::ImportNotInTarget { name, world, .. }) => { + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because world {world} does not provide an import named {name}, which the component requires", component.id(), component.source_description())) + } + Err(wac_parser::resolution::Error::SpreadExportNoEffect { .. }) => { + // We don't have any name info in this case, but it *may* indicate that the component doesn't provide any export at all + Err(anyhow!("Component {} ({}) can't run in environment {env_name} because it requires an export which the component does not provide", component.id(), component.source_description())) + } + Err(e) => { + Err(anyhow!(e)) + }, + } +} + +fn validate_host_reqs( + env: &TargetEnvironment, + host_caps: &[String], + component: &ComponentToValidate, +) -> anyhow::Result<()> { + let unsatisfied: Vec<_> = component + .host_requirements() + .iter() + .filter(|host_req| !satisfies(host_caps, host_req)) + .cloned() + .collect(); + if unsatisfied.is_empty() { + Ok(()) + } else { + Err(anyhow!("Component {} can't run in environment {} because it requires the feature(s) '{}' which the environment does not support", component.id(), env.name(), unsatisfied.join(", "))) + } +} + +fn satisfies(host_caps: &[String], host_req: &String) -> bool { + host_caps.contains(host_req) +} diff --git a/crates/environments/src/loader.rs b/crates/environments/src/loader.rs new file mode 100644 index 0000000000..fa5639775a --- /dev/null +++ b/crates/environments/src/loader.rs @@ -0,0 +1,289 @@ +//! Loading an application for validation. + +use std::path::Path; + +use anyhow::{anyhow, Context}; +use futures::future::try_join_all; +use spin_common::ui::quoted_path; + +pub(crate) struct ComponentToValidate<'a> { + id: &'a str, + source_description: String, + wasm: Vec, + host_requirements: Vec, +} + +impl ComponentToValidate<'_> { + pub fn id(&self) -> &str { + self.id + } + + pub fn source_description(&self) -> &str { + &self.source_description + } + + pub fn wasm_bytes(&self) -> &[u8] { + &self.wasm + } + + pub fn host_requirements(&self) -> &[String] { + &self.host_requirements + } + + #[cfg(test)] + pub(crate) fn new( + id: &'static str, + description: &str, + wasm: Vec, + host_requirements: Vec, + ) -> Self { + Self { + id, + source_description: description.to_owned(), + wasm, + host_requirements, + } + } +} + +pub struct ApplicationToValidate { + manifest: spin_manifest::schema::v2::AppManifest, + wasm_loader: spin_loader::WasmLoader, +} + +impl ApplicationToValidate { + pub async fn new( + manifest: spin_manifest::schema::v2::AppManifest, + base_dir: impl AsRef, + ) -> anyhow::Result { + let wasm_loader = + spin_loader::WasmLoader::new(base_dir.as_ref().to_owned(), None, None).await?; + Ok(Self { + manifest, + wasm_loader, + }) + } + + fn component_source<'a>( + &'a self, + trigger: &'a spin_manifest::schema::v2::Trigger, + ) -> anyhow::Result> { + let component_spec = trigger + .component + .as_ref() + .ok_or_else(|| anyhow!("No component specified for trigger {}", trigger.id))?; + let (id, source, dependencies, service_chaining) = match component_spec { + spin_manifest::schema::v2::ComponentSpec::Inline(c) => ( + trigger.id.as_str(), + &c.source, + &c.dependencies, + spin_loader::requires_service_chaining(c), + ), + spin_manifest::schema::v2::ComponentSpec::Reference(r) => { + let id = r.as_ref(); + let Some(component) = self.manifest.components.get(r) else { + anyhow::bail!( + "Component {id} specified for trigger {} does not exist", + trigger.id + ); + }; + ( + id, + &component.source, + &component.dependencies, + spin_loader::requires_service_chaining(component), + ) + } + }; + + Ok(ComponentSource { + id, + source, + dependencies: WrappedComponentDependencies::new(dependencies), + requires_service_chaining: service_chaining, + }) + } + + pub fn trigger_types(&self) -> impl Iterator { + self.manifest.triggers.keys() + } + + pub fn triggers( + &self, + ) -> impl Iterator)> { + self.manifest.triggers.iter() + } + + pub(crate) async fn components_by_trigger_type( + &self, + ) -> anyhow::Result>)>> { + use futures::FutureExt; + + let components_by_trigger_type_futs = self.triggers().map(|(ty, ts)| { + self.components_for_trigger(ts) + .map(|css| css.map(|css| (ty.to_owned(), css))) + }); + let components_by_trigger_type = try_join_all(components_by_trigger_type_futs) + .await + .context("Failed to prepare components for target environment checking")?; + Ok(components_by_trigger_type) + } + + async fn components_for_trigger<'a>( + &'a self, + triggers: &'a [spin_manifest::schema::v2::Trigger], + ) -> anyhow::Result>> { + let component_futures = triggers.iter().map(|t| self.load_and_resolve_trigger(t)); + try_join_all(component_futures).await + } + + async fn load_and_resolve_trigger<'a>( + &'a self, + trigger: &'a spin_manifest::schema::v2::Trigger, + ) -> anyhow::Result> { + let component = self.component_source(trigger)?; + + let loader = ComponentSourceLoader::new(&self.wasm_loader); + + let wasm = spin_compose::compose(&loader, &component).await.with_context(|| format!("Spin needed to compose dependencies for {} as part of target checking, but composition failed", component.id))?; + + let host_requirements = if component.requires_service_chaining { + vec!["local_service_chaining".to_string()] + } else { + vec![] + }; + + Ok(ComponentToValidate { + id: component.id, + source_description: source_description(component.source), + wasm, + host_requirements, + }) + } +} + +struct ComponentSource<'a> { + id: &'a str, + source: &'a spin_manifest::schema::v2::ComponentSource, + dependencies: WrappedComponentDependencies, + requires_service_chaining: bool, +} + +struct ComponentSourceLoader<'a> { + wasm_loader: &'a spin_loader::WasmLoader, +} + +impl<'a> ComponentSourceLoader<'a> { + pub fn new(wasm_loader: &'a spin_loader::WasmLoader) -> Self { + Self { wasm_loader } + } +} + +#[async_trait::async_trait] +impl<'a> spin_compose::ComponentSourceLoader for ComponentSourceLoader<'a> { + type Component = ComponentSource<'a>; + type Dependency = WrappedComponentDependency; + async fn load_component_source(&self, source: &Self::Component) -> anyhow::Result> { + let path = self + .wasm_loader + .load_component_source(source.id, source.source) + .await?; + let bytes = tokio::fs::read(&path) + .await + .with_context(|| format!("reading {}", quoted_path(&path)))?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("componentizing {}", quoted_path(&path)))?; + Ok(component.into()) + } + + async fn load_dependency_source(&self, source: &Self::Dependency) -> anyhow::Result> { + let (path, _) = self + .wasm_loader + .load_component_dependency(&source.name, &source.dependency) + .await?; + let bytes = tokio::fs::read(&path) + .await + .with_context(|| format!("reading {}", quoted_path(&path)))?; + let component = spin_componentize::componentize_if_necessary(&bytes) + .with_context(|| format!("componentizing {}", quoted_path(&path)))?; + Ok(component.into()) + } +} + +// This exists only to thwart the orphan rule +struct WrappedComponentDependency { + name: spin_serde::DependencyName, + dependency: spin_manifest::schema::v2::ComponentDependency, +} + +// To manage lifetimes around the thwarting of the orphan rule +struct WrappedComponentDependencies { + dependencies: indexmap::IndexMap, +} + +impl WrappedComponentDependencies { + fn new(deps: &spin_manifest::schema::v2::ComponentDependencies) -> Self { + let dependencies = deps + .inner + .clone() + .into_iter() + .map(|(k, v)| { + ( + k.clone(), + WrappedComponentDependency { + name: k, + dependency: v, + }, + ) + }) + .collect(); + Self { dependencies } + } +} + +#[async_trait::async_trait] +impl spin_compose::ComponentLike for ComponentSource<'_> { + type Dependency = WrappedComponentDependency; + + fn dependencies( + &self, + ) -> impl std::iter::ExactSizeIterator + { + self.dependencies.dependencies.iter() + } + + fn id(&self) -> &str { + self.id + } +} + +#[async_trait::async_trait] +impl spin_compose::DependencyLike for WrappedComponentDependency { + fn inherit(&self) -> spin_compose::InheritConfiguration { + // We don't care because this never runs - it is only used to + // verify import satisfaction. Choosing All avoids the compose + // algorithm meddling with it using the deny adapter. + spin_compose::InheritConfiguration::All + } + + fn export(&self) -> &Option { + match &self.dependency { + spin_manifest::schema::v2::ComponentDependency::Version(_) => &None, + spin_manifest::schema::v2::ComponentDependency::Package { export, .. } => export, + spin_manifest::schema::v2::ComponentDependency::Local { export, .. } => export, + spin_manifest::schema::v2::ComponentDependency::HTTP { export, .. } => export, + } + } +} + +fn source_description(source: &spin_manifest::schema::v2::ComponentSource) -> String { + match source { + spin_manifest::schema::v2::ComponentSource::Local(path) => { + format!