From 78a5b755e3ab0128b50c3a0e99ed1d53acc08c6c Mon Sep 17 00:00:00 2001 From: Dmitry Shmulevich Date: Fri, 16 Jul 2021 11:34:34 -0700 Subject: [PATCH 001/115] Add build-info CLI reference --- .../en/reference/cli/dapr-build-info.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 daprdocs/content/en/reference/cli/dapr-build-info.md diff --git a/daprdocs/content/en/reference/cli/dapr-build-info.md b/daprdocs/content/en/reference/cli/dapr-build-info.md new file mode 100644 index 000000000..764847810 --- /dev/null +++ b/daprdocs/content/en/reference/cli/dapr-build-info.md @@ -0,0 +1,23 @@ +--- +type: docs +title: "build-info CLI command reference" +linkTitle: "build-info" +description: "Detailed build information on dapr-cli and daprd executables" +--- + +## Description + +Get the version and git commit data for `dapr-cli` and `daprd` executables. + +## Supported platforms + +- [Self-Hosted]({{< ref self-hosted >}}) + +## Usage +```bash +dapr build-info +``` + +## Related facts + +You can get `daprd` build information directly by invoking `daprd --build-info` command. From b741e6bc84030026cab1cc29a690f317af396411 Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Sun, 18 Jul 2021 19:02:07 +0200 Subject: [PATCH 002/115] updated binding smtp doc: added AWS SES --- .../supported-bindings/_index.md | 1 + .../supported-bindings/ses.md | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 daprdocs/content/en/reference/components-reference/supported-bindings/ses.md diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md index 09bb9ddae..9d5491dcd 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md @@ -57,6 +57,7 @@ Table captions: |------|:----------------:|:-----------------:|--------| ------ |----------| | [AWS DynamoDB]({{< ref dynamodb.md >}}) | | ✅ | Alpha | v1 | 1.0 | | [AWS S3]({{< ref s3.md >}}) | | ✅ | Alpha | v1 | 1.0 | +| [AWS SES]({{< ref ses.md >}}) | | ✅ | Alpha | v1 | 1.4 | | [AWS SNS]({{< ref sns.md >}}) | | ✅ | Alpha | v1 | 1.0 | | [AWS SQS]({{< ref sqs.md >}}) | ✅ | ✅ | Alpha | v1 | 1.0 | | [AWS Kinesis]({{< ref kinesis.md >}}) | ✅ | ✅ | Alpha | v1 | 1.0 | diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md new file mode 100644 index 000000000..eb1102522 --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md @@ -0,0 +1,104 @@ +--- +type: docs +title: "AWS SES binding spec" +linkTitle: "AWS SES" +description: "Detailed documentation on the AWS SES binding component" +aliases: + - "/operations/components/setup-bindings/supported-bindings/ses/" +--- + +## Component format + +To setup AWS binding create a component of type `bindings.aws.ses`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. + +See [Authenticating to AWS]({{< ref authenticating-aws.md >}}) for information about authentication-related attributes + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: ses + namespace: default +spec: + type: bindings.aws.ses + version: v1 + metadata: + - name: accessKey + value: ***************** + - name: secretKey + value: ***************** + - name: region + value: "eu-west-1" + - name: sessionToken + value: mysession + - name: emailFrom + value: "sender@example.com" + - name: emailTo + value: "receiver@example.com" + - name: emailCc + value: "cc@example.com" + - name: emailBcc + value: "bcc@example.com" + - name: subject + value: "subject" +``` + +{{% alert title="Warning" color="warning" %}} +The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). +{{% /alert %}} + +## Spec metadata fields + +| Field | Required | Binding support | Details | Example | +|--------------------|:--------:|------------|-----|---------| +| region | Y | Output | The specific AWS region | `"eu-west-1"` | +| accessKey | Y | Output | The AWS Access Key to access this resource | `"key"` | +| secretKey | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | +| sessionToken | N | Output | The AWS session token to use | `"sessionToken"` | +| emailFrom | N | Output | If set, this specifies the email address of the sender. See [also](#example-request) | `"me@example.com"` | +| emailTo | N | Output | If set, this specifies the email address of the receiver. See [also](#example-request) | `"me@example.com"` | +| emailCc | N | Output | If set, this specifies the email address to CC in. See [also](#example-request) | `"me@example.com"` | +| emailBcc | N | Output | If set, this specifies email address to BCC in. See [also](#example-request) | `"me@example.com"` | +| subject | N | Output | If set, this specifies the subject of the email message. See [also](#example-request) | `"subject of mail"` | + + + +## Binding support + +This component supports **output binding** with the following operations: + +- `create` + +## Example request + +You can specify any of the following optional metadata properties with each request: + +- `emailFrom` +- `emailTo` +- `emailCc` +- `emailBcc` +- `subject` + +When sending an email, the metadata in the configuration and in the request is combined. The combined set of metadata must contain at least the `emailFrom`, `emailTo`, `emailCc`, `emailBcc` and `subject` fields. + + +Example: +```json +{ + "operation": "create", + "metadata": { + "emailTo": "dapr-smtp-binding@example.net", + "emailCC": "cc1@example.net", + "subject": "Email subject" + }, + "data": "Testing Dapr SMTP Binding" +} +``` + +## Related links + +- [Basic schema for a Dapr component]({{< ref component-schema >}}) +- [Bindings building block]({{< ref bindings >}}) +- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}}) +- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}}) +- [Bindings API reference]({{< ref bindings_api.md >}}) From f5f62466dff02613eca30307ec257e195bfe4fd5 Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Sun, 18 Jul 2021 20:38:29 +0200 Subject: [PATCH 003/115] binding AWS SES: support multiple email --- .../reference/components-reference/supported-bindings/ses.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md index eb1102522..66ec1c760 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md @@ -81,6 +81,7 @@ You can specify any of the following optional metadata properties with each requ When sending an email, the metadata in the configuration and in the request is combined. The combined set of metadata must contain at least the `emailFrom`, `emailTo`, `emailCc`, `emailBcc` and `subject` fields. +The `emailTo`, `emailCC` and `emailBCC` fields can contain multiple email addresses separated by a semicolon. Example: ```json @@ -94,7 +95,7 @@ Example: "data": "Testing Dapr SMTP Binding" } ``` - +The `emailTo`, `emailCC` and `emailBCC` fields can contain multiple email addresses separated by a semicolon. ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) From 0536a1bdba0c8339be05ae8afb0d54a2f4b1ca0a Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Fri, 23 Jul 2021 13:32:51 -0700 Subject: [PATCH 004/115] Update workflow for 1.4 --- .../workflows/{website-v1-3.yml => website-v1-4.yml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{website-v1-3.yml => website-v1-4.yml} (95%) diff --git a/.github/workflows/website-v1-3.yml b/.github/workflows/website-v1-4.yml similarity index 95% rename from .github/workflows/website-v1-3.yml rename to .github/workflows/website-v1-4.yml index 9ea74b94d..d4a844308 100644 --- a/.github/workflows/website-v1-3.yml +++ b/.github/workflows/website-v1-4.yml @@ -1,13 +1,13 @@ -name: Azure Static Web App v1.3 +name: Azure Static Web App v1.4 on: push: branches: - - v1.3 + - v1.4 pull_request: types: [opened, synchronize, reopened, closed] branches: - - v1.3 + - v1.4 jobs: build_and_deploy_job: @@ -27,7 +27,7 @@ jobs: HUGO_ENV: production HUGO_VERSION: "0.74.3" with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_3 }} + azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_4 }} repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) skip_deploy_on_missing_secrets: true action: "upload" @@ -48,6 +48,6 @@ jobs: id: closepullrequest uses: Azure/static-web-apps-deploy@v0.0.1-preview with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_3 }} + azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_4 }} skip_deploy_on_missing_secrets: true action: "close" From 5fdf0ece4ef2e0966b41b4cef1aade1b696050cd Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Fri, 23 Jul 2021 13:39:34 -0700 Subject: [PATCH 005/115] Update version reference --- README.md | 4 ++-- daprdocs/config.toml | 15 +++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f43fb63e1..3c23e631a 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ The following branches are currently maintained: | Branch | Website | Description | |--------|---------|-------------| -| [v1.2](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. -| [v1.3](https://github.com/dapr/docs/tree/v1.3) (pre-release) | https://v1-3.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.3+ go here. +| [v1.3](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. +| [v1.4](https://github.com/dapr/docs/tree/v1.4) (pre-release) | https://v1-3.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.3+ go here. For more information visit the [Dapr branch structure](https://docs.dapr.io/contributing/contributing-docs/#branch-guidance) document. diff --git a/daprdocs/config.toml b/daprdocs/config.toml index 264e9a7db..b50d42299 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -1,5 +1,5 @@ # Site Configuration -baseURL = "https://v1-3.docs.dapr.io/" +baseURL = "https://v1-4.docs.dapr.io/" title = "Dapr Docs" theme = "docsy" disableFastRender = true @@ -141,20 +141,23 @@ offlineSearch = false github_repo = "https://github.com/dapr/docs" github_project_repo = "https://github.com/dapr/dapr" github_subdir = "daprdocs" -github_branch = "v1.3" +github_branch = "v1.4" # Versioning -version_menu = "v1.3 (preview)" -version = "v1.3" +version_menu = "v1.4 (preview)" +version = "v1.4" archived_version = false url_latest_version = "https://docs.dapr.io" [[params.versions]] - version = "v1.3 (preview)" + version = "v1.4 (preview)" url = "#" [[params.versions]] - version = "v1.2 (latest)" + version = "v1.3 (latest)" url = "https://docs.dapr.io" +[[params.versions]] + version = "v1.2" + url = "https://v1-2.docs.dapr.io" [[params.versions]] version = "v1.1" url = "https://v1-1.docs.dapr.io" From bfe9f6049b851d226dbb69b03121f120cb2ba0a6 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 5 Aug 2021 14:41:49 -0700 Subject: [PATCH 006/115] Fix new relic links --- .../content/en/operations/monitoring/logging/newrelic.md | 4 ++-- .../content/en/operations/monitoring/metrics/newrelic.md | 4 ++-- .../tracing/supported-tracing-backends/newrelic.md | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/operations/monitoring/logging/newrelic.md b/daprdocs/content/en/operations/monitoring/logging/newrelic.md index cb0ab5d2b..feabe056a 100644 --- a/daprdocs/content/en/operations/monitoring/logging/newrelic.md +++ b/daprdocs/content/en/operations/monitoring/logging/newrelic.md @@ -24,7 +24,7 @@ This document explains how to install it in your cluster, either using a Helm ch 2. Add the New Relic official Helm chart repository following these instructions -3. Run the following command to install the New Relic Logging Kubernetes plugin via Helm, replacing the placeholder value YOUR_LICENSE_KEY with your [New Relic license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key): +3. Run the following command to install the New Relic Logging Kubernetes plugin via Helm, replacing the placeholder value YOUR_LICENSE_KEY with your [New Relic license key](https://docs.newrelic.com/docs/accounts/accounts-billing/account-setup/new-relic-license-key/): - Helm 3 ```bash @@ -74,5 +74,5 @@ By default, tailing is set to /var/log/containers/*.log. To change this setting, * [New Relic Account Signup](https://newrelic.com/signup) * [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform) * [New Relic Logging](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging) -* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys) +* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys) * [Alerts and Applied Intelligence](https://docs.newrelic.com/docs/alerts-applied-intelligence) diff --git a/daprdocs/content/en/operations/monitoring/metrics/newrelic.md b/daprdocs/content/en/operations/monitoring/metrics/newrelic.md index 567d7dcd1..edf7ddc56 100644 --- a/daprdocs/content/en/operations/monitoring/metrics/newrelic.md +++ b/daprdocs/content/en/operations/monitoring/metrics/newrelic.md @@ -22,7 +22,7 @@ This document explains how to install it in your cluster, either using a Helm ch 2. Add the New Relic official Helm chart repository following [these instructions](https://github.com/newrelic/helm-charts/blob/master/README.md#installing-charts) -3. Run the following command to install the New Relic Logging Kubernetes plugin via Helm, replacing the placeholder value YOUR_LICENSE_KEY with your [New Relic license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key): +3. Run the following command to install the New Relic Logging Kubernetes plugin via Helm, replacing the placeholder value YOUR_LICENSE_KEY with your [New Relic license key](https://docs.newrelic.com/docs/accounts/accounts-billing/account-setup/new-relic-license-key/): ```bash helm install nri-prometheus newrelic/nri-prometheus --set licenseKey=YOUR_LICENSE_KEY @@ -39,5 +39,5 @@ This document explains how to install it in your cluster, either using a Helm ch * [New Relic Account Signup](https://newrelic.com/signup) * [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform) * [New Relic Prometheus OpenMetrics Integration](https://github.com/newrelic/helm-charts/tree/master/charts/nri-prometheus) -* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys) +* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys) * [Alerts and Applied Intelligence](https://docs.newrelic.com/docs/alerts-applied-intelligence) diff --git a/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md b/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md index d6ddd905d..b2410a511 100644 --- a/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md +++ b/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md @@ -14,7 +14,7 @@ description: "Set-up New Relic for distributed tracing" Dapr natively captures metrics and traces that can be send directly to New Relic. The easiest way to export these is by configuring Dapr to send the traces to [New Relic's Trace API](https://docs.newrelic.com/docs/distributed-tracing/trace-api/report-zipkin-format-traces-trace-api/) using the Zipkin trace format. -In order for the integration to send data to New Relic [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform), you need a [New Relic Insights Insert API key](https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys#insights-insert-key). +In order for the integration to send data to New Relic [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform), you need a [New Relic Insights Insert API key](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys#insights-insert-key). ```yaml apiVersion: dapr.io/v1alpha1 @@ -39,7 +39,7 @@ New Relic Distributed Tracing details ## (optional) New Relic Instrumentation -In order for the integrations to send data to New Relic Telemetry Data Platform, you either need a [New Relic license key](https://docs.newrelic.com/docs/accounts/accounts-billing/account-setup/new-relic-license-key) or [New Relic Insights Insert API key](https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys#insights-insert-key). +In order for the integrations to send data to New Relic Telemetry Data Platform, you either need a [New Relic license key](https://docs.newrelic.com/docs/accounts/accounts-billing/account-setup/new-relic-license-key) or [New Relic Insights Insert API key](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys#insights-insert-key). ### OpenTelemetry instrumentation @@ -109,6 +109,6 @@ All the data that is collected from Dapr, Kubernetes or any services that run on * [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform) * [Distributed Tracing](https://docs.newrelic.com/docs/understand-dependencies/distributed-tracing/get-started/introduction-distributed-tracing) * [New Relic Trace API](https://docs.newrelic.com/docs/distributed-tracing/trace-api/introduction-trace-api/) -* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys) +* [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys) * [New Relic OpenTelemetry User Experience](https://blog.newrelic.com/product-news/opentelemetry-user-experience/) * [Alerts and Applied Intelligence](https://docs.newrelic.com/docs/alerts-applied-intelligence) From 687358f513d952f18294fd04c2c449b730cab664 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 5 Aug 2021 14:52:26 -0700 Subject: [PATCH 007/115] Fix more new relic links --- .../tracing/supported-tracing-backends/newrelic.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md b/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md index b2410a511..86be450dd 100644 --- a/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md +++ b/daprdocs/content/en/operations/monitoring/tracing/supported-tracing-backends/newrelic.md @@ -47,13 +47,13 @@ Leverage the different language specific OpenTelemetry implementations, for exam ### New Relic Language agent -Similarly to the OpenTelemetry instrumentation, you can also leverage a New Relic language agent. As an example, the [New Relic agent instrumentation for .NET Core](https://docs.newrelic.com/docs/agents/net-agent/installation/install-docker-container) is part of the Dockerfile. See example [here](https://github.com/harrykimpel/quickstarts/blob/master/distributed-calculator/csharp/Dockerfile). +Similarly to the OpenTelemetry instrumentation, you can also leverage a New Relic language agent. As an example, the [New Relic agent instrumentation for .NET Core](https://docs.newrelic.com/docs/agents/net-agent/other-installation/install-net-agent-docker-container/) is part of the Dockerfile. See example [here](https://github.com/harrykimpel/quickstarts/blob/master/distributed-calculator/csharp/Dockerfile). ## (optional) Enable New Relic Kubernetes integration In case Dapr and your applications run in the context of a Kubernetes environment, you can enable additional metrics and logs. -The easiest way to install the New Relic Kubernetes integration is to use the [automated installer](https://one.newrelic.com/launcher/nr1-core.settings?pane=eyJuZXJkbGV0SWQiOiJrOHMtY2x1c3Rlci1leHBsb3Jlci1uZXJkbGV0Lms4cy1zZXR1cCJ9) to generate a manifest. It bundles not just the integration DaemonSets, but also other New Relic Kubernetes configurations, like [Kubernetes events](https://docs.newrelic.com/docs/integrations/kubernetes-integration/kubernetes-events/install-kubernetes-events-integration), [Prometheus OpenMetrics](https://docs.newrelic.com/docs/integrations/prometheus-integrations/get-started/new-relic-prometheus-openmetrics-integration-kubernetes), and [New Relic log monitoring](https://docs.newrelic.com/docs/logs). +The easiest way to install the New Relic Kubernetes integration is to use the [automated installer](https://one.newrelic.com/launcher/nr1-core.settings?pane=eyJuZXJkbGV0SWQiOiJrOHMtY2x1c3Rlci1leHBsb3Jlci1uZXJkbGV0Lms4cy1zZXR1cCJ9) to generate a manifest. It bundles not just the integration DaemonSets, but also other New Relic Kubernetes configurations, like [Kubernetes events](https://docs.newrelic.com/docs/integrations/kubernetes-integration/kubernetes-events/install-kubernetes-events-integration), [Prometheus OpenMetrics](https://docs.newrelic.com/docs/integrations/prometheus-integrations/get-started/send-prometheus-metric-data-new-relic/), and [New Relic log monitoring](https://docs.newrelic.com/docs/logs). ### New Relic Kubernetes Cluster Explorer @@ -107,7 +107,7 @@ All the data that is collected from Dapr, Kubernetes or any services that run on * [New Relic Account Signup](https://newrelic.com/signup) * [Telemetry Data Platform](https://newrelic.com/platform/telemetry-data-platform) -* [Distributed Tracing](https://docs.newrelic.com/docs/understand-dependencies/distributed-tracing/get-started/introduction-distributed-tracing) +* [Distributed Tracing](https://docs.newrelic.com/docs/distributed-tracing/concepts/introduction-distributed-tracing/) * [New Relic Trace API](https://docs.newrelic.com/docs/distributed-tracing/trace-api/introduction-trace-api/) * [Types of New Relic API keys](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys) * [New Relic OpenTelemetry User Experience](https://blog.newrelic.com/product-news/opentelemetry-user-experience/) From 43643606e98e7e9b505008951cda635bb4e3b91d Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Mon, 9 Aug 2021 20:20:40 -0700 Subject: [PATCH 008/115] Add global TTL option for Redis This is to document the new global TTL option for Redis Implemented in https://github.com/dapr/components-contrib/pull/1059 for issue https://github.com/dapr/components-contrib/issues/1060 --- .../components-reference/supported-state-stores/setup-redis.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md index ecc4804a9..dd470d08b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md @@ -35,6 +35,8 @@ spec: value: # Optional - name: maxRetryBackoff value: # Optional + - name: ttlInSeconds + value: # Optional ``` **TLS:** If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS `true` or `false`. @@ -81,6 +83,7 @@ If you wish to use Redis as an actor store, append the following to the yaml. | idleCheckFrequency | N | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"` | idleTimeout | N | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"` | actorStateStore | N | Consider this state store for actors. Defaults to `"false"` | `"true"`, `"false"` +| ttlInSeconds | N | Allows specifying a default Time-to-live (TTL) in seconds that will be applied to every state store request unless TTL is explictly defined via the request metadata. This is especially useful because Redis does not offer a global default TTL feature. [Read more]({{< ref "state-store-ttl.md" >}}) about State Time-to-Live (TTL). | `600` ## Setup Redis From 76bb36eb38ef85c882c7bf2ab7e62988a2ae0d00 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 10 Aug 2021 09:07:51 -0700 Subject: [PATCH 009/115] Start of adding js sdk docs --- .gitmodules | 3 +++ daprdocs/config.toml | 8 ++++++++ sdkdocs/js | 1 + 3 files changed, 12 insertions(+) create mode 160000 sdkdocs/js diff --git a/.gitmodules b/.gitmodules index 440638c4e..e8be7ab1d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -20,3 +20,6 @@ [submodule "sdkdocs/java"] path = sdkdocs/java url = https://github.com/dapr/java-sdk.git +[submodule "sdkdocs/js"] + path = sdkdocs/js + url = https://github.com/greenie-msft/js-sdk.git diff --git a/daprdocs/config.toml b/daprdocs/config.toml index a6286e75d..85579f636 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -87,6 +87,14 @@ id = "UA-149338238-3" source = "../sdkdocs/java/daprdocs/content/en/java-sdk-contributing" target = "content/contributing/" lang = "en" + [[module.mounts]] + source = "../sdkdocs/js/daprdocs/content/en/js-sdk-docs" + target = "content/developing-applications/sdks/js" + lang = "en" + [[module.mounts]] + source = "../sdkdocs/js/daprdocs/content/en/js-sdk-contributing" + target = "content/contributing/" + lang = "en" [[module.mounts]] source = "../translations/docs-zh/content/zh-hans" diff --git a/sdkdocs/js b/sdkdocs/js new file mode 160000 index 000000000..8bfda5b1e --- /dev/null +++ b/sdkdocs/js @@ -0,0 +1 @@ +Subproject commit 8bfda5b1e6ea46a8ca02ac22481e3ffec0dde4bd From 7cd99bb1c34d1aada837e1f0c146e431e49e73ca Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Wed, 11 Aug 2021 13:46:07 -0700 Subject: [PATCH 010/115] Rewording global Redis TTL --- .../components-reference/supported-state-stores/setup-redis.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md index dd470d08b..36c01fb57 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md @@ -83,7 +83,7 @@ If you wish to use Redis as an actor store, append the following to the yaml. | idleCheckFrequency | N | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"` | idleTimeout | N | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"` | actorStateStore | N | Consider this state store for actors. Defaults to `"false"` | `"true"`, `"false"` -| ttlInSeconds | N | Allows specifying a default Time-to-live (TTL) in seconds that will be applied to every state store request unless TTL is explictly defined via the request metadata. This is especially useful because Redis does not offer a global default TTL feature. [Read more]({{< ref "state-store-ttl.md" >}}) about State Time-to-Live (TTL). | `600` +| ttlInSeconds | N | Allows specifying a default Time-to-live (TTL) in seconds that will be applied to every state store request unless TTL is explicitly defined via the [request metadata]({{< ref "state-store-ttl.md" >}}). | `600` ## Setup Redis From 87aca4a601a033f27509ac9f34274b3bda9cc67c Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Mon, 16 Aug 2021 11:22:08 +0200 Subject: [PATCH 011/115] update S3 binding --- .../supported-bindings/s3.md | 194 +++++++++++++++++- 1 file changed, 187 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md index 4bc690762..9fe1247bb 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md @@ -33,6 +33,8 @@ spec: value: ***************** - name: sessionToken value: mysession + - name: decodeBase64 + value: ``` {{% alert title="Warning" color="warning" %}} @@ -48,13 +50,17 @@ The above example uses secrets as plain strings. It is recommended to use a secr | accessKey | Y | Output | The AWS Access Key to access this resource | `"key"` | | secretKey | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | | sessionToken | N | Output | The AWS session token to use | `"sessionToken"` | +| decodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | ## Binding support This component supports **output binding** with the following operations: -- `create` +- `create` : [Create file](#create-file) +- `get` : [Get file](#get-file) +- `delete` : [Delete file](#delete-file) +- `list`: [List file](#list-files) ### Create file @@ -70,8 +76,6 @@ To perform a create operation, invoke the AWS S3 binding with a `POST` method an ``` #### Examples - - ##### Save text to a random generated UUID file {{< tabs Windows Linux >}} @@ -111,10 +115,33 @@ To perform a create operation, invoke the AWS S3 binding with a `POST` method an {{< /tabs >}} +##### Save a file to a object -##### Upload a file +To upload a file, encode it as Base64 and let the Binding know to deserialize it: -To upload a file, pass the file contents as the data payload; you may want to encode this in e.g. Base64 for binary content. +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: + namespace: +spec: + type: bindings.aws.s3 + version: v1 + metadata: + - name: bucket + value: mybucket + - name: region + value: us-west-2 + - name: accessKey + value: ***************** + - name: secretKey + value: ***************** + - name: sessionToken + value: mysession + - name: decodeBase64 + value: +``` Then you can upload it as you would normally: @@ -122,19 +149,172 @@ Then you can upload it as you would normally: {{% codetab %}} ```bash - curl -d "{ \"operation\": \"create\", \"data\": \"(YOUR_FILE_CONTENTS)\", \"metadata\": { \"key\": \"my-test-file.jpg\" } }" http://localhost:/v1.0/bindings/ + curl -d "{ \"operation\": \"create\", \"data\": \"YOUR_BASE_64_CONTENT\", \"metadata\": { \"key\": \"my-test-file.jpg\" } }" http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} {{% codetab %}} ```bash - curl -d '{ "operation": "create", "data": "$(cat my-test-file.jpg)", "metadata": { "key": "my-test-file.jpg" } }' \ + curl -d '{ "operation": "create", "data": "YOUR_BASE_64_CONTENT", "metadata": { "key": "my-test-file.jpg" } }' \ http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} {{< /tabs >}} +#### Response + +The response body will contain the following JSON: + +```json +{ + "location":"https://.s3..amazonaws.com/", + "versionID":"}} + + {{% codetab %}} + ```bash + curl -d '{ \"operation\": \"get\", \"metadata\": { \"key\": \"my-test-file.txt\" }}' http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "get", "metadata": { "key": "my-test-file.txt" }}' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} + +#### Response + +The response body contains the value stored in the object. + + +### Delete object + +To perform a delete object operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "delete", + "metadata": { + "key": "my-test-file.txt" + } +} +``` + +The metadata parameters are: + +- `key` - the name of the object + + +#### Examples + +##### Delete object + +{{< tabs Windows Linux >}} + + {{% codetab %}} + ```bash + curl -d '{ \"operation\": \"delete\", \"metadata\": { \"key\": \"my-test-file.txt\" }}' http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "delete", "metadata": { "key": "my-test-file.txt" }}' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} + +#### Response + +An HTTP 204 (No Content) and empty body will be retuned if successful. + + +### List objects + +To perform a list object operation, invoke the S3 binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "list", + "data": { + "maxResults": 10, + "prefix": "file", + "marker": "hvlcCQFSOD5TD", + "delimiter": "i0FvxAn2EOEL6" + } +} +``` + +The data parameters are: + +- `maxResults` - (optional) sets the maximum number of keys returned in the response. By default the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. +- `prefix` - (optional) limits the response to keys that begin with the specified prefix. +- `marker` - (optional) marker is where you want Amazon S3 to start listing from. Amazon S3 starts listing after this specified key. Marker can be any key in the bucket. + The marker value may then be used in a subsequent call to request the next set of list items. +- `delimiter` - (optional) A delimiter is a character you use to group keys. + + +#### Response + +The response body contains the list of found objects. + +The list of objects will be returned as JSON array in the following form: + +```json +{ + "CommonPrefixes": null, + "Contents": [ + { + "ETag": "\"7e94cc9b0f5226557b05a7c2565dd09f\"", + "Key": "hpNdFUxruNuwm", + "LastModified": "2021-08-16T06:44:14Z", + "Owner": { + "DisplayName": "owner name", + "ID": "owner id" + }, + "Size": 6916, + "StorageClass": "STANDARD" + } + ], + "Delimiter": "", + "EncodingType": null, + "IsTruncated": true, + "Marker": "hvlcCQFSOD5TD", + "MaxKeys": 1, + "Name": "mybucketdapr", + "NextMarker": "hzaUPWjmvyi9W", + "Prefix": "" +} +``` ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) From 0af1a6425f9d74ca69f7246343b344eb2ca810ef Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Tue, 17 Aug 2021 06:02:54 +0200 Subject: [PATCH 012/115] binding AWS SES: fix case sensitive fields emailCc and emailBcc --- .../components-reference/supported-bindings/ses.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md index 66ec1c760..95a8386b0 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md @@ -81,7 +81,7 @@ You can specify any of the following optional metadata properties with each requ When sending an email, the metadata in the configuration and in the request is combined. The combined set of metadata must contain at least the `emailFrom`, `emailTo`, `emailCc`, `emailBcc` and `subject` fields. -The `emailTo`, `emailCC` and `emailBCC` fields can contain multiple email addresses separated by a semicolon. +The `emailTo`, `emailCc` and `emailBcc` fields can contain multiple email addresses separated by a semicolon. Example: ```json @@ -89,13 +89,13 @@ Example: "operation": "create", "metadata": { "emailTo": "dapr-smtp-binding@example.net", - "emailCC": "cc1@example.net", + "emailCc": "cc1@example.net", "subject": "Email subject" }, "data": "Testing Dapr SMTP Binding" } ``` -The `emailTo`, `emailCC` and `emailBCC` fields can contain multiple email addresses separated by a semicolon. +The `emailTo`, `emailCc` and `emailBcc` fields can contain multiple email addresses separated by a semicolon. ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) From 8a3762b0c3b6fe2b8a2a3b4d5a578f7ec1cf1404 Mon Sep 17 00:00:00 2001 From: meijin Date: Wed, 18 Aug 2021 19:40:34 +0800 Subject: [PATCH 013/115] dashboard --address option add usage doc --- daprdocs/content/en/reference/cli/dapr-dashboard.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daprdocs/content/en/reference/cli/dapr-dashboard.md b/daprdocs/content/en/reference/cli/dapr-dashboard.md index ade1bf525..ef4922650 100644 --- a/daprdocs/content/en/reference/cli/dapr-dashboard.md +++ b/daprdocs/content/en/reference/cli/dapr-dashboard.md @@ -23,6 +23,7 @@ dapr dashboard [flags] | Name | Environment Variable | Default | Description | |------|----------------------|---------|-------------| +| `--address`, `-a` | | `localhost` | Address to listen on. Only accepts IP address or localhost as a value | | `--help`, `-h` | | | Prints this help message | | `--kubernetes`, `-k` | | `false` | Opens Dapr dashboard in local browser via local proxy to Kubernetes cluster | | `--namespace`, `-n` | | `dapr-system` | The namespace where Dapr dashboard is running | @@ -46,6 +47,11 @@ dapr dashboard -p 9999 dapr dashboard -k ``` +### Port forward to dashboard service running in Kubernetes on all addresses on a specified port +```bash +dapr dashboard -k -p 9999 --address 0.0.0.0 +``` + ### Port forward to dashboard service running in Kubernetes on a specified port ```bash dapr dashboard -k -p 9999 From bee16434d2f6346d4bfdbfddc955a269ef412c50 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Fri, 20 Aug 2021 12:36:10 -0400 Subject: [PATCH 014/115] Mentioning multi-valued secret support for local file secret store. --- .../file-secret-store.md | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md index fec85a847..2475d4fbb 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md @@ -31,6 +31,8 @@ spec: value: [path to the JSON file] - name: nestedSeparator value: ":" + - name: multiValued + value: "false" ``` ## Spec metadata fields @@ -38,7 +40,8 @@ spec: | Field | Required | Details | Example | |--------------------|:--------:|-------------------------------------------------------------------------|--------------------------| | secretsFile | Y | The path to the file where secrets are stored | `"path/to/file.json"` | -| nestedSeparator | N | Used by the store when flattening the JSON hierarchy to a map. Defaults to `":"` | `":"` | +| nestedSeparator | N | Used by the store when flattening the JSON hierarchy to a map. Defaults to `":"` | `":"` +| multiValued | N | Allows one level of multi-valued key/value pairs before flattening JSON hierarchy. Defaults to `"false"` | `"true"` | ## Setup JSON file to hold the secrets @@ -54,7 +57,7 @@ Given the following json: } ``` -The store will load the file and create a map with the following key value pairs: +If `multiValued` is `"false"`, the store will load the file and create a map with the following key value pairs: | flattened key | value | | --- | --- | @@ -62,7 +65,24 @@ The store will load the file and create a map with the following key value pairs |"connectionStrings:sql" | "your sql connection string" | |"connectionStrings:mysql"| "your mysql connection string" | -Use the flattened key (`connectionStrings:sql`) to access the secret. +Use the flattened key (`connectionStrings:sql`) to access the secret. The following JSON map returned: + +```json +{ + "connectionStrings:sql": "your sql connection string" +} +``` + +If `multiValued` is `"true"`, you would instead use the top level key. In this example, `connectionStrings` would return the following map: + +```json +{ + "sql": "your sql connection string", + "mysql": "your mysql connection string" +} +``` + +This is useful in order to mimic secret stores like Vault or Kubernetes that return multiple key/value pairs per secret key. ## Related links - [Secrets building block]({{< ref secrets >}}) From 370140a8a65a92243fecd6f449203082dbaa7109 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Wed, 25 Aug 2021 13:51:53 -0400 Subject: [PATCH 015/115] Adding "This component supports both **input and output** binding interfaces." to the GCP pubsub binding. --- .../components-reference/supported-bindings/gcppubsub.