Migrate outbound-http to new core

Signed-off-by: Lann Martin <lann.martin@fermyon.com>

Author: lann

Cargo.lock

@@ -10,23 +10,24 @@ mod connection;
 /// Bindle helper functions.
 mod utils;
 
-use crate::{
-    bindle::{
-        config::{RawAppManifest, RawComponentManifest},
-        utils::{find_manifest, parcels_in_group},
-    },
-    validation::{parse_allowed_http_hosts, validate_allowed_http_hosts},
-};
+use std::path::Path;
+
 use anyhow::{anyhow, Context, Result};
 use bindle::Invoice;
-pub use connection::BindleConnectionInfo;
 use futures::future;
+
+use outbound_http::allowed_http_hosts::validate_allowed_http_hosts;
 use spin_manifest::{
     Application, ApplicationInformation, ApplicationOrigin, CoreComponent, ModuleSource,
     SpinVersion, WasmConfig,
 };
-use std::path::Path;
 use tracing::log;
+
+use crate::bindle::{
+    config::{RawAppManifest, RawComponentManifest},
+    utils::{find_manifest, parcels_in_group},
+};
+pub use connection::BindleConnectionInfo;
 pub(crate) use utils::BindleReader;
 pub use utils::SPIN_MANIFEST_MEDIA_TYPE;
 
@@ -142,7 +143,7 @@ async fn core(
         None => vec![],
     };
     let environment = raw.wasm.environment.unwrap_or_default();
-    let allowed_http_hosts = parse_allowed_http_hosts(&raw.wasm.allowed_http_hosts)?;
+    let allowed_http_hosts = raw.wasm.allowed_http_hosts.unwrap_or_default();
     let wasm = WasmConfig {
         environment,
         mounts,

crates/loader/src/bindle/mod.rs

@@ -14,7 +14,6 @@ mod assets;
 pub mod bindle;
 mod common;
 pub mod local;
-mod validation;
 
 /// Load a Spin application configuration from a spin.toml manifest file.
 pub use local::from_file;

crates/loader/src/lib.rs

@@ -10,21 +10,20 @@ pub mod config;
 #[cfg(test)]
 mod tests;
 
+use std::{path::Path, str::FromStr};
+
 use anyhow::{anyhow, bail, Context, Result};
-use config::{RawAppInformation, RawAppManifest, RawAppManifestAnyVersion, RawComponentManifest};
 use futures::future;
+use outbound_http::allowed_http_hosts::validate_allowed_http_hosts;
 use path_absolutize::Absolutize;
 use spin_manifest::{
     Application, ApplicationInformation, ApplicationOrigin, CoreComponent, ModuleSource,
     SpinVersion, WasmConfig,
 };
-use std::{path::Path, str::FromStr};
 use tokio::{fs::File, io::AsyncReadExt};
 
-use crate::{
-    bindle::BindleConnectionInfo,
-    validation::{parse_allowed_http_hosts, validate_allowed_http_hosts},
-};
+use crate::bindle::BindleConnectionInfo;
+use config::{RawAppInformation, RawAppManifest, RawAppManifestAnyVersion, RawComponentManifest};
 
 /// Given the path to a spin.toml manifest file, prepare its assets locally and
 /// get a prepared application configuration consumable by a Spin execution context.
@@ -101,11 +100,9 @@ fn error_on_duplicate_ids(components: Vec<RawComponentManifest>) -> Result<()> {
 pub fn validate_raw_app_manifest(raw: &RawAppManifestAnyVersion) -> Result<()> {
     match raw {
         RawAppManifestAnyVersion::V1(raw) => {
-            let _ = raw
-                .components
+            raw.components
                 .iter()
-                .map(|c| validate_allowed_http_hosts(&c.wasm.allowed_http_hosts))
-                .collect::<Result<Vec<_>>>()?;
+                .try_for_each(|c| validate_allowed_http_hosts(&c.wasm.allowed_http_hosts))?;
         }
     }
     Ok(())
@@ -223,7 +220,7 @@ async fn core(
         None => vec![],
     };
     let environment = raw.wasm.environment.unwrap_or_default();
-    let allowed_http_hosts = parse_allowed_http_hosts(&raw.wasm.allowed_http_hosts)?;
+    let allowed_http_hosts = raw.wasm.allowed_http_hosts.unwrap_or_default();
     let wasm = WasmConfig {
         environment,
         mounts,

crates/loader/src/local/mod.rs

@@ -159,79 +159,6 @@ impl TryFrom<ApplicationTrigger> for RedisTriggerConfiguration {
     }
 }
 