("file {}", quoted_path(path)) + } + spin_manifest::schema::v2::ComponentSource::Remote { url, .. } => format!("URL {url}"), + spin_manifest::schema::v2::ComponentSource::Registry { package, .. } => { + format!("package {package}") + } + } +} diff --git a/crates/environments/tests/simple-wit/world.wit b/crates/environments/tests/simple-wit/world.wit new file mode 100644 index 0000000000..a726dce9cb --- /dev/null +++ b/crates/environments/tests/simple-wit/world.wit @@ -0,0 +1,35 @@ +package spin:test@1.0.0; + +interface getter { + get: func() -> u32; +} + +interface trigger { + run: func(); +} + +world simple { + import getter; + export trigger; +} + +world simple-import-only { + import getter; +} + +// These worlds and interface are used for constructing components that +// *don't* comply with the 'simple' world. + +interface evil { + cackle: func(); +} + +world not-so-simple { + import getter; + import evil; + export trigger; +} + +world too-darn-simple { + import getter; +} diff --git a/crates/loader/src/lib.rs b/crates/loader/src/lib.rs index ea64bac40d..31dc952fea 100644 --- a/crates/loader/src/lib.rs +++ b/crates/loader/src/lib.rs @@ -23,6 +23,9 @@ mod fs; mod http; mod local; +pub use local::requires_service_chaining; +pub use local::WasmLoader; + /// Maximum number of files to copy (or download) concurrently pub(crate) const MAX_FILE_LOADING_CONCURRENCY: usize = 16; diff --git a/crates/loader/src/local.rs b/crates/loader/src/local.rs index 511202fb76..9269ff0efe 100644 --- a/crates/loader/src/local.rs +++ b/crates/loader/src/local.rs @@ -25,8 +25,8 @@ use crate::{cache::Cache, FilesMountStrategy}; pub struct LocalLoader { app_root: PathBuf, files_mount_strategy: FilesMountStrategy, - cache: Cache, - file_loading_permits: Semaphore, + file_loading_permits: std::sync::Arc, + wasm_loader: WasmLoader, } impl LocalLoader { @@ -37,12 +37,14 @@ impl LocalLoader { ) -> Result { let app_root = safe_canonicalize(app_root) .with_context(|| format!("Invalid manifest dir `{}`", app_root.display()))?; + let file_loading_permits = + std::sync::Arc::new(Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY)); Ok(Self { - app_root, + app_root: app_root.clone(), files_mount_strategy, - cache: Cache::new(cache_root).await?, // Limit concurrency to avoid hitting system resource limits - file_loading_permits: Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY), + file_loading_permits: file_loading_permits.clone(), + wasm_loader: WasmLoader::new(app_root, cache_root, Some(file_loading_permits)).await?, }) } @@ -268,74 +270,15 @@ impl LocalLoader { dependency_name: DependencyName, dependency: v2::ComponentDependency, ) -> Result { - let (content, export) = match dependency { - v2::ComponentDependency::Version(version) => { - let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; - - // This `unwrap()` should be OK because we've already validated - // this form of dependency requires a package name, i.e. the - // dependency name is not a kebab id. - let package = dependency_name.package().unwrap(); - - let content = self.load_registry_source(None, package, &version).await?; - (content, None) - } - v2::ComponentDependency::Package { - version, - registry, - package, - export, - } => { - let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; - - let package = match package { - Some(package) => { - package.parse().with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid package name ({package:?