server

package
v0.0.0-...-6de12c4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 25, 2024 License: BSD-3-Clause Imports: 51 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultMaxModules        = 64
	DefaultMaxProcs          = 4
	DefaultTotalStorageSize  = 256 * 1024 * 1024
	DefaultTotalResidentSize = 64 * 1024 * 1024
	DefaultMaxModuleSize     = 32 * 1024 * 1024
	DefaultMaxTextSize       = 16 * 1024 * 1024
	DefaultMaxMemorySize     = 32 * 1024 * 1024
	DefaultStackSize         = wa.PageSize
	DefaultTimeResolution    = time.Second / 100
)

Variables

View Source
var ErrServerClosed = errors.New("server closed")

Functions

func PermissionDenied

func PermissionDenied(internalDetails string) error

PermissionDenied error. The details are not exposed to the client.

func RetryAfter

func RetryAfter(t time.Time) error

RetryAfter creates a TooManyRequests error with the earliest time when the request should be retried.

func Unauthenticated

func Unauthenticated(publicReason string) error

Unauthenticated error. The reason will be shown to the client.

func Unavailable

func Unavailable(internal error) error

Unavailable service error. The details are not exposed to the client.

func ValidateInstanceUUIDForm

func ValidateInstanceUUIDForm(s string) error

func ValidateModuleSHA256Form

func ValidateModuleSHA256Form(s string) error

Types

type AccessConfig

type AccessConfig struct {
	ResourcePolicy
	ProgramPolicy
	InstancePolicy
}

AccessConfig utility for Authorizer implementations. InstancePolicy.Services must be set explicitly, other fields have defaults.

func (*AccessConfig) ConfigureInstance

func (config *AccessConfig) ConfigureInstance(p *InstancePolicy)

func (*AccessConfig) ConfigureProgram

func (config *AccessConfig) ConfigureProgram(p *ProgramPolicy)

func (*AccessConfig) ConfigureResource

func (config *AccessConfig) ConfigureResource(p *ResourcePolicy)

type Authorizer

type Authorizer interface {
	Authorize(Context) (Context, error)
	AuthorizeProgram(Context, *ResourcePolicy, *ProgramPolicy) (Context, error)
	AuthorizeProgramSource(Context, *ResourcePolicy, *ProgramPolicy, string) (Context, error)
	AuthorizeInstance(Context, *ResourcePolicy, *InstancePolicy) (Context, error)
	AuthorizeProgramInstance(Context, *ResourcePolicy, *ProgramPolicy, *InstancePolicy) (Context, error)
	AuthorizeProgramInstanceSource(Context, *ResourcePolicy, *ProgramPolicy, *InstancePolicy, string) (Context, error)
	// contains filtered or unexported methods
}

Authorizer and moderator of server access.

The methods should return Unauthenticated, PermissionDenied or Unavailable errors to signal successful prevention of access. Other types of errors are interpreted as failures of the authorization mechanism. Returning a nil error grants access.

An implementation should adjust the ResourcePolicy, ProgramPolicy and InstancePolicy objects' fields. The limits are enforced automatically by the server, which may also lead to denial of access.

Principal id can be obtained using the principal.ContextID(Context) function. If it is nil, the request didn't contain credentials, and the access should be denied unless the policy allows anonymous access. If the principal id is non-nil, it should be checked unless the policy allows access to everyone.

An implementation may choose to discriminate based on server operation type. It can be obtained using the ContextOp(Context) function.

Authorizer may be expanded with new methods (prefixed with the Authorize namespace) also between major releases. Implementations must inherit methods from a concrete access authorization type, and must not add unrelated methods with the Authorize prefix to avoid breakage. The conservative choice is to inherit from NoAccess. That way, new functionality will be effectively disabled.

type Config

type Config struct {
	ImageStorage   image.Storage
	Inventory      model.Inventory
	ProcessFactory runtime.ProcessFactory
	AccessPolicy   Authorizer
	ModuleSources  map[string]source.Source
	SourceCache    model.SourceCache
	OpenDebugLog   func(string) io.WriteCloser

	// StartSpan within trace context, ending when endSpan is called.  Nil
	// links must be ignored.  [trace.ContextAutoLinks] must also be respected.
	StartSpan func(_ Context, op api.Op, links ...*trace.Link) (_ Context, endSpan func(Context))

