[CRE-44] Add restricted config; validate WASM config

pkg/capabilities/capabilities.go

@@ -392,7 +392,13 @@ func (c *RemoteExecutableConfig) ApplyDefaults() {
 }
 
 type CapabilityConfiguration struct {
-	DefaultConfig          *values.Map
+	DefaultConfig *values.Map
+	// RestrictedKeys is a list of keys that can't be provided by users in their
+	// configuration; we'll remove these fields before passing them to the capability.
+	RestrictedKeys []string
+	// RestrictedConfig is configuration that can only be set by us; this
+	// takes precedence over any user-provided config.
+	RestrictedConfig       *values.Map
 	RemoteTriggerConfig    *RemoteTriggerConfig
 	RemoteTargetConfig     *RemoteTargetConfig
 	RemoteExecutableConfig *RemoteExecutableConfig

pkg/capabilities/pb/registry.proto

@@ -40,5 +40,8 @@ message CapabilityConfig {
     RemoteTargetConfig remote_target_config = 3;
     RemoteExecutableConfig remote_executable_config = 4;
   }
+
+  values.Map restricted_config = 5;
+  repeated string restricted_keys = 6;
 }
 

pkg/workflows/wasm/host/module.go

@@ -72,7 +72,7 @@ func (r *store) delete(id string) {
 var (
 	defaultTickInterval            = 100 * time.Millisecond
 	defaultTimeout                 = 10 * time.Second
-	defaultMinMemoryMBs            = 128
+	defaultMinMemoryMBs            = uint64(128)
 	DefaultInitialFuel             = uint64(100_000_000)
 	defaultMaxFetchRequests        = 5
 	defaultMaxCompressedBinarySize = 10 * 1024 * 1024 // 10 MB
@@ -85,8 +85,8 @@ type DeterminismConfig struct {
 type ModuleConfig struct {
 	TickInterval            time.Duration
 	Timeout                 *time.Duration
-	MaxMemoryMBs            int64
-	MinMemoryMBs            int64
+	MaxMemoryMBs            uint64
+	MinMemoryMBs            uint64
 	InitialFuel             uint64
 	Logger                  logger.Logger
 	IsUncompressed          bool
@@ -165,7 +165,7 @@ func NewModule(modCfg *ModuleConfig, binary []byte, opts ...func(*ModuleConfig))
 	}
 
 	if modCfg.MinMemoryMBs == 0 {
-		modCfg.MinMemoryMBs = int64(defaultMinMemoryMBs)
+		modCfg.MinMemoryMBs = defaultMinMemoryMBs
 	}
 
 	if modCfg.MaxCompressedBinarySize == 0 {
@@ -176,7 +176,7 @@ func NewModule(modCfg *ModuleConfig, binary []byte, opts ...func(*ModuleConfig))
 	// We do this because Go requires a minimum of 16 megabytes to run,
 	// and local testing has shown that with less than the min, some
 	// binaries may error sporadically.
-	modCfg.MaxMemoryMBs = int64(math.Max(float64(modCfg.MinMemoryMBs), float64(modCfg.MaxMemoryMBs)))
+	modCfg.MaxMemoryMBs = uint64(math.Max(float64(modCfg.MinMemoryMBs), float64(modCfg.MaxMemoryMBs)))
 
 	cfg := wasmtime.NewConfig()
 	cfg.SetEpochInterruption(true)
@@ -343,7 +343,7 @@ func (m *Module) Run(ctx context.Context, request *wasmpb.Request) (*wasmpb.Resp
 
 	// Limit memory to max memory megabytes per instance.
 	store.Limiter(
-		m.cfg.MaxMemoryMBs*int64(math.Pow(10, 6)),
+		int64(m.cfg.MaxMemoryMBs)*int64(math.Pow(10, 6)),
 		-1, // tableElements, -1 == default
 		1,  // instances
 		1,  // tables