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/gcppubsub.md b/daprdocs/content/en/reference/components-reference/supported-bindings/gcppubsub.md index c7e49edf7..a9e8d25e8 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/gcppubsub.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/gcppubsub.md @@ -70,6 +70,8 @@ The above example uses secrets as plain strings. It is recommended to use a secr ## Binding support +This component supports both **input and output** binding interfaces. + This component supports **output binding** with the following operations: - `create` From 38f7a24f62397709eb0235e5f860dbce093f7b98 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Wed, 25 Aug 2021 14:14:48 -0400 Subject: [PATCH 016/115] Adding more detail on how flattened values work when multiValued = true. --- .../file-secret-store.md | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md index 2475d4fbb..16370f955 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/file-secret-store.md @@ -45,7 +45,7 @@ spec: ## Setup JSON file to hold the secrets -Given the following json: +Given the following JSON loaded from `secretsFile`: ```json { @@ -82,6 +82,31 @@ If `multiValued` is `"true"`, you would instead use the top level key. In this e } ``` +Nested structures after the top level will be flattened. In this example, `connectionStrings` would return the following map: + +JSON from `secretsFile`: + +```json +{ + "redisPassword": "your redis password", + "connectionStrings": { + "mysql": { + "username": "your mysql username", + "password": "your mysql password" + } + } +} +``` + +Response: + +```json +{ + "mysql:username": "your mysql username", + "mysql:password": "your mysql password" +} +``` + This is useful in order to mimic secret stores like Vault or Kubernetes that return multiple key/value pairs per secret key. ## Related links From 9cd767a46e2d912fc736f12b4d64c46c4d2ca405 Mon Sep 17 00:00:00 2001 From: Ian Luo Date: Tue, 31 Aug 2021 13:47:01 +0800 Subject: [PATCH 017/115] doc for dapr/dapr#3546 #1752 --- .../howto-invoke-discover-services.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md index 571f49c2f..23a450559 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md @@ -111,6 +111,27 @@ curl http://localhost:3500/v1.0/invoke/cart/method/add -X DELETE ``` Dapr puts any payload returned by the called service in the HTTP response's body. + +Furthermore, in order to avoid changing URL paths as much as possible, when make Dapr calls from user's code, Dapr provides a new way to help to integrate Dapr more easily: + +1. Change the address in the URL to `localhost:`. +2. Add a `dapr-app-id` header to specify the ID of the target service, or alternatively pass the ID via HTTP Basic Auth: `http://dapr-app-id:@localhost:3500/path`. + +For example, the following command +```bash +curl http://localhost:3500/v1.0/invoke/cart/method/add +``` + +is equivalent with +```bash +curl -H 'dapr-app-id: cart' 'http://localhost:3500/add' -X POST +``` + +or +```bash +curl 'http://dapr-app-id:cart@localhost:3500/add' -X POST +``` + {{% /codetab %}} {{% codetab %}} From b420062481bc8da3c364e79bce2ef93790205ee3 Mon Sep 17 00:00:00 2001 From: georgestevens99 Date: Tue, 31 Aug 2021 15:58:01 -0400 Subject: [PATCH 018/115] Update component-secrets.md --- .../components/component-secrets.md | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/operations/components/component-secrets.md b/daprdocs/content/en/operations/components/component-secrets.md index 872b5eaa6..5c0925043 100644 --- a/daprdocs/content/en/operations/components/component-secrets.md +++ b/daprdocs/content/en/operations/components/component-secrets.md @@ -20,7 +20,7 @@ Go to [this]({{< ref "howto-secrets.md" >}}) link to see all the secret stores s ## Referencing secrets -While you have the option to use plain text secrets, this is not recommended for production: +While you have the option to use plain text secrets (like MyPassword), as shown in the yaml below for the `value` of `redisPassword`, this is not recommended for production: ```yml apiVersion: dapr.io/v1alpha1 @@ -38,7 +38,9 @@ spec: value: MyPassword ``` -Instead create the secret in your secret store and reference it in the component definition: +Instead create the secret in your secret store and reference it in the component definition. There are 2 cases for this shown below -- A Standard Case and a Special Case. + +The Standard Case applies when there is an key embedded within the secret, i.e. the secret is NOT an entire connection string. The below component definition yaml is for the Standard Case. ```yml apiVersion: dapr.io/v1alpha1 @@ -62,7 +64,31 @@ auth: `SECRET_STORE_NAME` is the name of the configured [secret store component]({{< ref supported-secret-stores >}}). When running in Kubernetes and using a Kubernetes secret store, the field `auth.SecretStore` defaults to `kubernetes` and can be left empty. -The above component definition tells Dapr to extract a secret named `redis-secret` from the defined secret store and assign the value of the `redis-password` key in the secret to the `redisPassword` field in the Component. +The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value of the `redis-password` key embedded in the secret to the `redisPassword` field in the component. + + +On the other hand, the below Special Case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret is an entire connection string with no embedded key whose value needs to be extracted. This Special Case is shown in the below component definition yaml. + +```yml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: servicec-inputq-azkvsecret-asbqueue +spec: + type: bindings.azure.servicebusqueues + version: v1 + metadata: + -name: connectionString + secretKeyRef: + name: asbNsConnString + key: asbNsConnString + -name: queueName + value: servicec-inputq +auth: +secretStore: + +``` +The above Special Case yaml tells Dapr to extract a secret named `asbNsConnstring` from the defined `secretStore` and assign the value of secret to the `connectionString` field in the component since there is no key embedded in the secret because it is a plain string. This requires the secret `name` and secret `key` to be identical. ## Example From 2cf5ce5e13cd8b60dde857e0b7f62aa2489e4814 Mon Sep 17 00:00:00 2001 From: georgestevens99 Date: Tue, 31 Aug 2021 19:15:54 -0400 Subject: [PATCH 019/115] Update component-secrets.md Changed the wording of "How-To: Reference secrets in components" to satisfy the requirements in issue #1440. --- .../content/en/operations/components/component-secrets.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/operations/components/component-secrets.md b/daprdocs/content/en/operations/components/component-secrets.md index 5c0925043..df5bea56c 100644 --- a/daprdocs/content/en/operations/components/component-secrets.md +++ b/daprdocs/content/en/operations/components/component-secrets.md @@ -64,10 +64,10 @@ auth: `SECRET_STORE_NAME` is the name of the configured [secret store component]({{< ref supported-secret-stores >}}). When running in Kubernetes and using a Kubernetes secret store, the field `auth.SecretStore` defaults to `kubernetes` and can be left empty. -The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value of the `redis-password` key embedded in the secret to the `redisPassword` field in the component. +The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value associated with the `redis-password` key embedded in the secret to the `redisPassword` field in the component. -On the other hand, the below Special Case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret is an entire connection string with no embedded key whose value needs to be extracted. This Special Case is shown in the below component definition yaml. +On the other hand, the below Special Case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret is an entire connection string with no embedded key whose value needs to be extracted. Typically a connection string consists of connection information, some sort of secret to allow connection, plus perhaps other information and does not require a separate "secret". This Special Case is shown in the below component definition yaml. ```yml apiVersion: dapr.io/v1alpha1 @@ -88,7 +88,7 @@ auth: secretStore: ``` -The above Special Case yaml tells Dapr to extract a secret named `asbNsConnstring` from the defined `secretStore` and assign the value of secret to the `connectionString` field in the component since there is no key embedded in the secret because it is a plain string. This requires the secret `name` and secret `key` to be identical. +The above Special Case yaml tells Dapr to extract a connection string named `asbNsConnstring` from the defined `secretStore` and assign the value to the `connectionString` field in the component since there is no key embedded in the "secret" from the `secretStore` because it is a plain string. This requires the secret `name` and secret `key` to be identical. ## Example From 70f2e1e436852b02727326b634c1489efef213ee Mon Sep 17 00:00:00 2001 From: Luke Kennedy Date: Wed, 1 Sep 2021 14:59:04 +1000 Subject: [PATCH 020/115] Document new configuration value for GCP Pub/Sub --- .../supported-pubsub/setup-gcp-pubsub.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md index 4176bfbeb..f246d9759 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md @@ -46,6 +46,8 @@ spec: value: # replace x509 cert - name: disableEntityManagement value: "false" + - name: enableMessageOrdering + value: "false" ``` {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). @@ -67,6 +69,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr | authProviderX509CertUrl | N | If using explicit credentials, this field should contain the `auth_provider_x509_cert_url` field from the service account json | `https://www.googleapis.com/oauth2/v1/certs` | clientX509CertUrl | N | If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json | `https://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com` | disableEntityManagement | N | When set to `"true"`, topics and subscriptions do not get created automatically. Default: `"false"` | `"true"`, `"false"` +| enableMessageOrdering | N | When set to `"true"`, subscribed messages will be received in order, depending on publishing and permissions configuration. | `"true"`, `"false"` + +{{% alert title="Warning" color="warning" %}} +If `enableMessageOrdering` is set to "true", the roles/viewer or roles/pubsub.viewer role will be required on the service account in order to guarantee ordering in cases where order tokens are not embedded in the messages. If this role is not given, or the call to Subscription.Config() fails for any other reason, ordering by embedded order tokens will still function correctly. +{{% /alert %}} ## Create a GCP Pub/Sub You can use either "explicit" or "implicit" credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the `projectId` attribute is needed, all other are optional. From 3025f41dabb181a221d5b49259b5c1fd8da70a9a Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Wed, 1 Sep 2021 11:30:34 -0700 Subject: [PATCH 021/115] Update howto-invoke-discover-services.md --- .../howto-invoke-discover-services.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md index 23a450559..4651ee815 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md @@ -112,7 +112,10 @@ curl http://localhost:3500/v1.0/invoke/cart/method/add -X DELETE Dapr puts any payload returned by the called service in the HTTP response's body. -Furthermore, in order to avoid changing URL paths as much as possible, when make Dapr calls from user's code, Dapr provides a new way to help to integrate Dapr more easily: +### Additional URL formats + +In order to avoid changing URL paths as much as possible, Dapr provides the following ways to call the Service Invocation API: + 1. Change the address in the URL to `localhost:`. 2. Add a `dapr-app-id` header to specify the ID of the target service, or alternatively pass the ID via HTTP Basic Auth: `http://dapr-app-id:@localhost:3500/path`. @@ -122,12 +125,14 @@ For example, the following command curl http://localhost:3500/v1.0/invoke/cart/method/add ``` -is equivalent with +is equivalent to: + ```bash curl -H 'dapr-app-id: cart' 'http://localhost:3500/add' -X POST ``` -or +or: + ```bash curl 'http://dapr-app-id:cart@localhost:3500/add' -X POST ``` From 94b276318e69375a58e7606f67542f6c18af08dc Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 2 Sep 2021 14:11:18 -0700 Subject: [PATCH 022/115] Minor style change --- .../service-invocation/howto-invoke-discover-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md index 4651ee815..a5a8c86d5 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-discover-services.md @@ -114,7 +114,7 @@ Dapr puts any payload returned by the called service in the HTTP response's body ### Additional URL formats -In order to avoid changing URL paths as much as possible, Dapr provides the following ways to call the Service Invocation API: +In order to avoid changing URL paths as much as possible, Dapr provides the following ways to call the service invocation API: 1. Change the address in the URL to `localhost:`. From b5781de0099ad7276d956971c737a7f679793174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Pi=C3=B1a?= Date: Mon, 30 Aug 2021 14:54:44 -0700 Subject: [PATCH 023/115] Add JetStream doc --- .../supported-pubsub/_index.md | 1 + .../supported-pubsub/setup-jetstream.md | 97 +++++++++++++++++++ .../supported-pubsub/setup-nats-streaming.md | 6 ++ 3 files changed, 104 insertions(+) create mode 100644 daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md index 51335b33b..9e5554f56 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md @@ -26,6 +26,7 @@ Table captions: | [Hazelcast]({{< ref setup-hazelcast.md >}}) | Alpha | v1 | 1.0 | | [MQTT]({{< ref setup-mqtt.md >}}) | Alpha | v1 | 1.0 | | [NATS Streaming]({{< ref setup-nats-streaming.md >}}) | Beta | v1 | 1.0 | +| [JetStream]({{< ref setup-jetstream.md >}}) | Alpha | v1 | 1.4 | | [Pulsar]({{< ref setup-pulsar.md >}}) | Alpha | v1 | 1.0 | | [RabbitMQ]({{< ref setup-rabbitmq.md >}}) | Alpha | v1 | 1.0 | | [Redis Streams]({{< ref setup-redis-pubsub.md >}}) | GA | v1 | 1.0 | diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md new file mode 100644 index 000000000..61e4711cb --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md @@ -0,0 +1,97 @@ +--- +type: docs +title: "JetStream" +linkTitle: "JetStream" +description: "Detailed documentation on the NATS JetStream component" +aliases: + - "/operations/components/setup-pubsub/supported-pubsub/setup-jetstream/" +--- + +## Component format +To setup JetStream pubsub create a component of type `pubsub.jetstream`. See +[this guide]({{< ref +"howto-publish-subscribe.md#step-1-setup-the-pubsub-component" >}}) on how to +create and apply a pubsub configuration. + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: jetstream-pubsub + namespace: default +spec: + type: pubsub.jetstream + version: v1 + metadata: + - name: natsURL + value: "nats://localhost:4222" + - name: name + value: "connection name" + - name: durableName + value: "consumer durable name" + - name: queueGroupName + value: "queue group name" + - name: startSequence + value: 1 + - name: startTime # in Unix format + value: 1630349391 + - name: deliverAll + value: false + - name: flowControl + value: false +``` + +## Spec metadata fields + +| Field | Required | Details | Example | +|----------------|:--------:|---------|---------| +| natsURL | Y | NATS server address URL | "`nats://localhost:4222`"| +| name | N | NATS connection name | `"my-conn-name"`| +| durableName | N | [Durable name] | `"my-durable"` | +| queueGroupName | N | Queue group name | `"my-queue"` | +| startSequence | N | [Start Sequence] | `1` | +| startTime | N | [Start Time] in Unix format | `1630349391` | +| deliverAll | N | Set deliver all as [Replay Policy] | `true` | +| flowControl | N | [Flow Control] | `true` | + +## Create a NATS server + +{{< tabs "Self-Hosted" "Kubernetes">}} + +{{% codetab %}} +You can run a NATS Server with JetStream enabled locally using Docker: + +```bash +docker run -d -p 4222:4222 nats:latest -js +``` + +You can then interact with the server using the client port: `localhost:4222`. +{{% /codetab %}} + +{{% codetab %}} +Install NATS JetStream on Kubernetes by using the [helm](https://github.com/nats-io/k8s/tree/main/helm/charts/nats#jetstream): + +```bash +helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +helm install my-nats nats/nats +``` + +This installs a single NATS server into the `default` namespace. To interact +with NATS, find the service with: `kubectl get svc my-nats`. +{{% /codetab %}} + +{{< /tabs >}} + +## Related links +- [Basic schema for a Dapr component]({{< ref component-schema >}}) +- Read [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components +- [Pub/Sub building block]({{< ref pubsub >}}) +- [JetStream Documentation](https://docs.nats.io/jetstream/jetstream) +- [NATS CLI](https://github.com/nats-io/natscli) + + +[Durable Name]: https://docs.nats.io/jetstream/concepts/consumers#durable-name +[Start Sequence]: https://docs.nats.io/jetstream/concepts/consumers#deliverbystartsequence +[Start Time]: https://docs.nats.io/jetstream/concepts/consumers#deliverbystarttime +[Replay Policy]: https://docs.nats.io/jetstream/concepts/consumers#replaypolicy +[Flow Control]: https://docs.nats.io/jetstream/concepts/consumers#flowcontrol diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md index b795d1a91..38c281b4f 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md @@ -54,6 +54,11 @@ spec: The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} +{{% alert title="Warning" color="warning" %}} +NATS Streaming has been [deprecated](https://github.com/nats-io/nats-streaming-server/#warning--deprecation-notice-warning). +Please consider using [NATS JetStream]({{< ref setup-jetstream >}}) going forward. +{{% /alert %}} + ## Spec metadata fields | Field | Required | Details | Example | @@ -111,3 +116,4 @@ For example, if installing using the example above, the NATS Streaming address w - [Basic schema for a Dapr component]({{< ref component-schema >}}) - Read [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components - [Pub/Sub building block]({{< ref pubsub >}}) +- [NATS Streaming Deprecation Notice](https://github.com/nats-io/nats-streaming-server/#warning--deprecation-notice-warning) From 4fac40d4ed677244541290075370355d2417b362 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Thu, 2 Sep 2021 18:29:02 -0400 Subject: [PATCH 024/115] Adding setting documentation for `initialOffset` in the Kafka components --- .../reference/components-reference/supported-bindings/kafka.md | 1 + .../components-reference/supported-pubsub/setup-apache-kafka.md | 1 + 2 files changed, 2 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md b/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md index 52702e7e6..be31ecca5 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md @@ -52,6 +52,7 @@ spec: | authRequired | Y | Input/Output | Enable [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication with the Kafka brokers. | `"true"`, `"false"` | | saslUsername | N | Input/Output | The SASL username used for authentication. Only required if `authRequired` is set to `"true"`. | `"adminuser"` | | saslPassword | N | Input/Output | The SASL password used for authentication. Can be `secretKeyRef` to use a [secret reference]({{< ref component-secrets.md >}}). Only required if `authRequired` is set to `"true"`. | `""`, `"KeFg23!"` | +| initialOffset | N | The initial offset to use if no offset was previously committed. Should be "newest" or "oldest". Defaults to "newest". | `"oldest"` | | maxMessageBytes | N | Input/Output | The maximum size in bytes allowed for a single Kafka message. Defaults to 1024. | `2048` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md index cad93f7d5..91a86b1cd 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md @@ -49,6 +49,7 @@ spec: | authRequired | Y | Enable [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication with the Kafka brokers. | `"true"`, `"false"` | saslUsername | N | The SASL username used for authentication. Only required if `authRequired` is set to `"true"`. | `"adminuser"` | saslPassword | N | The SASL password used for authentication. Can be `secretKeyRef` to use a [secret reference]({{< ref component-secrets.md >}}). Only required if `authRequired` is set to `"true"`. | `""`, `"KeFg23!"` +| initialOffset | N | The initial offset to use if no offset was previously committed. Should be "newest" or "oldest". Defaults to "newest". | `"oldest"` | maxMessageBytes | N | The maximum size in bytes allowed for a single Kafka message. Defaults to 1024. | `2048` ## Per-call metadata fields From 7bc2154558dd2dbbb25a1d38fa3c66f6ed558285 Mon Sep 17 00:00:00 2001 From: Dmitry Shmulevich Date: Tue, 3 Aug 2021 15:00:39 -0700 Subject: [PATCH 025/115] Add documentation about actor's timer/reminder scheduling configuration --- .../building-blocks/actors/actors-overview.md | 10 +- .../building-blocks/actors/howto-actors.md | 141 +++++++++--------- 2 files changed, 76 insertions(+), 75 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-overview.md b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-overview.md index adbbe4de8..b6f91db65 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-overview.md @@ -35,7 +35,7 @@ Every actor is defined as an instance of an actor type, identical to the way an ## Actor lifetime -Dapr actors are virtual, meaning that their lifetime is not tied to their in-memory representation. As a result, they do not need to be explicitly created or destroyed. The Dapr actors runtime automatically activates an actor the first time it receives a request for that actor ID. If an actor is not used for a period of time, the Dapr Actors runtime garbage-collects the in-memory object. It will also maintain knowledge of the actor's existence should it need to be reactivated later. +Dapr actors are virtual, meaning that their lifetime is not tied to their in-memory representation. As a result, they do not need to be explicitly created or destroyed. The Dapr actor runtime automatically activates an actor the first time it receives a request for that actor ID. If an actor is not used for a period of time, the Dapr actor runtime garbage-collects the in-memory object. It will also maintain knowledge of the actor's existence should it need to be reactivated later. Invocation of actor methods and reminders reset the idle time, e.g. reminder firing will keep the actor active. Actor reminders fire whether an actor is active or inactive, if fired for inactive actor, it will activate the actor first. Actor timers do not reset the idle time, so timer firing will not keep the actor active. Timers only fire while the actor is active. @@ -77,11 +77,13 @@ POST/GET/PUT/DELETE http://localhost:3500/v1.0/actors///}}), [Java]({{< ref "java#actors" >}}), and [Python]({{< ref "python-actor" >}}). + Refer to [Dapr Actor Features]({{< ref howto-actors.md >}}) for more details. ### Concurrency -The Dapr Actors runtime provides a simple turn-based access model for accessing actor methods. This means that no more than one thread can be active inside an actor object's code at any time. Turn-based access greatly simplifies concurrent systems as there is no need for synchronization mechanisms for data access. It also means systems must be designed with special considerations for the single-threaded access nature of each actor instance. +The Dapr actor runtime provides a simple turn-based access model for accessing actor methods. This means that no more than one thread can be active inside an actor object's code at any time. Turn-based access greatly simplifies concurrent systems as there is no need for synchronization mechanisms for data access. It also means systems must be designed with special considerations for the single-threaded access nature of each actor instance. A single actor instance cannot process more than one request at a time. An actor instance can cause a throughput bottleneck if it is expected to handle concurrent requests. @@ -94,9 +96,9 @@ As an enhancement to the base actors in dapr, reentrancy can now be enabled as a ### Turn-based access -A turn consists of the complete execution of an actor method in response to a request from other actors or clients, or the complete execution of a timer/reminder callback. Even though these methods and callbacks are asynchronous, the Dapr Actors runtime does not interleave them. A turn must be fully finished before a new turn is allowed. In other words, an actor method or timer/reminder callback that is currently executing must be fully finished before a new call to a method or callback is allowed. A method or callback is considered to have finished if the execution has returned from the method or callback and the task returned by the method or callback has finished. It is worth emphasizing that turn-based concurrency is respected even across different methods, timers, and callbacks. +A turn consists of the complete execution of an actor method in response to a request from other actors or clients, or the complete execution of a timer/reminder callback. Even though these methods and callbacks are asynchronous, the Dapr actor runtime does not interleave them. A turn must be fully finished before a new turn is allowed. In other words, an actor method or timer/reminder callback that is currently executing must be fully finished before a new call to a method or callback is allowed. A method or callback is considered to have finished if the execution has returned from the method or callback and the task returned by the method or callback has finished. It is worth emphasizing that turn-based concurrency is respected even across different methods, timers, and callbacks. -The Dapr actors runtime enforces turn-based concurrency by acquiring a per-actor lock at the beginning of a turn and releasing the lock at the end of the turn. Thus, turn-based concurrency is enforced on a per-actor basis and not across actors. Actor methods and timer/reminder callbacks can execute simultaneously on behalf of different actors. +The Dapr actor runtime enforces turn-based concurrency by acquiring a per-actor lock at the beginning of a turn and releasing the lock at the end of the turn. Thus, turn-based concurrency is enforced on a per-actor basis and not across actors. Actor methods and timer/reminder callbacks can execute simultaneously on behalf of different actors. The following example illustrates the above concepts. Consider an actor type that implements two asynchronous methods (say, Method1 and Method2), a timer, and a reminder. The diagram below shows an example of a timeline for the execution of these methods and callbacks on behalf of two actors (ActorId1 and ActorId2) that belong to this actor type. diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md index 193a3c8b5..93439cfa7 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md @@ -6,11 +6,11 @@ weight: 20 description: Learn more about the actor pattern --- -The Dapr actors runtime provides support for [virtual actors]({{< ref actors-overview.md >}}) through following capabilities: +The Dapr actor runtime provides support for [virtual actors]({{< ref actors-overview.md >}}) through following capabilities: ## Actor method invocation -You can interact with Dapr to invoke the actor method by calling HTTP/gRPC endpoint +You can interact with Dapr to invoke the actor method by calling HTTP/gRPC endpoint. ```html POST/GET/PUT/DELETE http://localhost:3500/v1.0/actors///method/ @@ -20,6 +20,8 @@ You can provide any data for the actor method in the request body and the respon Refer [api spec]({{< ref "actors_api.md#invoke-actor-method" >}}) for more details. +Alternatively, you can use the Dapr SDK in [.NET]({{< ref "dotnet-actors" >}}), [Java]({{< ref "java#actors" >}}), or [Python]({{< ref "python-actor" >}}). + ## Actor state management Actors can save state reliably using state management capability. @@ -31,27 +33,62 @@ To use actors, your state store must support multi-item transactions. This mean Actors can schedule periodic work on themselves by registering either timers or reminders. +The functionality of timers and reminders is very similar. The main difference is that Dapr actor runtime is not retaining any information about timers after deactivation, while persisting the information about reminders using Dapr actor state provider. + +This distintcion allows users to trade off between light-weight but stateless timers vs. more resource-demanding but stateful reminders. + +The scheduling configuration of timers and reminders is identical, as summarized below: + +--- +`dueTime` is an optional parameter that sets time at which or time interval before the callback is invoked for the first time. If `dueTime` is omitted, the callback is invoked immediately after timer/reminder registration. + +Supported formats: +- RFC3339 date format, e.g. `2020-10-02T15:00:00Z` +- time.Duration format, e.g. `2h30m` +- [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations) format, e.g. `PT2H30M` + +--- +`period` is an optional parameter that sets time interval between two consecutive callback invocations. When specified in `ISO 8601-1 duration` format, you can also configure the number of repetition in order to limit the total number of callback invocations. +If `period` is omitted, the callback will be invoked only once. + +Supported formats: +- time.Duration format, e.g. `2h30m` +- [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations) format, e.g. `PT2H30M`, `R5/PT1M30S` + +--- +`ttl` is an optional parameter that sets time at which or time interval after which the timer/reminder will be expired and deleted. If `ttl` is omitted, no restrictions are applied. + +Supported formats: +* RFC3339 date format, e.g. `2020-10-02T15:00:00Z` +* time.Duration format, e.g. `2h30m` +* [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations) format. Example: `PT2H30M` + +--- +The actor runtime validates correctess of the scheduling configuration and returns error on invalid input. + +When you specify both the number of repetitions in `period` as well as `ttl`, the timer/reminder will be stopped when either condition is met. + ### Actor timers You can register a callback on actor to be executed based on a timer. -The Dapr actor runtime ensures that the callback methods respect the turn-based concurrency guarantees.This means that no other actor methods or timer/reminder callbacks will be in progress until this callback completes execution. +The Dapr actor runtime ensures that the callback methods respect the turn-based concurrency guarantees. This means that no other actor methods or timer/reminder callbacks will be in progress until this callback completes execution. -The next period of the timer starts after the callback completes execution. This implies that the timer is stopped while the callback is executing and is started when the callback finishes. +The Dapr actor runtime saves changes made to the actor's state when the callback finishes. If an error occurs in saving the state, that actor object is deactivated and a new instance will be activated. -The Dapr actors runtime saves changes made to the actor's state when the callback finishes. If an error occurs in saving the state, that actor object is deactivated and a new instance will be activated. +All timers are stopped when the actor is deactivated as part of garbage collection. No timer callbacks are invoked after that. Also, the Dapr actor runtime does not retain any information about the timers that were running before deactivation. It is up to the actor to register any timers that it needs when it is reactivated in the future. -All timers are stopped when the actor is deactivated as part of garbage collection. No timer callbacks are invoked after that. Also, the Dapr actors runtime does not retain any information about the timers that were running before deactivation. It is up to the actor to register any timers that it needs when it is reactivated in the future. - -You can create a timer for an actor by calling the HTTP/gRPC request to Dapr. +You can create a timer for an actor by calling the HTTP/gRPC request to Dapr as shown below, or via Dapr SDK. ```md POST/PUT http://localhost:3500/v1.0/actors///timers/ ``` -The timer `duetime` and callback are specified in the request body. The due time represents when the timer will first fire after registration. The `period` represents how often the timer fires after that. A due time of 0 means to fire immediately. Negative due times and negative periods are invalid. +**Examples** -The following request body configures a timer with a `dueTime` of 9 seconds and a `period` of 3 seconds. This means it will first fire after 9 seconds, then every 3 seconds after that. +The timer parameters are specified in the request body. + +The following request body configures a timer with a `dueTime` of 9 seconds and a `period` of 3 seconds. This means it will first fire after 9 seconds, then every 3 seconds after that. ```json { "dueTime":"0h0m9s0ms", @@ -59,11 +96,27 @@ The following request body configures a timer with a `dueTime` of 9 seconds and } ``` -The following request body configures a timer with a `dueTime` 0 seconds and a `period` of 3 seconds. This means it fires immediately after registration, then every 3 seconds after that. +The following request body configures a timer with a `period` of 3 seconds (in ISO 8601 duration format). It also limits the number of invocations to 10. This means it will fire 10 times: first, immediately after registration, then every 3 seconds after that. ```json { - "dueTime":"0h0m0s0ms", - "period":"0h0m3s0ms" + "period":"R10/PT3S", +} +``` + +The following request body configures a timer with a `period` of 3 seconds (in ISO 8601 duration format) and a `ttl` of 20 seconds. This means it fires immediately after registration, then every 3 seconds after that for the duration of 20 seconds. +```json +{ + "period":"PT3S", + "ttl":"20s" +} +``` + +The following request body configures a timer with a `dueTime` of 10 seconds, a `period` of 3 seconds, and a `ttl` of 10 seconds. It also limits the number of invocations to 4. This means it will first fire after 10 seconds, then every 3 seconds after that for the duration of 10 seconds, but no more than 4 times in total. +```json +{ + "dueTime":"10s", + "period":"R4/PT3S", + "ttl":"10s" } ``` @@ -77,69 +130,15 @@ Refer [api spec]({{< ref "actors_api.md#invoke-timer" >}}) for more details. ### Actor reminders -Reminders are a mechanism to trigger *persistent* callbacks on an actor at specified times. Their functionality is similar to timers. But unlike timers, reminders are triggered under all circumstances until the actor explicitly unregisters them or the actor is explicitly deleted or the number in invocations is exhausted. Specifically, reminders are triggered across actor deactivations and failovers because the Dapr actors runtime persists the information about the actors' reminders using Dapr actor state provider. +Reminders are a mechanism to trigger *persistent* callbacks on an actor at specified times. Their functionality is similar to timers. But unlike timers, reminders are triggered under all circumstances until the actor explicitly unregisters them or the actor is explicitly deleted or the number in invocations is exhausted. Specifically, reminders are triggered across actor deactivations and failovers because the Dapr actor runtime persists the information about the actors' reminders using Dapr actor state provider. -You can create a persistent reminder for an actor by calling the Http/gRPC request to Dapr. +You can create a persistent reminder for an actor by calling the HTTP/gRPC request to Dapr as shown below, or via Dapr SDK. ```md POST/PUT http://localhost:3500/v1.0/actors///reminders/ ``` -The reminder `duetime` and callback can be specified in the request body. The due time represents when the reminder first fires after registration. The `period` represents how often the reminder will fire after that. A due time of 0 means to fire immediately. Negative due times and negative periods are invalid. To register a reminder that fires only once, set the period to an empty string. - -The following request body configures a reminder with a `dueTime` 9 seconds and a `period` of 3 seconds. This means it will first fire after 9 seconds, then every 3 seconds after that. -```json -{ - "dueTime":"0h0m9s0ms", - "period":"0h0m3s0ms" -} -``` - -The following request body configures a reminder with a `dueTime` 0 seconds and a `period` of 3 seconds. This means it will fire immediately after registration, then every 3 seconds after that. -```json -{ - "dueTime":"0h0m0s0ms", - "period":"0h0m3s0ms" -} -``` - -The following request body configures a reminder with a `dueTime` 15 seconds and a `period` of empty string. This means it will first fire after 15 seconds, then never fire again. -```json -{ - "dueTime":"0h0m15s0ms", - "period":"" -} -``` - -[ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations) can also be used to specify `period`. The following request body configures a reminder with a `dueTime` 0 seconds an `period` of 15 seconds. -```json -{ - "dueTime":"0h0m0s0ms", - "period":"P0Y0M0W0DT0H0M15S" -} -``` -The designators for zero are optional and the above `period` can be simplified to `PT15S`. -ISO 8601 specifies multiple recurrence formats but only the duration format is currently supported. - -#### Reminders with repetitions - -When configured with ISO 8601 durations, the `period` column also allows to specify number of times a reminder can run. The following request body will create a reminder that will execute for 5 number of times with a period of 15 seconds. -```json -{ - "dueTime":"0h0m0s0ms", - "period":"R5/PT15S" -} -``` - -The number of repetitions i.e. the number of times the reminder is run should be a positive number. - -**Example** - -Watch this [video](https://www.youtube.com/watch?v=B_vkXqptpXY&t=1002s) for more information on using ISO 861 for Reminders - -
- -
+The request structure for reminders is identical to those of actors. Please refer to the [actor timers examples]({{< ref "#actor-timers" >}}). #### Retrieve actor reminder @@ -161,7 +160,7 @@ Refer [api spec]({{< ref "actors_api.md#invoke-reminder" >}}) for more details. ## Actor runtime configuration -You can configure the Dapr Actors runtime configuration to modify the default runtime behavior. +You can configure the Dapr actor runtime configuration to modify the default runtime behavior. ### Configuration parameters - `actorIdleTimeout` - The timeout before deactivating an idle actor. Checks for timeouts occur every `actorScanInterval` interval. **Default: 60 minutes** From 21cf1e3db57e68bbd591b7be97518f99ccc6501c Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Fri, 3 Sep 2021 16:35:17 -0700 Subject: [PATCH 026/115] editing Docsy theme config file to add user feedback buttons to website (issue #1644) --- daprdocs/config.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/daprdocs/config.toml b/daprdocs/config.toml index a6286e75d..4da64bfda 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -190,6 +190,10 @@ url_latest_version = "https://docs.dapr.io" sidebar_menu_compact = true navbar_logo = true sidebar_search_disable = true +[params.ui.feedback] +enable = true +yes = 'Glad to hear it! Please tell us how we can improve.' +no = 'Sorry to hear that. Please tell us how we can improve.' # Links ## End user relevant links. These will show up on left side of footer and in the community page if you have one. From eed54f2d9ac6fcb26edf12dfbe94bb7c97c3763a Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Tue, 7 Sep 2021 18:27:10 +0200 Subject: [PATCH 027/115] S3 add encodeBase64 option to encoode data respose in base64 --- .../en/reference/components-reference/supported-bindings/s3.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md index 9fe1247bb..6a9909b9e 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md @@ -35,6 +35,8 @@ spec: value: mysession - name: decodeBase64 value: + - name: encodeBase64 + value: ``` {{% alert title="Warning" color="warning" %}} @@ -51,6 +53,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | secretKey | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | | sessionToken | N | Output | The AWS session token to use | `"sessionToken"` | | decodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | +| encodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | ## Binding support From fb9f410cfd7b07474c31975da17dc64c56fdec11 Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Tue, 7 Sep 2021 19:22:57 +0200 Subject: [PATCH 028/115] S3 fix encodeBase64 option to encoode data respose in base64 --- .../en/reference/components-reference/supported-bindings/s3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md index 6a9909b9e..b48aa37d2 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md @@ -53,7 +53,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | secretKey | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | | sessionToken | N | Output | The AWS session token to use | `"sessionToken"` | | decodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | -| encodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | +| encodeBase64 | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | ## Binding support From ad5a8d76768f336e3c82774149734e37b8e5fadb Mon Sep 17 00:00:00 2001 From: georgestevens99 Date: Tue, 7 Sep 2021 14:26:51 -0400 Subject: [PATCH 029/115] Update component-secrets.md Applied Mark Fussell's feedback replacing Standard and Special case names with more descriptive names. Plus cleaned up the grammer and text in a few areas. --- .../en/operations/components/component-secrets.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/daprdocs/content/en/operations/components/component-secrets.md b/daprdocs/content/en/operations/components/component-secrets.md index df5bea56c..63a8c53aa 100644 --- a/daprdocs/content/en/operations/components/component-secrets.md +++ b/daprdocs/content/en/operations/components/component-secrets.md @@ -38,9 +38,9 @@ spec: value: MyPassword ``` -Instead create the secret in your secret store and reference it in the component definition. There are 2 cases for this shown below -- A Standard Case and a Special Case. +Instead create the secret in your secret store and reference it in the component definition. There are 2 cases for this shown below -- the "Secret Contains an Embedded Key" and the "Secret is a String". -The Standard Case applies when there is an key embedded within the secret, i.e. the secret is NOT an entire connection string. The below component definition yaml is for the Standard Case. +The "Secret Contains an Embedded Key" case applies when there is a key embedded within the secret, i.e. the secret is NOT an entire connection string. This is shown in the following component definition yaml. ```yml apiVersion: dapr.io/v1alpha1 @@ -64,10 +64,10 @@ auth: `SECRET_STORE_NAME` is the name of the configured [secret store component]({{< ref supported-secret-stores >}}). When running in Kubernetes and using a Kubernetes secret store, the field `auth.SecretStore` defaults to `kubernetes` and can be left empty. -The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value associated with the `redis-password` key embedded in the secret to the `redisPassword` field in the component. +The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value associated with the `redis-password` key embedded in the secret to the `redisPassword` field in the component. One use of this case is when your code is constructing a connection string, for example putting together a URL, a secret, plus other information as necessary, into a string. -On the other hand, the below Special Case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret is an entire connection string with no embedded key whose value needs to be extracted. Typically a connection string consists of connection information, some sort of secret to allow connection, plus perhaps other information and does not require a separate "secret". This Special Case is shown in the below component definition yaml. +On the other hand, the below "Secret is a String" case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret itself is an entire connection string with no embedded key whose value needs to be extracted. Typically a connection string consists of connection information, some sort of secret to allow connection, plus perhaps other information and does not require a separate "secret". This case is shown in the below component definition yaml. ```yml apiVersion: dapr.io/v1alpha1 @@ -88,7 +88,7 @@ auth: secretStore: ``` -The above Special Case yaml tells Dapr to extract a connection string named `asbNsConnstring` from the defined `secretStore` and assign the value to the `connectionString` field in the component since there is no key embedded in the "secret" from the `secretStore` because it is a plain string. This requires the secret `name` and secret `key` to be identical. +The above "Secret is a String" case yaml tells Dapr to extract a connection string named `asbNsConnstring` from the defined `secretStore` and assign the value to the `connectionString` field in the component since there is no key embedded in the "secret" from the `secretStore` because it is a plain string. This requires the secret `name` and secret `key` to be identical. ## Example From bfd0c0c056defa6640df11ea0662b31d66c93636 Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Tue, 7 Sep 2021 17:26:36 -0700 Subject: [PATCH 030/115] Add automatic state encryption (#1766) * add automatic state encryption * Update howto-encrypt-state.md * add links to state overview * Update daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md * Update daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md Co-authored-by: Aaron Crawfis --- .../state-management/howto-encrypt-state.md | 88 +++++++++++++++++++ .../state-management-overview.md | 7 ++ 2 files changed, 95 insertions(+) create mode 100644 daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md diff --git a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md new file mode 100644 index 000000000..e8a20abeb --- /dev/null +++ b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md @@ -0,0 +1,88 @@ +--- +type: docs +title: "How-To: Encrypt application state" +linkTitle: "How-To: Encrypt state" +weight: 450 +description: "Automatically encrypt state and manage key rotations" + +--- + +## Introduction + +Application state often needs to get encrypted at rest to provide stonger security in enterprise workloads or regulated environments. Dapr offers automatic client side encryption based on [AES256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). + +In addition to automatic encryption, Dapr supports primary and secondary encryption keys to make it easier for developers and ops teams to enable a key rotation strategy. +This feature is supported by all Dapr state stores. + +The encryption keys are fetched from a secret, and cannot be supplied as plaintext values on the `metadata` section. + +## Enabling automatic encryption + +1. Enable the state encryption preview feature using a standard [Dapr Configuration]({{< ref configuration-overview.md >}}): + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: stateconfig +spec: + features: + - name: State.Encryption + enabled: true +``` + +2. Add the following `metadata` section to any Dapr supported state store: + +```yaml +metadata: +- name: primaryEncryptionKey + secretKeyRef: + name: mysecret + key: mykey # key is optional. +``` + +For example, this is the full YAML of a Redis encrypted state store + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: statestore +spec: + type: state.redis + version: v1 + metadata: + - name: redisHost + value: localhost:6379 + - name: redisPassword + value: "" + - name: primaryEncryptionKey + secretKeyRef: + name: mysecret + key: mykey +``` + +You now have a Dapr state store that's configured to fetch the encryption key from a secret named `mysecret`, containing the actual encryption key in a key named `mykey`. +The actual encryption key *must* be an AES256 encryption key. Dapr will error and exit if the encryption key is invalid. + +*Note that the secret store does not have to support keys* + +## Key rotation + +To support key rotation, Dapr provides a way to specify a secondary encryption key: + +```yaml +metadata: +- name: primaryEncryptionKey + secretKeyRef: + name: mysecret + key: mykey +- name: secondaryEncryptionKey + secretKeyRef: + name: mysecret2 + key: mykey2 +``` + +When Dapr starts, it will fetch the secrets containing the encryption keys listed in the `metadata` section. Dapr knows which state item has been encrypted with which key automatically, as it appends the `secretKeyRef.name` field to the end of the actual state key. + +To rotate a key, simply change the `primaryEncryptionKey` to point to a secret containing your new key, and move the old primary encryption key to the `secondaryEncryptionKey`. New data will be encrypted using the new key, and old data that's retrieved will be decrypted using the secondary key. Any updates to data items encrypted using the old key will be re-encrypted using the new key. diff --git a/daprdocs/content/en/developing-applications/building-blocks/state-management/state-management-overview.md b/daprdocs/content/en/developing-applications/building-blocks/state-management/state-management-overview.md index dc7149d1f..07a9af8b9 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/state-management/state-management-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/state-management/state-management-overview.md @@ -50,6 +50,12 @@ For stores that don't natively support ETags, it's expected that the correspondi Read the [API reference]({{< ref state_api.md >}}) to learn how to set concurrency options. +### Automatic encryption + +Dapr supports automatic client encryption of application state with support for key rotations. This is a preview feature and it is supported on all Dapr state stores. + +For more info, read the [How-To: Encrypt application state]({{< ref howto-encrypt-state.md >}}) section. + ### Consistency Dapr supports both **strong consistency** and **eventual consistency**, with eventual consistency as the default behavior. @@ -104,6 +110,7 @@ The API for state management can be found in the [state management API reference * [How-To: Save and get state]({{< ref howto-get-save-state.md >}}) * [How-To: Build a stateful service]({{< ref howto-stateful-service.md >}}) * [How-To: Share state between applications]({{< ref howto-share-state.md >}}) + * [How-To: Encrypt application state]({{< ref howto-encrypt-state.md >}}) * Try out the [hello world quickstart](https://github.com/dapr/quickstarts/blob/master/hello-world/README.md) which shows how to use state management or try the samples in the [Dapr SDKs]({{< ref sdks >}}) * List of [state store components]({{< ref supported-state-stores.md >}}) * Read the [state management API reference]({{< ref state_api.md >}}) From 49f031582a171862d83fbf319835543fc655a59c Mon Sep 17 00:00:00 2001 From: Mikal S Date: Wed, 8 Sep 2021 17:44:36 +0200 Subject: [PATCH 031/115] Update azure-keyvault-managed-identity.md Add clarification of 'resourceID: [your managed identity id]' for the AKV managed identity template. --- .../azure-keyvault-managed-identity.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md index 55d4abd88..721524125 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md @@ -150,6 +150,12 @@ The above example uses secrets as plain strings. It is recommended to use a loca azureIdentity: [your managed identity name] selector: [your managed identity selector] ``` + where the value `resourceID: [your managed identity id]` is the fully qualified ID of the managed identity. It can be retrieved by running + ``` + az identity show -g [your resource group] -n [managed identity name] --query id + ``` + + 10. Deploy the azure-identity-config.yaml: From 98ecae7f0299df7ce9b28eea21f5c7773ce4c9f5 Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Wed, 8 Sep 2021 12:21:58 -0700 Subject: [PATCH 032/115] Create new Dapr branch --- .../{website-v1-4.yml => website-v1-5.yml} | 8 ++++---- README.md | 4 ++-- daprdocs/config.toml | 15 +++++++++------ 3 files changed, 15 insertions(+), 12 deletions(-) rename .github/workflows/{website-v1-4.yml => website-v1-5.yml} (96%) diff --git a/.github/workflows/website-v1-4.yml b/.github/workflows/website-v1-5.yml similarity index 96% rename from .github/workflows/website-v1-4.yml rename to .github/workflows/website-v1-5.yml index d4a844308..0e030ecd5 100644 --- a/.github/workflows/website-v1-4.yml +++ b/.github/workflows/website-v1-5.yml @@ -3,11 +3,11 @@ name: Azure Static Web App v1.4 on: push: branches: - - v1.4 + - v1.5 pull_request: types: [opened, synchronize, reopened, closed] branches: - - v1.4 + - v1.5 jobs: build_and_deploy_job: @@ -27,7 +27,7 @@ jobs: HUGO_ENV: production HUGO_VERSION: "0.74.3" with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_4 }} + azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_5 }} repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) skip_deploy_on_missing_secrets: true action: "upload" @@ -48,6 +48,6 @@ jobs: id: closepullrequest uses: Azure/static-web-apps-deploy@v0.0.1-preview with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_4 }} + azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_V1_5 }} skip_deploy_on_missing_secrets: true action: "close" diff --git a/README.md b/README.md index 4cde96448..768ba03c4 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ The following branches are currently maintained: | Branch | Website | Description | |--------|---------|-------------| -| [v1.3](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. -| [v1.4](https://github.com/dapr/docs/tree/v1.4) (pre-release) | https://v1-4.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.4+ go here. +| [v1.4](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. +| [v1.5](https://github.com/dapr/docs/tree/v1.5) (pre-release) | https://v1-5.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.5+ go here. For more information visit the [Dapr branch structure](https://docs.dapr.io/contributing/contributing-docs/#branch-guidance) document. diff --git a/daprdocs/config.toml b/daprdocs/config.toml index 540ab2b1d..1aa4c7cd6 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -1,5 +1,5 @@ # Site Configuration -baseURL = "https://v1-4.docs.dapr.io/" +baseURL = "https://v1-5.docs.dapr.io/" title = "Dapr Docs" theme = "docsy" disableFastRender = true @@ -149,20 +149,23 @@ offlineSearch = false github_repo = "https://github.com/dapr/docs" github_project_repo = "https://github.com/dapr/dapr" github_subdir = "daprdocs" -github_branch = "v1.4" +github_branch = "v1.5" # Versioning -version_menu = "v1.4 (preview)" -version = "v1.4" +version_menu = "v1.5 (preview)" +version = "v1.5" archived_version = false url_latest_version = "https://docs.dapr.io" [[params.versions]] - version = "v1.4 (preview)" + version = "v1.5 (preview)" url = "#" [[params.versions]] - version = "v1.3 (latest)" + version = "v1.4 (latest)" url = "https://docs.dapr.io" +[[params.versions]] + version = "v1.3" + url = "https://v1-3.docs.dapr.io" [[params.versions]] version = "v1.2" url = "https://v1-2.docs.dapr.io" From 07373c1a3de95d8848ffb34cb62439341a5f6d0b Mon Sep 17 00:00:00 2001 From: Mikal S Date: Wed, 8 Sep 2021 21:44:57 +0200 Subject: [PATCH 033/115] Update azure-keyvault-managed-identity.md Fix 'fully qualified ID' to 'fully qualified resource ID' --- .../supported-secret-stores/azure-keyvault-managed-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md index 721524125..3302feb90 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md @@ -150,7 +150,7 @@ The above example uses secrets as plain strings. It is recommended to use a loca azureIdentity: [your managed identity name] selector: [your managed identity selector] ``` - where the value `resourceID: [your managed identity id]` is the fully qualified ID of the managed identity. It can be retrieved by running + where the value `resourceID: [your managed identity id]` is the fully qualified resource ID of the managed identity. It can be retrieved by running ``` az identity show -g [your resource group] -n [managed identity name] --query id ``` From dd197ee52b725064bdd23b61b68a7cac0978c09e Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 9 Sep 2021 10:26:56 -0700 Subject: [PATCH 034/115] Add doc for how to use setup-dapr GitHub Action --- .../integrations/github_actions.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 daprdocs/content/en/developing-applications/integrations/github_actions.md diff --git a/daprdocs/content/en/developing-applications/integrations/github_actions.md b/daprdocs/content/en/developing-applications/integrations/github_actions.md new file mode 100644 index 000000000..7ae699cb1 --- /dev/null +++ b/daprdocs/content/en/developing-applications/integrations/github_actions.md @@ -0,0 +1,37 @@ +--- +type: docs +weight: 10000 +title: "Use the Dapr CLI in a GitHub Actions workflow" +linkTitle: "GitHub Actions" +description: "Learn how to add the Dapr CLI to your GitHub Actions to deploy and manage Dapr in your environments." +--- + +Dapr can be integrated with GitHub Actions via the [Dapr tool installer](https://github.com/marketplace/actions/dapr-tool-installer) available in the GitHub Marketplace. This installer adds the Dapr CLI to your workflow, allowing you to deploy, manage, and upgrade Dapr across your environments. + +## Overview + +The `dapr/setup-dapr` action will install the specified version of the Dapr CLI on macOS, Linux and Windows runners. Once installed, you can run any [Dapr CLI command]({{< ref cli >}}) to manage your Dapr environments. + +## Example + +```yaml +- name: Install Dapr + uses: dapr/setup-dapr@v1 + with: + version: '1.3.0' + +- name: Initialize Dapr + shell: pwsh + run: | + # Get the credentials to K8s to use with dapr init + az aks get-credentials --resource-group ${{ env.RG_NAME }} --name "${{ steps.azure-deployment.outputs.aksName }}" + + # Initialize Dapr + # Group the Dapr init logs so these lines can be collapsed. + Write-Output "::group::Initialize Dapr" + dapr init --kubernetes --wait --runtime-version ${{ env.DAPR_VERSION }} + Write-Output "::endgroup::" + + dapr status --kubernetes + working-directory: ./twitter-sentiment-processor/demos/demo3 +``` \ No newline at end of file From db4e51e9cb6593dd4404f41d2164309fc257081c Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 9 Sep 2021 14:38:20 -0700 Subject: [PATCH 035/115] Create variable for latest Dapr version and update all version references to useit --- .../en/getting-started/install-dapr-selfhost.md | 4 ++-- .../content/en/getting-started/quickstarts.md | 16 ++++++++-------- .../hosting/kubernetes/kubernetes-upgrade.md | 8 ++++---- .../hosting/self-hosted/self-hosted-upgrade.md | 6 +++--- daprdocs/layouts/shortcodes/dapr-version.html | 1 + 5 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 daprdocs/layouts/shortcodes/dapr-version.html diff --git a/daprdocs/content/en/getting-started/install-dapr-selfhost.md b/daprdocs/content/en/getting-started/install-dapr-selfhost.md index d50d6325b..9c397e353 100644 --- a/daprdocs/content/en/getting-started/install-dapr-selfhost.md +++ b/daprdocs/content/en/getting-started/install-dapr-selfhost.md @@ -52,8 +52,8 @@ dapr --version Output should look like this: ``` -CLI version: 1.3.0 -Runtime version: 1.3.0 +CLI version: {{% dapr-version %}} +Runtime version: {{% dapr-version %}} ``` ### Step 4: Verify containers are running diff --git a/daprdocs/content/en/getting-started/quickstarts.md b/daprdocs/content/en/getting-started/quickstarts.md index 716ba37de..17031cca7 100644 --- a/daprdocs/content/en/getting-started/quickstarts.md +++ b/daprdocs/content/en/getting-started/quickstarts.md @@ -17,11 +17,11 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co | Quickstart | Description | |--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Hello World](https://github.com/dapr/quickstarts/tree/v1.3.0/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | -| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v1.3.0/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | -| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v1.3.0/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | -| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v1.3.0/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | -| [Bindings](https://github.com/dapr/quickstarts/tree/v1.3.0/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | -| [Middleware](https://github.com/dapr/quickstarts/tree/v1.3.0/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | -| [Observability](https://github.com/dapr/quickstarts/tree/v1.3.0/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | -| [Secret Store](https://github.com/dapr/quickstarts/tree/v1.3.0/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | +| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | +| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | +| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | +| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | +| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | +| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | +| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | +| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md index 262d5253c..4b5f91adb 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md @@ -11,15 +11,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo - [Dapr CLI]({{< ref install-dapr-cli.md >}}) - [Helm 3](https://github.com/helm/helm/releases) (if using Helm) -## Upgrade existing cluster to 1.3.0 +## Upgrade existing cluster to {{% dapr-version %}} There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. ### Dapr CLI -The example below shows how to upgrade to version 1.3.0: +The example below shows how to upgrade to version {{% dapr-version %}}: ```bash - dapr upgrade -k --runtime-version=1.3.0 + dapr upgrade -k --runtime-version={{% dapr-version %}} ``` You can provide all the available Helm chart configurations using the Dapr CLI. @@ -43,7 +43,7 @@ To resolve this issue please run the follow command to upgrade the CustomResourc kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/5a15b3e0f093d2d0938b12f144c7047474a290fe/charts/dapr/crds/configuration.yaml ``` -Then proceed with the `dapr upgrade --runtime-version 1.3.0 -k` command as above. +Then proceed with the `dapr upgrade --runtime-version {{% dapr-version %}} -k` command as above. ### Helm diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md index 5e541761d..d07f90e4a 100644 --- a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md +++ b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md @@ -25,11 +25,11 @@ description: "Follow these steps to upgrade Dapr in self-hosted mode and ensure dapr init ``` -1. Ensure you are using the latest version of Dapr (v1.3) with: +1. Ensure you are using the latest version of Dapr (v{{% dapr-version %}})) with: ```bash $ dapr --version - CLI version: 1.3 - Runtime version: 1.3 + CLI version: {{% dapr-version %}} + Runtime version: {{% dapr-version %}} ``` diff --git a/daprdocs/layouts/shortcodes/dapr-version.html b/daprdocs/layouts/shortcodes/dapr-version.html new file mode 100644 index 000000000..e21e727f9 --- /dev/null +++ b/daprdocs/layouts/shortcodes/dapr-version.html @@ -0,0 +1 @@ +1.4.0 \ No newline at end of file From 417fbf73fe59e614151c1fce468425f1cf4d23bd Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 9 Sep 2021 14:58:05 -0700 Subject: [PATCH 036/115] Update version in helm deployment section --- .../en/operations/hosting/kubernetes/kubernetes-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md index cf71a7c32..be72cd6c9 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md @@ -122,7 +122,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.2 \ + --version=1.3 \ --namespace dapr-system \ --create-namespace \ --wait @@ -132,7 +132,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.2 \ + --version=1.3 \ --namespace dapr-system \ --create-namespace \ --set global.ha.enabled=true \ From e480b03d583494451e52552a43b5b2bcceed49f0 Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Thu, 9 Sep 2021 15:00:12 -0700 Subject: [PATCH 037/115] add custom route (#1772) --- .../building-blocks/bindings/howto-triggers.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/daprdocs/content/en/developing-applications/building-blocks/bindings/howto-triggers.md b/daprdocs/content/en/developing-applications/building-blocks/bindings/howto-triggers.md index 6dde81ec2..c0afc13a8 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/bindings/howto-triggers.md +++ b/daprdocs/content/en/developing-applications/building-blocks/bindings/howto-triggers.md @@ -91,6 +91,20 @@ In order to tell Dapr that the event wasn't processed correctly in your applicat res.status(500).send() ``` +### Specifying a custom route + +By default, incoming events will be sent to an HTTP endpoint that corresponds to the name of the input binding. +You can override this by setting the following metadata property: + +```yaml +name: mybinding +spec: + type: binding.rabbitmq + metadata: + - name: route + value: /onevent +``` + ### Event delivery Guarantees Event delivery guarantees are controlled by the binding implementation. Depending on the binding implementation, the event delivery can be exactly once or at least once. From 5e2a11663b5333af6c0cfc1f9eb6538dc5987fa9 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Thu, 9 Sep 2021 15:46:29 -0700 Subject: [PATCH 038/115] changes to v1.3 for v1.4 release --- .github/workflows/website-root.yml | 53 ------------------------------ README.md | 4 +-- daprdocs/config.toml | 15 +++++---- 3 files changed, 11 insertions(+), 61 deletions(-) delete mode 100644 .github/workflows/website-root.yml diff --git a/.github/workflows/website-root.yml b/.github/workflows/website-root.yml deleted file mode 100644 index b4bf798f0..000000000 --- a/.github/workflows/website-root.