})"))? - } - None => { - // This `unwrap()` should be OK because we've already validated - // this form of dependency requires a package name, i.e. the - // dependency name is not a kebab id. - dependency_name - .package() - .cloned() - .unwrap() - } - }; - - let registry = match registry { - Some(registry) => { - registry - .parse() - .map(Some) - .with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid registry name ({registry:?})"))? - } - None => None, - }; - - let content = self - .load_registry_source(registry.as_ref(), &package, &version) - .await?; - (content, export) - } - v2::ComponentDependency::Local { path, export } => { - let content = file_content_ref(self.app_root.join(path))?; - (content, export) - } - v2::ComponentDependency::HTTP { - url, - digest, - export, - } => { - let content = self.load_http_source(&url, &digest).await?; - (content, export) - } - }; + let (content, export) = self + .wasm_loader + .load_component_dependency(&dependency_name, &dependency) + .await?; Ok(LockedComponentDependency { source: LockedComponentSource { content_type: "application/wasm".into(), - content, + content: file_content_ref(content)?, }, export, inherit: if inherit_configuration { @@ -353,116 +296,16 @@ impl LocalLoader { component_id: &KebabId, source: v2::ComponentSource, ) -> Result { - let content = match source { - v2::ComponentSource::Local(path) => file_content_ref(self.app_root.join(path))?, - v2::ComponentSource::Remote { url, digest } => { - self.load_http_source(&url, &digest).await? - } - v2::ComponentSource::Registry { - registry, - package, - version, - } => { - let version = semver::Version::parse(&version).with_context(|| format!("Component {component_id} specifies an invalid semantic version ({version:?}) for its package version"))?; - let version_req = format!("={version}").parse().expect("version"); - - self.load_registry_source(registry.as_ref(), &package, &version_req) - .await? - } - }; + let path = self + .wasm_loader + .load_component_source(component_id.as_ref(), &source) + .await?; Ok(LockedComponentSource { content_type: "application/wasm".into(), - content, + content: file_content_ref(path)?, }) } - // Load a Wasm source from the given HTTP ContentRef source URL and - // return a ContentRef an absolute path to the local copy. - async fn load_http_source(&self, url: &str, digest: &str) -> Result { - ensure!( - digest.starts_with("sha256:"), - "invalid `digest` {digest:?}; must start with 'sha256:'" - ); - let path = if let Ok(cached_path) = self.cache.wasm_file(digest) { - cached_path - } else { - let _loading_permit = self.file_loading_permits.acquire().await?; - - self.cache.ensure_dirs().await?; - let dest = self.cache.wasm_path(digest); - verified_download( - url, - digest, - &dest, - crate::http::DestinationConvention::ContentIndexed, - ) - .await - .with_context(|| format!("Error fetching source URL {url:?}"))?; - dest - }; - file_content_ref(path) - } - - async fn load_registry_source( - &self, - registry: Option<&wasm_pkg_client::Registry>, - package: &wasm_pkg_client::PackageRef, - version: &semver::VersionReq, - ) -> Result { - let mut client_config = wasm_pkg_client::Config::global_defaults().await?; - - if let Some(registry) = registry.cloned() { - let mapping = wasm_pkg_client::RegistryMapping::Registry(registry); - client_config.set_package_registry_override(package.clone(), mapping); - } - let pkg_loader = wasm_pkg_client::Client::new(client_config); - - let mut releases = pkg_loader.list_all_versions(package).await.map_err(|e| { - if matches!(e, wasm_pkg_client::Error::NoRegistryForNamespace(_)) && registry.is_none() { - anyhow!("No default registry specified for wasm-pkg-loader. Create a default config, or set `registry` for package {package:?}") - } else { - e.into() - } - })?; - - releases.sort(); - - let release_version = releases - .iter() - .rev() - .find(|release| version.matches(&release.version) && !release.yanked) - .with_context(|| format!("No matching version found for {package} {version}",))?; - - let release = pkg_loader - .get_release(package, &release_version.version) - .await?; - - let digest = match &release.content_digest { - wasm_pkg_client::ContentDigest::Sha256 { hex } => format!