Spinlet is a plugin and runtime for building and running wasm32-wasi cli components as plugins for Spin. It provides a sandboxed environment with access control to protect the host system from malicious code. Spinlet supports features such as std::env::args
and std::fs::read_dir
, and allows users to specify which environment variables, directories, and files the plugin has access to.
Spinlet requires the following tools to be installed:
- Rust >= 1.70.0
- Spin >= 1.2.0
- wasm-tools >= 1.0.35
- wit-bindgen >= 0.7.0
- spin-pluginify >= PR #6
git clone https://github.com/cardoso/spinlet
cd spinlet
spin pluginify -i
spin let
-
spin let [command]
Spinlets can now hook into spin's native commands by specifying in their manifest:
[hook.build.after]
enabled = true
[hook.build.before]
enabled = true
- access control
Spinlet's manifest allows users to specify which environment variables, directories, and files the plugin has access to.
[[access.fs.dir]]
path = "."
read = true
[[access.env.var]]
key = "HOME"
[access.env.args]
enabled = true
[access.io.stdin]
enabled = true
[access.io.stdout]
enabled = true
[access.io.stderr]
enabled = true
-
std::env::args
fn main() {
for arg in std::env::args() {
println!("{}", arg);
}
// Plugin only has access to environment variables specified in the manifest
for (key, value) in std::env::vars() {
println!("{}: {}", key, value);
}
}
➜ spinlet git:(main) ✗ spin let update
You're using a pre-release version of Spin (1.3.0-pre0). This plugin might not be compatible (supported: >=0.7). Continuing anyway.
/Users/cardoso/Library/Application Support/spin/plugins/let/let
update
SPIN_BIN_PATH: /Users/cardoso/.cargo/bin/spin
SPIN_BRANCH: main
SPIN_BUILD_DATE: 2023-05-20
SPIN_COMMIT_DATE: 2023-05-19
SPIN_COMMIT_SHA: d476000
SPIN_DEBUG: false
SPIN_TARGET_TRIPLE: aarch64-apple-darwin
SPIN_VERSION: 1.3.0-pre0
SPIN_VERSION_MAJOR: 1
SPIN_VERSION_MINOR: 3
SPIN_VERSION_PATCH: 0
SPIN_VERSION_PRE: pre0
-
std::fs::read_dir
pub fn main() {
/// Plugin only has access to files in the current working directory
match std::fs::read_dir("/workspace") {
Ok(dir) => {
for entry in dir {
match entry {
Ok(entry) => println!("{}", entry.path().display()),
Err(error) => println!("error reading entry: {}", error),
}
}
}
Err(error) => println!("error reading /: {}", error),
}
}
➜ spinlet git:(main) ✗ pwd
/Users/cardoso/Developer/cardoso/spinlet/spinlet
➜ spinlet git:(main) ✗ spin let workspace
You're using a pre-release version of Spin (1.3.0-pre0). This plugin might not be compatible (supported: >=0.7). Continuing anyway.
/workspace/Cargo.toml
/workspace/.spinlets
/workspace/.DS_Store
/workspace/target
/workspace/install.sh
/workspace/let-0.1.5-macos-aarch64.tar.gz
/workspace/Cargo.lock
/workspace/README.md
/workspace/adapters
/workspace/build.sh
/workspace/.gitignore
/workspace/spinlets
/workspace/.git
/workspace/let.json
/workspace/spin-pluginify.toml
/workspace/src
spin let [spinlet] -- [spinlet args]
Usage: spin let [OPTIONS] <SPINLET> [-- <ARGS>...]
Arguments:
<SPINLET> Spinlet to run
[ARGS]... Arguments to pass to the
spinlet
Options:
-w, --workspace <WORKSPACE>
Workspace to run the spinlet
in [default: .]
-h, --help
Print help