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Azure Static Web App Root - -on: - push: - branches: - - v1.3 - pull_request: - types: [opened, synchronize, reopened, closed] - branches: - - v1.3 - -jobs: - build_and_deploy_job: - if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed') - runs-on: ubuntu-latest - name: Build and Deploy Job - steps: - - uses: actions/checkout@v2 - with: - submodules: recursive - - name: Setup Docsy - run: cd daprdocs && git submodule update --init --recursive && sudo npm install -D --save autoprefixer && sudo npm install -D --save postcss-cli - - name: Build And Deploy - id: builddeploy - uses: Azure/static-web-apps-deploy@v0.0.1-preview - env: - HUGO_ENV: production - HUGO_VERSION: "0.74.3" - with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_PROUD_BAY_0E9E0E81E }} - repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) - skip_deploy_on_missing_secrets: true - action: "upload" - ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### - # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - app_location: "/daprdocs" # App source code path - api_location: "api" # Api source code path - optional - output_location: "public" # Built app content directory - optional - app_build_command: "hugo" - ###### End of Repository/Build Configurations ###### - - close_pull_request_job: - if: github.event_name == 'pull_request' && github.event.action == 'closed' - runs-on: ubuntu-latest - name: Close Pull Request Job - steps: - - name: Close Pull Request - id: closepullrequest - uses: Azure/static-web-apps-deploy@v0.0.1-preview - with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_PROUD_BAY_0E9E0E81E }} - skip_deploy_on_missing_secrets: true - action: "close" \ No newline at end of file diff --git a/README.md b/README.md index 4cde96448..768ba03c4 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ The following branches are currently maintained: | Branch | Website | Description | |--------|---------|-------------| -| [v1.3](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. -| [v1.4](https://github.com/dapr/docs/tree/v1.4) (pre-release) | https://v1-4.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.4+ go here. +| [v1.4](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. +| [v1.5](https://github.com/dapr/docs/tree/v1.5) (pre-release) | https://v1-5.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.5+ go here. For more information visit the [Dapr branch structure](https://docs.dapr.io/contributing/contributing-docs/#branch-guidance) document. diff --git a/daprdocs/config.toml b/daprdocs/config.toml index a6286e75d..2f0d7316d 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -1,5 +1,5 @@ # Site Configuration -baseURL = "https://docs.dapr.io/" +baseURL = "https://v1-3.docs.dapr.io/" title = "Dapr Docs" theme = "docsy" disableFastRender = true @@ -152,16 +152,19 @@ github_subdir = "daprdocs" github_branch = "v1.3" # Versioning -version_menu = "v1.3 (latest)" +version_menu = "v1.3" version = "v1.3" -archived_version = false +archived_version = true url_latest_version = "https://docs.dapr.io" [[params.versions]] - version = "v1.4 (preview)" - url = "https://v1-4.docs.dapr.io" + version = "v1.5 (preview)" + url = "https://v1-5.docs.dapr.io" [[params.versions]] - version = "v1.3 (latest)" + version = "v1.4 (latest)" + url = "https://docs.dapr.io" +[[params.versions]] + version = "v1.3" url = "#" [[params.versions]] version = "v1.2" From c9b45fdd5209adcc59c07c44995ffb4a3741e0e5 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 9 Sep 2021 15:57:54 -0700 Subject: [PATCH 039/115] update shortcode to dapr-latest-version --- .../en/getting-started/install-dapr-selfhost.md | 4 ++-- .../content/en/getting-started/quickstarts.md | 16 ++++++++-------- .../hosting/kubernetes/kubernetes-upgrade.md | 8 ++++---- .../hosting/self-hosted/self-hosted-upgrade.md | 6 +++--- ...apr-version.html => dapr-latest-version.html} | 0 5 files changed, 17 insertions(+), 17 deletions(-) rename daprdocs/layouts/shortcodes/{dapr-version.html => dapr-latest-version.html} (100%) diff --git a/daprdocs/content/en/getting-started/install-dapr-selfhost.md b/daprdocs/content/en/getting-started/install-dapr-selfhost.md index 9c397e353..5e7e12963 100644 --- a/daprdocs/content/en/getting-started/install-dapr-selfhost.md +++ b/daprdocs/content/en/getting-started/install-dapr-selfhost.md @@ -52,8 +52,8 @@ dapr --version Output should look like this: ``` -CLI version: {{% dapr-version %}} -Runtime version: {{% dapr-version %}} +CLI version: {{% dapr-latest-version %}} +Runtime version: {{% dapr-latest-version %}} ``` ### Step 4: Verify containers are running diff --git a/daprdocs/content/en/getting-started/quickstarts.md b/daprdocs/content/en/getting-started/quickstarts.md index 17031cca7..cbe97a13b 100644 --- a/daprdocs/content/en/getting-started/quickstarts.md +++ b/daprdocs/content/en/getting-started/quickstarts.md @@ -17,11 +17,11 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co | Quickstart | Description | |--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | -| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | -| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | -| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | -| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | -| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | -| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | -| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | +| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | +| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | +| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | +| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | +| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | +| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | +| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | +| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md index 4b5f91adb..af2f1365f 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md @@ -11,15 +11,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo - [Dapr CLI]({{< ref install-dapr-cli.md >}}) - [Helm 3](https://github.com/helm/helm/releases) (if using Helm) -## Upgrade existing cluster to {{% dapr-version %}} +## Upgrade existing cluster to {{% dapr-latest-version %}} There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. ### Dapr CLI -The example below shows how to upgrade to version {{% dapr-version %}}: +The example below shows how to upgrade to version {{% dapr-latest-version %}}: ```bash - dapr upgrade -k --runtime-version={{% dapr-version %}} + dapr upgrade -k --runtime-version={{% dapr-latest-version %}} ``` You can provide all the available Helm chart configurations using the Dapr CLI. @@ -43,7 +43,7 @@ To resolve this issue please run the follow command to upgrade the CustomResourc kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/5a15b3e0f093d2d0938b12f144c7047474a290fe/charts/dapr/crds/configuration.yaml ``` -Then proceed with the `dapr upgrade --runtime-version {{% dapr-version %}} -k` command as above. +Then proceed with the `dapr upgrade --runtime-version {{% dapr-latest-version %}} -k` command as above. ### Helm diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md index d07f90e4a..0cefbc82c 100644 --- a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md +++ b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md @@ -25,11 +25,11 @@ description: "Follow these steps to upgrade Dapr in self-hosted mode and ensure dapr init ``` -1. Ensure you are using the latest version of Dapr (v{{% dapr-version %}})) with: +1. Ensure you are using the latest version of Dapr (v{{% dapr-latest-version %}})) with: ```bash $ dapr --version - CLI version: {{% dapr-version %}} - Runtime version: {{% dapr-version %}} + CLI version: {{% dapr-latest-version %}} + Runtime version: {{% dapr-latest-version %}} ``` diff --git a/daprdocs/layouts/shortcodes/dapr-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html similarity index 100% rename from daprdocs/layouts/shortcodes/dapr-version.html rename to daprdocs/layouts/shortcodes/dapr-latest-version.html From d089656e61e1470a22c630c09ad92e0427072a6b Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Thu, 9 Sep 2021 16:25:44 -0700 Subject: [PATCH 040/115] updating versions to v1.4 --- .github/workflows/website-root.yml | 4 ++-- README.md | 4 ++-- daprdocs/config.toml | 13 ++++++++----- .../en/operations/support/support-release-policy.md | 10 ++++++---- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/website-root.yml b/.github/workflows/website-root.yml index b4bf798f0..10277109f 100644 --- a/.github/workflows/website-root.yml +++ b/.github/workflows/website-root.yml @@ -3,11 +3,11 @@ name: Azure Static Web App Root on: push: branches: - - v1.3 + - v1.4 pull_request: types: [opened, synchronize, reopened, closed] branches: - - v1.3 + - v1.4 jobs: build_and_deploy_job: diff --git a/README.md b/README.md index 4cde96448..768ba03c4 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ The following branches are currently maintained: | Branch | Website | Description | |--------|---------|-------------| -| [v1.3](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. -| [v1.4](https://github.com/dapr/docs/tree/v1.4) (pre-release) | https://v1-4.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.4+ go here. +| [v1.4](https://github.com/dapr/docs) (primary) | https://docs.dapr.io | Latest Dapr release documentation. Typo fixes, clarifications, and most documentation goes here. +| [v1.5](https://github.com/dapr/docs/tree/v1.5) (pre-release) | https://v1-5.docs.dapr.io/ | Pre-release documentation. Doc updates that are only applicable to v1.5+ go here. For more information visit the [Dapr branch structure](https://docs.dapr.io/contributing/contributing-docs/#branch-guidance) document. diff --git a/daprdocs/config.toml b/daprdocs/config.toml index 540ab2b1d..079dcdf62 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -1,5 +1,5 @@ # Site Configuration -baseURL = "https://v1-4.docs.dapr.io/" +baseURL = "https://docs.dapr.io/" title = "Dapr Docs" theme = "docsy" disableFastRender = true @@ -152,17 +152,20 @@ github_subdir = "daprdocs" github_branch = "v1.4" # Versioning -version_menu = "v1.4 (preview)" +version_menu = "v1.4 (latest)" version = "v1.4" archived_version = false url_latest_version = "https://docs.dapr.io" [[params.versions]] - version = "v1.4 (preview)" + version = "v1.5 (preview)" + url = "https://v1-5.docs.dapr.io" +[[params.versions]] + version = "v1.4 (latest)" url = "#" [[params.versions]] - version = "v1.3 (latest)" - url = "https://docs.dapr.io" + version = "v1.3" + url = "https://v1-3.docs.dapr.io" [[params.versions]] version = "v1.2" url = "https://v1-2.docs.dapr.io" diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index d645165ce..e43cfad96 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -36,10 +36,11 @@ The table below shows the versions of Dapr releases that have been tested togeth | Apr 1st 2021 | 1.1.0
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | | Apr 6th 2021 | 1.1.1
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | | Apr 16th 2021 | 1.1.2
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| June 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| June 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| July 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | +| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | +| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 @@ -56,6 +57,7 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Thu, 9 Sep 2021 16:33:50 -0700 Subject: [PATCH 041/115] add alicloud tablestore docs --- .../supported-bindings/_index.md | 1 + .../supported-bindings/alicloudtablestore.md | 143 ++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md index 7dc236582..826ab3d77 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md @@ -50,6 +50,7 @@ Table captions: |------|:----------------:|:-----------------:|--------| ------ |----------| | [Alibaba Cloud DingTalk]({{< ref alicloud-dingtalk.md >}}) | ✅ | ✅ | Alpha | v1 | 1.2 | | [Alibaba Cloud OSS]({{< ref alicloudoss.md >}}) | | ✅ | Alpha | v1 | 1.0 | +| [Alibaba Cloud Tablestore]({{< ref alicloudtablestore.md >}}) | | ✅ | Alpha | v1 | 1.0 | ### Amazon Web Services (AWS) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md new file mode 100644 index 000000000..c5ff27752 --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md @@ -0,0 +1,143 @@ +--- +type: docs +title: "Alibaba Cloud Tablestore binding spec" +linkTitle: "Alibaba Cloud Tablestore" +description: "Detailed documentation on the Alibaba Tablestore binding component" +aliases: + - "/operations/components/setup-bindings/supported-bindings/alicloudtablestore/" +--- + +## Component format + +To setup an Alibaba Cloud Tablestore binding create a component of type `bindings.alicloud.tablestore`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components. + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: mytablestore + namespace: default +spec: + type: bindings.alicloud.tablestore + version: v1 + metadata: + - name: endpoint + value: "[endpoint]" + - name: accessKeyID + value: "[key-id]" + - name: accessKey + value: "[access-key]" + - name: instanceName + value: "[instance]" + - name: tableName + value: "[table]" + - name: endpoint + value: "[endpoint]" +``` + +{{% alert title="Warning" color="warning" %}} +The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). +{{% /alert %}} + +## Spec metadata fields + +| Field | Required | Binding support | Details | Example | +|---------------|----------|---------|---------|---------| +| `endpoint` | Y | Output | Alicloud Tablestore endpoint. | https://tablestore-cn-hangzhou.aliyuncs.com +| `accessKeyID` | Y | Output | Access key ID credential. | +| `accessKey` | Y | Output | Access key credential. | +| `instanceName` | Y | Output | Name of the instance. | +| `tableName` | Y | Output | Name of the table. | + +## Binding support + +This component supports **output binding** with the following operations: +- `create`: [Create object](#create-object) + + +### Create object + +To perform a create object operation, invoke the binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "create", + "data": "YOUR_CONTENT", + "metadata": { + "primaryKeys": "pk1" + } +} +``` + +{{% alert title="Note" color="primary" %}} +Note the `metadata.primaryKeys` field is mandatory. +{{% /alert %}} + +### Delete object + +To perform a delete object operation, invoke the binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "delete", + "metadata": { + "primaryKeys": "pk1", + "columnToGet": "name,age,date" + }, + "data": { + "pk1": "data1" + } +} +``` + +{{% alert title="Note" color="primary" %}} +Note the `metadata.primaryKeys` field is mandatory. +{{% /alert %} + +### List objects + +To perform a list objects operation, invoke the binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "delete", + "metadata": { + "primaryKeys": "pk1", + "columnToGet": "name,age,date" + }, + "data": { + "pk1": "data1", + "pk2": "data2" + } +} +``` + +{{% alert title="Note" color="primary" %}} +Note the `metadata.primaryKeys` field is mandatory. +{{% /alert %} + +### Get object + +To perform a get object operation, invoke the binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "delete", + "metadata": { + "primaryKeys": "pk1" + }, + "data": { + "pk1": "data1" + } +} +``` + +{{% alert title="Note" color="primary" %}} +Note the `metadata.primaryKeys` field is mandatory. +{{% /alert %} + +## Related links + +- [Bindings building block]({{< ref bindings >}}) +- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}}) +- [Bindings API reference]({{< ref bindings_api.md >}}) From a13da53ee52f4496699a794b87edef7a171edc77 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 9 Sep 2021 16:47:17 -0700 Subject: [PATCH 042/115] Add conditional in dapr-latest-version shortcode for short version of explicit version --- .../operations/hosting/kubernetes/kubernetes-upgrade.md | 8 ++++---- .../operations/hosting/self-hosted/self-hosted-upgrade.md | 4 ++-- daprdocs/layouts/shortcodes/dapr-latest-version.html | 6 +++++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md index af2f1365f..88ceda8e6 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md @@ -11,15 +11,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo - [Dapr CLI]({{< ref install-dapr-cli.md >}}) - [Helm 3](https://github.com/helm/helm/releases) (if using Helm) -## Upgrade existing cluster to {{% dapr-latest-version %}} +## Upgrade existing cluster to {{% dapr-latest-version %}}.0 There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. ### Dapr CLI -The example below shows how to upgrade to version {{% dapr-latest-version %}}: +The example below shows how to upgrade to version {{% dapr-latest-version %}}.0: ```bash - dapr upgrade -k --runtime-version={{% dapr-latest-version %}} + dapr upgrade -k --runtime-version={{% dapr-latest-version %}}.0 ``` You can provide all the available Helm chart configurations using the Dapr CLI. @@ -43,7 +43,7 @@ To resolve this issue please run the follow command to upgrade the CustomResourc kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/5a15b3e0f093d2d0938b12f144c7047474a290fe/charts/dapr/crds/configuration.yaml ``` -Then proceed with the `dapr upgrade --runtime-version {{% dapr-latest-version %}} -k` command as above. +Then proceed with the `dapr upgrade --runtime-version {{% dapr-latest-version %}}.0 -k` command as above. ### Helm diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md index 0cefbc82c..40cbdb44f 100644 --- a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md +++ b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md @@ -30,6 +30,6 @@ description: "Follow these steps to upgrade Dapr in self-hosted mode and ensure ```bash $ dapr --version - CLI version: {{% dapr-latest-version %}} - Runtime version: {{% dapr-latest-version %}} + CLI version: {{% dapr-latest-version version="short" %}} + Runtime version: {{% dapr-latest-version version="short" %}} ``` diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index e21e727f9..b734e4f5c 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1,5 @@ -1.4.0 \ No newline at end of file +{{ if .Get "version" }} +1.4 +{{ else }} +1.4.0 +{{ end }} \ No newline at end of file From 6ca2f74efb18f0a2c63cb30f533c86d8353d72d5 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Thu, 9 Sep 2021 17:18:55 -0700 Subject: [PATCH 043/115] adding to Upgrade paths in support-release-policy.md to reflect v1.4 --- .../content/en/operations/support/support-release-policy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index e43cfad96..f4e67b866 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -54,9 +54,12 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Thu, 9 Sep 2021 17:29:38 -0700 Subject: [PATCH 044/115] Added doc for common Azure auth layer --- .../cloud-providers/authenticating-azure.md | 349 ++++++++++++++++++ .../azure-keyvault-managed-identity.md | 167 --------- 2 files changed, 349 insertions(+), 167 deletions(-) create mode 100644 daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md delete mode 100644 daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md new file mode 100644 index 000000000..d6e8b4f8f --- /dev/null +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -0,0 +1,349 @@ +--- +type: docs +title: "Authenticating to Azure" +linkTitle: "Authenticating to Azure" +description: "How to authenticate Azure components using Azure AD and Managed Identities" +aliases: + - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/" + - "/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity/" +--- + +## Common Azure authentication layer + +Certain Azure components for Dapr offer support for the *common Azure authentication layer*, which enables applications to access data stored in Azure resources by authenticating with Azure AD. Thanks to this, administrators can leverage all the benefits of fine-tuned permissions with RBAC (Role-Based Access Control), and applications running on certain Azure services such as Azure VMs, Azure Kubernetes Service, or many Azure platform services can leverage [Managed Service Identities (MSI)](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview). + +Some Azure components offer alternative authentication methods, such as systems based on "master keys" or "shared keys". Whenever possible, we recommend authenticating your Dapr components using Azure AD for increased security and ease of management, as well as for the ability to leverage MSI if your app is running on supported Azure services. + +> Currently, only a subset of Azure components for Dapr offer support for this authentication method. Over time, we are planning to expand support to all other Azure components for Dapr. You can track the progress of the work, component-by-component, on [this issue](https://github.com/dapr/components-contrib/issues/1103). + +### About authentication with Azure AD + +Azure AD is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services. + +Azure AD is based on the OAuth 2.0 standard, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Key Vault, Cosmos DB, etc. In the Azure terminology, an application is also called a "Service Principal". + +Many of the services listed above also support authentication using other systems, such as "master keys" or "shared keys". Although those are always valid methods to authenticate your application (and Dapr continues to support them, as explained in each component's reference page), using Azure AD when possible offers various benefits, including: + +- The ability to leverage Managed Service Identities, which allow your application to authenticate with Azure AD, and obtain an access token to make requests to Azure services, without the need to use any credential. When your application is running on a supported Azure service (including, but not limited to, Azure VMs, Azure Kubernetes Service, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level. This way, your code does not have to deal with credentials of any kind, removing the challenge of safely managing credentials, allowing greater separation of concerns between development and operations teams and reducing the number of people with access to credentials, and lastly simplifying operational aspects–especially when multiple environments are used. +- Using RBAC (Role-Based Access Control) with supported services (such as Azure Storage and Cosmos DB), permissions given to an application can be fine-tuned, for example allowing restricting access to a subset of data or making it read-only. +- Better auditing for access. +- Ability to authenticate using certificates (optional). + +## Credentials + +To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your Dapr component (read the next section on how to create them). There are multiple options depending on the way you have chosen to pass the credentials to your Dapr service. + +**Authenticating using client credentials:** + +| Field | Required | Details | Example | +|---------------------|----------|--------------------------------------|----------------------------------------------| +| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | +| `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | +| `azureClientSecret` | Y | Client secret (application password) | `"Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"` | + +When running on Kubernetes, you can also use references to Kubernetes secrets for any or all of the values above. + +**Authenticating using a PFX certificate:** + +| Field | Required | Details | Example | +|--------|--------|--------|--------| +| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | +| `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | +| `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` | +| `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX file containing the certificate and private key | `"/path/to/file.pem"` | +| `azureCertificatePassword` | N | Password for the certificate if encrypted | `"password"` | + +When running on Kubernetes, you can also use references to Kubernetes secrets for any or all of the values above. + +**Authenticating with Managed Service Identities (MSI):** + +| Field | Required | Details | Example | +|-----------------|----------|----------------------------|------------------------------------------| +| `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | + +Using MSI you're not required to specify any value, although you may optionally pass `azureClientId` if needed. + +### Aliases + +For backwards-compatibility reasons, the following values in the metadata are supported as aliases, although their use is discouraged. + +| Metadata key | Aliases (supported but deprecated) | +|----------------------------|------------------------------------| +| `azureTenantId` | `spnTenantId`, `tenantId` | +| `azureClientId` | `spnClientId`, `clientId` | +| `azureClientSecret` | `spnClientSecret`, `clientSecret` | +| `azureCertificate` | `spnCertificate` | +| `azureCertificateFile` | `spnCertificateFile` | +| `azureCertificatePassword` | `spnCertificatePassword` | + +## Generating a new Azure AD application (Service Principal) + +To start, create a new Azure AD application which we'll use as Service Principal. The following lines require the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli), [jq](https://stedolan.github.io/jq/download/), and OpenSSL (included by default on all Linux and macOS systems), and are optimized for a bash or zsh shell. + +```sh +# Friendly name for the application / Service Principal +APP_NAME="dapr-application" + +# Create the app +APP_ID=$(az ad app create \ + --display-name $APP_NAME \ + --available-to-other-tenants false \ + --oauth2-allow-implicit-flow false \ + | jq -r .appId) +``` + +To create a **client secret**, then run this command. This will generate a random password based on the base64 charset and 40-characters long. Additionally, it will make the password valid for 2 years, before it will need to be rotated: + +```sh +az ad app credential reset \ + --id $APP_ID \ + --years 2 \ + --password $(openssl rand -base64 30) +``` + +The ouput of the command above will be similar to this: + +```json +{ + "appId": "c7dd251f-811f-4ba2-a905-acd4d3f8f08b", + "name": "c7dd251f-811f-4ba2-a905-acd4d3f8f08b", + "password": "Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E", + "tenant": "cd4b2887-304c-47e1-b4d5-65447fdd542b" +} +``` + +Take note of the values above, which you'll need to use in your Dapr components' metadata: + +- `appId` is the value for `azureClientId` +- `password` is the value for `azureClientSecret` (this was randomly-generated) +- `tenant` is the value for `azureTenantId` + +If you'd rather use a **PFX certificate**, instead of the command above run this one which will create a self-signed certificate: + +```sh +az ad app credential reset \ + --id $APP_ID \ + --create-cert +``` + +> Note: self-signed certificates are recommended for development only. For production, you should use certificates signed by a CA and imported with the `--cert` flag. + +The output of the command above should look like: + +```json +{ + "appId": "c7dd251f-811f-4ba2-a905-acd4d3f8f08b", + "fileWithCertAndPrivateKey": "/Users/alessandro/tmpgtdgibk4.pem", + "name": "c7dd251f-811f-4ba2-a905-acd4d3f8f08b", + "password": null, + "tenant": "cd4b2887-304c-47e1-b4d5-65447fdd542b" +} +``` + +Take note of the values above, which you'll need to use in your Dapr components' metadata: + +- `appId` is the value for `azureClientId` +- `tenant` is the value for `azureTenantId` +- The self-signed PFX certificate and private key are written in the file at the path specified in `fileWithCertAndPrivateKey`. + Use the contents of that file as `azureCertificate` (or write it to a file on the server and use `azureCertificateFile`) + +Note that the Service Principal we just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. + +> Note: this step is different from the [official documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) as the short-hand commands create a Service Principal that has broad read-write access to all Azure resources in your subscription. Not only this grants our application more access than you are likely going to desire, but this also applies only to the Azure management plane (Azure Resource Manager, or ARM), which is irrelevant for Dapr anyways (all Azure components are designed to interact with the data plane of various services, and not ARM). + +### Example usage in a Dapr component + +In this example, we're going to set up an Azure Key Vault secret store component that uses Azure AD to authenticate. + +{{< tabs "Self-Hosted" "Kubernetes">}} + +{{% codetab %}} + +To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory, filling in with the details from the above setup process: + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azurekeyvault + namespace: default +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureClientSecret + value : "[your_client_secret]" +``` + +If you want to use a **certificate** saved on the local disk, instead, use: + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azurekeyvault + namespace: default +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureCertificateFile + value : "[pfx_certificate_file_fully_qualified_local_path]" +``` +{{% /codetab %}} + +{{% codetab %}} +In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. + +To use a **client secret**: + +1. Create a Kubernetes secret using the following command: + + ```bash + kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[your_client_secret] + ``` + + - `[your_client_secret]` is the application's client secret as generated above + - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store + - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store + +2. Create an `azurekeyvault.yaml` component file. + + The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the client secret stored in the Kubernetes secret store. + + ```yaml + apiVersion: dapr.io/v1alpha1 + kind: Component + metadata: + name: azurekeyvault + namespace: default + spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureClientSecret + secretKeyRef: + name: "[your_k8s_secret_name]" + key: "[your_k8s_secret_key]" + auth: + secretStore: kubernetes + ``` + +3. Apply the `azurekeyvault.yaml` component: + + ```bash + kubectl apply -f azurekeyvault.yaml + ``` + +To use a **certificate**: + +1. Create a Kubernetes secret using the following command: + + ```bash + kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[pfx_certificate_file_fully_qualified_local_path] + ``` + + - `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX file you obtained earlier + - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store + - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store + +2. Create an `azurekeyvault.yaml` component file. + + The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the certificate stored in the Kubernetes secret store. + + ```yaml + apiVersion: dapr.io/v1alpha1 + kind: Component + metadata: + name: azurekeyvault + namespace: default + spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureCertificate + secretKeyRef: + name: "[your_k8s_secret_name]" + key: "[your_k8s_secret_key]" + auth: + secretStore: kubernetes + ``` + +3. Apply the `azurekeyvault.yaml` component: + + ```bash + kubectl apply -f azurekeyvault.yaml + ``` + +{{% /codetab %}} + +{{< /tabs >}} + +## Using Managed Service Identities + +Using MSI, authentication happens automatically by virtue of your application running on top of an Azure service that has an assigned identity. For example, when you create an Azure VM or an Azure Kubernetes Service cluster and choose to enable a managed identity for that, an Azure AD application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Azure AD, transparently and without you having to specify any credential. + +To get started with managed identities, first you need to assign an identity to a new or existing Azure resource. The instruction depend on the service use, and we'll link you to the official documentation for that: + +- [Azure Kubernetes Service (AKS)](https://docs.microsoft.com/azure/aks/use-managed-identity) +- [Azure App Service](https://docs.microsoft.com/azure/app-service/overview-managed-identity) (including Azure Web Apps and Azure Functions) +- [Azure Virtual Machines (VM)](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm) +- [Azure Virtual Machines Scale Sets (VMSS)](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vmss) +- [Azure Container Instance (ACI)](https://docs.microsoft.com/azure/container-instances/container-instances-managed-identity) + +Other Azure application services may offer support for MSI; please check the documentation for those services to understand how to configure them. + +After assigning a managed identity to your Azure resource, you will have credentials such as: + +```json +{ + "principalId": "", + "tenantId": "", + "type": "SystemAssigned", + "userAssignedIdentities": null +} +``` + +From the list above, `principalId` is the value that you can use to set the optional `azureClientId` value in the metadata. However, that is usually not necessary, unless you have more than one identity assigned to a resource and you need to specify the one to use. + +## Support for other Azure environments + +By default, Dapr components are configured to interact with Azure resources in the "public cloud". If your application is deployed to another cloud, such as Azure China, Azure Government, or Azure Germany, you can enable that for supported components by setting the `azureEnvironment` metadata property to one of the supported values: + +- Azure public cloud (default): `"AZUREPUBLICCLOUD"` +- Azure China: `"AZURECHINACLOUD"` +- Azure Government: `"AZUREUSGOVERNMENTCLOUD"` +- Azure Germany: `"AZUREGERMANCLOUD"` + +## References + +- [Azure AD app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential) +- [Azure Managed Service Identity (MSI) overview](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) +- [Secrets building block]({{< ref secrets >}}) +- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}}) +- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}}) +- [Secrets API reference]({{< ref secrets_api.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md deleted file mode 100644 index 55d4abd88..000000000 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -type: docs -title: "Azure Key Vault with Managed Identities on Kubernetes" -linkTitle: "Azure Key Vault w/ Managed Identity" -description: How to configure Azure Key Vault and Kubernetes to use Azure Managed Identities to access secrets -aliases: - - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/" ---- - -## Component format - -To setup Azure Key Vault secret store with Managed Identies create a component of type `secretstores.azure.keyvault`. See [this guide]({{< ref "setup-secret-store.