("sha256:{hex}"), - }; - - let path = if let Ok(cached_path) = self.cache.wasm_file(&digest) { - cached_path - } else { - let mut stm = pkg_loader.stream_content(package, &release).await?; - - self.cache.ensure_dirs().await?; - let dest = self.cache.wasm_path(&digest); - - let mut file = tokio::fs::File::create(&dest).await?; - while let Some(block) = stm.next().await { - let bytes = block.context("Failed to get content from registry")?; - file.write_all(&bytes) - .await - .context("Failed to save registry content to cache")?; - } - - dest - }; - - file_content_ref(path) - } - // Copy content(s) from the given `mount` async fn copy_file_mounts( &self, @@ -812,6 +655,217 @@ fn locked_trigger(trigger_type: String, trigger: v2::Trigger) -> Result, +} + +impl WasmLoader { + /// Create a new instance of WasmLoader. + pub async fn new( + app_root: PathBuf, + cache_root: Option, + file_loading_permits: Option>, + ) -> Result { + let file_loading_permits = file_loading_permits.unwrap_or_else(|| { + std::sync::Arc::new(Semaphore::new(crate::MAX_FILE_LOADING_CONCURRENCY)) + }); + Ok(Self { + app_root, + cache: Cache::new(cache_root).await?, + file_loading_permits, + }) + } + + /// Load a Wasm source from the given ComponentSource and return a path + /// to a file location from where it can be read. + pub async fn load_component_source( + &self, + component_id: &str, + source: &v2::ComponentSource, + ) -> Result { + let content = match source { + v2::ComponentSource::Local(path) => self.app_root.join(path), + v2::ComponentSource::Remote { url, digest } => { + self.load_http_source(url, digest).await? + } + v2::ComponentSource::Registry { + registry, + package, + version, + } => { + let version = semver::Version::parse(version).with_context(|| format!("Component {component_id} specifies an invalid semantic version ({version:?}) for its package version"))?; + let version_req = format!("={version}").parse().expect("version"); + + self.load_registry_source(registry.as_ref(), package, &version_req) + .await? + } + }; + Ok(content) + } + + // Load a Wasm source from the given HTTP ContentRef source URL and + // return a ContentRef an absolute path to the local copy. + async fn load_http_source(&self, url: &str, digest: &str) -> Result { + ensure!( + digest.starts_with("sha256:"), + "invalid `digest` {digest:?}; must start with 'sha256:'" + ); + let path = if let Ok(cached_path) = self.cache.wasm_file(digest) { + cached_path + } else { + let _loading_permit = self.file_loading_permits.acquire().await?; + + self.cache.ensure_dirs().await?; + let dest = self.cache.wasm_path(digest); + verified_download( + url, + digest, + &dest, + crate::http::DestinationConvention::ContentIndexed, + ) + .await + .with_context(|| format!("Error fetching source URL {url:?}"))?; + dest + }; + Ok(path) + } + + async fn load_registry_source( + &self, + registry: Option<&wasm_pkg_client::Registry>, + package: &wasm_pkg_client::PackageRef, + version: &semver::VersionReq, + ) -> Result { + let mut client_config = wasm_pkg_client::Config::global_defaults().await?; + + if let Some(registry) = registry.cloned() { + let mapping = wasm_pkg_client::RegistryMapping::Registry(registry); + client_config.set_package_registry_override(package.clone(), mapping); + } + let pkg_loader = wasm_pkg_client::Client::new(client_config); + + let mut releases = pkg_loader.list_all_versions(package).await.map_err(|e| { + if matches!(e, wasm_pkg_client::Error::NoRegistryForNamespace(_)) && registry.is_none() { + anyhow!("No default registry specified for wasm-pkg-loader. Create a default config, or set `registry` for package {package:?}") + } else { + e.into() + } + })?; + + releases.sort(); + + let release_version = releases + .iter() + .rev() + .find(|release| version.matches(&release.version) && !release.yanked) + .with_context(|| format!("No matching version found for {package} {version}",))?; + + let release = pkg_loader + .get_release(package, &release_version.version) + .await?; + + let digest = match &release.content_digest { + wasm_pkg_client::ContentDigest::Sha256 { hex } => format!