1syntax = "proto3";
2
3package envoy.extensions.wasm.v3;
4
5import "envoy/config/core/v3/base.proto";
6
7import "google/protobuf/any.proto";
8
9import "udpa/annotations/status.proto";
10import "udpa/annotations/versioning.proto";
11import "validate/validate.proto";
12
13option java_package = "io.envoyproxy.envoy.extensions.wasm.v3";
14option java_outer_classname = "WasmProto";
15option java_multiple_files = true;
16option (udpa.annotations.file_status).package_version_status = ACTIVE;
17
18// [#protodoc-title: Wasm]
19// [#extension: envoy.bootstrap.wasm]
20
21// Configuration for a Wasm VM.
22// [#next-free-field: 7]
23message VmConfig {
24 // An ID which will be used along with a hash of the wasm code (or the name of the registered Null
25 // VM plugin) to determine which VM will be used for the plugin. All plugins which use the same
26 // *vm_id* and code will use the same VM. May be left blank. Sharing a VM between plugins can
27 // reduce memory utilization and make sharing of data easier which may have security implications.
28 // See ref: "TODO: add ref" for details.
29 string vm_id = 1;
30
31 // The Wasm runtime type.
32 // Available Wasm runtime types are registered as extensions. The following runtimes are included
33 // in Envoy code base:
34 //
35 // .. _extension_envoy.wasm.runtime.null:
36 //
37 // **envoy.wasm.runtime.null**: Null sandbox, the Wasm module must be compiled and linked into the
38 // Envoy binary. The registered name is given in the *code* field as *inline_string*.
39 //
40 // .. _extension_envoy.wasm.runtime.v8:
41 //
42 // **envoy.wasm.runtime.v8**: `V8 <https://v8.dev/>`_-based WebAssembly runtime.
43 //
44 // .. _extension_envoy.wasm.runtime.wavm:
45 //
46 // **envoy.wasm.runtime.wavm**: `WAVM <https://wavm.github.io/>`_-based WebAssembly runtime.
47 // This runtime is not enabled in the official build.
48 //
49 // .. _extension_envoy.wasm.runtime.wasmtime:
50 //
51 // **envoy.wasm.runtime.wasmtime**: `Wasmtime <https://wasmtime.dev/>`_-based WebAssembly runtime.
52 // This runtime is not enabled in the official build.
53 //
54 string runtime = 2 [(validate.rules).string = {min_len: 1}];
55
56 // The Wasm code that Envoy will execute.
57 config.core.v3.AsyncDataSource code = 3;
58
59 // The Wasm configuration used in initialization of a new VM
60 // (proxy_on_start). `google.protobuf.Struct` is serialized as JSON before
61 // passing it to the plugin. `google.protobuf.BytesValue` and
62 // `google.protobuf.StringValue` are passed directly without the wrapper.
63 google.protobuf.Any configuration = 4;
64
65 // Allow the wasm file to include pre-compiled code on VMs which support it.
66 // Warning: this should only be enable for trusted sources as the precompiled code is not
67 // verified.
68 bool allow_precompiled = 5;
69
70 // If true and the code needs to be remotely fetched and it is not in the cache then NACK the configuration
71 // update and do a background fetch to fill the cache, otherwise fetch the code asynchronously and enter
72 // warming state.
73 bool nack_on_code_cache_miss = 6;
74}
75
76// Base Configuration for Wasm Plugins e.g. filters and services.
77// [#next-free-field: 6]
78message PluginConfig {
79 // A unique name for a filters/services in a VM for use in identifying the filter/service if
80 // multiple filters/services are handled by the same *vm_id* and *root_id* and for
81 // logging/debugging.
82 string name = 1;
83
84 // A unique ID for a set of filters/services in a VM which will share a RootContext and Contexts
85 // if applicable (e.g. an Wasm HttpFilter and an Wasm AccessLog). If left blank, all
86 // filters/services with a blank root_id with the same *vm_id* will share Context(s).
87 string root_id = 2;
88
89 // Configuration for finding or starting VM.
90 oneof vm {
91 VmConfig vm_config = 3;
92 // TODO: add referential VM configurations.
93 }
94
95 // Filter/service configuration used to configure or reconfigure a plugin
96 // (proxy_on_configuration).
97 // `google.protobuf.Struct` is serialized as JSON before
98 // passing it to the plugin. `google.protobuf.BytesValue` and
99 // `google.protobuf.StringValue` are passed directly without the wrapper.
100 google.protobuf.Any configuration = 4;
101
102 // If there is a fatal error on the VM (e.g. exception, abort(), on_start or on_configure return false),
103 // then all plugins associated with the VM will either fail closed (by default), e.g. by returning an HTTP 503 error,
104 // or fail open (if 'fail_open' is set to true) by bypassing the filter. Note: when on_start or on_configure return false
105 // during xDS updates the xDS configuration will be rejected and when on_start or on_configuration return false on initial
106 // startup the proxy will not start.
107 bool fail_open = 5;
108}
109
110// WasmService is configured as a built-in *envoy.wasm_service* :ref:`WasmService
111// <config_wasm_service>` This opaque configuration will be used to create a Wasm Service.
112message WasmService {
113 // General plugin configuration.
114 PluginConfig config = 1;
115
116 // If true, create a single VM rather than creating one VM per worker. Such a singleton can
117 // not be used with filters.
118 bool singleton = 2;
119}
View as plain text