Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wasm: capability restriction #13911

Merged
merged 43 commits into from
Feb 9, 2021
Merged

wasm: capability restriction #13911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
f468a96
implement proxy-wasm ABI restriction
ryanapilado Nov 19, 2020
13b76e0
change std::unordered_set to absl::flat_hash_set
ryanapilado Nov 19, 2020
a62f952
BUILD file format
ryanapilado Nov 19, 2020
4c0d583
BUILD file format
ryanapilado Nov 19, 2020
a8e77dd
format
ryanapilado Nov 19, 2020
4dffd5e
rename abi function to capability
ryanapilado Nov 19, 2020
15dacd1
revert unnecessary change
ryanapilado Nov 19, 2020
cb0bce3
format
ryanapilado Nov 19, 2020
b988429
add WASI test
ryanapilado Nov 19, 2020
af695b1
fix empty value and names
ryanapilado Nov 19, 2020
f9cf17f
formatting
ryanapilado Nov 19, 2020
8c8b69f
test all VMs
ryanapilado Nov 19, 2020
e63f7ed
change allowed_capabilities to a map
ryanapilado Dec 1, 2020
9edc973
update documentation
ryanapilado Dec 3, 2020
caa4f68
fix format
ryanapilado Dec 5, 2020
486b68a
spelling
ryanapilado Dec 6, 2020
b5f793c
Merge remote-tracking branch 'upstream/master' into cr
ryanapilado Dec 17, 2020
91067f6
Merge remote-tracking branch 'upstream/master' into cr
ryanapilado Dec 17, 2020
f189898
switch to std::unordered_map
ryanapilado Dec 17, 2020
1959a9c
EXPECT_CALL format
ryanapilado Dec 17, 2020
f3f73d4
change AllowedCapabilitiesMap value to SanitizerConfig
ryanapilado Dec 18, 2020
5b27bb2
update SanitizationConfig
ryanapilado Dec 18, 2020
12bd787
cleanup
ryanapilado Dec 18, 2020
5798880
update docs and spelling
ryanapilado Dec 18, 2020
559f452
change enum to bool
ryanapilado Dec 21, 2020
238bace
update repo location
ryanapilado Dec 22, 2020
0b9099c
set repository location to proxy-wasm-cpp-host branch
ryanapilado Dec 22, 2020
acc3e53
fix AllowedCapabilitiesMap scope resolution
ryanapilado Dec 22, 2020
5c8f31b
update proxy-wasm-cpp-host location to merge commit
ryanapilado Dec 22, 2020
372d335
remove SanitizationConfig fields since sanitization not implemented
ryanapilado Dec 31, 2020
eed3c43
Merge remote-tracking branch 'upstream/master' into cr2
ryanapilado Dec 31, 2020
452b91e
run capability restriction tests against all runtimes and languages
ryanapilado Jan 5, 2021
86c5c34
increase timeout
ryanapilado Jan 12, 2021
cc60e16
Merge remote-tracking branch 'upstream/master' into cr3
ryanapilado Jan 12, 2021
bb76300
update proxy-wasm-cpp-host to latest version
ryanapilado Jan 13, 2021
0d0a6c2
s/proxy-wasm/Proxy-Wasm
ryanapilado Feb 3, 2021
af91df7
NOTE on newline
ryanapilado Feb 3, 2021
909b1fd
s/cr_config/capability_restriction_config
ryanapilado Feb 3, 2021
d6fa1c1
fix test names and comments
ryanapilado Feb 3, 2021
ac3f629
add new callback test
ryanapilado Feb 3, 2021
7101e0c
Merge branch 'main' into capability-restriction-tests
ryanapilado Feb 3, 2021
ee8a52b
config -> config_
ryanapilado Feb 3, 2021
38afe66
fix NOTE newline
ryanapilado Feb 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion api/envoy/extensions/wasm/v3/wasm.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,28 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Wasm]
// [#extension: envoy.bootstrap.wasm]

// Configuration for restricting Proxy-Wasm capabilities available to modules.
message CapabilityRestrictionConfig {
// The Proxy-Wasm capabilities which will be allowed. Capabilities are mapped by
// name. The *SanitizationConfig* which each capability maps to is currently unimplemented and ignored,
// and so should be left empty.
//
// The capability names are given in the
// `Proxy-Wasm ABI <https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT>`_.
// Additionally, the following WASI capabilities from
// `this list <https://github.com/WebAssembly/WASI/blob/master/phases/snapshot/docs.md#modules>`_
// are implemented and can be allowed:
// *fd_write*, *fd_read*, *fd_seek*, *fd_close*, *fd_fdstat_get*, *environ_get*, *environ_sizes_get*,
Copy link
Member

@mathetake mathetake Dec 22, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

everything listed here except fd_write, clock_time_get, get_random is not supported actually as you can see, for instance, https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L727-L732 .