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components. - -In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore. - -The component yaml uses the name of your key vault and the Client ID of the managed identity to setup the secret store. - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: azurekeyvault - namespace: default -spec: - type: secretstores.azure.keyvault - version: v1 - metadata: - - name: vaultName - value: [your_keyvault_name] - - name: spnClientId - value: [your_managed_identity_client_id] -``` - -{{% alert title="Warning" color="warning" %}} -The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage. -{{% /alert %}} - -## Spec metadata fields - -| Field | Required | Details | Example | -|--------------------|:--------:|-------------------------------------------------------------------------|---------------------| -| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` | -| spnClientId | Y | Your managed identity client Id | `"yourId"` | - -## Setup Managed Identity and Azure Key Vault - -### Prerequisites - -- [Azure Subscription](https://azure.microsoft.com/en-us/free/) -- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) - -### Steps - -1. Login to Azure and set the default subscription - - ```bash - # Log in Azure - az login - - # Set your subscription to the default subscription - az account set -s [your subscription id] - ``` - -2. Create an Azure Key Vault in a region - - ```bash - az keyvault create --location [region] --name [your keyvault] --resource-group [your resource group] - ``` - -3. Create the managed identity(Optional) - - This step is required only if the AKS Cluster is provisoned without the flag "--enable-managed-identity". If the cluster is provisioned with managed identity, than it is suggested to use the autogenerated managed identity that is associated to the Resource Group MC_*. - - ```bash - $identity = az identity create -g [your resource group] -n [your managed identity name] -o json | ConvertFrom-Json - ``` - - Below is the command to retrieve the managed identity in the autogenerated scenario: - - ```bash - az aks show -g -n - ``` - For more detail about the roles to assign to integrate AKS with Azure Services [Role Assignment](https://azure.github.io/aad-pod-identity/docs/getting-started/role-assignment/). - -4. Retrieve Managed Identity ID - - The two main scenario are: - - Service Principal, in this case the Resource Group is the one in which is deployed the AKS Service Cluster - - ```bash - $clientId= az aks show -g -n --query servicePrincipalProfile.clientId -otsv - ``` - - - Managed Identity, in this case the Resource Group is the one in which is deployed the AKS Service Cluster - - ```bash - $clientId= az aks show -g -n --query identityProfile.kubeletidentity.clientId -otsv - ``` - -5. Assign the Reader role to the managed identity - - For AKS cluster, the cluster resource group refers to the resource group with a MC_ prefix, which contains all of the infrastructure resources associated with the cluster like VM/VMSS. - - ```bash - az role assignment create --role "Reader" --assignee $clientId --scope /subscriptions/[your subscription id]/resourcegroups/[your resource group] - ``` - -6. Assign the Managed Identity Operator role to the AKS Service Principal - Refer to previous step about the Resource Group to use and which identity to assign - ```bash - az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/[your subscription id]/resourcegroups/[your resource group] - - az role assignment create --role "Virtual Machine Contributor" --assignee $clientId --scope /subscriptions/[your subscription id]/resourcegroups/[your resource group] - ``` - -7. Add a policy to the Key Vault so the managed identity can read secrets - - ```bash - az keyvault set-policy --name [your keyvault] --spn $clientId --secret-permissions get list - ``` - -8. Enable AAD Pod Identity on AKS - - ```bash - kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/deployment-rbac.yaml - - # For AKS clusters, deploy the MIC and AKS add-on exception by running - - kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/mic-exception.yaml - ``` - -9. Configure the Azure Identity and AzureIdentityBinding yaml - - Save the following yaml as azure-identity-config.yaml: - - ```yaml - apiVersion: "aadpodidentity.k8s.io/v1" - kind: AzureIdentity - metadata: - name: [your managed identity name] - spec: - type: 0 - resourceID: [your managed identity id] - clientID: [your managed identity Client ID] - --- - apiVersion: "aadpodidentity.k8s.io/v1" - kind: AzureIdentityBinding - metadata: - name: [your managed identity name]-identity-binding - spec: - azureIdentity: [your managed identity name] - selector: [your managed identity selector] - ``` - -10. Deploy the azure-identity-config.yaml: - - ```yaml - kubectl apply -f azure-identity-config.yaml - ``` - -## References -- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) -- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) -- [AAD Pod Identity](https://github.com/Azure/aad-pod-identity) -- [Secrets building block]({{< ref secrets >}}) -- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}}) -- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}}) -- [Secrets API reference]({{< ref secrets_api.md >}}) From 891d08cdc8e440a200c620d72e6d4abe6d078160 Mon Sep 17 00:00:00 2001 From: "Alessandro (Ale) Segala" <43508+ItalyPaleAle@users.noreply.github.com> Date: Thu, 9 Sep 2021 18:09:45 -0700 Subject: [PATCH 045/115] Updated the AKV document and fixed the Azure auth document --- .../cloud-providers/authenticating-azure.md | 56 +++- .../supported-secret-stores/azure-keyvault.md | 314 ++++++++++-------- 2 files changed, 229 insertions(+), 141 deletions(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index d6e8b4f8f..f938ba523 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -78,7 +78,26 @@ For backwards-compatibility reasons, the following values in the metadata are su ## Generating a new Azure AD application (Service Principal) -To start, create a new Azure AD application which we'll use as Service Principal. The following lines require the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli), [jq](https://stedolan.github.io/jq/download/), and OpenSSL (included by default on all Linux and macOS systems), and are optimized for a bash or zsh shell. +To start, create a new Azure AD application which we'll use as Service Principal. + +Prerequisites: + +- [Azure Subscription](https://azure.microsoft.com/free/) +- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) +- [jq](https://stedolan.github.io/jq/download/) +- OpenSSL (included by default on all Linux and macOS systems, as well as on WSL) +- The scripts below are optimized for a bash or zsh shell + +> If you haven't already, log in to Azure first using the Azure CLI: +> +> ```sh +> # Log in Azure +> az login +> # Set your default subscription +> az account set -s [your subscription id] +> ``` + +First, create the Azure AD application with: ```sh # Friendly name for the application / Service Principal @@ -92,6 +111,10 @@ APP_ID=$(az ad app create \ | jq -r .appId) ``` +{{< tabs "Client secret" "Certificate">}} + +{{% codetab %}} + To create a **client secret**, then run this command. This will generate a random password based on the base64 charset and 40-characters long. Additionally, it will make the password valid for 2 years, before it will need to be rotated: ```sh @@ -118,7 +141,10 @@ Take note of the values above, which you'll need to use in your Dapr components' - `password` is the value for `azureClientSecret` (this was randomly-generated) - `tenant` is the value for `azureTenantId` -If you'd rather use a **PFX certificate**, instead of the command above run this one which will create a self-signed certificate: +{{% /codetab %}} + +{{% codetab %}} +If you'd rather use a **PFX certificate**, run this command which will create a self-signed certificate: ```sh az ad app credential reset \ @@ -147,7 +173,31 @@ Take note of the values above, which you'll need to use in your Dapr components' - The self-signed PFX certificate and private key are written in the file at the path specified in `fileWithCertAndPrivateKey`. Use the contents of that file as `azureCertificate` (or write it to a file on the server and use `azureCertificateFile`) -Note that the Service Principal we just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. +{{% /codetab %}} + +{{< /tabs >}} + +Once you have created an Azure AD application, we need to create a Service Principal for that application, which will allow us to grant it access to Azure resources. Run: + +```sh +SERVICE_PRINCIPAL_ID=$(az ad sp create \ + --id $APP_ID \ + | jq -r .objectId) +echo "Service Principal ID: ${SERVICE_PRINCIPAL_ID}" +``` + +The output will be similar to: + +```text +Service Principal ID: 1d0ccf05-5427-4b5e-8eb4-005ac5f9f163 +``` + +Note that the value above is the ID of the **Service Principal** which is different from the ID of application in Azure AD (client ID)! The former is defined within an Azure tenant and is used to grant access to Azure resources to an application. The client ID instead is used by your application to authenticate. To sum things up: + +- You'll use the client ID in Dapr manifests to configure authentication with Azure services +- You'll use the Service Principal ID to grant permissions to an application to access Azure resources + +Keep in mind that the Service Principal we just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. > Note: this step is different from the [official documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) as the short-hand commands create a Service Principal that has broad read-write access to all Azure resources in your subscription. Not only this grants our application more access than you are likely going to desire, but this also applies only to the Azure management plane (Azure Resource Manager, or ARM), which is irrelevant for Dapr anyways (all Azure components are designed to interact with the data plane of various services, and not ARM). diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 08ac7192b..312ac9f3b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -7,10 +7,6 @@ aliases: - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault/" --- -{{% alert title="Note" color="primary" %}} -Azure Managed Identity can be used for Azure Key Vault access on Kubernetes. Instructions [here]({{< ref azure-keyvault-managed-identity.md >}}). -{{% /alert %}} - ## Component format To setup Azure Key Vault secret store create a component of type `secretstores.azure.keyvault`. See [this guide]({{< ref "setup-secret-store.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components. @@ -37,158 +33,91 @@ spec: - name: spnCertificateFile value : "[pfx_certificate_file_fully_qualified_local_path]" ``` + {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage. {{% /alert %}} -## Spec metadata fields +## Authenticating with Azure AD -### Self-Hosted +The Azure Key Vault secret store component supports authentication with Azure AD only. Before you enable this component, make sure you've read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document and created an Azure AD application (also called Service Principal). Alternatively, make sure you have created a managed identity for your application platform. + +## Spec metadata fields | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| vaultName | Y | The name of the Azure Key Vault. If you only provide a name, it will covert to `[your_keyvault_name].vault.azure.net` in Dapr. If your URL uses another suffix, please provide the entire URI, such as `test.vault.azure.cn`. | `"mykeyvault"`, `"mykeyvault.value.azure.cn"` -| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` -| spnClientId | Y | Service Principal App Id | `"spnAppId"` -| spnCertificateFile | Y | PFX certificate file path.

For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`.

For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`.

See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` +| `vaultName` | Y | The name of the Azure Key Vault | `"mykeyvault"` | +| `azureEnvironment` | N | Optional name for the Azure environment if using a different Azure cloud | `"AZUREPUBLICCLOUD"` (default value), `"AZURECHINACLOUD"`, `"AZUREUSGOVERNMENTCLOUD"`, `"AZUREGERMANCLOUD"` | +Additionally, you must provide the authentication fields as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. -### Kubernetes - -| Field | Required | Details | Example | -|----------------|:--------:|---------|---------| -| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` -| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` -| spnClientId | Y | Service Principal App Id | `"spnAppId"` -| spnCertificate | Y | PKCS 12 encoded bytes of the certificate. See [configure the component](#configure-the-component) for details on encoding this in a Kubernetes secret. | `secretKeyRef: ...`
See [configure the component](#configure-the-component) for more information. - - -## Setup Key Vault and service principal +## Create the Azure Key Vault and authorize the Service Principal ### Prerequisites -- [Azure Subscription](https://azure.microsoft.com/en-us/free/) -- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) +- [Azure Subscription](https://azure.microsoft.com/free/) +- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) +- [jq](https://stedolan.github.io/jq/download/) +- The scripts below are optimized for a bash or zsh shell + +Make sure you have followed the steps in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document to create an Azure AD application (also called Service Principal). You will need the following values: + +- `SERVICE_PRINCIPAL_ID`: the ID of the Service Principal that you created for a given application ### Steps -1. Login to Azure and set the default subscription +1. Set a variable with the Service Principal that you created: - ```bash - # Log in Azure - az login + ```sh + SERVICE_PRINCIPAL_ID="[your_service_principal_object_id]" + ``` - # Set your subscription to the default subscription - az account set -s [your subscription id] - ``` +1. Set a variable with the location where to create all resources: -2. Create an Azure Key Vault in a region + ```sh + LOCATION="[your_location]" + ``` - ```bash - az keyvault create --location [region] --name [your_keyvault] --resource-group [your resource group] - ``` + (You can get the full list of options with: `az account list-locations --output tsv`) -3. Create a service principal +1. Create a Resource Group, giving it any name you'd like: - Create a service principal with a new certificate and store the 1-year certificate inside your keyvault's certificate vault. You can skip this step if you want to use an existing service principal for keyvault instead of creating new one + ```sh + RG_NAME="[resource_group_name]" + RG_ID=$(az group create \ + --name $RG_NAME \ + --location $LOCATION \ + | jq -r .id) + ``` - ```bash - az ad sp create-for-rbac --name [your_service_principal_name] --create-cert --cert [certificate_name] --keyvault [your_keyvault] --skip-assignment --years 1 +1. Create an Azure Key Vault (that uses Azure RBAC for authorization): - { - "appId": "a4f90000-0000-0000-0000-00000011d000", - "displayName": "[your_service_principal_name]", - "name": "http://[your_service_principal_name]", - "password": null, - "tenant": "34f90000-0000-0000-0000-00000011d000" - } - ``` + ```sh + KEYVAULT_NAME="[key_vault_name]" + az keyvault create \ + --name $KEYVAULT_NAME \ + --enable-rbac-authorization true \ + --resource-group $RG_NAME \ + --location $LOCATION + ``` - **Save both the appId and tenant from the output which will be used in the next step** +1. Using RBAC, assign a role to the Azure AD application that we created so it can access the Key Vault. + In this case, we're assigning the "Key Vault Crypto Officer" role, which has broad access; other more restrictive roles can be used as well. -4. Get the Object Id for [your_service_principal_name] - - ```bash - az ad sp show --id [service_principal_app_id] - - { - ... - "objectId": "[your_service_principal_object_id]", - "objectType": "ServicePrincipal", - ... - } - ``` - -5. Grant the service principal the GET permission to your Azure Key Vault - - ```bash - az keyvault set-policy --name [your_keyvault] --object-id [your_service_principal_object_id] --secret-permissions get - ``` - - Now that your service principal has access to your keyvault you are ready to configure the secret store component to use secrets stored in your keyvault to access other components securely. - -6. Download the certificate in PFX format from your Azure Key Vault either using the Azure portal or the Azure CLI: - -- **Using the Azure portal:** - - Go to your key vault on the Azure portal and navigate to the *Certificates* tab under *Settings*. Find the certificate that was created during the service principal creation, named [certificate_name] and click on it. - - Click *Download in PFX/PEM format* to download the certificate. - -- **Using the Azure CLI:** - - ```bash - az keyvault secret download --vault-name [your_keyvault] --name [certificate_name] --encoding base64 --file [certificate_name].pfx - ``` + ```sh + az role assignment create \ + --assignee "${APP_ID}" \ + --role "Key Vault Crypto Officer" \ + --scope "${RG_ID}/providers/Microsoft.KeyVault/vaults/${KEYVAULT_NAME}" + ``` ## Configure the component {{< tabs "Self-Hosted" "Kubernetes">}} {{% codetab %}} -1. Copy downloaded PFX cert from your Azure Keyvault into your components directory or a secure location on your local disk -2. Create a file called `azurekeyvault.yaml` in the components directory - - ```yaml - apiVersion: dapr.io/v1alpha1 - kind: Component - metadata: - name: azurekeyvault - namespace: default - spec: - type: secretstores.azure.keyvault - version: v1 - metadata: - - name: vaultName - value: [your_keyvault_name] - - name: spnTenantId - value: "[your_service_principal_tenant_id]" - - name: spnClientId - value: "[your_service_principal_app_id]" - - name: spnCertificateFile - value : "[pfx_certificate_file_fully_qualified_local_path]" - ``` - -Fill in the metadata fields with your Key Vault details from the above setup process. -{{% /codetab %}} - -{{% codetab %}} -In Kubernetes, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore. - -1. Create a kubernetes secret using the following command: - - ```bash - kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[your_k8s_spn_secret_key]=[pfx_certificate_file_fully_qualified_local_path] - ``` - -- `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX cert file you downloaded above -- `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store -- `[your_k8s_spn_secret_key]` is secret key in Kubernetes secret store - -2. Create a `azurekeyvault.yaml` component file - -The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the certificate stored in Kubernetes secret store. +To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory, filling in with the details from the above setup process: ```yaml apiVersion: dapr.io/v1alpha1 @@ -201,32 +130,141 @@ spec: version: v1 metadata: - name: vaultName - value: [your_keyvault_name] - - name: spnTenantId - value: "[your_service_principal_tenant_id]" - - name: spnClientId - value: "[your_service_principal_app_id]" - - name: spnCertificate - secretKeyRef: - name: [your_k8s_spn_secret_name] - key: [your_k8s_spn_secret_key] -auth: - secretStore: kubernetes + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureClientSecret + value : "[your_client_secret]" ``` -3. Apply `azurekeyvault.yaml` component +If you want to use a **certificate** saved on the local disk, instead, use: -```bash -kubectl apply -f azurekeyvault.yaml +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azurekeyvault + namespace: default +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureCertificateFile + value : "[pfx_certificate_file_fully_qualified_local_path]" ``` {{% /codetab %}} +{{% codetab %}} +In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. + +To use a **client secret**: + +1. Create a Kubernetes secret using the following command: + + ```bash + kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[your_client_secret] + ``` + + - `[your_client_secret]` is the application's client secret as generated above + - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store + - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store + +2. Create an `azurekeyvault.yaml` component file. + + The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the client secret stored in the Kubernetes secret store. + + ```yaml + apiVersion: dapr.io/v1alpha1 + kind: Component + metadata: + name: azurekeyvault + namespace: default + spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureClientSecret + secretKeyRef: + name: "[your_k8s_secret_name]" + key: "[your_k8s_secret_key]" + auth: + secretStore: kubernetes + ``` + +3. Apply the `azurekeyvault.yaml` component: + + ```bash + kubectl apply -f azurekeyvault.yaml + ``` + +To use a **certificate**: + +1. Create a Kubernetes secret using the following command: + + ```bash + kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[pfx_certificate_file_fully_qualified_local_path] + ``` + + - `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX file you obtained earlier + - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store + - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store + +2. Create an `azurekeyvault.yaml` component file. + + The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the certificate stored in the Kubernetes secret store. + + ```yaml + apiVersion: dapr.io/v1alpha1 + kind: Component + metadata: + name: azurekeyvault + namespace: default + spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: "[your_keyvault_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureCertificate + secretKeyRef: + name: "[your_k8s_secret_name]" + key: "[your_k8s_secret_key]" + auth: + secretStore: kubernetes + ``` + +3. Apply the `azurekeyvault.yaml` component: + + ```bash + kubectl apply -f azurekeyvault.yaml + ``` + +{{% /codetab %}} + {{< /tabs >}} ## References +- [Authenticating to Azure]({{< ref authenticating-azure.md >}}) - [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) -- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) - [Secrets building block]({{< ref secrets >}}) - [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}}) - [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}}) From 38ea35a06998bed6f63cc9e2dbdc6c4a8602224a Mon Sep 17 00:00:00 2001 From: "Alessandro (Ale) Segala" <43508+ItalyPaleAle@users.noreply.github.com> Date: Thu, 9 Sep 2021 19:37:08 -0700 Subject: [PATCH 046/115] Updated per Christos' comments --- .../integrations/cloud-providers/authenticating-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index f938ba523..912b0d7b6 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -20,7 +20,7 @@ Some Azure components offer alternative authentication methods, such as systems Azure AD is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services. -Azure AD is based on the OAuth 2.0 standard, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Key Vault, Cosmos DB, etc. In the Azure terminology, an application is also called a "Service Principal". +Azure AD is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Key Vault, Cosmos DB, etc. In the Azure terminology, an application is also called a "Service Principal". Many of the services listed above also support authentication using other systems, such as "master keys" or "shared keys". Although those are always valid methods to authenticate your application (and Dapr continues to support them, as explained in each component's reference page), using Azure AD when possible offers various benefits, including: From 85feab4c85fb2ebde34b08e6f17ac8de0ab25c5f Mon Sep 17 00:00:00 2001 From: yaron2 Date: Thu, 9 Sep 2021 20:06:48 -0700 Subject: [PATCH 047/115] fix --- .../supported-bindings/alicloudtablestore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md index c5ff27752..2e50cca01 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md @@ -92,7 +92,7 @@ To perform a delete object operation, invoke the binding with a `POST` method an {{% alert title="Note" color="primary" %}} Note the `metadata.primaryKeys` field is mandatory. -{{% /alert %} +{{% /alert %}} ### List objects From eb3a125d10145ad4b2ad8fdd598fd93c12caee74 Mon Sep 17 00:00:00 2001 From: yaron2 Date: Fri, 10 Sep 2021 08:24:57 -0700 Subject: [PATCH 048/115] add unclosed shortcode brackets --- .../supported-bindings/alicloudtablestore.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md index 2e50cca01..754e1195c 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md @@ -114,7 +114,7 @@ To perform a list objects operation, invoke the binding with a `POST` method and {{% alert title="Note" color="primary" %}} Note the `metadata.primaryKeys` field is mandatory. -{{% /alert %} +{{% /alert %}} ### Get object @@ -134,7 +134,7 @@ To perform a get object operation, invoke the binding with a `POST` method and t {{% alert title="Note" color="primary" %}} Note the `metadata.primaryKeys` field is mandatory. -{{% /alert %} +{{% /alert %}} ## Related links From b7d1f4133fa3558218044f24f6a0cfda8282c9e2 Mon Sep 17 00:00:00 2001 From: yaron2 Date: Fri, 10 Sep 2021 08:54:08 -0700 Subject: [PATCH 049/115] add dynamodb clarification --- .../supported-state-stores/setup-dynamodb.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-dynamodb.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-dynamodb.md index 96fdcb07e..3379004dc 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-dynamodb.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-dynamodb.md @@ -39,6 +39,10 @@ spec: The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} +## Primary Key + +In order to use DynamoDB as a Dapr state store, the table must have a primary key named `key`. + ## Spec metadata fields | Field | Required | Details | Example | From 37242608a9116cdadccc12405895dd78efb800a9 Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Fri, 10 Sep 2021 08:55:43 -0700 Subject: [PATCH 050/115] Update _index.md --- .../reference/components-reference/supported-bindings/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md index 826ab3d77..50b314a16 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/_index.md @@ -50,7 +50,7 @@ Table captions: |------|:----------------:|:-----------------:|--------| ------ |----------| | [Alibaba Cloud DingTalk]({{< ref alicloud-dingtalk.md >}}) | ✅ | ✅ | Alpha | v1 | 1.2 | | [Alibaba Cloud OSS]({{< ref alicloudoss.md >}}) | | ✅ | Alpha | v1 | 1.0 | -| [Alibaba Cloud Tablestore]({{< ref alicloudtablestore.md >}}) | | ✅ | Alpha | v1 | 1.0 | +| [Alibaba Cloud Tablestore]({{< ref alicloudtablestore.md >}}) | | ✅ | Alpha | v1 | 1.4 | ### Amazon Web Services (AWS) From e14f93b3d30660a288c1dfe32c5e1a0a420af1a8 Mon Sep 17 00:00:00 2001 From: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Date: Fri, 10 Sep 2021 11:53:31 -0700 Subject: [PATCH 051/115] Improvements and fixes --- .../cloud-providers/authenticating-azure.md | 46 +++++++++++-------- .../supported-secret-stores/_index.md | 1 - .../supported-secret-stores/azure-keyvault.md | 31 +++++++------ 3 files changed, 43 insertions(+), 35 deletions(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index 912b0d7b6..b13dd7c86 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -2,7 +2,7 @@ type: docs title: "Authenticating to Azure" linkTitle: "Authenticating to Azure" -description: "How to authenticate Azure components using Azure AD and Managed Identities" +description: "How to authenticate Azure components using Azure AD and/or Managed Identities" aliases: - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/" - "/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity/" @@ -24,14 +24,15 @@ Azure AD is built on top of open standards such OAuth 2.0, which allows services Many of the services listed above also support authentication using other systems, such as "master keys" or "shared keys". Although those are always valid methods to authenticate your application (and Dapr continues to support them, as explained in each component's reference page), using Azure AD when possible offers various benefits, including: -- The ability to leverage Managed Service Identities, which allow your application to authenticate with Azure AD, and obtain an access token to make requests to Azure services, without the need to use any credential. When your application is running on a supported Azure service (including, but not limited to, Azure VMs, Azure Kubernetes Service, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level. This way, your code does not have to deal with credentials of any kind, removing the challenge of safely managing credentials, allowing greater separation of concerns between development and operations teams and reducing the number of people with access to credentials, and lastly simplifying operational aspects–especially when multiple environments are used. +- The ability to leverage Managed Service Identities, which allow your application to authenticate with Azure AD, and obtain an access token to make requests to Azure services, without the need to use any credential. When your application is running on a supported Azure service (including, but not limited to, Azure VMs, Azure Kubernetes Service, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level. + This way, your code does not have to deal with credentials of any kind, removing the challenge of safely managing credentials, allowing greater separation of concerns between development and operations teams and reducing the number of people with access to credentials, and lastly simplifying operational aspects–especially when multiple environments are used. - Using RBAC (Role-Based Access Control) with supported services (such as Azure Storage and Cosmos DB), permissions given to an application can be fine-tuned, for example allowing restricting access to a subset of data or making it read-only. - Better auditing for access. - Ability to authenticate using certificates (optional). -## Credentials +## Credentials metadata fields -To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your Dapr component (read the next section on how to create them). There are multiple options depending on the way you have chosen to pass the credentials to your Dapr service. +To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your Dapr component (read the next section for how to create them). There are multiple options depending on the way you have chosen to pass the credentials to your Dapr service. **Authenticating using client credentials:** @@ -49,8 +50,8 @@ When running on Kubernetes, you can also use references to Kubernetes secrets fo |--------|--------|--------|--------| | `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | | `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | -| `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` | -| `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX file containing the certificate and private key | `"/path/to/file.pem"` | +| `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key (in PFX/PKCS#12 format) | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` | +| `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX/PKCS#12 file containing the certificate and private key | `"/path/to/file.pem"` | | `azureCertificatePassword` | N | Password for the certificate if encrypted | `"password"` | When running on Kubernetes, you can also use references to Kubernetes secrets for any or all of the values above. @@ -76,9 +77,9 @@ For backwards-compatibility reasons, the following values in the metadata are su | `azureCertificateFile` | `spnCertificateFile` | | `azureCertificatePassword` | `spnCertificatePassword` | -## Generating a new Azure AD application (Service Principal) +## Generating a new Azure AD application and Service Principal -To start, create a new Azure AD application which we'll use as Service Principal. +To start, create a new Azure AD application which we'll use as Service Principal too. Prerequisites: @@ -88,7 +89,7 @@ Prerequisites: - OpenSSL (included by default on all Linux and macOS systems, as well as on WSL) - The scripts below are optimized for a bash or zsh shell -> If you haven't already, log in to Azure first using the Azure CLI: +> If you haven't already, start by logging in to Azure using the Azure CLI: > > ```sh > # Log in Azure @@ -97,6 +98,8 @@ Prerequisites: > az account set -s [your subscription id] > ``` +### Creating an Azure AD application + First, create the Azure AD application with: ```sh @@ -105,7 +108,7 @@ APP_NAME="dapr-application" # Create the app APP_ID=$(az ad app create \ - --display-name $APP_NAME \ + --display-name "${APP_NAME}" \ --available-to-other-tenants false \ --oauth2-allow-implicit-flow false \ | jq -r .appId) @@ -119,7 +122,7 @@ To create a **client secret**, then run this command. This will generate a rando ```sh az ad app credential reset \ - --id $APP_ID \ + --id "${APP_ID}" \ --years 2 \ --password $(openssl rand -base64 30) ``` @@ -135,7 +138,7 @@ The ouput of the command above will be similar to this: } ``` -Take note of the values above, which you'll need to use in your Dapr components' metadata: +Take note of the values above, which you'll need to use in your Dapr components' metadata, to allow Dapr to authenticate with Azure: - `appId` is the value for `azureClientId` - `password` is the value for `azureClientSecret` (this was randomly-generated) @@ -144,11 +147,11 @@ Take note of the values above, which you'll need to use in your Dapr components' {{% /codetab %}} {{% codetab %}} -If you'd rather use a **PFX certificate**, run this command which will create a self-signed certificate: +If you'd rather use a **PFX (PKCS#12) certificate**, run this command which will create a self-signed certificate: ```sh az ad app credential reset \ - --id $APP_ID \ + --id "${APP_ID}" \ --create-cert ``` @@ -173,15 +176,19 @@ Take note of the values above, which you'll need to use in your Dapr components' - The self-signed PFX certificate and private key are written in the file at the path specified in `fileWithCertAndPrivateKey`. Use the contents of that file as `azureCertificate` (or write it to a file on the server and use `azureCertificateFile`) +> While the generated file has the `.pem` extension, it contains a certificate and private key encoded as PFX (PKCS#12). + {{% /codetab %}} {{< /tabs >}} +### Creating a Service Principal + Once you have created an Azure AD application, we need to create a Service Principal for that application, which will allow us to grant it access to Azure resources. Run: ```sh SERVICE_PRINCIPAL_ID=$(az ad sp create \ - --id $APP_ID \ + --id "${APP_ID}" \ | jq -r .objectId) echo "Service Principal ID: ${SERVICE_PRINCIPAL_ID}" ``` @@ -199,7 +206,8 @@ Note that the value above is the ID of the **Service Principal** which is differ Keep in mind that the Service Principal we just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. -> Note: this step is different from the [official documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) as the short-hand commands create a Service Principal that has broad read-write access to all Azure resources in your subscription. Not only this grants our application more access than you are likely going to desire, but this also applies only to the Azure management plane (Azure Resource Manager, or ARM), which is irrelevant for Dapr anyways (all Azure components are designed to interact with the data plane of various services, and not ARM). +> Note: this step is different from the [official documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) as the short-hand commands included there create a Service Principal that has broad read-write access to all Azure resources in your subscription. +> Not only doing that would grant our Service Principal more access than you are likely going to desire, but this also applies only to the Azure management plane (Azure Resource Manager, or ARM), which is irrelevant for Dapr anyways (all Azure components are designed to interact with the data plane of various services, and not ARM). ### Example usage in a Dapr component @@ -262,7 +270,7 @@ To use a **client secret**: 1. Create a Kubernetes secret using the following command: ```bash - kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[your_client_secret] + kubectl create secret generic [your_k8s_secret_name] --from-literal=[your_k8s_secret_key]=[your_client_secret] ``` - `[your_client_secret]` is the application's client secret as generated above @@ -311,7 +319,7 @@ To use a **certificate**: kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[pfx_certificate_file_fully_qualified_local_path] ``` - - `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX file you obtained earlier + - `[pfx_certificate_file_fully_qualified_local_path]` is the path to the PFX file you obtained earlier - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store @@ -378,7 +386,7 @@ After assigning a managed identity to your Azure resource, you will have credent } ``` -From the list above, `principalId` is the value that you can use to set the optional `azureClientId` value in the metadata. However, that is usually not necessary, unless you have more than one identity assigned to a resource and you need to specify the one to use. +From the list above, take note of **`principalId`** which is the ID of the Service Principal that was created. You'll need that to grant access to Azure resources to your Service Principal. ## Support for other Azure environments diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/_index.