dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.11' into issue_3400

This commit is contained in:
Mark Fussell 2023-06-30 11:21:21 -07:00 committed by GitHub
parent 74b2ad7108 8781fa15b3
commit 6df4fc4e2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
daprdocs/content/en/concepts/security-concept.md
View File

@ -211,6 +211,21 @@ The Dapr threat model is below.
## Security audit
### June 2023
In June 2023, Dapr completed a fuzzing audit done by Ada Logics.
The audit achieved the following:
- OSS-Fuzz integration
- 39 new fuzzers for Dapr
- Fuzz test coverage for Dapr Runtime, Kit and Components-contrib
- All fuzzers running continuously after the audit has completed
You can find the full report [here](/docs/Dapr-june-2023-fuzzing-audit-report.pdf).
3 issues were found during the audit.
### February 2021
In February 2021, Dapr went through a 2nd security audit targeting its 1.0 release by Cure53.
@ -255,4 +270,4 @@ Visit [this page]({{< ref support-security-issues.md >}}) to report a security i
## Related links
[Operational Security]({{< ref "security.md" >}})
[Operational Security]({{< ref "security.md" >}})

2
daprdocs/content/en/developing-applications/integrations/gRPC-integration.md
View File

@ -132,7 +132,7 @@ The following steps will show how to create an app that exposes a server for wit
"github.com/golang/protobuf/ptypes/empty"
commonv1pb "github.com/dapr/dapr/pkg/proto/common/v1"
pb "github.com/dapr/go-sdk/dapr/proto/runtime/v1"
pb "github.com/dapr/dapr/pkg/proto/runtime/v1"
"google.golang.org/grpc"
)
```

39
daprdocs/content/en/reference/api/bindings_api.md
View File

@ -37,6 +37,45 @@ If running on kubernetes apply the component to your cluster.
> **Note:** In production never place passwords or secrets within Dapr component files. For information on securely storing and retrieving secrets using secret stores refer to [Setup Secret Store]({{< ref setup-secret-store >}})
### Binding direction (optional)
In some scenarios, it would be useful to provide additional information to Dapr to indicate the direction supported by the binding component.
Providing the supported binding direction helps the Dapr sidecar avoid the `"wait for the app to become ready"` state, where it waits indefinitely for the application to become available.
You can specify the `direction` field as part of the component's metadata. The valid values for this field are:
- `"input"`
- `"output"`
- `"input, output"`
Here a few scenarios when the `"direction"` metadata field could help:
- When an application (detached from the sidecar) runs as a serverless workload and is scaled to zero, the `"wait for the app to become ready"` check done by the Dapr sidecar becomes pointless.
- If the detached Dapr sidecar is scaled to zero and the application reaches the sidecar (before even starting an HTTP server), the `"wait for the app to become ready"` deadlocks the app and the sidecar into waiting for each other.
### Example
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: kafkaevent
spec:
type: bindings.kafka
version: v1
metadata:
- name: brokers
value: "http://localhost:5050"
- name: topics
value: "someTopic"
- name: publishTopic
value: "someTopic2"
- name: consumerGroup
value: "group1"
- name: "direction"
value: "input, output"
```
## Invoking Service Code Through Input Bindings
A developer who wants to trigger their app using an input binding can listen on a `POST` http endpoint with the route name being the same as `metadata.name`.

14
daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md
View File

@ -22,22 +22,30 @@ spec:
version: v1
metadata:
- name: audience
value: "<your token audience; e.g. the application's client ID>"
value: "<your token audience; i.e. the application's client ID>"
- name: issuer
value: "<your token issuer, e.g. 'https://accounts.google.com'>"
# Optional values
- name: jwksURL
value: "https://accounts.google.com/.well-known/openid-configuration"
value: "<JWKS URL, e.g. 'https://accounts.google.com/.well-known/openid-configuration'>"
```
## Spec metadata fields
| Field | Required | Details | Example |
|-------|:--------:|---------|---------|
| `audience` | Y | The audience expected in the tokens. Usually, this corresponds to the client ID of your application that is created as part of a credential hosted by a OpenID Connect platform. |
| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`, `"https://login.salesforce.com"`
| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`
| `jwksURL` | N | Address of the JWKS (JWK Set containing the public keys for verifying tokens). If empty, will try to fetch the URL set in the OpenID Configuration document `<issuer>/.well-known/openid-configuration`. | `"https://accounts.google.com/.well-known/openid-configuration"`
Common values for `issuer` include:
- Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application
- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID
- Google: `https://accounts.google.com`
- Salesforce (Force.com): `https://login.salesforce.com`
## Dapr configuration
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}).

BIN
daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf Normal file
View File

Binary file not shown.