("sha256:{hex}"), + }; + + let path = if let Ok(cached_path) = self.cache.wasm_file(&digest) { + cached_path + } else { + let mut stm = pkg_loader.stream_content(package, &release).await?; + + self.cache.ensure_dirs().await?; + let dest = self.cache.wasm_path(&digest); + + let mut file = tokio::fs::File::create(&dest).await?; + while let Some(block) = stm.next().await { + let bytes = block.context("Failed to get content from registry")?; + file.write_all(&bytes) + .await + .context("Failed to save registry content to cache")?; + } + + dest + }; + + Ok(path) + } + + /// Loads a dependency + pub async fn load_component_dependency( + &self, + dependency_name: &DependencyName, + dependency: &v2::ComponentDependency, + ) -> Result<(PathBuf, Option)> { + match dependency.clone() { + v2::ComponentDependency::Version(version) => { + let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; + + // This `unwrap()` should be OK because we've already validated + // this form of dependency requires a package name, i.e. the + // dependency name is not a kebab id. + let package = dependency_name.package().unwrap(); + + let content = self.load_registry_source(None, package, &version).await?; + Ok((content, None)) + } + v2::ComponentDependency::Package { + version, + registry, + package, + export, + } => { + let version = semver::VersionReq::parse(&version).with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid semantic version requirement ({version:?}) for its package version"))?; + + let package = match package { + Some(package) => { + package.parse().with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid package name ({package:?})"))? + } + None => { + // This `unwrap()` should be OK because we've already validated + // this form of dependency requires a package name, i.e. the + // dependency name is not a kebab id. + dependency_name + .package() + .cloned() + .unwrap() + } + }; + + let registry = match registry { + Some(registry) => { + registry + .parse() + .map(Some) + .with_context(|| format!("Component dependency {dependency_name:?} specifies an invalid registry name ({registry:?})"))? + } + None => None, + }; + + let content = self + .load_registry_source(registry.as_ref(), &package, &version) + .await?; + Ok((content, export)) + } + v2::ComponentDependency::Local { path, export } => { + let content = self.app_root.join(path); + Ok((content, export)) + } + v2::ComponentDependency::HTTP { + url, + digest, + export, + } => { + let content = self.load_http_source(&url, &digest).await?; + Ok((content, export)) + } + } + } +} + fn looks_like_glob_pattern(s: impl AsRef) -> bool { let s = s.as_ref(); glob::Pattern::escape(s) != s @@ -831,7 +885,9 @@ fn file_url(path: impl AsRef) -> Result { Ok(Url::from_file_path(abs_path).unwrap().to_string()) } -fn requires_service_chaining(component: &spin_manifest::schema::v2::Component) -> bool { +/// Determines if a component requires the host to support local +/// service chaining. +pub fn requires_service_chaining(component: &spin_manifest::schema::v2::Component) -> bool { component .normalized_allowed_outbound_hosts() .unwrap_or_default() diff --git a/crates/manifest/src/compat.rs b/crates/manifest/src/compat.rs index b16dd0bf63..4cca17cd3a 100644 --- a/crates/manifest/src/compat.rs +++ b/crates/manifest/src/compat.rs @@ -20,6 +20,7 @@ pub fn v1_to_v2_app(manifest: v1::AppManifestV1) -> Result, + /// The Spin environments with which the application must be compatible. + /// + /// Example: `targets = ["spin-up:3.3", "spinkube:0.4"]` + #[serde(default, skip_serializing_if = "Vec::is_empty")] + pub targets: Vec, /// Application-level settings for the trigger types used in the application. /// The possible values are trigger type-specific. /// @@ -494,7 +499,7 @@ impl ComponentDependencies { } } - anyhow::bail!("{this:?} dependency conflicts with {other:?}") + Err(anyhow!("{this:?} dependency conflicts with {other:?