-/// An HTTP host allow-list.
-#[derive(Clone, Debug, Eq, PartialEq)]
-pub enum AllowedHttpHosts {
-    /// All HTTP hosts are allowed (the "insecure:allow-all" value was present in the list)
-    AllowAll,
-    /// Only the specified hosts are allowed.
-    AllowSpecific(Vec<AllowedHttpHost>),
-}
-
-impl Default for AllowedHttpHosts {
-    fn default() -> Self {
-        Self::AllowSpecific(vec![])
-    }
-}
-
-impl AllowedHttpHosts {
-    /// Tests whether the given URL is allowed according to the allow-list.
-    pub fn allow(&self, url: &url::Url) -> bool {
-        match self {
-            Self::AllowAll => true,
-            Self::AllowSpecific(hosts) => hosts.iter().any(|h| h.allow(url)),
-        }
-    }
-}
-
-/// An HTTP host allow-list entry.
-#[derive(Clone, Debug, Default, Eq, PartialEq)]
-pub struct AllowedHttpHost {
-    domain: String,
-    port: Option<u16>,
-}
-
-impl AllowedHttpHost {
-    /// Creates a new allow-list entry.
-    pub fn new(name: impl Into<String>, port: Option<u16>) -> Self {
-        Self {
-            domain: name.into(),
-            port,
-        }
-    }
-
-    /// An allow-list entry that specifies a host and allows the default port.
-    pub fn host(name: impl Into<String>) -> Self {
-        Self {
-            domain: name.into(),
-            port: None,
-        }
-    }
-
-    /// An allow-list entry that specifies a host and port.
-    pub fn host_and_port(name: impl Into<String>, port: u16) -> Self {
-        Self {
-            domain: name.into(),
-            port: Some(port),
-        }
-    }
-
-    fn allow(&self, url: &url::Url) -> bool {
-        (url.scheme() == "http" || url.scheme() == "https")
-            && self.domain == url.host_str().unwrap_or_default()
-            && self.port == url.port()
-    }
-}
-
-impl From<AllowedHttpHost> for String {
-    fn from(allowed: AllowedHttpHost) -> Self {
-        match allowed.port {
-            Some(port) => format!("{}:{}", allowed.domain, port),
-            None => allowed.domain,
-        }
-    }
-}
-
 /// WebAssembly configuration.
 #[derive(Clone, Debug, Default)]
 pub struct WasmConfig {
@@ -240,7 +167,7 @@ pub struct WasmConfig {
     /// List of directory mounts that need to be mapped inside the WebAssembly module.
     pub mounts: Vec<DirectoryMount>,
     /// Optional list of HTTP hosts the component is allowed to connect.
-    pub allowed_http_hosts: AllowedHttpHosts,
+    pub allowed_http_hosts: Vec<String>,
 }
 
 /// Directory mount for the assets of a component.

crates/manifest/src/lib.rs

@@ -9,16 +9,15 @@ doctest = false
 
 [dependencies]
 anyhow  = "1.0"
-bytes = "1"
-futures = "0.3"
 http = "0.2"
-reqwest = { version = "0.11", default-features = true, features = [ "json", "blocking" ] }
-spin-engine = { path = "../engine" }
-spin-manifest = { path = "../manifest" }
+reqwest = "0.11"
+spin-app = { path = "../app" }
+spin-core = { path = "../core" }
 tracing = { version = "0.1", features = [ "log" ] }
 url = "2.2.1"
 
 [dependencies.wit-bindgen-wasmtime]
 git = "https://github.com/bytecodealliance/wit-bindgen"
 rev = "cb871cfa1ee460b51eb1d144b175b9aab9c50aba"
-features = ["async"]
+features = ["async"]
+