	// AddEvent to the current trace span, or outside of trace but in relation
	// to [trace.ContextAutoLinks].
	AddEvent func(Context, *event.Event, error)
}

func (*Config) Configured

func (c *Config) Configured() bool

type Instance

type Instance struct {
	// contains filtered or unexported fields
}

func (*Instance) Connect

func (inst *Instance) Connect(ctx Context, r io.Reader, w io.WriteCloser) error

Connect to a running instance. Disconnection happens when context is canceled, the instance stops running, or the program closes the connection.

func (*Instance) ID

func (inst *Instance) ID() string

func (*Instance) Kill

func (inst *Instance) Kill(ctx Context) error

func (*Instance) Status

func (inst *Instance) Status() *api.Status

func (*Instance) Suspend

func (inst *Instance) Suspend(ctx Context) error

Suspend the instance and make it non-transient.

func (*Instance) Wait

func (inst *Instance) Wait(ctx Context) (status *api.Status)

type InstanceConnector

type InstanceConnector interface {
	// Connect allocates a new I/O stream.  The returned function is to be used
	// to transfer data between a network connection and the instance.  If it's
	// non-nil, a connection was established.
	Connect(Context) func(Context, io.Reader, io.WriteCloser) error

	// Close causes currently blocked and future Connect calls to return nil.
	// Established connections will not be closed.
	Close() error
}

type InstancePolicy

type InstancePolicy struct {
	MaxMemorySize  int           // Linear memory growth limit.
	StackSize      int           // Including system/runtime overhead.
	TimeResolution time.Duration // Granularity of time functions.

	// Services function defines which services are discoverable by the
	// instance.
	Services func(Context) InstanceServices
}

type InstanceServices

type InstanceServices interface {
	InstanceConnector
	runtime.ServiceRegistry
}

type NoAccess

type NoAccess struct{}

NoAccess permitted to any resource.

func (NoAccess) Authorize

func (NoAccess) Authorize(ctx Context) (Context, error)

func (NoAccess) AuthorizeInstance

func (NoAccess) AuthorizeInstance(ctx Context, _ *ResourcePolicy, _ *InstancePolicy) (Context, error)

func (NoAccess) AuthorizeProgram

func (NoAccess) AuthorizeProgram(ctx Context, _ *ResourcePolicy, _ *ProgramPolicy) (Context, error)

func (NoAccess) AuthorizeProgramInstance

func (NoAccess) AuthorizeProgramInstance(ctx Context, _ *ResourcePolicy, _ *ProgramPolicy, _ *InstancePolicy) (Context, error)

func (NoAccess) AuthorizeProgramInstanceSource

func (NoAccess) AuthorizeProgramInstanceSource(ctx Context, _ *ResourcePolicy, _ *ProgramPolicy, _ *InstancePolicy, _ string) (Context, error)

func (NoAccess) AuthorizeProgramSource

func (NoAccess) AuthorizeProgramSource(ctx Context, _ *ResourcePolicy, _ *ProgramPolicy, _ string) (Context, error)

type ProgramPolicy

type ProgramPolicy struct {
	MaxModuleSize int // WebAssembly module size.
	MaxTextSize   int // Native program code size.
	MaxStackSize  int // Suspended stack size.
}

type PublicAccess

type PublicAccess struct {
	AccessConfig
}

PublicAccess authorization for everyone, including anonymous requests. Configurable resource limits.

func NewPublicAccess

func NewPublicAccess(services func(Context) InstanceServices) *PublicAccess

func (*PublicAccess) Authorize

func (*PublicAccess) Authorize(ctx Context) (Context, error)

func (*PublicAccess) AuthorizeInstance

func (a *PublicAccess) AuthorizeInstance(ctx Context, res *ResourcePolicy, inst *InstancePolicy) (Context, error)

func (*PublicAccess) AuthorizeProgram

func (a *PublicAccess) AuthorizeProgram(ctx Context, res *ResourcePolicy, prog *ProgramPolicy) (Context, error)

func (*PublicAccess) AuthorizeProgramInstance

func (a *PublicAccess) AuthorizeProgramInstance(ctx Context, res *ResourcePolicy, prog *ProgramPolicy, inst *InstancePolicy) (Context, error)