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/_index.md index 6b141f100..1636dcd3f 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/_index.md @@ -45,5 +45,4 @@ Table captions: | Name | Status | Component version | Since | |---------------------------------------------------------------------------------------|--------| ---- |--------------| -| [Azure Key Vault w/ Managed Identity]({{< ref azure-keyvault-managed-identity.md >}}) | Alpha | v1 | 1.0 | | [Azure Key Vault]({{< ref azure-keyvault.md >}}) | GA | v1 | 1.0 | diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 312ac9f3b..6a7b669f2 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -72,7 +72,7 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a SERVICE_PRINCIPAL_ID="[your_service_principal_object_id]" ``` -1. Set a variable with the location where to create all resources: +2. Set a variable with the location where to create all resources: ```sh LOCATION="[your_location]" @@ -80,29 +80,29 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a (You can get the full list of options with: `az account list-locations --output tsv`) -1. Create a Resource Group, giving it any name you'd like: +3. Create a Resource Group, giving it any name you'd like: ```sh RG_NAME="[resource_group_name]" RG_ID=$(az group create \ - --name $RG_NAME \ - --location $LOCATION \ + --name "${RG_NAME}" \ + --location "${LOCATION}" \ | jq -r .id) ``` -1. Create an Azure Key Vault (that uses Azure RBAC for authorization): +4. Create an Azure Key Vault (that uses Azure RBAC for authorization): ```sh KEYVAULT_NAME="[key_vault_name]" az keyvault create \ - --name $KEYVAULT_NAME \ + --name "${KEYVAULT_NAME}" \ --enable-rbac-authorization true \ - --resource-group $RG_NAME \ - --location $LOCATION + --resource-group "${RG_NAME}" \ + --location "${LOCATION}" ``` -1. Using RBAC, assign a role to the Azure AD application that we created so it can access the Key Vault. - In this case, we're assigning the "Key Vault Crypto Officer" role, which has broad access; other more restrictive roles can be used as well. +5. Using RBAC, assign a role to the Azure AD application that we created so it can access the Key Vault. + In this case, we're assigning the "Key Vault Crypto Officer" role, which has broad access; other more restrictive roles can be used as well, depending on your application. ```sh az role assignment create \ @@ -117,7 +117,7 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a {{% codetab %}} -To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory, filling in with the details from the above setup process: +To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory, filling in with the Azure AD application that you created following the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document: ```yaml apiVersion: dapr.io/v1alpha1 @@ -139,7 +139,7 @@ spec: value : "[your_client_secret]" ``` -If you want to use a **certificate** saved on the local disk, instead, use: +If you want to use a **certificate** saved on the local disk, instead, use this template, filling in with details of the Azure AD application that you created following the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document: ```yaml apiVersion: dapr.io/v1alpha1 @@ -163,20 +163,21 @@ spec: {{% /codetab %}} {{% codetab %}} -In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. +In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. You will need the details of the Azure AD application that was created following the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. To use a **client secret**: 1. Create a Kubernetes secret using the following command: ```bash - kubectl create secret generic [your_k8s_secret_name] --from-file=[your_k8s_secret_key]=[your_client_secret] + kubectl create secret generic [your_k8s_secret_name] --from-literal=[your_k8s_secret_key]=[your_client_secret] ``` - `[your_client_secret]` is the application's client secret as generated above - `[your_k8s_secret_name]` is secret name in the Kubernetes secret store - `[your_k8s_secret_key]` is secret key in the Kubernetes secret store + 2. Create an `azurekeyvault.yaml` component file. The component yaml refers to the Kubernetes secretstore using `auth` property and `secretKeyRef` refers to the client secret stored in the Kubernetes secret store. @@ -264,7 +265,7 @@ To use a **certificate**: ## References - [Authenticating to Azure]({{< ref authenticating-azure.md >}}) -- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) +- [Azure CLI: keyvault commands](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) - [Secrets building block]({{< ref secrets >}}) - [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}}) - [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}}) From 57af58d496f811bffee85636a31a6ad8371b0f67 Mon Sep 17 00:00:00 2001 From: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Date: Fri, 10 Sep 2021 12:22:50 -0700 Subject: [PATCH 052/115] Updated the Azure Blob Storage state store doc --- .../supported-secret-stores/azure-keyvault.md | 2 +- .../setup-azure-blobstorage.md | 96 +++++++++++++++---- 2 files changed, 81 insertions(+), 17 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 6a7b669f2..4b8f8f1c0 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -106,7 +106,7 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a ```sh az role assignment create \ - --assignee "${APP_ID}" \ + --assignee "${SERVICE_PRINCIPAL_ID}" \ --role "Key Vault Crypto Officer" \ --scope "${RG_ID}/providers/Microsoft.KeyVault/vaults/${KEYVAULT_NAME}" ``` diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md index ce5d6aba3..5d479bc07 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md @@ -9,8 +9,7 @@ aliases: ## Component format -To setup Azure Blobstorage state store create a component of type `state.azure.blobstorage`. See [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to create and apply a state store configuration. - +To setup the Azure Blob Storage state store create a component of type `state.azure.blobstorage`. See [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to create and apply a state store configuration. ```yaml apiVersion: dapr.io/v1alpha1 @@ -23,42 +22,105 @@ spec: version: v1 metadata: - name: accountName - value: + value: "[your_account_name]" - name: accountKey - value: + value: "[your_account_key]" - name: containerName - value: + value: "[your_container_name]" ``` {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} - ## Spec metadata fields | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| | accountName | Y | The storage account name | `"mystorageaccount"`. -| accountKey | Y | Primary or secondary storage key | `"key"` +| accountKey | Y (unless using Azure AD) | Primary or secondary storage key | `"key"` | containerName | Y | The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist | `"container"` -| ContentType | N | The blob’s content type | `"text/plain"` +| `azureEnvironment` | N | Optional name for the Azure environment if using a different Azure cloud | `"AZUREPUBLICCLOUD"` (default value), `"AZURECHINACLOUD"`, `"AZUREUSGOVERNMENTCLOUD"`, `"AZUREGERMANCLOUD"` +| ContentType | N | The blob's content type | `"text/plain"` | ContentMD5 | N | The blob's MD5 hash | `"vZGKbMRDAnMs4BIwlXaRvQ=="` | ContentEncoding | N | The blob's content encoding | `"UTF-8"` | ContentLanguage | N | The blob's content language | `"en-us"` | ContentDisposition | N | The blob's content disposition. Conveys additional information about how to process the response payload | `"attachment"` | CacheControl | N | The blob's cache control | `"no-cache"` -## Setup Azure Blobstorage +## Setup Azure Blob Storage [Follow the instructions](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal) from the Azure documentation on how to create an Azure Storage Account. -If you wish to create a container for Dapr to use, you can do so beforehand. However, Blob Storage state provider will create one for you automatically if it doesn't exist. +If you wish to create a container for Dapr to use, you can do so beforehand. However, the Blob Storage state provider will create one for you automatically if it doesn't exist. In order to setup Azure Blob Storage as a state store, you will need the following properties: -- **AccountName**: The storage account name. For example: **mystorageaccount**. -- **AccountKey**: Primary or secondary storage key. -- **ContainerName**: The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist. + +- **accountName**: The storage account name. For example: **mystorageaccount**. +- **accountKey**: Primary or secondary storage account key. +- **containerName**: The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist. + +### Authenticating with Azure AD + +This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, we recommend using Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. + +> The following scripts are optimized for a bash or zsh shell and require the following apps installed: +> +> - [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) +> - [jq](https://stedolan.github.io/jq/download/) +> +> You must also be authenticated with Azure in your Azure CLI. + +1. To get started with using Azure AD for authenticating the Blob Storage state store component, make sure you've created an Azure AD application and a Service Principal as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. + Once done, set a variable with the ID of the Service Principal that you created: + + ```sh + SERVICE_PRINCIPAL_ID="[your_service_principal_object_id]" + ``` + +2. Set the following variables with the name of your Azure Storage Account and the name of the Resource Group where it's located: + + ```sh + STORAGE_ACCOUNT_NAME="[your_storage_account_name]" + RG_NAME="[your_resource_group_name]" + ``` + +3. Using RBAC, assign a role to our Service Principal so it can access data inside the Storage Account. + In this case, we're assigning the "Storage blob Data Contributor" role, which has broad access; other more restrictive roles can be used as well, depending on your application. + + ```sh + RG_ID=$(az group show --resource-group ${RG_NAME} | jq -r ".id") + az role assignment create \ + --assignee "${SERVICE_PRINCIPAL_ID}" \ + --role "Storage blob Data Contributor" \ + --scope "${RG_ID}/providers/Microsoft.Storage/storageAccounts/${STORAGE_ACCOUNT_NAME}" + ``` + +When authenticating your component using Azure AD, the `accountKey` field is not required. Instead, please specify the required credentials in the component's metadata (if any) according to the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. + +For example: + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: + namespace: +spec: + type: state.azure.blobstorage + version: v1 + metadata: + - name: accountName + value: "[your_account_name]" + - name: containerName + value: "[your_container_name]" + - name: azureTenantId + value: "[your_tenant_id]" + - name: azureClientId + value: "[your_client_id]" + - name: azureClientSecret + value : "[your_client_secret]" +``` ## Apply the configuration @@ -66,16 +128,17 @@ In order to setup Azure Blob Storage as a state store, you will need the followi To apply Azure Blob Storage state store to Kubernetes, use the `kubectl` CLI: -``` +```sh kubectl apply -f azureblob.yaml ``` + ### Running locally To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`. This state store creates a blob file in the container and puts raw state inside it. -For example, the following operation coming from service called `myservice` +For example, the following operation coming from service called `myservice`: ```shell curl -X POST http://localhost:3500/v1.0/state \ @@ -88,13 +151,14 @@ curl -X POST http://localhost:3500/v1.0/state \ ]' ``` -creates the blob file in the containter with `key` as filename and `value` as the contents of file. +This creates the blob file in the container with `key` as filename and `value` as the contents of file. ## Concurrency Azure Blob Storage state concurrency is achieved by using `ETag`s according to [the Azure Blob Storage documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-concurrency#managing-concurrency-in-blob-storage). ## Related links + - [Basic schema for a Dapr component]({{< ref component-schema >}}) - Read [this guide]({{< ref "howto-get-save-state.md#step-2-save-and-retrieve-a-single-state" >}}) for instructions on configuring state store components - [State management building block]({{< ref state-management >}}) From b177460193ecae3adc894afee44501ce4a4af409 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Fri, 10 Sep 2021 13:37:26 -0700 Subject: [PATCH 053/115] Be explicit in dapr version short code and ignore quickstart links from validation --- .../content/en/getting-started/install-dapr-selfhost.md | 4 ++-- daprdocs/content/en/getting-started/quickstarts.md | 2 ++ .../operations/hosting/kubernetes/kubernetes-upgrade.md | 8 ++++---- .../operations/hosting/self-hosted/self-hosted-upgrade.md | 6 +++--- daprdocs/layouts/shortcodes/dapr-latest-version.html | 6 +----- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/daprdocs/content/en/getting-started/install-dapr-selfhost.md b/daprdocs/content/en/getting-started/install-dapr-selfhost.md index 5e7e12963..984570f35 100644 --- a/daprdocs/content/en/getting-started/install-dapr-selfhost.md +++ b/daprdocs/content/en/getting-started/install-dapr-selfhost.md @@ -52,8 +52,8 @@ dapr --version Output should look like this: ``` -CLI version: {{% dapr-latest-version %}} -Runtime version: {{% dapr-latest-version %}} +CLI version: {{% dapr-latest-version long="true" %}} +Runtime version: {{% dapr-latest-version long="true" %}} ``` ### Step 4: Verify containers are running diff --git a/daprdocs/content/en/getting-started/quickstarts.md b/daprdocs/content/en/getting-started/quickstarts.md index cbe97a13b..4ec85b52e 100644 --- a/daprdocs/content/en/getting-started/quickstarts.md +++ b/daprdocs/content/en/getting-started/quickstarts.md @@ -15,6 +15,7 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co ## Quickstarts + | Quickstart | Description | |--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | @@ -25,3 +26,4 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co | [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | | [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | | [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | + \ No newline at end of file diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md index 88ceda8e6..f4697792d 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md @@ -11,15 +11,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo - [Dapr CLI]({{< ref install-dapr-cli.md >}}) - [Helm 3](https://github.com/helm/helm/releases) (if using Helm) -## Upgrade existing cluster to {{% dapr-latest-version %}}.0 +## Upgrade existing cluster to {{% dapr-latest-version long="true" %}} There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. ### Dapr CLI -The example below shows how to upgrade to version {{% dapr-latest-version %}}.0: +The example below shows how to upgrade to version {{% dapr-latest-version long="true" %}}: ```bash - dapr upgrade -k --runtime-version={{% dapr-latest-version %}}.0 + dapr upgrade -k --runtime-version={{% dapr-latest-version long="true" %}} ``` You can provide all the available Helm chart configurations using the Dapr CLI. @@ -43,7 +43,7 @@ To resolve this issue please run the follow command to upgrade the CustomResourc kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/5a15b3e0f093d2d0938b12f144c7047474a290fe/charts/dapr/crds/configuration.yaml ``` -Then proceed with the `dapr upgrade --runtime-version {{% dapr-latest-version %}}.0 -k` command as above. +Then proceed with the `dapr upgrade --runtime-version {{% dapr-latest-version long="true" %}} -k` command as above. ### Helm diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md index 40cbdb44f..f3b33d1de 100644 --- a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md +++ b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-upgrade.md @@ -25,11 +25,11 @@ description: "Follow these steps to upgrade Dapr in self-hosted mode and ensure dapr init ``` -1. Ensure you are using the latest version of Dapr (v{{% dapr-latest-version %}})) with: +1. Ensure you are using the latest version of Dapr (v{{% dapr-latest-version long="true" %}})) with: ```bash $ dapr --version - CLI version: {{% dapr-latest-version version="short" %}} - Runtime version: {{% dapr-latest-version version="short" %}} + CLI version: {{% dapr-latest-version short="true" %}} + Runtime version: {{% dapr-latest-version short="true" %}} ``` diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index b734e4f5c..ad7bebee8 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1,5 +1 @@ -{{ if .Get "version" }} -1.4 -{{ else }} -1.4.0 -{{ end }} \ No newline at end of file +{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.0{{ else }}1.4.0{{ end }} \ No newline at end of file From 670bc44cdaa82d1bbb13465bfd8b2600fa7c19bb Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Fri, 10 Sep 2021 13:51:00 -0700 Subject: [PATCH 054/115] Ignore quickstart links in validation of links --- .../content/en/getting-started/quickstarts.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/daprdocs/content/en/getting-started/quickstarts.md b/daprdocs/content/en/getting-started/quickstarts.md index 4ec85b52e..c04fea56d 100644 --- a/daprdocs/content/en/getting-started/quickstarts.md +++ b/daprdocs/content/en/getting-started/quickstarts.md @@ -15,15 +15,14 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co ## Quickstarts - | Quickstart | Description | |--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | -| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | -| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | -| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | -| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | -| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | -| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | -| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | - \ No newline at end of file + +| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | +| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | +| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | +| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | +| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | +| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | +| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | +| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | From d82eed69a0534cf4a53c373f1a104b11e8583f24 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Mon, 13 Sep 2021 10:00:33 -0700 Subject: [PATCH 055/115] updated version numbers in support-release-policy.md --- .../content/en/operations/support/support-release-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index f4e67b866..31bdde514 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -40,7 +40,7 @@ The table below shows the versions of Dapr releases that have been tested togeth | Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | | Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | | Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | -| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | +| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.3.0 | 0.8.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 From d3c5caf8641432351c85b63b0d18fa3b8e28597d Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Mon, 13 Sep 2021 11:25:57 -0700 Subject: [PATCH 056/115] Update python example for gRPC proxy --- .../service-invocation/howto-invoke-services-grpc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md index 3c3ffb7ec..21e1aae3e 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md @@ -170,7 +170,7 @@ var call = client.SayHello(new HelloRequest { Name = "Darth Nihilus" }, metadata {{% codetab %}} ```python -metadata = (('dapr-app-id', 'server')) +metadata = (('dapr-app-id', 'server'),) response = stub.SayHello(request={ name: 'Darth Revan' }, metadata=metadata) ``` {{% /codetab %}} From e8dcb23b1fbac1e8b963d51d46aaaf09406e1bad Mon Sep 17 00:00:00 2001 From: Vishesh Agarwal Date: Mon, 13 Sep 2021 17:24:02 -0700 Subject: [PATCH 057/115] Minor spelling error --- .../en/operations/configuration/control-concurrency.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/control-concurrency.md b/daprdocs/content/en/operations/configuration/control-concurrency.md index ed16bdac3..a53d9d3f1 100644 --- a/daprdocs/content/en/operations/configuration/control-concurrency.md +++ b/daprdocs/content/en/operations/configuration/control-concurrency.md @@ -9,7 +9,7 @@ description: "Control how many requests and events will invoke your application A common scenario in distributed computing is to only allow for a given number of requests to execute concurrently. Using Dapr, you can control how many requests and events will invoke your application simultaneously. -*Note that this rate limiing is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* +*Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* *Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). * @@ -61,4 +61,4 @@ To set app-max-concurrency with the Dapr CLI for running on your local dev machi dapr run --app-max-concurrency 1 --app-port 5000 python ./app.py ``` -The above examples will effectively turn your app into a single concurrent service. \ No newline at end of file +The above examples will effectively turn your app into a single concurrent service. From 5ab1e618cae45bcb854bf079bd82ce2455848eec Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 14 Sep 2021 09:46:14 -0700 Subject: [PATCH 058/115] Update quickstart versions to v1.4.0 manually --- .../content/en/getting-started/quickstarts.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/daprdocs/content/en/getting-started/quickstarts.md b/daprdocs/content/en/getting-started/quickstarts.md index c04fea56d..bfb892117 100644 --- a/daprdocs/content/en/getting-started/quickstarts.md +++ b/daprdocs/content/en/getting-started/quickstarts.md @@ -17,12 +17,12 @@ The [Dapr Quickstarts](https://github.com/dapr/quickstarts/tree/v1.0.0) are a co | Quickstart | Description | |--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Hello World](https://github.com/dapr/quickstarts/tree/v1.4.0/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | +| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v1.4.0/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | +| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v1.4.0/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | +| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v1.4.0/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | +| [Bindings](https://github.com/dapr/quickstarts/tree/v1.4.0/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | +| [Middleware](https://github.com/dapr/quickstarts/tree/v1.4.0/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | +| [Observability](https://github.com/dapr/quickstarts/tree/v1.4.0/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | +| [Secret Store](https://github.com/dapr/quickstarts/tree/v1.4.0/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | -| [Hello World](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-world) | Demonstrates how to run Dapr locally. Highlights service invocation and state management. | -| [Hello Kubernetes](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/hello-kubernetes) | Demonstrates how to run Dapr in Kubernetes. Highlights service invocation and state management. | -| [Distributed Calculator](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/distributed-calculator) | Demonstrates a distributed calculator application that uses Dapr services to power a React web app. Highlights polyglot (multi-language) programming, service invocation and state management. | -| [Pub/Sub](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/pub-sub) | Demonstrates how to use Dapr to enable pub-sub applications. Uses Redis as a pub-sub component. | -| [Bindings](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/bindings) | Demonstrates how to use Dapr to create input and output bindings to other components. Uses bindings to Kafka. | -| [Middleware](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/middleware) | Demonstrates use of Dapr middleware to enable OAuth 2.0 authorization. | -| [Observability](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/observability) | Demonstrates Dapr tracing capabilities. Uses Zipkin as a tracing component. | -| [Secret Store](https://github.com/dapr/quickstarts/tree/v{{% dapr-latest-version %}}/secretstore) | Demonstrates the use of Dapr Secrets API to access secret stores. | From 663cc421842ccbebfa64d4d67c48917f0dfa1c56 Mon Sep 17 00:00:00 2001 From: "Alessandro (Ale) Segala" <43508+ItalyPaleAle@users.noreply.github.com> Date: Tue, 14 Sep 2021 11:07:13 -0700 Subject: [PATCH 059/115] Update daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md Co-authored-by: greenie-msft <56556602+greenie-msft@users.noreply.github.com> --- .../integrations/cloud-providers/authenticating-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index b13dd7c86..95698f095 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -14,7 +14,7 @@ Certain Azure components for Dapr offer support for the *common Azure authentica Some Azure components offer alternative authentication methods, such as systems based on "master keys" or "shared keys". Whenever possible, we recommend authenticating your Dapr components using Azure AD for increased security and ease of management, as well as for the ability to leverage MSI if your app is running on supported Azure services. -> Currently, only a subset of Azure components for Dapr offer support for this authentication method. Over time, we are planning to expand support to all other Azure components for Dapr. You can track the progress of the work, component-by-component, on [this issue](https://github.com/dapr/components-contrib/issues/1103). +> Currently, only a subset of Azure components for Dapr offer support for this authentication method. Over time, support will be expanded to all other Azure components for Dapr. You can track the progress of the work, component-by-component, on [this issue](https://github.com/dapr/components-contrib/issues/1103). ### About authentication with Azure AD From f729deba467e215df5c46de483e4fe43506a65a3 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 14 Sep 2021 11:17:12 -0700 Subject: [PATCH 060/115] update version number for .NET SDK --- .../content/en/operations/support/support-release-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index 31bdde514..cde97eeeb 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -40,7 +40,7 @@ The table below shows the versions of Dapr releases that have been tested togeth | Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | | Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | | Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | -| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.3.0 | 0.8.0 | Supported (current) | +| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 From 663c3aaa14b31057c3563c2d2a89695db2238c5b Mon Sep 17 00:00:00 2001 From: "Alessandro (Ale) Segala" <43508+ItalyPaleAle@users.noreply.github.com> Date: Tue, 14 Sep 2021 11:36:04 -0700 Subject: [PATCH 061/115] Update daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md Co-authored-by: greenie-msft <56556602+greenie-msft@users.noreply.github.com> --- .../integrations/cloud-providers/authenticating-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index 95698f095..bdee4eb83 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -79,7 +79,7 @@ For backwards-compatibility reasons, the following values in the metadata are su ## Generating a new Azure AD application and Service Principal -To start, create a new Azure AD application which we'll use as Service Principal too. +To start, create a new Azure AD application, which will also be used as Service Principal. Prerequisites: From bd2ad661c42d040ea86570a57e7ce615014a6598 Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Tue, 14 Sep 2021 12:01:49 -0700 Subject: [PATCH 062/115] Apply suggestions from code review --- .../integrations/cloud-providers/authenticating-azure.