crates/outbound-http/Cargo.toml

@@ -1,8 +1,71 @@
-#![deny(missing_docs)]
-
 use anyhow::{anyhow, Result};
 use reqwest::Url;
-use spin_manifest::{AllowedHttpHost, AllowedHttpHosts};
+
+const ALLOW_ALL_HOSTS: &str = "insecure:allow-all";
+
+/// An HTTP host allow-list.
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum AllowedHttpHosts {
+    /// All HTTP hosts are allowed (the "insecure:allow-all" value was present in the list)
+    AllowAll,
+    /// Only the specified hosts are allowed.
+    AllowSpecific(Vec<AllowedHttpHost>),
+}
+
+impl Default for AllowedHttpHosts {
+    fn default() -> Self {
+        Self::AllowSpecific(vec![])
+    }
+}
+
+impl AllowedHttpHosts {
+    /// Tests whether the given URL is allowed according to the allow-list.
+    pub fn allow(&self, url: &url::Url) -> bool {
+        match self {
+            Self::AllowAll => true,
+            Self::AllowSpecific(hosts) => hosts.iter().any(|h| h.allow(url)),
+        }
+    }
+}
+
+/// An HTTP host allow-list entry.
+#[derive(Clone, Debug, Default, Eq, PartialEq)]
+pub struct AllowedHttpHost {
+    domain: String,
+    port: Option<u16>,
+}
+
+impl AllowedHttpHost {
+    /// Creates a new allow-list entry.
+    pub fn new(name: impl Into<String>, port: Option<u16>) -> Self {
+        Self {
+            domain: name.into(),
+            port,
+        }
+    }
+
+    /// An allow-list entry that specifies a host and allows the default port.
+    pub fn host(name: impl Into<String>) -> Self {
+        Self {
+            domain: name.into(),
+            port: None,
+        }
+    }
+
+    /// An allow-list entry that specifies a host and port.
+    pub fn host_and_port(name: impl Into<String>, port: u16) -> Self {
+        Self {
+            domain: name.into(),
+            port: Some(port),
+        }
+    }
+
+    fn allow(&self, url: &url::Url) -> bool {
+        (url.scheme() == "http" || url.scheme() == "https")
+            && self.domain == url.host_str().unwrap_or_default()
+            && self.port == url.port()
+    }
+}
 
 // Checks a list of allowed HTTP hosts is valid
 pub fn validate_allowed_http_hosts(http_hosts: &Option<Vec<String>>) -> Result<()> {
@@ -14,10 +77,7 @@ pub fn parse_allowed_http_hosts(raw: &Option<Vec<String>>) -> Result<AllowedHttp
     match raw {
         None => Ok(AllowedHttpHosts::AllowSpecific(vec![])),
         Some(list) => {
-            if list
-                .iter()
-                .any(|domain| domain == outbound_http::ALLOW_ALL_HOSTS)
-            {
+            if list.iter().any(|domain| domain == ALLOW_ALL_HOSTS) {
                 Ok(AllowedHttpHosts::AllowAll)
             } else {
                 let parse_results = list

crates/loader/src/validation.rs renamed to crates/outbound-http/src/allowed_http_hosts.rs

@@ -1,30 +1,39 @@
 use anyhow::Result;
-use wit_bindgen_wasmtime::wasmtime::Linker;
 
-use spin_engine::{
-    host_component::{HostComponent, HostComponentsStateHandle},
-    RuntimeContext,
-};
-use spin_manifest::CoreComponent;
+use spin_app::DynamicHostComponent;
+use spin_core::{Data, HostComponent, Linker};
 
-use crate::OutboundHttp;
+use crate::{allowed_http_hosts::parse_allowed_http_hosts, OutboundHttp};
 
 pub struct OutboundHttpComponent;
 
+pub const ALLOWED_HTTP_HOSTS_METADATA_KEY: &str = "allowed_http_hosts";
+
 impl HostComponent for OutboundHttpComponent {
-    type State = OutboundHttp;
+    type Data = OutboundHttp;
 
     fn add_to_linker<T: Send>(
-        linker: &mut Linker<RuntimeContext<T>>,
-        data_handle: HostComponentsStateHandle<Self::State>,
+        linker: &mut Linker<T>,
+        get: impl Fn(&mut Data<T>) -> &mut Self::Data + Send + Sync + Copy + 'static,
     ) -> Result<()> {
-        crate::add_to_linker(linker, move |ctx| data_handle.get_mut(ctx))?;
-        Ok(())
+        super::wasi_outbound_http::add_to_linker(linker, get)
+    }
+
+    fn build_data(&self) -> Self::Data {
+        Default::default()
     }
+}
 
-    fn build_state(&self, component: &CoreComponent) -> Result<Self::State> {
-        Ok(OutboundHttp {
-            allowed_hosts: component.wasm.allowed_http_hosts.clone(),
-        })
+impl DynamicHostComponent for OutboundHttpComponent {
+    fn update_data(
+        &self,
+        data: &mut Self::Data,
+        component: &spin_app::AppComponent,
+    ) -> anyhow::Result<()> {
+        let hosts = component
+            .get_metadata(ALLOWED_HTTP_HOSTS_METADATA_KEY)
+            .transpose()?;
+        data.allowed_hosts = parse_allowed_http_hosts(&hosts)?;
+        Ok(())
     }
 }