Also clock_time_get and get_random are implemented now https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L804-L829

And in the future, we may support get_environ since there's a feature request in the multiple SDK repositories, proxy-wasm/spec#19.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though the host implementation of WASI is indeed a bunch of mostly non-working (but adhering to spec) stubs, modules compiled against WASI want to import them, and this PR is purely about allowing/rejecting such calls.

// *args_get*, *args_sizes_get*, *proc_exit*, *clock_time_get*, *random_get*.
map<string, SanitizationConfig> allowed_capabilities = 1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be capability_configs, or something like that? The content is not necessarily allowlist and sometimes denylist, isn't it

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same goes for proxy-wasm-cpp-host side PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The keys in the map are always allowed capabilities, so I think the name is still accurate. The SanitizationConfig which each capability maps to contains either an allowlist or denylist of arguments, but the capability itself is always allowed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, right. Thanks

}

// Configuration for sanitization of inputs to an allowed capability.
//
// NOTE: This is currently unimplemented.
message SanitizationConfig {
}

// Configuration for a Wasm VM.
// [#next-free-field: 7]
message VmConfig {
Expand Down Expand Up @@ -74,7 +96,7 @@ message VmConfig {
}

// Base Configuration for Wasm Plugins e.g. filters and services.
// [#next-free-field: 6]
// [#next-free-field: 7]
message PluginConfig {
// A unique name for a filters/services in a VM for use in identifying the filter/service if
// multiple filters/services are handled by the same *vm_id* and *root_id* and for
Expand Down Expand Up @@ -105,6 +127,9 @@ message PluginConfig {
// during xDS updates the xDS configuration will be rejected and when on_start or on_configuration return false on initial
// startup the proxy will not start.
bool fail_open = 5;

// Configuration for restricting Proxy-Wasm capabilities available to modules.
CapabilityRestrictionConfig capability_restriction_config = 6;
}

// WasmService is configured as a built-in *envoy.wasm_service* :ref:`WasmService
Expand Down
6 changes: 3 additions & 3 deletions bazel/repository_locations.bzl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -889,8 +889,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
project_name = "WebAssembly for Proxies (C++ host implementation)",
project_desc = "WebAssembly for Proxies (C++ host implementation)",
project_url = "https://github.com/proxy-wasm/proxy-wasm-cpp-host",
version = "6dab125d7a668c7158848b6f48c67fd827c952e6",
sha256 = "b5c73ed053a7079bd8bf53b14c4811e87ae521d9fcf4769ec5b248202a27600d",
version = "5a53cf4b231599e1d2a1f2f4598fdfbb727ff948",
sha256 = "600dbc651a2837e6f1db964eb7e1078e5e338049a34c9ab47415dfa7f3de5478",
strip_prefix = "proxy-wasm-cpp-host-{version}",
urls = ["https://github.com/proxy-wasm/proxy-wasm-cpp-host/archive/{version}.tar.gz"],
use_category = ["dataplane_ext"],
Expand All @@ -905,7 +905,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
"envoy.wasm.runtime.wavm",
"envoy.wasm.runtime.wasmtime",
],
release_date = "2020-12-16",
release_date = "2021-01-12",
cpe = "N/A",
),
proxy_wasm_rust_sdk = dict(
Expand Down
27 changes: 26 additions & 1 deletion generated_api_shadow/envoy/extensions/wasm/v3/wasm.proto
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions source/extensions/access_loggers/wasm/config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,10 @@ WasmAccessLogFactory::createAccessLogInstance(const Protobuf::Message& proto_con
};

if (!Common::Wasm::createWasm(
config.config().vm_config(), plugin, context.scope().createScope(""),
context.clusterManager(), context.initManager(), context.dispatcher(), context.api(),
context.lifecycleNotifier(), remote_data_provider_, std::move(callback))) {
config.config().vm_config(), config.config().capability_restriction_config(), plugin,
context.scope().createScope(""), context.clusterManager(), context.initManager(),
context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
std::move(callback))) {
throw Common::Wasm::WasmException(
fmt::format("Unable to create Wasm access log {}", plugin->name_));
}
Expand Down
7 changes: 4 additions & 3 deletions source/extensions/bootstrap/wasm/config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,10 @@ void WasmServiceExtension::createWasm(Server::Configuration::ServerFactoryContex
};

