Skip to content

feat(wasm): Add support for builtins + uprev to Wasmtime 7#2

Open
dotxlem wants to merge 3 commits intotamasfe:masterfrom
dotxlem:builtins
Open

feat(wasm): Add support for builtins + uprev to Wasmtime 7#2
dotxlem wants to merge 3 commits intotamasfe:masterfrom
dotxlem:builtins

Conversation

@dotxlem
Copy link

@dotxlem dotxlem commented Mar 31, 2023

This adds support for providing a map of builtin function handlers to a WASM policy module.

I’ve also added support for setting the --capabilities flag in the build script with the OPA_CAPABILITIES environment variable. I normally wouldn’t have included it with this PR however I mistakenly thought it was required to enable builtins in OPA WASM 🙃

Finally, I’ve uprevved to Wasmtime 7 as there is a CVE in 3.0.0 and I happen to use 7 in my own project :)

Usage example:

let mut builtins: HashMap<String, opa::wasm::BuiltinHandler> = Default::default();
builtins.insert(“io.jwt.decode_verify.to_string(), Box::new(|args| {
    todo!()
    0u32
}));

Opa::new()
    .with_builtins(builtins)
    .build_from_bundle(&bundle)
    .unwrap();

dotxlem added 3 commits March 22, 2023 23:15
@dotxlem
uprev to wasmtime 7.0
2655dc8
@dotxlem
add builtins map to wasm and impl opa_builtins2
864d2d7 
Builtins seem to require passing a capabilities string to the build,
so the build script module now supports the optional OPA_CAPABILITIES
env var to set the --capabilities flag
@dotxlem
refactor builtin handler and impl for all variants
42a5295
@dotxlem dotxlem changed the title Add support for builtins + uprev to Wasmtime 7 feat(wasm): Add support for builtins + uprev to Wasmtime 7 Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dotxlem