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index bdee4eb83..ffad9154f 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -12,7 +12,7 @@ aliases: Certain Azure components for Dapr offer support for the *common Azure authentication layer*, which enables applications to access data stored in Azure resources by authenticating with Azure AD. Thanks to this, administrators can leverage all the benefits of fine-tuned permissions with RBAC (Role-Based Access Control), and applications running on certain Azure services such as Azure VMs, Azure Kubernetes Service, or many Azure platform services can leverage [Managed Service Identities (MSI)](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview). -Some Azure components offer alternative authentication methods, such as systems based on "master keys" or "shared keys". Whenever possible, we recommend authenticating your Dapr components using Azure AD for increased security and ease of management, as well as for the ability to leverage MSI if your app is running on supported Azure services. +Some Azure components offer alternative authentication methods, such as systems based on "master keys" or "shared keys". Whenever possible, it is recommended that you authenticate your Dapr components using Azure AD for increased security and ease of management, as well as for the ability to leverage MSI if your app is running on supported Azure services. > Currently, only a subset of Azure components for Dapr offer support for this authentication method. Over time, support will be expanded to all other Azure components for Dapr. You can track the progress of the work, component-by-component, on [this issue](https://github.com/dapr/components-contrib/issues/1103). @@ -184,7 +184,7 @@ Take note of the values above, which you'll need to use in your Dapr components' ### Creating a Service Principal -Once you have created an Azure AD application, we need to create a Service Principal for that application, which will allow us to grant it access to Azure resources. Run: +Once you have created an Azure AD application, create a Service Principal for that application, which will allow us to grant it access to Azure resources. Run: ```sh SERVICE_PRINCIPAL_ID=$(az ad sp create \ @@ -204,7 +204,7 @@ Note that the value above is the ID of the **Service Principal** which is differ - You'll use the client ID in Dapr manifests to configure authentication with Azure services - You'll use the Service Principal ID to grant permissions to an application to access Azure resources -Keep in mind that the Service Principal we just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. +Keep in mind that the Service Principal that was just created does not have access to any Azure resource by default. Access will need to be granted to each resource as needed, as documented in the docs for the components. > Note: this step is different from the [official documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) as the short-hand commands included there create a Service Principal that has broad read-write access to all Azure resources in your subscription. > Not only doing that would grant our Service Principal more access than you are likely going to desire, but this also applies only to the Azure management plane (Azure Resource Manager, or ARM), which is irrelevant for Dapr anyways (all Azure components are designed to interact with the data plane of various services, and not ARM). From c3cc74c81ef3d3bcb476c5d71b2f374668fd8df7 Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Tue, 14 Sep 2021 12:05:03 -0700 Subject: [PATCH 063/115] Fix style/tone --- .../integrations/cloud-providers/authenticating-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index ffad9154f..9c101e562 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -365,7 +365,7 @@ To use a **certificate**: Using MSI, authentication happens automatically by virtue of your application running on top of an Azure service that has an assigned identity. For example, when you create an Azure VM or an Azure Kubernetes Service cluster and choose to enable a managed identity for that, an Azure AD application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Azure AD, transparently and without you having to specify any credential. -To get started with managed identities, first you need to assign an identity to a new or existing Azure resource. The instruction depend on the service use, and we'll link you to the official documentation for that: +To get started with managed identities, first you need to assign an identity to a new or existing Azure resource. The instructions depend on the service use. Below are links to the official documentation: - [Azure Kubernetes Service (AKS)](https://docs.microsoft.com/azure/aks/use-managed-identity) - [Azure App Service](https://docs.microsoft.com/azure/app-service/overview-managed-identity) (including Azure Web Apps and Azure Functions) From 974ff70902ad56855f82b6bcf5bcf1e0eaf3253d Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Tue, 14 Sep 2021 12:06:24 -0700 Subject: [PATCH 064/115] Fix style/tone --- .../integrations/cloud-providers/authenticating-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md index 9c101e562..169585228 100644 --- a/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/cloud-providers/authenticating-azure.md @@ -211,7 +211,7 @@ Keep in mind that the Service Principal that was just created does not have acce ### Example usage in a Dapr component -In this example, we're going to set up an Azure Key Vault secret store component that uses Azure AD to authenticate. +In this example, you will set up an Azure Key Vault secret store component that uses Azure AD to authenticate. {{< tabs "Self-Hosted" "Kubernetes">}} From 845a4d77c9e3a350c27c7da5b279388aea84d78c Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Tue, 14 Sep 2021 12:09:10 -0700 Subject: [PATCH 065/115] fix style/tone --- .../supported-secret-stores/azure-keyvault.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 4b8f8f1c0..06cd6e730 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -101,8 +101,8 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a --location "${LOCATION}" ``` -5. Using RBAC, assign a role to the Azure AD application that we created so it can access the Key Vault. - In this case, we're assigning the "Key Vault Crypto Officer" role, which has broad access; other more restrictive roles can be used as well, depending on your application. +5. Using RBAC, assign a role to the Azure AD application so it can access the Key Vault. + In this case, assign the "Key Vault Crypto Officer" role, which has broad access; other more restrictive roles can be used as well, depending on your application. ```sh az role assignment create \ From 104bef1eb1ba34b93a4783a8eb684a1f30dbe861 Mon Sep 17 00:00:00 2001 From: yaron2 Date: Tue, 14 Sep 2021 12:10:18 -0700 Subject: [PATCH 066/115] add in-memory pub/sub component --- .../supported-pubsub/setup-inmemory.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 daprdocs/content/en/reference/components-reference/supported-pubsub/setup-inmemory.md diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-inmemory.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-inmemory.md new file mode 100644 index 000000000..6ce033b3e --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-inmemory.md @@ -0,0 +1,28 @@ +--- +type: docs +title: "In Memory" +linkTitle: "In Memory" +description: "Detailed documentation on the In Memory pubsub component" +aliases: + - "/operations/components/setup-pubsub/supported-pubsub/setup-inmemory/" +--- + +The In Memory pub/sub component is useful for development purposes and works inside of a single machine boundary. + +## Component format + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: pubsub + namespace: default +spec: + type: pubsub.in-memory + version: v1 +``` + +## Related links +- [Basic schema for a Dapr component]({{< ref component-schema >}}) in the Related links section +- Read [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components +- [Pub/Sub building block]({{< ref pubsub >}}) From d7ecde69a6f9f316accaf63768113602a53c7f11 Mon Sep 17 00:00:00 2001 From: yaron2 Date: Tue, 14 Sep 2021 12:10:48 -0700 Subject: [PATCH 067/115] add index --- .../en/reference/components-reference/supported-pubsub/_index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md index c94a6c420..c45c1599d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md @@ -26,6 +26,7 @@ Table captions: | [Hazelcast]({{< ref setup-hazelcast.md >}}) | Alpha | v1 | 1.0 | | [MQTT]({{< ref setup-mqtt.md >}}) | Alpha | v1 | 1.0 | | [NATS Streaming]({{< ref setup-nats-streaming.md >}}) | Beta | v1 | 1.0 | +| [In Memory]({{< ref setup-inmemory.md >}}) | Alpha | v1 | 1.4 | | [JetStream]({{< ref setup-jetstream.md >}}) | Alpha | v1 | 1.4 | | [Pulsar]({{< ref setup-pulsar.md >}}) | Alpha | v1 | 1.0 | | [RabbitMQ]({{< ref setup-rabbitmq.md >}}) | Alpha | v1 | 1.0 | From a7a96b336f1ec183ac146b5c71e95be69d713483 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Fri, 20 Aug 2021 12:19:13 -0400 Subject: [PATCH 068/115] PubSub Routing docs --- .../pubsub/howto-publish-subscribe.md | 1 + .../pubsub/howto-route-messages.md | 246 ++++++++++++++++++ .../support/support-preview-features.md | 1 + 3 files changed, 248 insertions(+) create mode 100644 daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md index 7cdd7f9b6..20f49f250 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md @@ -489,6 +489,7 @@ Read about content types [here](#content-types), and about the [Cloud Events mes ## Next steps - Try the [Pub/Sub quickstart sample](https://github.com/dapr/quickstarts/tree/master/pub-sub) +- Learn about [PubSub routing]({{< ref howto-route-messages >}}) - Learn about [topic scoping]({{< ref pubsub-scopes.md >}}) - Learn about [message time-to-live]({{< ref pubsub-message-ttl.md >}}) - Learn [how to configure Pub/Sub components with multiple namespaces]({{< ref pubsub-namespaces.md >}}) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md new file mode 100644 index 000000000..8f3b7cf30 --- /dev/null +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -0,0 +1,246 @@ +--- +type: docs +title: "How-To: Route messages to different event handlers" +linkTitle: "How-To: Route events to different handlers" +weight: 2100 +description: "Learn how to route messages from a topic to different event handlers based on CloudEvent fields" +--- + +## Introduction + +[Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub Routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. + +{{% alert title="Note" color="primary" %}} +This is an experimental feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration. + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: pubsubroutingconfig +spec: + features: + - name: PubSub.Routing + enabled: true +``` +{{% /alert %}} + +This feature is available to both the declarative and programmatic subscription approaches. + +## Declarative subscription + +For declarative subscriptions, you must use `dapr.io/v2alpha1` as the `apiVersion`. Here is an example of `subscriptions.yaml` using routing. + +```yaml +apiVersion: dapr.io/v2alpha1 +kind: Subscription +metadata: + name: myevent-subscription +spec: + pubsubname: pubsub + topic: deathStarStatus + routes: + rules: + - match: event.type == "rebels.attacking.v3" + path: /dsstatus.v3 + - match: event.type == "rebels.attacking.v2" + path: /dsstatus.v2 + default: /dsstatus +scopes: + - app1 + - app2 +``` + +## Programmatic subscription + +Alternatively, the programattic approach varies slightly in that the `routes` structure is returned instead of `route`. The JSON structure matches the declarative YAML. + +{{< tabs Python Node Go PHP>}} + +{{% codetab %}} +```python +import flask +from flask import request, jsonify +from flask_cors import CORS +import json +import sys + +app = flask.Flask(__name__) +CORS(app) + +@app.route('/dapr/subscribe', methods=['GET']) +def subscribe(): + subscriptions = [ + { + 'pubsubname': 'pubsub', + 'topic': 'deathStarStatus', + 'routes': { + 'rules': [ + { + 'match': 'event.type == "rebels.attacking.v3"', + 'path': '/dsstatus.v3' + }, + { + 'match': 'event.type == "rebels.attacking.v2"', + 'path': '/dsstatus.v2' + }, + ], + 'default': '/dsstatus' + } + }] + return jsonify(subscriptions) + +@app.route('/dsstatus', methods=['POST']) +def ds_subscriber(): + print(request.json, flush=True) + return json.dumps({'success':True}), 200, {'ContentType':'application/json'} +app.run() +``` + +{{% /codetab %}} + +{{% codetab %}} +```javascript +const express = require('express') +const bodyParser = require('body-parser') +const app = express() +app.use(bodyParser.json({ type: 'application/*+json' })); + +const port = 3000 + +app.get('/dapr/subscribe', (req, res) => { + res.json([ + { + pubsubname: "pubsub", + topic: "deathStarStatus", + routes: { + rules: [ + { + match: 'event.type == "rebels.attacking.v3"', + path: '/dsstatus.v3' + }, + { + match: 'event.type == "rebels.attacking.v2"', + path: '/dsstatus.v2' + }, + ], + default: '/dsstatus' + } + } + ]); +}) + +app.post('/dsstatus', (req, res) => { + console.log(req.body); + res.sendStatus(200); +}); + +app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) +``` +{{% /codetab %}} + +{{% codetab %}} +```golang +package main + +import ( + "encoding/json" + "fmt" + "log" + "net/http" + + "github.com/gorilla/mux" +) + +const appPort = 3000 + +type subscription struct { + PubsubName string `json:"pubsubname"` + Topic string `json:"topic"` + Metadata map[string]string `json:"metadata,omitempty"` + Routes routes `json:"routes"` +} + +type routes struct { + Rules []rule `json:"rules,omitempty"` + Default string `json:"default,omitempty"` +} + +type rule struct { + Match string `json:"match"` + Path string `json:"path"` +} + +// This handles /dapr/subscribe +func configureSubscribeHandler(w http.ResponseWriter, _ *http.Request) { + t := []subscription{ + { + PubsubName: "pubsub", + Topic: "deathStarStatus", + Routes: routes{ + Rules: []rule{ + { + Match: `event.type == "rebels.attacking.v3"`, + Path: "/dsstatus.v3", + }, + { + Match: `event.type == "rebels.attacking.v2"`, + Path: "/dsstatus.v2", + }, + }, + Default: "/dsstatus", + }, + }, + } + + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(t) +} + +func main() { + router := mux.NewRouter().StrictSlash(true) + router.HandleFunc("/dapr/subscribe", configureSubscribeHandler).Methods("GET") + log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", appPort), router)) +} +``` +{{% /codetab %}} + +{{% codetab %}} +```php + $builder->addDefinitions(['dapr.subscriptions' => [ + new \Dapr\PubSub\Subscription(pubsubname: 'pubsub', topic: 'deathStarStatus', routes: ( + rules: => [ + ('match': 'event.type == "rebels.attacking.v3"', path: '/dsstatus.v3'), + ('match': 'event.type == "rebels.attacking.v2"', path: '/dsstatus.v2'), + ] + default: '/dsstatus')), +]])); +$app->post('/dsstatus', function( + #[\Dapr\Attributes\FromBody] + \Dapr\PubSub\CloudEvent $cloudEvent, + \Psr\Log\LoggerInterface $logger + ) { + $logger->alert('Received event: {event}', ['event' => $cloudEvent]); + return ['status' => 'SUCCESS']; + } +); +$app->start(); +``` +{{% /codetab %}} + +{{< /tabs >}} + +In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel). `event` represents the cloud event and any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced. It is only possible to access the attributes inside `event.data` if it is nested JSON + +## Next steps + +- Try the [Pub/Sub quickstart sample](https://github.com/dapr/quickstarts/tree/master/pub-sub) +- Learn about [topic scoping]({{< ref pubsub-scopes.md >}}) +- Learn about [message time-to-live]({{< ref pubsub-message-ttl.md >}}) +- Learn [how to configure Pub/Sub components with multiple namespaces]({{< ref pubsub-namespaces.md >}}) +- List of [pub/sub components]({{< ref setup-pubsub >}}) +- Read the [API reference]({{< ref pubsub_api.md >}}) diff --git a/daprdocs/content/en/operations/support/support-preview-features.md b/daprdocs/content/en/operations/support/support-preview-features.md index cbd7fd8a9..0715eb791 100644 --- a/daprdocs/content/en/operations/support/support-preview-features.md +++ b/daprdocs/content/en/operations/support/support-preview-features.md @@ -14,3 +14,4 @@ Preview features in Dapr are considered experimental when they are first release | Preview feature that enables Actors to be called multiple times in the same call chain allowing call backs between actors. | Actor.Reentrancy | [Actor reentrancy]({{}}) | | Preview feature that allows Actor reminders to be partitioned across multiple keys in the underlying statestore in order to improve scale and performance. | Actor.TypeMetadata | [How-To: Partition Actor Reminders]({{< ref "howto-actors.md#partitioning-reminders" >}}) | | Preview feature that enables you to call endpoints using service invocation on gRPC services through Dapr via gRPC proxying, without requiring the use of Dapr SDKs. | proxy.grpc | [How-To: Invoke services using gRPC]({{}}) | +| Preview feature that allows developers to use expressions to route cloud events to different URIs/paths and event handlers in your application. | PubSub.Routing | [How-To: Publish a message and subscribe to a topic]({{}}) | From 477087cf8f59e39e4e56ee0f41ef5f5e38aad8f8 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Tue, 14 Sep 2021 16:30:04 -0400 Subject: [PATCH 069/115] Tweak --- .../building-blocks/pubsub/howto-route-messages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 8f3b7cf30..c26414dad 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -234,7 +234,7 @@ $app->start(); {{< /tabs >}} -In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel). `event` represents the cloud event and any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced. It is only possible to access the attributes inside `event.data` if it is nested JSON +In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. One caveat is that it is only possible to access the attributes inside `event.data` if it is nested JSON ## Next steps From 6957a5c56a964b738ee918bafa712ab2b21e832e Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Tue, 14 Sep 2021 16:38:29 -0400 Subject: [PATCH 070/115] Tweaks per PR --- .../building-blocks/pubsub/howto-route-messages.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index c26414dad..7ed5557a0 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -1,17 +1,13 @@ --- type: docs title: "How-To: Route messages to different event handlers" -linkTitle: "How-To: Route events to different handlers" +linkTitle: "How-To: Route events" weight: 2100 description: "Learn how to route messages from a topic to different event handlers based on CloudEvent fields" --- -## Introduction - -[Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub Routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. - {{% alert title="Note" color="primary" %}} -This is an experimental feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration. +This is an preview feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration. ```yaml apiVersion: dapr.io/v1alpha1 @@ -23,6 +19,11 @@ spec: - name: PubSub.Routing enabled: true ``` + +## Introduction + +[Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. + {{% /alert %}} This feature is available to both the declarative and programmatic subscription approaches. From 6e2558fbf53fd4bd372acfffc92500deadbc5317 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Tue, 14 Sep 2021 16:46:57 -0400 Subject: [PATCH 071/115] Tweak --- .../building-blocks/pubsub/howto-route-messages.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 7ed5557a0..26a8daa8e 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -8,6 +8,7 @@ description: "Learn how to route messages from a topic to different event handle {{% alert title="Note" color="primary" %}} This is an preview feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration. +{{% /alert %}} ```yaml apiVersion: dapr.io/v1alpha1 @@ -24,8 +25,6 @@ spec: [Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. -{{% /alert %}} - This feature is available to both the declarative and programmatic subscription approaches. ## Declarative subscription From 0912131c21db613f21a70edc04ee1143d1e74b65 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 14 Sep 2021 14:24:23 -0700 Subject: [PATCH 072/115] Remove "we" language --- .../supported-state-stores/setup-azure-blobstorage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md index 5d479bc07..9d1226e72 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md @@ -62,7 +62,7 @@ In order to setup Azure Blob Storage as a state store, you will need the followi ### Authenticating with Azure AD -This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, we recommend using Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. +This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is reccomended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. > The following scripts are optimized for a bash or zsh shell and require the following apps installed: > @@ -86,7 +86,7 @@ This component supports authentication with Azure AD as an alternative to use ac ``` 3. Using RBAC, assign a role to our Service Principal so it can access data inside the Storage Account. - In this case, we're assigning the "Storage blob Data Contributor" role, which has broad access; other more restrictive roles can be used as well, depending on your application. + In this case, you are assigning the "Storage blob Data Contributor" role, which has broad access; other more restrictive roles can be used as well, depending on your application. ```sh RG_ID=$(az group show --resource-group ${RG_NAME} | jq -r ".id") From 8c9b66d52cf6eaf770475d5de4f6a9b581417aac Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Tue, 14 Sep 2021 14:39:08 -0700 Subject: [PATCH 073/115] Preview feature updates for v1.4 (#1787) * updating preview features * preview features doc updates * preview alerts and table edits --- .../pubsub/howto-route-messages.md | 22 +++++++++++-------- .../howto-invoke-services-grpc.md | 5 ++++- .../state-management/howto-encrypt-state.md | 6 ++++- .../support/support-preview-features.md | 13 ++++++----- 4 files changed, 29 insertions(+), 17 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 26a8daa8e..f860036de 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -6,10 +6,20 @@ weight: 2100 description: "Learn how to route messages from a topic to different event handlers based on CloudEvent fields" --- -{{% alert title="Note" color="primary" %}} -This is an preview feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration. +{{% alert title="Preview feature" color="warning" %}} +Pub/Sub message routing is currently in [preview]({{< ref preview-features.md >}}). {{% /alert %}} +## Introduction + +[Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. + +This feature is available to both the declarative and programmatic subscription approaches. + +## Enable message routing + +This is a preview feature. To enable it, add the `PubSub.Routing` feature entry to your application configuration like so: + ```yaml apiVersion: dapr.io/v1alpha1 kind: Configuration @@ -20,13 +30,7 @@ spec: - name: PubSub.Routing enabled: true ``` - -## Introduction - -[Content-based routing](https://www.enterpriseintegrationpatterns.com/ContentBasedRouter.html) is a messaging pattern that utilizes a DSL instead of imperative application code. PubSub routing is an implementation of this pattern that allows developers to use expressions to route [CloudEvents](https://cloudevents.io) based on their contents to different URIs/paths and event handlers in your application. If no route matches, then an optional default route is used. This becomes useful as your applications expands to support multiple event versions, or special cases. Routing can be implemented with code; however, keeping routing rules external from the application can improve portability. - -This feature is available to both the declarative and programmatic subscription approaches. - +Learn more about enabling [preview features]({{}}). ## Declarative subscription For declarative subscriptions, you must use `dapr.io/v2alpha1` as the `apiVersion`. Here is an example of `subscriptions.yaml` using routing. diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md index 21e1aae3e..a29e83063 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md @@ -5,9 +5,12 @@ linkTitle: "How-To: Invoke with gRPC" description: "Call between services using service invocation" weight: 3000 --- +{{% alert title="Preview feature" color="warning" %}} +gRPC proxying is currently in [preview]({{< ref preview-features.md >}}). +{{% /alert %}} This article describe how to use Dapr to connect services using gRPC. -By using Dapr's gRPC proxying capability, you can use your existing proto based gRPC services and have the traffic go through the Dapr sidecar. Doing so yields the following [Dapr Service Invocation]({{< ref service-invocation-overview.md >}}) benefits to developers: +By using Dapr's gRPC proxying capability, you can use your existing proto based gRPC services and have the traffic go through the Dapr sidecar. Doing so yields the following [Dapr service invocation]({{< ref service-invocation-overview.md >}}) benefits to developers: 1. Mutual authentication 2. Tracing diff --git a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md index e8a20abeb..fef60461b 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md +++ b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-encrypt-state.md @@ -7,9 +7,13 @@ description: "Automatically encrypt state and manage key rotations" --- +{{% alert title="Preview feature" color="warning" %}} +State store encryption is currently in [preview]({{< ref preview-features.md >}}). +{{% /alert %}} + ## Introduction -Application state often needs to get encrypted at rest to provide stonger security in enterprise workloads or regulated environments. Dapr offers automatic client side encryption based on [AES256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). +Application state often needs to get encrypted at rest to provide stronger security in enterprise workloads or regulated environments. Dapr offers automatic client side encryption based on [AES256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). In addition to automatic encryption, Dapr supports primary and secondary encryption keys to make it easier for developers and ops teams to enable a key rotation strategy. This feature is supported by all Dapr state stores. diff --git a/daprdocs/content/en/operations/support/support-preview-features.md b/daprdocs/content/en/operations/support/support-preview-features.md index 0715eb791..202eb22e0 100644 --- a/daprdocs/content/en/operations/support/support-preview-features.md +++ b/daprdocs/content/en/operations/support/support-preview-features.md @@ -9,9 +9,10 @@ Preview features in Dapr are considered experimental when they are first release ## Current preview features -| Description | Setting | Documentation | -|-------------|---------|---------------| -| Preview feature that enables Actors to be called multiple times in the same call chain allowing call backs between actors. | Actor.Reentrancy | [Actor reentrancy]({{}}) | -| Preview feature that allows Actor reminders to be partitioned across multiple keys in the underlying statestore in order to improve scale and performance. | Actor.TypeMetadata | [How-To: Partition Actor Reminders]({{< ref "howto-actors.md#partitioning-reminders" >}}) | -| Preview feature that enables you to call endpoints using service invocation on gRPC services through Dapr via gRPC proxying, without requiring the use of Dapr SDKs. | proxy.grpc | [How-To: Invoke services using gRPC]({{}}) | -| Preview feature that allows developers to use expressions to route cloud events to different URIs/paths and event handlers in your application. | PubSub.Routing | [How-To: Publish a message and subscribe to a topic]({{}}) | +| Feature | Description | Setting | Documentation | +| ---------- |-------------|---------|---------------| +| **Actor reentrancy** | Enables actors to be called multiple times in the same call chain allowing call backs between actors. | `Actor.Reentrancy` | [Actor reentrancy]({{}}) | +| **Partition actor reminders** | Allows actor reminders to be partitioned across multiple keys in the underlying statestore in order to improve scale and performance. | `Actor.TypeMetadata` | [How-To: Partition Actor Reminders]({{< ref "howto-actors.md#partitioning-reminders" >}}) | +| **gRPC proxying** | Enables calling endpoints using service invocation on gRPC services through Dapr via gRPC proxying, without requiring the use of Dapr SDKs. | `proxy.grpc` | [How-To: Invoke services using gRPC]({{}}) | +| **State store encryption** | Enables automatic client side encryption for state stores | `State.Encryption` | [How-To: Encrypt application state]({{}}) | +| **Pub/Sub routing** | Allow the use of expressions to route cloud events to different URIs/paths and event handlers in your application. | `PubSub.Routing` | [How-To: Publish a message and subscribe to a topic]({{}}) | From e2f7b3c2e84fc20e61022f0e7b208c62a167bdd9 Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Tue, 14 Sep 2021 15:10:11 -0700 Subject: [PATCH 074/115] Update daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md Co-authored-by: Ori Zohar --- .../supported-state-stores/setup-azure-blobstorage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md index 9d1226e72..b51aae9d8 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md @@ -62,7 +62,7 @@ In order to setup Azure Blob Storage as a state store, you will need the followi ### Authenticating with Azure AD -This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is reccomended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. +This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is recommended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. > The following scripts are optimized for a bash or zsh shell and require the following apps installed: > From 8e8941b18e4d1c9a990181f008166344e94e1857 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Tue, 14 Sep 2021 16:36:09 -0700 Subject: [PATCH 075/115] replacing hardcoded version numbers with shortcodes --- .../en/developing-applications/integrations/github_actions.md | 2 +- .../en/operations/hosting/kubernetes/kubernetes-deploy.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/developing-applications/integrations/github_actions.md b/daprdocs/content/en/developing-applications/integrations/github_actions.md index 7b9ebe8b7..abe768257 100644 --- a/daprdocs/content/en/developing-applications/integrations/github_actions.md +++ b/daprdocs/content/en/developing-applications/integrations/github_actions.md @@ -18,7 +18,7 @@ The `dapr/setup-dapr` action will install the specified version of the Dapr CLI - name: Install Dapr uses: dapr/setup-dapr@v1 with: - version: '1.4.0' + version: '{{% dapr-latest-version long="true" %}}' - name: Initialize Dapr shell: pwsh diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md index ac2a41e0c..afa7a238a 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md @@ -122,7 +122,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.4 \ + --version={{% dapr-latest-version short="true" %}} \ --namespace dapr-system \ --create-namespace \ --wait @@ -132,7 +132,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.4 \ + --version={{% dapr-latest-version short="true" %}} \ --namespace dapr-system \ --create-namespace \ --set global.ha.enabled=true \ From 18e95de62ae51f305ad05d45a7be0f0fd94d6a0d Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Tue, 14 Sep 2021 17:23:45 -0700 Subject: [PATCH 076/115] updated support-release-policy upgrade path table to account for v1.3.1 patch --- .../en/operations/support/support-release-policy.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index cde97eeeb..d326374e6 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -54,13 +54,17 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Wed, 15 Sep 2021 09:44:40 -0700 Subject: [PATCH 077/115] updating version numbers in upgrade paths to account for v1.3.1 --- .../support/support-release-policy.md | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index d326374e6..3da876cee 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -31,16 +31,17 @@ The table below shows the versions of Dapr releases that have been tested togeth | Release date | Runtime | CLI | SDKs | Dashboard | Status | |--------------------|:--------:|:--------|---------|---------|---------| -| Feb 17th 2021 | 1.0.0
| 1.0.0 | Java 1.0.0
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | -| Mar 4th 2021 | 1.0.1
| 1.0.1 | Java 1.0.2
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | -| Apr 1st 2021 | 1.1.0
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| Apr 6th 2021 | 1.1.1
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| Apr 16th 2021 | 1.1.2
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | -| Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | -| Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | -| Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | -| Sep 14th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | +| Feb 17th 2021 | 1.0.0
| 1.0.0 | Java 1.0.0
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | +| Mar 4th 2021 | 1.0.1
| 1.0.1 | Java 1.0.2
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | +| Apr 1st 2021 | 1.1.0
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| Apr 6th 2021 | 1.1.1
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| Apr 16th 2021 | 1.1.2
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | +| Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | +| Sep 14th 2021 | 1.3.1
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | +| Sep 15th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 @@ -63,8 +64,9 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Wed, 15 Sep 2021 01:00:22 -0700 Subject: [PATCH 078/115] Document dapr.io/sidecar-listen-addresses --- daprdocs/content/en/concepts/dapr-services/sidecar.md | 6 ++++++ .../content/en/reference/arguments-annotations-overview.md | 1 + 2 files changed, 7 insertions(+) diff --git a/daprdocs/content/en/concepts/dapr-services/sidecar.md b/daprdocs/content/en/concepts/dapr-services/sidecar.md index a00cb062d..9f2cdfe3f 100644 --- a/daprdocs/content/en/concepts/dapr-services/sidecar.md +++ b/daprdocs/content/en/concepts/dapr-services/sidecar.md @@ -49,3 +49,9 @@ For a detailed list of all available arguments run `daprd --help` or see this [t ```bash daprd --app-id myapp --enable-metrics ``` + +5. Listen to IPv4 and IPv6 loopback only + + ```bash + daprd --app-id myapp --dapr-listen-addresses '127.0.0.1,[::1]' + ``` diff --git a/daprdocs/content/en/reference/arguments-annotations-overview.md b/daprdocs/content/en/reference/arguments-annotations-overview.md index 229b16a01..257a5b9ac 100644 --- a/daprdocs/content/en/reference/arguments-annotations-overview.md +++ b/daprdocs/content/en/reference/arguments-annotations-overview.md @@ -39,6 +39,7 @@ This table is meant to help users understand the equivalent options for running | `--version` | `--version` | `-v` | not supported | Prints the runtime version | | not supported | not supported | | `dapr.io/enabled` | Setting this paramater to true injects the Dapr sidecar into the pod | | not supported | not supported | | `dapr.io/api-token-secret` | Tells Dapr which Kubernetes secret to use for token based API authentication. By default this is not set | +| `--dapr-listen-addresses` | not supported | | `dapr.io/sidecar-listen-addresses` | Comma separated list of IP addresses that sidecar will listen to. Defaults to all in standalone mode. Defaults to `[::1],127.0.0.1` in Kubernetes. To listen to all IPv4 addresses, use `0.0.0.0`. To listen to all IPv6 addresses, use `[::]`. | not supported | not supported | | `dapr.io/sidecar-cpu-limit` | Maximum amount of CPU that the Dapr sidecar can use. See valid values [here](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/). By default this is not set | not supported | not supported | | `dapr.io/sidecar-memory-limit` | Maximum amount of Memory that the Dapr sidecar can use. See valid values [here](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/). By default this is not set | not supported | not supported | | `dapr.io/sidecar-cpu-request` | Amount of CPU that the Dapr sidecar requests. See valid values [here](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/). By default this is not set From f408b7c5f5c766c62df0fd52de167f116f2311b0 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Wed, 15 Sep 2021 10:06:46 -0700 Subject: [PATCH 079/115] updating version numbers in upgrade paths to account for v1.3.1 --- .../support/support-release-policy.md | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index d645165ce..7a18f8c99 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -31,15 +31,16 @@ The table below shows the versions of Dapr releases that have been tested togeth | Release date | Runtime | CLI | SDKs | Dashboard | Status | |--------------------|:--------:|:--------|---------|---------|---------| -| Feb 17th 2021 | 1.0.0