}")) } /// Normalize version to perform a compatibility check against another version. @@ -525,6 +530,29 @@ impl ComponentDependencies { } } +/// Identifies a deployment target. +#[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)] +#[serde(untagged, deny_unknown_fields)] +pub enum TargetEnvironmentRef { + /// Environment definition doc reference e.g. `spin-up:3.2`, `my-host`. This is looked up + /// in the default environment catalogue (registry). + DefaultRegistry(String), + /// An environment definition doc in an OCI registry other than the default + Registry { + /// Registry or prefix hosting the environment document e.g. `ghcr.io/my/environments`. + registry: String, + /// Environment definition document name e.g. `my-spin-env:1.2`. For hosted environments + /// where you always want `latest`, omit the version tag e.g. `my-host`. + id: String, + }, + /// A local environment document file. This is expected to contain a serialised + /// EnvironmentDefinition in TOML format. + File { + /// The file path of the document. + path: PathBuf, + }, +} + mod kebab_or_snake_case { use serde::{Deserialize, Serialize}; pub use spin_serde::{KebabId, SnakeId}; diff --git a/src/commands/build.rs b/src/commands/build.rs index 16270640e9..042dfbf337 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -29,6 +29,16 @@ pub struct BuildCommand { #[clap(short = 'c', long, multiple = true)] pub component_id: Vec, + /// By default, if the application manifest specifies one or more deployment targets, Spin + /// checks that all components are compatible with those deployment targets. Specify + /// this option to bypass those target checks. + #[clap( + long = "skip-target-checks", + alias = "skip-target-check", + takes_value = false + )] + skip_target_checks: bool, + /// Run the application after building. #[clap(name = BUILD_UP_OPT, short = 'u', long = "up")] pub up: bool, @@ -43,7 +53,13 @@ impl BuildCommand { spin_common::paths::find_manifest_file_path(self.app_source.as_ref())?; notify_if_nondefault_rel(&manifest_file, distance); - spin_build::build(&manifest_file, &self.component_id).await?; + spin_build::build( + &manifest_file, + &self.component_id, + self.target_checking(), + None, + ) + .await?; if self.up { let mut cmd = UpCommand::parse_from( @@ -59,4 +75,12 @@ impl BuildCommand { Ok(()) } } + + fn target_checking(&self) -> spin_build::TargetChecking { + if self.skip_target_checks { + spin_build::TargetChecking::Skip + } else { + spin_build::TargetChecking::Check + } + } } diff --git a/src/commands/registry.rs b/src/commands/registry.rs index 39a9cc4800..8370f4b1bb 100644 --- a/src/commands/registry.rs +++ b/src/commands/registry.rs @@ -58,7 +58,7 @@ pub struct Push { #[clap(long = "compose", default_value_t = true)] pub compose: bool, - /// Specifies to perform `spin build` before pushing the application. + /// Specifies to perform `spin build` (with the default options) before pushing the application. #[clap(long, takes_value = false, env = ALWAYS_BUILD_ENV)] pub build: bool, @@ -84,7 +84,7 @@ impl Push { notify_if_nondefault_rel(&app_file, distance); if self.build { - spin_build::build(&app_file, &[]).await?; + spin_build::build_default(&app_file, self.cache_dir.clone()).await?; } let annotations = if self.annotations.is_empty() { diff --git a/src/commands/up.rs b/src/commands/up.rs index 9e11fb58cf..d0d565dcf0 100644 --- a/src/commands/up.rs +++ b/src/commands/up.rs @@ -108,7 +108,7 @@ pub struct UpCommand { #[clap(long, takes_value = false)] pub direct_mounts: bool, - /// For local apps, specifies to perform `spin build` before running the application. + /// For local apps, specifies to perform `spin build` (with the default options) before running the application. /// /// This is ignored on remote applications, as they are already built. #[clap(long, takes_value = false, env = ALWAYS_BUILD_ENV)] @@ -191,7 +191,7 @@ impl UpCommand { } if self.build { - app_source.build().await?; + app_source.build(&self.cache_dir).await?; } let mut locked_app = self .load_resolved_app_source(resolved_app_source, &working_dir) diff --git a/src/commands/up/app_source.rs b/src/commands/up/app_source.rs index 29088f0ddd..dc5e0a179a 100644 --- a/src/commands/up/app_source.rs +++ b/src/commands/up/app_source.rs @@ -56,9 +56,9 @@ impl AppSource { } } - pub async fn build(&self) -> anyhow::Result<()> { + pub async fn build(&self, cache_root: &Option) -> anyhow::Result<()> { match self { - Self::File(path) => spin_build::build(path, &[]).await, + Self::File(path) => spin_build::build_default(path, cache_root.clone()).await, _ => Ok(()), } }