if (!Common::Wasm::createWasm(
config_.config().vm_config(), plugin, context.scope().createScope(""),
context.clusterManager(), context.initManager(), context.dispatcher(), context.api(),
context.lifecycleNotifier(), remote_data_provider_, std::move(callback))) {
config_.config().vm_config(), config_.config().capability_restriction_config(), plugin,
context.scope().createScope(""), context.clusterManager(), context.initManager(),
context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
std::move(callback))) {
// NB: throw if we get a synchronous configuration failures as this is how such failures are
// reported to xDS.
throw Common::Wasm::WasmException(
Expand Down
2 changes: 2 additions & 0 deletions source/extensions/common/wasm/context.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ using proxy_wasm::WasmResult;
using proxy_wasm::WasmStreamType;

using VmConfig = envoy::extensions::wasm::v3::VmConfig;
using CapabilityRestrictionConfig = envoy::extensions::wasm::v3::CapabilityRestrictionConfig;
using SanitizationConfig = envoy::extensions::wasm::v3::SanitizationConfig;
using GrpcService = envoy::config::core::v3::GrpcService;

class Wasm;
Expand Down
40 changes: 22 additions & 18 deletions source/extensions/common/wasm/wasm.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,11 @@ void Wasm::initializeLifecycle(Server::ServerLifecycleNotifier& lifecycle_notifi
}

Wasm::Wasm(absl::string_view runtime, absl::string_view vm_id, absl::string_view vm_configuration,
absl::string_view vm_key, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Event::Dispatcher& dispatcher)
: WasmBase(createWasmVm(runtime), vm_id, vm_configuration, vm_key), scope_(scope),
cluster_manager_(cluster_manager), dispatcher_(dispatcher),
absl::string_view vm_key, proxy_wasm::AllowedCapabilitiesMap allowed_capabilities,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Event::Dispatcher& dispatcher)
: WasmBase(createWasmVm(runtime), vm_id, vm_configuration, vm_key, allowed_capabilities),
scope_(scope), cluster_manager_(cluster_manager), dispatcher_(dispatcher),
time_source_(dispatcher.timeSource()),
wasm_stats_(WasmStats{
ALL_WASM_STATS(POOL_COUNTER_PREFIX(*scope_, absl::StrCat("wasm.", runtime, ".")),
Expand Down Expand Up @@ -312,8 +313,9 @@ WasmEvent toWasmEvent(const std::shared_ptr<WasmHandleBase>& wasm) {
NOT_IMPLEMENTED_GCOVR_EXCL_LINE;
}

static bool createWasmInternal(const VmConfig& vm_config, const PluginSharedPtr& plugin,
const Stats::ScopeSharedPtr& scope,
static bool createWasmInternal(const VmConfig& vm_config,
const CapabilityRestrictionConfig& capability_restriction_config,
const PluginSharedPtr& plugin, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager,
Init::Manager& init_manager, Event::Dispatcher& dispatcher,
Api::Api& api, Server::ServerLifecycleNotifier& lifecycle_notifier,
Expand Down Expand Up @@ -380,8 +382,8 @@ static bool createWasmInternal(const VmConfig& vm_config, const PluginSharedPtr&
.value_or(code.empty() ? EMPTY_STRING : INLINE_STRING);
}

auto complete_cb = [cb, vm_config, plugin, scope, &cluster_manager, &dispatcher,
&lifecycle_notifier, create_root_context_for_testing,
auto complete_cb = [cb, vm_config, capability_restriction_config, plugin, scope, &cluster_manager,
&dispatcher, &lifecycle_notifier, create_root_context_for_testing,
wasm_extension](std::string code) -> bool {
if (code.empty()) {
cb(nullptr);
Expand All @@ -391,10 +393,10 @@ static bool createWasmInternal(const VmConfig& vm_config, const PluginSharedPtr&
proxy_wasm::makeVmKey(vm_config.vm_id(), anyToBytes(vm_config.configuration()), code);
auto wasm_factory = wasm_extension->wasmFactory();
proxy_wasm::WasmHandleFactory proxy_wasm_factory =
[&vm_config, scope, &cluster_manager, &dispatcher, &lifecycle_notifier,
wasm_factory](absl::string_view vm_key) -> WasmHandleBaseSharedPtr {
return wasm_factory(vm_config, scope, cluster_manager, dispatcher, lifecycle_notifier,
vm_key);
[&vm_config, &capability_restriction_config, scope, &cluster_manager, &dispatcher,
&lifecycle_notifier, wasm_factory](absl::string_view vm_key) -> WasmHandleBaseSharedPtr {
return wasm_factory(vm_config, capability_restriction_config, scope, cluster_manager,
dispatcher, lifecycle_notifier, vm_key);
};
auto wasm = proxy_wasm::createWasm(
vm_key, code, plugin, proxy_wasm_factory,
Expand Down Expand Up @@ -469,15 +471,17 @@ static bool createWasmInternal(const VmConfig& vm_config, const PluginSharedPtr&
return true;
}

