From 6cf49f738571b4fba79d2103c79c89b5b45088dc Mon Sep 17 00:00:00 2001 From: Dmitry Shmulevich Date: Tue, 1 Mar 2022 07:32:44 -0800 Subject: [PATCH 1/5] fix broken link and redirect error Signed-off-by: Dmitry Shmulevich --- daprdocs/content/en/operations/security/oauth.md | 4 ++-- .../supported-pubsub/setup-nats-streaming.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/operations/security/oauth.md b/daprdocs/content/en/operations/security/oauth.md index ef663cbff..6e4766eff 100644 --- a/daprdocs/content/en/operations/security/oauth.md +++ b/daprdocs/content/en/operations/security/oauth.md @@ -15,7 +15,7 @@ The main difference between the two flows is that the `Authorization Code Grant ## Register your application with a authorization server Different authorization servers provide different application registration experiences. Here are some samples: - + * [Azure AAD](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code) * [Facebook](https://developers.facebook.com/apps) * [Fitbit](https://dev.fitbit.com/build/reference/web-api/oauth2/) @@ -23,7 +23,7 @@ Different authorization servers provide different application registration exper * [Google APIs](https://console.developers.google.com/apis/credentials/consen) * [Slack](https://api.slack.com/docs/oauth) * [Twitter](http://apps.twitter.com/) - + To figure the Dapr OAuth middleware, you'll need to collect the following information: * Client ID (see [here](https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/)) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md index e9f7f4079..1eca00b83 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md @@ -92,7 +92,7 @@ You can then interact with the server using the client port: `localhost:4222`. {{% /codetab %}} {{% codetab %}} -Install NATS on Kubernetes by using the [kubectl](https://docs.nats.io/running-a-nats-service/introduction/running/nats-kubernetes/minimal-setup#minimal-nats-setup): +Install NATS on Kubernetes by using the [kubectl](https://docs.nats.io/running-a-nats-service/introduction/running/nats-kubernetes/): ```bash # Single server NATS From cbc2cfca541e288de6200e03b2b34fe4903f6963 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 3 Mar 2022 00:40:23 -0500 Subject: [PATCH 2/5] Update get-started-component.md (#2223) Teach them about "dapr stop" while we're at it Signed-off-by: Doug Davis --- daprdocs/content/en/getting-started/get-started-component.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/getting-started/get-started-component.md b/daprdocs/content/en/getting-started/get-started-component.md index a8e05dc5a..5e16201db 100644 --- a/daprdocs/content/en/getting-started/get-started-component.md +++ b/daprdocs/content/en/getting-started/get-started-component.md @@ -65,7 +65,7 @@ Run the following command to launch a Dapr sidecar that will listen on port 3500 dapr run --app-id myapp --dapr-http-port 3500 --components-path ./my-components ``` -> If you encounter a error message stating the app ID is already in use, it may be that the sidecar you ran in the previous step is still running. Make sure you stop the sidecar before running the above command (e.g. using "Control-C"). +> If you encounter a error message stating the app ID is already in use, it may be that the sidecar you ran in the previous step is still running. Make sure you stop the sidecar before running the above command using "Control-C" or running the command `dapr stop --app-id myapp`. ## Step 4: Get a secret From 30c0bbcb5a61483cbe9556b289f1322f270bcd93 Mon Sep 17 00:00:00 2001 From: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com> Date: Wed, 2 Mar 2022 23:45:10 -0600 Subject: [PATCH 3/5] --dapr-http-port fix (#2212) Signed-off-by: Hannah Hunter Co-authored-by: Mark Fussell --- .../building-blocks/state-management/howto-get-save-state.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-get-save-state.md b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-get-save-state.md index 1eeb059ea..ea71ad338 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-get-save-state.md +++ b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-get-save-state.md @@ -333,7 +333,7 @@ Restart your sidecar and try retrieving state again to observe that state persis Begin by launching a Dapr sidecar: ```bash -dapr --app-id orderprocessing --port 3601 run +dapr --app-id orderprocessing --dapr-http-port 3601 run ``` Then in a separate terminal save a key/value pair into your statestore: From 9ebe5d47141604312e49910accd0c1678086d99b Mon Sep 17 00:00:00 2001 From: Rich Laos Date: Wed, 2 Mar 2022 21:49:21 -0800 Subject: [PATCH 4/5] Update autoDeleteOnIdleInSec field description (#2211) Signed-off-by: Richard Laos Co-authored-by: Mark Fussell --- .../supported-pubsub/setup-azure-servicebus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md index a15c2c309..84dab3cd8 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md @@ -45,7 +45,7 @@ spec: # - name: defaultMessageTimeToLiveInSec # Optional # value: 10 # - name: autoDeleteOnIdleInSec # Optional - # value: 10 + # value: 3600 # - name: maxReconnectionAttempts # Optional # value: 30 # - name: connectionRecoveryInSec # Optional @@ -78,7 +78,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | maxConcurrentHandlers | N |Defines the maximum number of concurrent message handlers | `10` | prefetchCount | N |Defines the number of prefetched messages (use for high throughput / low latency scenarios)| `5` | defaultMessageTimeToLiveInSec | N |Default message time to live. | `10` -| autoDeleteOnIdleInSec | N |Time in seconds to wait before auto deleting messages. | `10` +| autoDeleteOnIdleInSec | N |Time in seconds to wait before auto deleting idle subscriptions. | `3600` | maxReconnectionAttempts | N |Defines the maximum number of reconnect attempts. Default: `30` | `30` | connectionRecoveryInSec | N |Time in seconds to wait between connection recovery attempts. Defaults: `2` | `2` | publishMaxRetries | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5` From 9f611b5ee65dbe548fb67c5e0edd92ce6b4b8272 Mon Sep 17 00:00:00 2001 From: Mark Fussell Date: Wed, 2 Mar 2022 22:16:27 -0800 Subject: [PATCH 5/5] updating overview Signed-off-by: Mark Fussell --- daprdocs/content/en/concepts/security-concept.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/daprdocs/content/en/concepts/security-concept.md b/daprdocs/content/en/concepts/security-concept.md index 668bb0190..3860a0817 100644 --- a/daprdocs/content/en/concepts/security-concept.md +++ b/daprdocs/content/en/concepts/security-concept.md @@ -69,11 +69,9 @@ The diagram below shows how the Sentry system service issues certificates for ap ### Preventing IP addresses on Dapr - -To prevent Dapr side cars from being called on any IP address especially in production environments such as Kubernetes, Dapr restricts its listening IP addresses to only local host. See the [dapr-listen-addresses](https://docs.dapr.io/reference/arguments-annotations-overview/) setting if there are other addresses you need to enable. +To prevent Dapr side cars from being called on any IP address especially in production environments such as Kubernetes, Dapr restricts its listening IP addresses to only local host. Before the v1.4 release any Dapr sidecar could call any other sidecar in a cluster by default. This is no longer possible and needs to be enabled explicitly. Use the [dapr-listen-addresses](https://docs.dapr.io/reference/arguments-annotations-overview/) setting if there are other addresses you need to enable. ## Secure Dapr to application communication - The Dapr sidecar runs close to the application through **localhost**, and is recommended to run under the same network boundary as the app. While many cloud-native systems today consider the pod level (on Kubernetes, for example) as a trusted security boundary, Dapr provides the app with API level authentication using tokens. This feature guarantees that even on localhost, only an authenticated application may call into Dapr and equally an application can check that Dpar is calling it back. For more details on configuring API token security read, - [Using an API token to authentication requests from an application to Dapr]({{< ref api-token.md >}}).