Wasm-wc: Wire up the language module to the config system

This exposes the various WebAssembly Component Model language module
specific options.

The application type is "wasm-wasi-component".

There is a "component" option that is required, this specifies the full
path to the WebAssembly component to be run. This component should be in
binary format, i.e a .wasm file.

There is also currently one optional option

"access"

Due to the sandboxed nature of WebAssembly, by default Wasm
modules/components don't have any access to the underlying filesystem.

There is however a capabilities based mechanism[0] for allowing such
access.

This adds a config option to the 'wasm-wasi-component' application type
(same as for 'wasm');
'access.filesystem' which takes an array of
directory paths that are then made available to the wasm
module/component. This access works recursively, i.e everything under a
specific path is allowed access to.

Example config might look like

  "applications": {
      "my-wasm-component": {
          "type": "wasm-wasi-component",
          "component": "/path/to/component.wasm",
          "access" {
              "filesystem": [
                  "/tmp",
                  "/var/tmp"
              ]
          }
      }
  }

The actual mechanism used allows directories to be mapped differently in
the guest. But at the moment we don't support that and just map say /tmp
to /tmp. This can be revisited if it's something users clamour for.

[0]: <https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-capabilities.md>

Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

src/nxt_application.c

@@ -1100,6 +1100,9 @@ nxt_app_parse_type(u_char *p, size_t length)
     } else if (nxt_str_eq(&str, "java", 4)) {
         return NXT_APP_JAVA;
 
+    } else if (nxt_str_eq(&str, "wasm-wasi-component", 19)) {
+        return NXT_APP_WASM_WC;
+
     } else if (nxt_str_eq(&str, "wasm", 4)) {
         return NXT_APP_WASM;
     }

src/nxt_conf_validation.c

@@ -1095,6 +1095,22 @@ static nxt_conf_vldt_object_t  nxt_conf_vldt_wasm_members[] = {
 };
 
 
+static nxt_conf_vldt_object_t  nxt_conf_vldt_wasm_wc_members[] = {
+    {
+        .name       = nxt_string("component"),
+        .type       = NXT_CONF_VLDT_STRING,
+        .flags      = NXT_CONF_VLDT_REQUIRED,
+    }, {
+        .name       = nxt_string("access"),
+        .type       = NXT_CONF_VLDT_OBJECT,
+        .validator  = nxt_conf_vldt_object,
+        .u.members  = nxt_conf_vldt_wasm_access_members,
+    },
+
+    NXT_CONF_VLDT_NEXT(nxt_conf_vldt_common_members)
+};
+
+
 static nxt_conf_vldt_object_t  nxt_conf_vldt_wasm_access_members[] = {
     {
         .name       = nxt_string("filesystem"),
@@ -2660,6 +2676,7 @@ nxt_conf_vldt_app(nxt_conf_validation_t *vldt, nxt_str_t *name,
         { nxt_conf_vldt_object, nxt_conf_vldt_ruby_members },
         { nxt_conf_vldt_object, nxt_conf_vldt_java_members },
         { nxt_conf_vldt_object, nxt_conf_vldt_wasm_members },
+        { nxt_conf_vldt_object, nxt_conf_vldt_wasm_wc_members },
     };
 
     ret = nxt_conf_vldt_type(vldt, name, value, NXT_CONF_VLDT_OBJECT);

src/nxt_main_process.c

@@ -377,6 +377,20 @@ static nxt_conf_map_t  nxt_wasm_app_conf[] = {
 };
 
 
+static nxt_conf_map_t  nxt_wasm_wc_app_conf[] = {
+    {
+        nxt_string("component"),
+        NXT_CONF_MAP_CSTRZ,
+        offsetof(nxt_common_app_conf_t, u.wasm_wc.component),
+    },
+    {
+        nxt_string("access"),
+        NXT_CONF_MAP_PTR,
+        offsetof(nxt_common_app_conf_t, u.wasm_wc.access),
+    },
+};
+
+
 static nxt_conf_app_map_t  nxt_app_maps[] = {
     { nxt_nitems(nxt_external_app_conf),  nxt_external_app_conf },
     { nxt_nitems(nxt_python_app_conf),    nxt_python_app_conf },
@@ -385,6 +399,7 @@ static nxt_conf_app_map_t  nxt_app_maps[] = {
     { nxt_nitems(nxt_ruby_app_conf),      nxt_ruby_app_conf },
     { nxt_nitems(nxt_java_app_conf),      nxt_java_app_conf },
     { nxt_nitems(nxt_wasm_app_conf),      nxt_wasm_app_conf },
+    { nxt_nitems(nxt_wasm_wc_app_conf),   nxt_wasm_wc_app_conf },
 };