bool createWasm(const VmConfig& vm_config, const PluginSharedPtr& plugin,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Init::Manager& init_manager, Event::Dispatcher& dispatcher, Api::Api& api,
bool createWasm(const VmConfig& vm_config,
const CapabilityRestrictionConfig& capability_restriction_config,
const PluginSharedPtr& plugin, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Init::Manager& init_manager,
Event::Dispatcher& dispatcher, Api::Api& api,
Envoy::Server::ServerLifecycleNotifier& lifecycle_notifier,
Config::DataSource::RemoteAsyncDataProviderPtr& remote_data_provider,
CreateWasmCallback&& cb, CreateContextFn create_root_context_for_testing) {
return createWasmInternal(vm_config, plugin, scope, cluster_manager, init_manager, dispatcher,
api, lifecycle_notifier, remote_data_provider, std::move(cb),
create_root_context_for_testing);
return createWasmInternal(vm_config, capability_restriction_config, plugin, scope,
cluster_manager, init_manager, dispatcher, api, lifecycle_notifier,
remote_data_provider, std::move(cb), create_root_context_for_testing);
}

PluginHandleSharedPtr
Expand Down
13 changes: 8 additions & 5 deletions source/extensions/common/wasm/wasm.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,9 @@ struct WasmStats {
class Wasm : public WasmBase, Logger::Loggable<Logger::Id::wasm> {
public:
Wasm(absl::string_view runtime, absl::string_view vm_id, absl::string_view vm_configuration,
absl::string_view vm_key, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Event::Dispatcher& dispatcher);
absl::string_view vm_key, proxy_wasm::AllowedCapabilitiesMap allowed_capabilities,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Event::Dispatcher& dispatcher);
Wasm(std::shared_ptr<WasmHandle> other, Event::Dispatcher& dispatcher);
~Wasm() override;

Expand Down Expand Up @@ -160,9 +161,11 @@ using CreateWasmCallback = std::function<void(WasmHandleSharedPtr)>;
// all failures synchronously as it has no facility to report configuration update failures
// asynchronously. Callers should throw an exception if they are part of a synchronous xDS update
// because that is the mechanism for reporting configuration errors.
bool createWasm(const VmConfig& vm_config, const PluginSharedPtr& plugin,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Init::Manager& init_manager, Event::Dispatcher& dispatcher, Api::Api& api,
bool createWasm(const VmConfig& vm_config,
const CapabilityRestrictionConfig& capability_restriction_config,
const PluginSharedPtr& plugin, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Init::Manager& init_manager,
Event::Dispatcher& dispatcher, Api::Api& api,
Envoy::Server::ServerLifecycleNotifier& lifecycle_notifier,
Config::DataSource::RemoteAsyncDataProviderPtr& remote_data_provider,
CreateWasmCallback&& callback,
Expand Down
16 changes: 11 additions & 5 deletions source/extensions/common/wasm/wasm_extension.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,19 @@ PluginHandleExtensionFactory EnvoyWasm::pluginFactory() {
}

