wasmv3

type CapabilityRestrictionConfig struct {

	// The Proxy-Wasm capabilities which will be allowed. Capabilities are mapped by
	// name. The “SanitizationConfig“ which each capability maps to is currently unimplemented and ignored,
	// and so should be left empty.
	//
	// The capability names are given in the
	// `Proxy-Wasm ABI <https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT>`_.
	// Additionally, the following WASI capabilities from
	// `this list <https://github.com/WebAssembly/WASI/blob/master/phases/snapshot/docs.md#modules>`_
	// are implemented and can be allowed:
	// “fd_write“, “fd_read“, “fd_seek“, “fd_close“, “fd_fdstat_get“, “environ_get“, “environ_sizes_get“,
	// “args_get“, “args_sizes_get“, “proc_exit“, “clock_time_get“, “random_get“.
	AllowedCapabilities map[string]*SanitizationConfig `` /* 206-byte string literal not displayed */
	// contains filtered or unexported fields
}

type EnvironmentVariables struct {

	// The keys of *Envoy's* environment variables exposed to this VM. In other words, if a key exists in Envoy's environment
	// variables, then that key-value pair will be injected. Note that if a key does not exist, it will be ignored.
	HostEnvKeys []string `protobuf:"bytes,1,rep,name=host_env_keys,json=hostEnvKeys,proto3" json:"host_env_keys,omitempty"`
	// Explicitly given key-value pairs to be injected to this VM in the form of "KEY=VALUE".
	KeyValues map[string]string `` /* 176-byte string literal not displayed */
	// contains filtered or unexported fields
}

type PluginConfig struct {

	// A unique name for a filters/services in a VM for use in identifying the filter/service if
	// multiple filters/services are handled by the same “vm_id“ and “root_id“ and for
	// logging/debugging.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A unique ID for a set of filters/services in a VM which will share a RootContext and Contexts
	// if applicable (e.g. an Wasm HttpFilter and an Wasm AccessLog). If left blank, all
	// filters/services with a blank root_id with the same “vm_id“ will share Context(s).
	RootId string `protobuf:"bytes,2,opt,name=root_id,json=rootId,proto3" json:"root_id,omitempty"`
	// Configuration for finding or starting VM.
	//
	// Types that are assignable to Vm:
	//
	//	*PluginConfig_VmConfig
	Vm isPluginConfig_Vm `protobuf_oneof:"vm"`
	// Filter/service configuration used to configure or reconfigure a plugin
	// (“proxy_on_configure“).
	// “google.protobuf.Struct“ is serialized as JSON before
	// passing it to the plugin. “google.protobuf.BytesValue“ and
	// “google.protobuf.StringValue“ are passed directly without the wrapper.
	Configuration *anypb.Any `protobuf:"bytes,4,opt,name=configuration,proto3" json:"configuration,omitempty"`
	// If there is a fatal error on the VM (e.g. exception, abort(), on_start or on_configure return false),
	// then all plugins associated with the VM will either fail closed (by default), e.g. by returning an HTTP 503 error,
	// or fail open (if 'fail_open' is set to true) by bypassing the filter. Note: when on_start or on_configure return false
	// during xDS updates the xDS configuration will be rejected and when on_start or on_configuration return false on initial
	// startup the proxy will not start.
	FailOpen bool `protobuf:"varint,5,opt,name=fail_open,json=failOpen,proto3" json:"fail_open,omitempty"`
	// Configuration for restricting Proxy-Wasm capabilities available to modules.
	CapabilityRestrictionConfig *CapabilityRestrictionConfig `` /* 144-byte string literal not displayed */
	// contains filtered or unexported fields
}

type PluginConfig_VmConfig struct {
	VmConfig *VmConfig `protobuf:"bytes,3,opt,name=vm_config,json=vmConfig,proto3,oneof"` // TODO: add referential VM configurations.
}