func (*PublicAccess) AuthorizeProgramInstanceSource

func (a *PublicAccess) AuthorizeProgramInstanceSource(ctx Context, res *ResourcePolicy, prog *ProgramPolicy, inst *InstancePolicy, _ string) (Context, error)

func (*PublicAccess) AuthorizeProgramSource

func (a *PublicAccess) AuthorizeProgramSource(ctx Context, res *ResourcePolicy, prog *ProgramPolicy, _ string) (Context, error)

type ResourcePolicy

type ResourcePolicy struct {
	MaxModules        int // Pinned module limit.
	MaxProcs          int // Active instance limit.
	TotalStorageSize  int // Sum of pinned module and metadata sizes.
	TotalResidentSize int // Sum of all memory mapping and buffer sizes.
}

TODO: ResourcePolicy is not yet enforced by server

type Server

type Server struct {
	// contains filtered or unexported fields
}

func New

func New(ctx Context, config *Config) (_ *Server, err error)

func (*Server) DebugInstance

func (s *Server) DebugInstance(ctx Context, instance string, req *api.DebugRequest) (_ *api.DebugResponse, err error)

func (*Server) DeleteInstance

func (s *Server) DeleteInstance(ctx Context, instance string) (err error)

func (*Server) Features

func (s *Server) Features() *api.Features

func (*Server) InstanceConnection

func (s *Server) InstanceConnection(ctx Context, instance string) (_ api.Instance, _ func(Context, io.Reader, io.WriteCloser) *api.Status, err error)

func (*Server) InstanceInfo

func (s *Server) InstanceInfo(ctx Context, instance string) (_ *api.InstanceInfo, err error)

func (*Server) Instances

func (s *Server) Instances(ctx Context) (_ *api.Instances, err error)

func (*Server) KillInstance

func (s *Server) KillInstance(ctx Context, instance string) (_ api.Instance, err error)

func (*Server) ModuleContent

func (s *Server) ModuleContent(ctx Context, module string) (stream io.ReadCloser, length int64, err error)

func (*Server) ModuleInfo

func (s *Server) ModuleInfo(ctx Context, module string) (_ *api.ModuleInfo, err error)

func (*Server) Modules

func (s *Server) Modules(ctx Context) (_ *api.Modules, err error)

func (*Server) NewInstance

func (s *Server) NewInstance(ctx Context, module string, launch *api.LaunchOptions) (_ api.Instance, err error)

func (*Server) PinModule

func (s *Server) PinModule(ctx Context, module string, know *api.ModuleOptions) (err error)

func (*Server) ResumeInstance

func (s *Server) ResumeInstance(ctx Context, instance string, resume *api.ResumeOptions) (_ api.Instance, err error)

func (*Server) Shutdown

func (s *Server) Shutdown(ctx Context) error

func (*Server) Snapshot

func (s *Server) Snapshot(ctx Context, instance string, know *api.ModuleOptions) (module string, err error)

func (*Server) SourceModule

func (s *Server) SourceModule(ctx Context, uri string, know *api.ModuleOptions) (module string, err error)

func (*Server) SourceModuleInstance

func (s *Server) SourceModuleInstance(ctx Context, uri string, know *api.ModuleOptions, launch *api.LaunchOptions) (module string, _ api.Instance, err error)

func (*Server) SuspendInstance

func (s *Server) SuspendInstance(ctx Context, instance string) (_ api.Instance, err error)

func (*Server) UnpinModule

func (s *Server) UnpinModule(ctx Context, module string) (err error)

func (*Server) UpdateInstance

func (s *Server) UpdateInstance(ctx Context, instance string, update *api.InstanceUpdate) (_ *api.InstanceInfo, err error)

func (*Server) UploadModule

func (s *Server) UploadModule(ctx Context, upload *api.ModuleUpload, know *api.ModuleOptions) (module string, err error)

func (*Server) UploadModuleInstance

func (s *Server) UploadModuleInstance(ctx Context, upload *api.ModuleUpload, know *api.ModuleOptions, launch *api.LaunchOptions) (_ string, _ api.Instance, err error)

func (*Server) WaitInstance

func (s *Server) WaitInstance(ctx Context, instID string) (_ *api.Status, err error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL