{"id":23591465,"url":"https://github.com/dvob/k8s-wasi-rs","last_synced_at":"2025-11-04T06:30:30.485Z","repository":{"id":54606559,"uuid":"521690123","full_name":"dvob/k8s-wasi-rs","owner":"dvob","description":null,"archived":false,"fork":false,"pushed_at":"2022-08-13T11:16:18.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-16T10:45:30.524Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-05T15:33:40.000Z","updated_at":"2022-08-05T15:33:59.000Z","dependencies_parsed_at":"2022-08-13T21:20:14.508Z","dependency_job_id":null,"html_url":"https://github.com/dvob/k8s-wasi-rs","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fk8s-wasi-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fk8s-wasi-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fk8s-wasi-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fk8s-wasi-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvob","download_url":"https://codeload.github.com/dvob/k8s-wasi-rs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239426209,"owners_count":19636536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-27T07:39:09.149Z","updated_at":"2025-11-04T06:30:30.455Z","avatar_url":"https://github.com/dvob.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8s_wasi\n\nThe `k8s_wasi` crate provides helper functions to easily implement a WASM module according to specification described [here](https://github.com/dvob/k8s-wasm/tree/main/spec).\n\nThe quickest way to get started is to copy one of the examples in the `./examples` directory and change it according to your needs.\n\n## Create a module\n\nCreate a new crate:\n```\ncargo new --lib my-k8s-module\n```\n\nAdd the required dependencies to your module in `Cargo.toml`:\n```toml\n[dependencies]\nk8s_wasi = { git = \"https://github.com/dvob/k8s-wasi-rs\" }\nk8s-openapi = { version = \"0.15.0\", features = [\"v1_24\"] }\nserde = { version = \"1.0.139\", features = [\"derive\"] }\nserde_json = \"1.0.82\"\n```\n\nSet the `crate-type` in `Cargo.toml`:\n```toml\n[lib]\ncrate-type = [\"cdylib\"]\n```\n\nImplement your module in `src/lib.rs`.\nDefine a struct which represents your component and one which represent the settings if you expect settings.\nWe must be able to deserialize the settings hence we use `#[derive(Deserialize)]` on the settings.\n```rust\nuse k8s_openapi::api::authentication::v1::TokenReview;\nuse k8s_wasi::Authenticator;\nuse serde::Deserialize;\nuse std::error::Error;\n\n#[derive(Deserialize)]\nstruct Settings {\n    my_setting: String,\n}\n\nstruct MyAuthenticator {}\n```\n\nThen implement the appropriate trait for your component:\n* Authentication: [`k8s_wasi::Authenticator\u003cS\u003e`](https://github.com/dvob/k8s-wasi-rs/blob/main/k8s_wasi/src/lib.rs#L84)\n* Authorization: [`k8s_wasi::Authorizer\u003cS\u003e`](https://github.com/dvob/k8s-wasi-rs/blob/main/k8s_wasi/src/lib.rs#L95)\n* Admission: [`k8s_wasi::Admiter\u003cS\u003e`](https://github.com/dvob/k8s-wasi-rs/blob/main/k8s_wasi/src/lib.rs#L109)\n\nThe traits are generic over the settings (`S`):\n```rust\nimpl Authenticator\u003cSettings\u003e for MyAuthenticator {\n    fn authenticate(tr: TokenReview, settings: Settings) -\u003e Result\u003cTokenReview, Box\u003cdyn Error\u003e\u003e {\n        todo!()\n    }\n}\n```\n\nThen implement the logic according to your needs.\n\nFinally you have to provide the appropriate function (`authn`, `authz`, `validate`) which is required by the specification.\nFor this you can either implement the function yourself or use the appropriate register macro:\n* Authentication: `k8s_wasi::register_authenticator!`\n* Authorization: `k8s_wasi::register_authenticator!`\n* Admission: `k8s_wasi::register_authenticator!`\n\nMacro:\n```rust\nk8s_wasi::register_authenticator!(MyAuthenticator);\n```\n\nImplement yourself:\n```rust\n#[no_mangle]\nfn authn() {\n  MyAuthenticator::runner().run_with_stdin().unwrap();\n}\n```\n\nTo build the module you have to install the `wasm32-wasi` target.\nYou can install with [rustup](https://rustup.rs/) like this:\n```\nrustup target add wasm32-wasi\n```\n\nThen you can build the module:\n```\ncargo build --target wasm32-wasi\n```\n\nFor the final build it is recommended that you use `--release` flag for build since this produces a much smaller module:\n```\ncargo build --release --target wasm32-wasi\n```\n\nThen you can find the module in the target folder under:\n```\ntarget/wasm32-wasi/release/my_k8s_authenticator.wasm\n```\n\n## Authentication\nThe module `k8s_wasi::token_review` contains helper functions for the authentication:\n```rust\nuse k8s_wasi::token_review::*;\n```\n\n### Input\nRead the token from the token review:\n```rust\nlet token = get_token(tr)?;\n```\n\n### Output\nAuthenticate with UID `0`, user `magic-user` and group `magic-group`:\n```rust\nresponse_from_status(\n\tauthenticate(\n\t\t\"0\".to_string(),\n                \"magic-user\".to_string(),\n                vec![\n\t\t\t\"magic-group\".to_string()\n\t\t],\n\t)\n)\n```\n\nDo not authenticate:\n```rust\nresponse_from_status(reject())\n```\n\n## Authorization\nThe module `k8s_wasi::subject_access_review` contains helper functions to construct a `SubjectAccessReview` easily.\n```rust\nuse k8s_wasi::subject_access_review::*;\n```\n\n### Output\nAuthorize:\n```rust\nresponse_from_status(allow())\n```\n\nDo not authorize:\n```rust\nresponse_from_status(reject())\n```\n\n## Admission\nThe module `k8s_wasi::admission` contains types and functions to construct a `AdmissionReview` easily.\n```rust\nuse k8s_wasi::admission::*;\n```\n\n### Input\nRead the request:\n```rust\nlet mut request = ar.get_request()?;\n```\n\nRead certain object from AdmissionReviewRequest:\n```rust\nuse k8s_openapi::api::core::v1::ConfigMap;\n\nlet config_map: ConfigMap = request.get_object()?;\n```\n\n### Output\nAccept request:\n```rust\nAdmissionReview::accept(request.uid)\n```\n\nAccept request and mutate object:\n```rust\nAdmissionReview::mutate(request.uid, config_map)\n```\n\nReject request:\n```rust\nAdmissionReview::reject_with_message(\n\trequest.uid,\n\tformat!(\"reason for rejection\")\n)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvob%2Fk8s-wasi-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvob%2Fk8s-wasi-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvob%2Fk8s-wasi-rs/lists"}