type SanitizationConfig struct {
	// contains filtered or unexported fields
}

type VmConfig struct {

	// An ID which will be used along with a hash of the wasm code (or the name of the registered Null
	// VM plugin) to determine which VM will be used for the plugin. All plugins which use the same
	// “vm_id“ and code will use the same VM. May be left blank. Sharing a VM between plugins can
	// reduce memory utilization and make sharing of data easier which may have security implications.
	// [#comment: TODO: add ref for details.]
	VmId string `protobuf:"bytes,1,opt,name=vm_id,json=vmId,proto3" json:"vm_id,omitempty"`
	// The Wasm runtime type, defaults to the first available Wasm engine used at Envoy build-time.
	// The priority to search for the available engine is: v8 -> wasmtime -> wamr.
	// Available Wasm runtime types are registered as extensions. The following runtimes are included
	// in Envoy code base:
	//
	// .. _extension_envoy.wasm.runtime.null:
	//
	// **envoy.wasm.runtime.null**: Null sandbox, the Wasm module must be compiled and linked into the
	// Envoy binary. The registered name is given in the “code“ field as “inline_string“.
	//
	// .. _extension_envoy.wasm.runtime.v8:
	//
	// **envoy.wasm.runtime.v8**: `V8 <https://v8.dev/>`_-based WebAssembly runtime.
	//
	// .. _extension_envoy.wasm.runtime.wamr:
	//
	// **envoy.wasm.runtime.wamr**: `WAMR <https://github.com/bytecodealliance/wasm-micro-runtime/>`_-based WebAssembly runtime.
	// This runtime is not enabled in the official build.
	//
	// .. _extension_envoy.wasm.runtime.wasmtime:
	//
	// **envoy.wasm.runtime.wasmtime**: `Wasmtime <https://wasmtime.dev/>`_-based WebAssembly runtime.
	// This runtime is not enabled in the official build.
	//
	// [#extension-category: envoy.wasm.runtime]
	Runtime string `protobuf:"bytes,2,opt,name=runtime,proto3" json:"runtime,omitempty"`
	// The Wasm code that Envoy will execute.
	Code *v3.AsyncDataSource `protobuf:"bytes,3,opt,name=code,proto3" json:"code,omitempty"`
	// The Wasm configuration used in initialization of a new VM
	// (proxy_on_start). “google.protobuf.Struct“ is serialized as JSON before
	// passing it to the plugin. “google.protobuf.BytesValue“ and
	// “google.protobuf.StringValue“ are passed directly without the wrapper.
	Configuration *anypb.Any `protobuf:"bytes,4,opt,name=configuration,proto3" json:"configuration,omitempty"`
	// Allow the wasm file to include pre-compiled code on VMs which support it.
	// Warning: this should only be enable for trusted sources as the precompiled code is not
	// verified.
	AllowPrecompiled bool `protobuf:"varint,5,opt,name=allow_precompiled,json=allowPrecompiled,proto3" json:"allow_precompiled,omitempty"`
	// If true and the code needs to be remotely fetched and it is not in the cache then NACK the configuration
	// update and do a background fetch to fill the cache, otherwise fetch the code asynchronously and enter
	// warming state.
	NackOnCodeCacheMiss bool `protobuf:"varint,6,opt,name=nack_on_code_cache_miss,json=nackOnCodeCacheMiss,proto3" json:"nack_on_code_cache_miss,omitempty"`
	// Specifies environment variables to be injected to this VM which will be available through
	// WASI's “environ_get“ and “environ_get_sizes“ system calls. Note that these functions
	// are generally called implicitly by your language's standard library. Therefore, you do not
	// need to call them directly. You can access environment variables in the same way you would
	// on native platforms.
	// Warning: Envoy rejects the configuration if there's conflict of key space.
	EnvironmentVariables *EnvironmentVariables `protobuf:"bytes,7,opt,name=environment_variables,json=environmentVariables,proto3" json:"environment_variables,omitempty"`
	// contains filtered or unexported fields
}

type WasmService struct {

	// General plugin configuration.
	Config *PluginConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	// If true, create a single VM rather than creating one VM per worker. Such a singleton can
	// not be used with filters.
	Singleton bool `protobuf:"varint,2,opt,name=singleton,proto3" json:"singleton,omitempty"`
	// contains filtered or unexported fields
}