feat: adds support for newer config for wasm plugins.

[jcchavezs]

Right now what we receive under config for a wasm plugin we forward it to the wasm guest without having the opportunity to config the runtime. This change allows to support a new config structure which fields under 'runtime' will configure the runtime and those under 'config' will be sent directly to the guest as well as supporting the old structure. This is related to #10739 and jcchavezs/coraza-http-wasm#19

Both configurations will be supported but I suggest we update Traefik documents to support the later one.

# old way
http:
# ...
  middlewares:
    waf:
      plugin:
        coraza:
          directives:
            - SecRuleEngine On
            - SecDebugLog /dev/stdout

# new way
http:
# ...
  middlewares:
    waf:
      plugin:
        coraza:
          runtime: 
            rootFS: /etc/traefik 
          guestConfig:
            directives:
              - SecRuleEngine On
              - SecDebugLog /dev/stdout

Tests will come if the design of the feature is approved.

[mmatur]

Hi @jcchavezs,

Thanks for this PR, with @juliens we are thinking about a different approach to configure the fs mount on the host.

WDYT of configuring the runtime mounts in the static configuration like that:

experimental:
  plugins:
    coraza:
      moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik"
      version: "v0.2.1"
      runtime:
        mounts:
          - /src:/dst:ro

To us it will ease the UX because the mounts file need to be on the same host as Traefik and we are thinking that configuring mounts on the dynamic configuration could be confusing for end user.

[jcchavezs]

@mmatur that sounds very legit but I wonder if runtime should be a first class element in plugin. Is there any other plugin that has extra configuration? shall we call it runtime or something like "host_config"?

Maybe we make this generic? Also, is it possible to pass this all the way up to the middleware creation?

[jcchavezs]

I guess this is mainly for wasm environments as other plugins have direct access to filesystem.

[mmatur]

@jcchavezs thanks for your answer

I wonder if runtime should be a first class element in plugin

We think that it should not because with this approach you can't have multiple plugins with different fs mount like the following

experimental:
  plugins:
    coraza:
      moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik"
      version: "v0.2.1"
      runtime:
        mounts:
          - /src:/dst:ro
    coraza2:
      moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik"
      version: "v0.2.1"
      runtime:
        mounts:
          - /tmp:/tmp:rw

Is there any other plugin that has extra configuration?

For now there is no other plugin that require this extra configuration.

Maybe we make this generic? Also, is it possible to pass this all the way up to the middleware creation?

It should.

I guess this is mainly for wasm environments as other plugins have direct access to filesystem.

Today, yes it is only for WASM plugin but we can imagine introducing that for yaegi in the future for security reason (like enabling unsafe)

[jcchavezs]

Ok, just one thing: maybe instead of `runtime` we call it settings. José Carlos Chávez ons. 12. juni 2024 kl. 14:20 skrev Michael ***@***.***>:

…

@jcchavezs <https://github.com/jcchavezs> thanks for your answer I wonder if runtime should be a first class element in plugin We think that it should not because with this approach you can't have multiple plugins with different fs mount like the following experimental: plugins: coraza: moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik" version: "v0.2.1" runtime: mounts: - /src:/dst:ro coraza2: moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik" version: "v0.2.1" runtime: mounts: - /tmp:/tmp:rw Is there any other plugin that has extra configuration? For now there is no other plugin that require this extra configuration. Maybe we make this generic? Also, is it possible to pass this all the way up to the middleware creation? It should. I guess this is mainly for wasm environments as other plugins have direct access to filesystem. Today, yes it is only for WASM plugin but we can imagine introducing that for yaegi in the future for security reason (like enabling unsafe) — Reply to this email directly, view it on GitHub <#10791 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYAX3TSBROY6JWONHELLZHA4ILAVCNFSM6AAAAABI6IK7DGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRSHA3DSMBYGU> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[juliens]

Hello @jcchavezs

During our work on this PR #10829 we integrated this feature, if it's seems ok for you, may be we can close this one?