WasmHandleExtensionFactory EnvoyWasm::wasmFactory() {
return [](const VmConfig vm_config, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Event::Dispatcher& dispatcher,
Server::ServerLifecycleNotifier& lifecycle_notifier,
return [](const VmConfig vm_config,
const CapabilityRestrictionConfig capability_restriction_config,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Event::Dispatcher& dispatcher, Server::ServerLifecycleNotifier& lifecycle_notifier,
absl::string_view vm_key) -> WasmHandleBaseSharedPtr {
proxy_wasm::AllowedCapabilitiesMap allowed_capabilities;
for (auto& capability : capability_restriction_config.allowed_capabilities()) {
// TODO(rapilado): Set the SanitizationConfig fields once sanitization is implemented.
allowed_capabilities[capability.first] = proxy_wasm::SanitizationConfig();
}
auto wasm = std::make_shared<Wasm>(vm_config.runtime(), vm_config.vm_id(),
anyToBytes(vm_config.configuration()), vm_key, scope,
cluster_manager, dispatcher);
anyToBytes(vm_config.configuration()), vm_key,
allowed_capabilities, scope, cluster_manager, dispatcher);
wasm->initializeLifecycle(lifecycle_notifier);
return std::static_pointer_cast<WasmHandleBase>(std::make_shared<WasmHandle>(std::move(wasm)));
};
Expand Down
7 changes: 4 additions & 3 deletions source/extensions/common/wasm/wasm_extension.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,10 @@ using CreateContextFn =
using PluginHandleExtensionFactory = std::function<PluginHandleBaseSharedPtr(
const WasmHandleSharedPtr& base_wasm, absl::string_view plugin_key)>;
using WasmHandleExtensionFactory = std::function<WasmHandleBaseSharedPtr(
const VmConfig& vm_config, const Stats::ScopeSharedPtr& scope,
Upstream::ClusterManager& cluster_manager, Event::Dispatcher& dispatcher,
Server::ServerLifecycleNotifier& lifecycle_notifier, absl::string_view vm_key)>;
const VmConfig& vm_config, const CapabilityRestrictionConfig& capability_restriction_config,
const Stats::ScopeSharedPtr& scope, Upstream::ClusterManager& cluster_manager,
Event::Dispatcher& dispatcher, Server::ServerLifecycleNotifier& lifecycle_notifier,
absl::string_view vm_key)>;
using WasmHandleExtensionCloneFactory = std::function<WasmHandleBaseSharedPtr(
const WasmHandleSharedPtr& base_wasm, Event::Dispatcher& dispatcher,
CreateContextFn create_root_context_for_testing)>;
Expand Down
7 changes: 4 additions & 3 deletions source/extensions/filters/http/wasm/wasm_filter.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@ FilterConfig::FilterConfig(const envoy::extensions::filters::http::wasm::v3::Was
};

if (!Common::Wasm::createWasm(
config.config().vm_config(), plugin_, context.scope().createScope(""),
context.clusterManager(), context.initManager(), context.dispatcher(), context.api(),
context.lifecycleNotifier(), remote_data_provider_, std::move(callback))) {
config.config().vm_config(), config.config().capability_restriction_config(), plugin_,
context.scope().createScope(""), context.clusterManager(), context.initManager(),
context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
std::move(callback))) {
throw Common::Wasm::WasmException(
fmt::format("Unable to create Wasm HTTP filter {}", plugin->name_));
}
Expand Down
7 changes: 4 additions & 3 deletions source/extensions/filters/network/wasm/wasm_filter.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@ FilterConfig::FilterConfig(const envoy::extensions::filters::network::wasm::v3::
};

if (!Common::Wasm::createWasm(
config.config().vm_config(), plugin_, context.scope().createScope(""),
context.clusterManager(), context.initManager(), context.dispatcher(), context.api(),
context.lifecycleNotifier(), remote_data_provider_, std::move(callback))) {
config.config().vm_config(), config.config().capability_restriction_config(), plugin_,
context.scope().createScope(""), context.clusterManager(), context.initManager(),
context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
std::move(callback))) {
throw Common::Wasm::WasmException(
fmt::format("Unable to create Wasm network filter {}", plugin->name_));
}
Expand Down
7 changes: 4 additions & 3 deletions source/extensions/stat_sinks/wasm/config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,10 @@ WasmSinkFactory::createStatsSink(const Protobuf::Message& proto_config,
};

if (!Common::Wasm::createWasm(
config.config().vm_config(), plugin, context.scope().createScope(""),
context.clusterManager(), context.initManager(), context.dispatcher(), context.api(),
context.lifecycleNotifier(), remote_data_provider_, std::move(callback))) {
config.config().vm_config(), config.config().capability_restriction_config(), plugin,
context.scope().createScope(""), context.clusterManager(), context.initManager(),
context.dispatcher(), context.api(), context.lifecycleNotifier(), remote_data_provider_,
std::move(callback))) {
throw Common::Wasm::WasmException(
fmt::format("Unable to create Wasm Stat Sink {}", plugin->name_));
}
Expand Down
Loading