| 1.0.0 | Java 1.0.0
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | -| Mar 4th 2021 | 1.0.1
| 1.0.1 | Java 1.0.2
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | -| Apr 1st 2021 | 1.1.0
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| Apr 6th 2021 | 1.1.1
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| Apr 16th 2021 | 1.1.2
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | -| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| June 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| June 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| July 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | +| Feb 17th 2021 | 1.0.0
| 1.0.0 | Java 1.0.0
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | +| Mar 4th 2021 | 1.0.1
| 1.0.1 | Java 1.0.2
Go 1.0.0
PHP 1.0.0
Python 1.0.0
.NET 1.0.0 | 0.6.0 | Unsupported | +| Apr 1st 2021 | 1.1.0
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| Apr 6th 2021 | 1.1.1
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| Apr 16th 2021 | 1.1.2
| 1.1.0 | Java 1.0.2
Go 1.1.0
PHP 1.0.0
Python 1.1.0
.NET 1.1.0 | 0.6.0 | Unsupported | +| May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | +| Jun 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | +| Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | +| Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | +| Sep 14th 2021 | 1.3.1
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 @@ -53,9 +54,11 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Wed, 15 Sep 2021 11:25:10 -0700 Subject: [PATCH 080/115] Updating docs to mention hotfix v1.3.1 --- .../integrations/github_actions.md | 2 +- .../content/en/getting-started/install-dapr-selfhost.md | 2 +- .../operations/hosting/kubernetes/kubernetes-upgrade.md | 8 ++++---- .../en/operations/support/support-release-policy.md | 3 ++- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/developing-applications/integrations/github_actions.md b/daprdocs/content/en/developing-applications/integrations/github_actions.md index 7ae699cb1..d7e496163 100644 --- a/daprdocs/content/en/developing-applications/integrations/github_actions.md +++ b/daprdocs/content/en/developing-applications/integrations/github_actions.md @@ -18,7 +18,7 @@ The `dapr/setup-dapr` action will install the specified version of the Dapr CLI - name: Install Dapr uses: dapr/setup-dapr@v1 with: - version: '1.3.0' + version: '1.3.1' - name: Initialize Dapr shell: pwsh diff --git a/daprdocs/content/en/getting-started/install-dapr-selfhost.md b/daprdocs/content/en/getting-started/install-dapr-selfhost.md index d50d6325b..3b82b5696 100644 --- a/daprdocs/content/en/getting-started/install-dapr-selfhost.md +++ b/daprdocs/content/en/getting-started/install-dapr-selfhost.md @@ -53,7 +53,7 @@ dapr --version Output should look like this: ``` CLI version: 1.3.0 -Runtime version: 1.3.0 +Runtime version: 1.3.1 ``` ### Step 4: Verify containers are running diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md index 262d5253c..bb59fe2c0 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md @@ -11,15 +11,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo - [Dapr CLI]({{< ref install-dapr-cli.md >}}) - [Helm 3](https://github.com/helm/helm/releases) (if using Helm) -## Upgrade existing cluster to 1.3.0 +## Upgrade existing cluster to 1.3.1 There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. ### Dapr CLI -The example below shows how to upgrade to version 1.3.0: +The example below shows how to upgrade to version 1.3.1: ```bash - dapr upgrade -k --runtime-version=1.3.0 + dapr upgrade -k --runtime-version=1.3.1 ``` You can provide all the available Helm chart configurations using the Dapr CLI. @@ -43,7 +43,7 @@ To resolve this issue please run the follow command to upgrade the CustomResourc kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/5a15b3e0f093d2d0938b12f144c7047474a290fe/charts/dapr/crds/configuration.yaml ``` -Then proceed with the `dapr upgrade --runtime-version 1.3.0 -k` command as above. +Then proceed with the `dapr upgrade --runtime-version 1.3.1 -k` command as above. ### Helm diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index d645165ce..60fdb092e 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -39,7 +39,8 @@ The table below shows the versions of Dapr releases that have been tested togeth | May 26th 2021 | 1.2.0
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | | June 16th 2021 | 1.2.1
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | | June 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Supported | -| July 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | +| July 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | +| Sep 14th 2021 | 1.3.1
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 From 1582c605b013c3bdcfd558b973dc17e5bf1182af Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Wed, 15 Sep 2021 21:11:16 +0200 Subject: [PATCH 081/115] gcp bucket update --- .../supported-bindings/gcpbucket.md | 180 +++++++++++++++++- 1 file changed, 173 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md index 19b7ba19b..1d5bc8fe6 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md @@ -44,6 +44,10 @@ spec: value: https://www.googleapis.com/robot/v1/metadata/x509/.iam.gserviceaccount.com - name: private_key value: PRIVATE KEY + - name: decodeBase64 + value: + - name: encodeBase64 + value: ``` {{% alert title="Warning" color="warning" %}} @@ -65,12 +69,17 @@ The above example uses secrets as plain strings. It is recommended to use a secr | token_uri | Y | Output | Google account token uri | `https://oauth2.googleapis.com/token` | auth_provider_x509_cert_url | Y | Output | GCP credentials cert url | `https://www.googleapis.com/oauth2/v1/certs` | client_x509_cert_url | Y | Output | GCP credentials project x509 cert url | `https://www.googleapis.com/robot/v1/metadata/x509/.iam.gserviceaccount.com` +| decodeBase64 | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | +| encodeBase64 | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | ## Binding support This component supports **output binding** with the following operations: -- `create` +- `create` : [Create file](#create-file) +- `get` : [Get file](#get-file) +- `delete` : [Delete file](#delete-file) +- `list`: [List file](#list-files) ### Create file @@ -84,10 +93,11 @@ To perform a create operation, invoke the GCP Storage Bucket binding with a `POS "data": "YOUR_CONTENT" } ``` +The metadata parameters are: +- `key` - (optional) the name of the object +- `decodeBase64` - (optional) configuration to decode base64 file content before saving to storage #### Examples - - ##### Save text to a random generated UUID file {{< tabs Windows Linux >}} @@ -113,14 +123,14 @@ To perform a create operation, invoke the GCP Storage Bucket binding with a `POS {{% codetab %}} ```bash - curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\", \"metadata\": { \"name\": \"my-test-file.txt\" } }" \ + curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\", \"metadata\": { \"key\": \"my-test-file.txt\" } }" \ http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} {{% codetab %}} ```bash - curl -d '{ "operation": "create", "data": "Hello World", "metadata": { "name": "my-test-file.txt" } }' \ + curl -d '{ "operation": "create", "data": "Hello World", "metadata": { "key": "my-test-file.txt" } }' \ http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} @@ -138,19 +148,175 @@ Then you can upload it as you would normally: {{% codetab %}} ```bash - curl -d "{ \"operation\": \"create\", \"data\": \"(YOUR_FILE_CONTENTS)\", \"metadata\": { \"name\": \"my-test-file.jpg\" } }" http://localhost:/v1.0/bindings/ + curl -d "{ \"operation\": \"create\", \"data\": \"(YOUR_FILE_CONTENTS)\", \"metadata\": { \"key\": \"my-test-file.jpg\" } }" http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} {{% codetab %}} ```bash - curl -d '{ "operation": "create", "data": "$(cat my-test-file.jpg)", "metadata": { "name": "my-test-file.jpg" } }' \ + curl -d '{ "operation": "create", "data": "$(cat my-test-file.jpg)", "metadata": { "key": "my-test-file.jpg" } }' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} +#### Response + +The response body will contain the following JSON: + +```json +{ + "objectURL":"https://storage.googleapis.com//", +} +``` + +### Get object + +To perform a get file operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "get", + "metadata": { + "key": "my-test-file.txt" + } +} +``` + +The metadata parameters are: + +- `key` - the name of the object +- `encodeBase64` - (optional) configuration to encode base64 file content before return the content. + + +#### Example + +{{< tabs Windows Linux >}} + + {{% codetab %}} + ```bash + curl -d '{ \"operation\": \"get\", \"metadata\": { \"key\": \"my-test-file.txt\" }}' http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "get", "metadata": { "key": "my-test-file.txt" }}' \ http://localhost:/v1.0/bindings/ ``` {{% /codetab %}} {{< /tabs >}} +#### Response + +The response body contains the value stored in the object. + + +### Delete object + +To perform a delete object operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "delete", + "metadata": { + "key": "my-test-file.txt" + } +} +``` + +The metadata parameters are: + +- `key` - the name of the object + + +#### Examples + +##### Delete object + +{{< tabs Windows Linux >}} + + {{% codetab %}} + ```bash + curl -d '{ \"operation\": \"delete\", \"metadata\": { \"key\": \"my-test-file.txt\" }}' http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "delete", "metadata": { "key": "my-test-file.txt" }}' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} + +#### Response +An HTTP 204 (No Content) and empty body will be retuned if successful. + + +### List objects + +To perform a list object operation, invoke the S3 binding with a `POST` method and the following JSON body: + +```json +{ + "operation": "list", + "data": { + "maxResults": 10, + "prefix": "file", + "delimiter": "i0FvxAn2EOEL6" + } +} +``` + +The data parameters are: + +- `maxResults` - (optional) sets the maximum number of keys returned in the response. By default the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. +- `prefix` - (optional) it can be used to filter objects starting with prefix. +- `delimiter` - (optional) it can be used to restrict the results to only the kobjects in the given "directory". Without the delimiter, the entire tree under the prefix is returned + +#### Response + +The response body contains the list of found objects. + +The list of objects will be returned as JSON array in the following form: + +```json +[ + { + "Bucket": "", + "Name": "02WGzEdsUWNlQ", + "ContentType": "image/png", + "ContentLanguage": "", + "CacheControl": "", + "EventBasedHold": false, + "TemporaryHold": false, + "RetentionExpirationTime": "0001-01-01T00:00:00Z", + "ACL": null, + "PredefinedACL": "", + "Owner": "", + "Size": 5187, + "ContentEncoding": "", + "ContentDisposition": "", + "MD5": "aQdLBCYV0BxA51jUaxc3pQ==", + "CRC32C": 1058633505, + "MediaLink": "https://storage.googleapis.com/download/storage/v1/b//o/02WGzEdsUWNlQ?generation=1631553155678071&alt=media", + "Metadata": null, + "Generation": 1631553155678071, + "Metageneration": 1, + "StorageClass": "STANDARD", + "Created": "2021-09-13T17:12:35.679Z", + "Deleted": "0001-01-01T00:00:00Z", + "Updated": "2021-09-13T17:12:35.679Z", + "CustomerKeySHA256": "", + "KMSKeyName": "", + "Prefix": "", + "Etag": "CPf+mpK5/PICEAE=" + } +] +``` ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) From dc3eb2c17cb62965799b097cb148138a71d79833 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Wed, 15 Sep 2021 18:22:46 -0400 Subject: [PATCH 082/115] Adding attributes from the CloudEvents spec and a slightly better routing example --- .../pubsub/howto-route-messages.md | 294 ++++++++++++++++-- 1 file changed, 264 insertions(+), 30 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index f860036de..51967caa0 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -42,14 +42,14 @@ metadata: name: myevent-subscription spec: pubsubname: pubsub - topic: deathStarStatus + topic: transactions routes: rules: - - match: event.type == "rebels.attacking.v3" - path: /dsstatus.v3 - - match: event.type == "rebels.attacking.v2" - path: /dsstatus.v2 - default: /dsstatus + - match: event.type == "withdraw.v3" + path: /withdraw.v3 + - match: event.type == "withdraw.v2" + path: /withdraw.v2 + default: /withdraw scopes: - app1 - app2 @@ -59,7 +59,7 @@ scopes: Alternatively, the programattic approach varies slightly in that the `routes` structure is returned instead of `route`. The JSON structure matches the declarative YAML. -{{< tabs Python Node Go PHP>}} +{{< tabs Python Node "C#" Go PHP>}} {{% codetab %}} ```python @@ -77,19 +77,19 @@ def subscribe(): subscriptions = [ { 'pubsubname': 'pubsub', - 'topic': 'deathStarStatus', + 'topic': 'transactions', 'routes': { 'rules': [ { - 'match': 'event.type == "rebels.attacking.v3"', - 'path': '/dsstatus.v3' + 'match': 'event.type == "withdraw.v3"', + 'path': '/withdraw.v3' }, { - 'match': 'event.type == "rebels.attacking.v2"', - 'path': '/dsstatus.v2' + 'match': 'event.type == "withdraw.v2"', + 'path': '/withdraw.v2' }, ], - 'default': '/dsstatus' + 'default': '/withdraw' } }] return jsonify(subscriptions) @@ -116,19 +116,19 @@ app.get('/dapr/subscribe', (req, res) => { res.json([ { pubsubname: "pubsub", - topic: "deathStarStatus", + topic: "transactions", routes: { rules: [ { - match: 'event.type == "rebels.attacking.v3"', - path: '/dsstatus.v3' + match: 'event.type == "withdraw.v3"', + path: '/withdraw.v3' }, { - match: 'event.type == "rebels.attacking.v2"', - path: '/dsstatus.v2' + match: 'event.type == "withdraw.v2"', + path: '/withdraw.v2' }, ], - default: '/dsstatus' + default: '/withdraw' } } ]); @@ -143,6 +143,34 @@ app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) ``` {{% /codetab %}} +{{% codetab %}} +```csharp + [Topic("pubsub", "transactions", "event.type ==\"withdraw.v3\"", 1)] + [HttpPost("withdraw.v3")] + public async Task> WithdrawV2(TransactionV3 transaction, [FromServices] DaprClient daprClient) + { + // Logic + return account; + } + + [Topic("pubsub", "transactions", "event.type ==\"withdraw.v2\"", 2)] + [HttpPost("withdraw.v2")] + public async Task> WithdrawV2(TransactionV2 transaction, [FromServices] DaprClient daprClient) + { + // Logic + return account; + } + + [Topic("pubsub", "transactions")] + [HttpPost("withdraw")] + public async Task> WithdrawV2(Transaction transaction, [FromServices] DaprClient daprClient) + { + // Logic + return account; + } +``` +{{% /codetab %}} + {{% codetab %}} ```golang package main @@ -180,19 +208,19 @@ func configureSubscribeHandler(w http.ResponseWriter, _ *http.Request) { t := []subscription{ { PubsubName: "pubsub", - Topic: "deathStarStatus", + Topic: "transactions", Routes: routes{ Rules: []rule{ { - Match: `event.type == "rebels.attacking.v3"`, - Path: "/dsstatus.v3", + Match: `event.type == "withdraw.v3"`, + Path: "/withdraw.v3", }, { - Match: `event.type == "rebels.attacking.v2"`, - Path: "/dsstatus.v2", + Match: `event.type == "withdraw.v2"`, + Path: "/withdraw.v2", }, }, - Default: "/dsstatus", + Default: "/withdraw", }, }, } @@ -216,12 +244,12 @@ func main() { require_once __DIR__.'/vendor/autoload.php'; $app = \Dapr\App::create(configure: fn(\DI\ContainerBuilder $builder) => $builder->addDefinitions(['dapr.subscriptions' => [ - new \Dapr\PubSub\Subscription(pubsubname: 'pubsub', topic: 'deathStarStatus', routes: ( + new \Dapr\PubSub\Subscription(pubsubname: 'pubsub', topic: 'transactions', routes: ( rules: => [ - ('match': 'event.type == "rebels.attacking.v3"', path: '/dsstatus.v3'), - ('match': 'event.type == "rebels.attacking.v2"', path: '/dsstatus.v2'), + ('match': 'event.type == "withdraw.v3"', path: '/withdraw.v3'), + ('match': 'event.type == "withdraw.v2"', path: '/withdraw.v2'), ] - default: '/dsstatus')), + default: '/withdraw')), ]])); $app->post('/dsstatus', function( #[\Dapr\Attributes\FromBody] @@ -238,7 +266,213 @@ $app->start(); {{< /tabs >}} -In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. One caveat is that it is only possible to access the attributes inside `event.data` if it is nested JSON +In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. + +For reference, the following attributes are from the CloudEvents specification. + +### Event Data + +#### data + +As defined by the term Data, CloudEvents MAY include domain-specific information about the occurrence. When present, this information will be encapsulated within `data`. + +- Description: The event payload. This specification does not place any restriction on the type of this information. It is encoded into a media format which is specified by the `datacontenttype` attribute (e.g. application/json), and adheres to the `dataschema` format when those respective attributes are present. +- Constraints: + - OPTIONAL + +{{% alert title="Limitation" color="warning" %}} +Currently, it is only possible to access the attributes inside data if it is nested JSON values and not JSON escaped in a string. +{{% /alert %}} + +### REQUIRED Attributes + +The following attributes are REQUIRED to be present in all CloudEvents: + +#### id + +- Type: `String` +- Description: Identifies the event. Producers MUST ensure that `source` + `id` + is unique for each distinct event. If a duplicate event is re-sent (e.g. due + to a network error) it MAY have the same `id`. Consumers MAY assume that + Events with identical `source` and `id` are duplicates. +- Constraints: + - REQUIRED + - MUST be a non-empty string + - MUST be unique within the scope of the producer +- Examples: + - An event counter maintained by the producer + - A UUID + +#### source + +- Type: `URI-reference` +- Description: Identifies the context in which an event happened. Often this + will include information such as the type of the event source, the + organization publishing the event or the process that produced the event. The + exact syntax and semantics behind the data encoded in the URI is defined by + the event producer. + + Producers MUST ensure that `source` + `id` is unique for each distinct event. + + An application MAY assign a unique `source` to each distinct producer, which + makes it easy to produce unique IDs since no other producer will have the same + source. The application MAY use UUIDs, URNs, DNS authorities or an + application-specific scheme to create unique `source` identifiers. + + A source MAY include more than one producer. In that case the producers MUST + collaborate to ensure that `source` + `id` is unique for each distinct event. + +- Constraints: + - REQUIRED + - MUST be a non-empty URI-reference + - An absolute URI is RECOMMENDED +- Examples + - Internet-wide unique URI with a DNS authority. + - https://github.com/cloudevents + - mailto:cncf-wg-serverless@lists.cncf.io + - Universally-unique URN with a UUID: + - urn:uuid:6e8bc430-9c3a-11d9-9669-0800200c9a66 + - Application-specific identifiers + - /cloudevents/spec/pull/123 + - /sensors/tn-1234567/alerts + - 1-555-123-4567 + +#### specversion + +- Type: `String` +- Description: The version of the CloudEvents specification which the event + uses. This enables the interpretation of the context. Compliant event + producers MUST use a value of `1.0` when referring to this version of the + specification. + + Currently, this attribute will only have the 'major' and 'minor' version + numbers included in it. This allows for 'patch' changes to the specification + to be made without changing this property's value in the serialization. + Note: for 'release candidate' releases a suffix might be used for testing + purposes. + +- Constraints: + - REQUIRED + - MUST be a non-empty string + +#### type + +- Type: `String` +- Description: This attribute contains a value describing the type of event + related to the originating occurrence. Often this attribute is used for + routing, observability, policy enforcement, etc. The format of this is + producer defined and might include information such as the version of the + `type` - see + [Versioning of CloudEvents in the Primer](primer.md#versioning-of-cloudevents) + for more information. +- Constraints: + - REQUIRED + - MUST be a non-empty string + - SHOULD be prefixed with a reverse-DNS name. The prefixed domain dictates the + organization which defines the semantics of this event type. +- Examples + - com.github.pull_request.opened + - com.example.object.deleted.v2 + +### OPTIONAL Attributes + +The following attributes are OPTIONAL to appear in CloudEvents. See the +[Notational Conventions](#notational-conventions) section for more information +on the definition of OPTIONAL. + +#### datacontenttype + +- Type: `String` per [RFC 2046](https://tools.ietf.org/html/rfc2046) +- Description: Content type of `data` value. This attribute enables `data` to + carry any type of content, whereby format and encoding might differ from that + of the chosen event format. For example, an event rendered using the + [JSON envelope](./json-format.md#3-envelope) format might carry an XML payload + in `data`, and the consumer is informed by this attribute being set to + "application/xml". The rules for how `data` content is rendered for different + `datacontenttype` values are defined in the event format specifications; for + example, the JSON event format defines the relationship in + [section 3.1](./json-format.md#31-handling-of-data). + + For some binary mode protocol bindings, this field is directly mapped to the + respective protocol's content-type metadata property. Normative rules for the + binary mode and the content-type metadata mapping can be found in the + respective protocol + + In some event formats the `datacontenttype` attribute MAY be omitted. For + example, if a JSON format event has no `datacontenttype` attribute, then it is + implied that the `data` is a JSON value conforming to the "application/json" + media type. In other words: a JSON-format event with no `datacontenttype` is + exactly equivalent to one with `datacontenttype="application/json"`. + + When translating an event message with no `datacontenttype` attribute to a + different format or protocol binding, the target `datacontenttype` SHOULD be + set explicitly to the implied `datacontenttype` of the source. + +- Constraints: + - OPTIONAL + - If present, MUST adhere to the format specified in + [RFC 2046](https://tools.ietf.org/html/rfc2046) +- For Media Type examples see + [IANA Media Types](http://www.iana.org/assignments/media-types/media-types.xhtml) + +#### dataschema + +- Type: `URI` +- Description: Identifies the schema that `data` adheres to. Incompatible + changes to the schema SHOULD be reflected by a different URI. See + [Versioning of CloudEvents in the Primer](primer.md#versioning-of-cloudevents) + for more information. +- Constraints: + - OPTIONAL + - If present, MUST be a non-empty URI + +#### subject + +- Type: `String` +- Description: This describes the subject of the event in the context of the + event producer (identified by `source`). In publish-subscribe scenarios, a + subscriber will typically subscribe to events emitted by a `source`, but the + `source` identifier alone might not be sufficient as a qualifier for any + specific event if the `source` context has internal sub-structure. + + Identifying the subject of the event in context metadata (opposed to only in + the `data` payload) is particularly helpful in generic subscription filtering + scenarios where middleware is unable to interpret the `data` content. In the + above example, the subscriber might only be interested in blobs with names + ending with '.jpg' or '.jpeg' and the `subject` attribute allows for + constructing a simple and efficient string-suffix filter for that subset of + events. + +- Constraints: + - OPTIONAL + - If present, MUST be a non-empty string +- Example: + - A subscriber might register interest for when new blobs are created inside a + blob-storage container. In this case, the event `source` identifies the + subscription scope (storage container), the `type` identifies the "blob + created" event, and the `id` uniquely identifies the event instance to + distinguish separate occurrences of a same-named blob having been created; + the name of the newly created blob is carried in `subject`: + - `source`: https://example.com/storage/tenant/container + - `subject`: mynewfile.jpg + +#### time + +- Type: `Timestamp` +- Description: Timestamp of when the occurrence happened. If the time of the + occurrence cannot be determined then this attribute MAY be set to some other + time (such as the current time) by the CloudEvents producer, however all + producers for the same `source` MUST be consistent in this respect. In other + words, either they all use the actual time of the occurrence or they all use + the same algorithm to determine the value used. +- Constraints: + - OPTIONAL + - If present, MUST adhere to the format specified in + [RFC 3339](https://tools.ietf.org/html/rfc3339) + +{{% alert title="Limitation" color="warning" %}} +Currently, comparisons to time (e.g. before or after "now") are not supported. +{{% /alert %}} ## Next steps From cebe13ff747898175ff7371e3b16bbae7b081d50 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Wed, 15 Sep 2021 19:08:45 -0400 Subject: [PATCH 083/115] Tweaks per PR --- .../building-blocks/pubsub/howto-route-messages.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 51967caa0..b69926997 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -94,7 +94,7 @@ def subscribe(): }] return jsonify(subscriptions) -@app.route('/dsstatus', methods=['POST']) +@app.route('/withdraw', methods=['POST']) def ds_subscriber(): print(request.json, flush=True) return json.dumps({'success':True}), 200, {'ContentType':'application/json'} @@ -134,7 +134,7 @@ app.get('/dapr/subscribe', (req, res) => { ]); }) -app.post('/dsstatus', (req, res) => { +app.post('/withdraw', (req, res) => { console.log(req.body); res.sendStatus(200); }); @@ -147,7 +147,7 @@ app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) ```csharp [Topic("pubsub", "transactions", "event.type ==\"withdraw.v3\"", 1)] [HttpPost("withdraw.v3")] - public async Task> WithdrawV2(TransactionV3 transaction, [FromServices] DaprClient daprClient) + public async Task> WithdrawV3(TransactionV3 transaction, [FromServices] DaprClient daprClient) { // Logic return account; @@ -163,7 +163,7 @@ app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) [Topic("pubsub", "transactions")] [HttpPost("withdraw")] - public async Task> WithdrawV2(Transaction transaction, [FromServices] DaprClient daprClient) + public async Task> Withdraw(Transaction transaction, [FromServices] DaprClient daprClient) { // Logic return account; @@ -251,7 +251,7 @@ $app = \Dapr\App::create(configure: fn(\DI\ContainerBuilder $builder) => $builde ] default: '/withdraw')), ]])); -$app->post('/dsstatus', function( +$app->post('/withdraw', function( #[\Dapr\Attributes\FromBody] \Dapr\PubSub\CloudEvent $cloudEvent, \Psr\Log\LoggerInterface $logger @@ -266,7 +266,7 @@ $app->start(); {{< /tabs >}} -In these examples, depending on the type of the event (`event.type`), the application will be called on `/dsstatus.v3`, `/dsstatus.v2` or `/dsstatus`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. +In these examples, depending on the type of the event (`event.type`), the application will be called on `/withdraw.v3`, `/withdraw.v2` or `/withdraw`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. For reference, the following attributes are from the CloudEvents specification. @@ -396,7 +396,7 @@ on the definition of OPTIONAL. For some binary mode protocol bindings, this field is directly mapped to the respective protocol's content-type metadata property. Normative rules for the binary mode and the content-type metadata mapping can be found in the - respective protocol + respective protocol. In some event formats the `datacontenttype` attribute MAY be omitted. For example, if a JSON format event has no `datacontenttype` attribute, then it is From 9a30f4a980039ecfc546908eb4e489f45045663c Mon Sep 17 00:00:00 2001 From: Simon Leet <31784195+CodeMonkeyLeet@users.noreply.github.com> Date: Thu, 16 Sep 2021 21:30:40 -0700 Subject: [PATCH 084/115] Fix typo in setup-sqlserver.md (#1794) Co-authored-by: Ori Zohar --- .../supported-state-stores/setup-sqlserver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md index 37a9933ce..b2e0bd148 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md @@ -41,7 +41,7 @@ spec: The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} -If you wish to use Redis as an [actor state store]({{< ref "state_api.md#configuring-state-store-for-actors" >}}), append the following to the yaml. +If you wish to use SQL server as an [actor state store]({{< ref "state_api.md#configuring-state-store-for-actors" >}}), append the following to the yaml. ```yaml - name: actorStateStore From 3dd9c8e48b5d68d71077679ca73c5b7ebc7b5066 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Fri, 17 Sep 2021 09:09:16 -0700 Subject: [PATCH 085/115] Minor style tweaks --- .../en/operations/components/component-secrets.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/daprdocs/content/en/operations/components/component-secrets.md b/daprdocs/content/en/operations/components/component-secrets.md index 63a8c53aa..a1076800c 100644 --- a/daprdocs/content/en/operations/components/component-secrets.md +++ b/daprdocs/content/en/operations/components/component-secrets.md @@ -38,9 +38,9 @@ spec: value: MyPassword ``` -Instead create the secret in your secret store and reference it in the component definition. There are 2 cases for this shown below -- the "Secret Contains an Embedded Key" and the "Secret is a String". +Instead create the secret in your secret store and reference it in the component definition. There are two cases for this shown below -- the "Secret contains an embedded key" and the "Secret is a string". -The "Secret Contains an Embedded Key" case applies when there is a key embedded within the secret, i.e. the secret is NOT an entire connection string. This is shown in the following component definition yaml. +The "Secret contains an embedded key" case applies when there is a key embedded within the secret, i.e. the secret is **not** an entire connection string. This is shown in the following component definition yaml. ```yml apiVersion: dapr.io/v1alpha1 @@ -64,10 +64,9 @@ auth: `SECRET_STORE_NAME` is the name of the configured [secret store component]({{< ref supported-secret-stores >}}). When running in Kubernetes and using a Kubernetes secret store, the field `auth.SecretStore` defaults to `kubernetes` and can be left empty. -The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value associated with the `redis-password` key embedded in the secret to the `redisPassword` field in the component. One use of this case is when your code is constructing a connection string, for example putting together a URL, a secret, plus other information as necessary, into a string. +The above component definition tells Dapr to extract a secret named `redis-secret` from the defined `secretStore` and assign the value associated with the `redis-password` key embedded in the secret to the `redisPassword` field in the component. One use of this case is when your code is constructing a connection string, for example putting together a URL, a secret, plus other information as necessary, into a string. - -On the other hand, the below "Secret is a String" case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret itself is an entire connection string with no embedded key whose value needs to be extracted. Typically a connection string consists of connection information, some sort of secret to allow connection, plus perhaps other information and does not require a separate "secret". This case is shown in the below component definition yaml. +On the other hand, the below "Secret is a string" case applies when there is NOT a key embedded in the secret. Rather, the secret is just a string. Therefore, in the `secretKeyRef` section both the secret `name` and the secret `key` will be identical. This is the case when the secret itself is an entire connection string with no embedded key whose value needs to be extracted. Typically a connection string consists of connection information, some sort of secret to allow connection, plus perhaps other information and does not require a separate "secret". This case is shown in the below component definition yaml. ```yml apiVersion: dapr.io/v1alpha1 @@ -88,7 +87,7 @@ auth: secretStore: ``` -The above "Secret is a String" case yaml tells Dapr to extract a connection string named `asbNsConnstring` from the defined `secretStore` and assign the value to the `connectionString` field in the component since there is no key embedded in the "secret" from the `secretStore` because it is a plain string. This requires the secret `name` and secret `key` to be identical. +The above "Secret is a string" case yaml tells Dapr to extract a connection string named `asbNsConnstring` from the defined `secretStore` and assign the value to the `connectionString` field in the component since there is no key embedded in the "secret" from the `secretStore` because it is a plain string. This requires the secret `name` and secret `key` to be identical. ## Example From 9288a8b1d04024fc6757a33701fbe6dba9cf376e Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Fri, 17 Sep 2021 14:28:22 -0700 Subject: [PATCH 086/115] Added link to community call video for how to use gRPC proxying --- .../service-invocation/howto-invoke-services-grpc.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md index a29e83063..f8b293f72 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md @@ -308,3 +308,10 @@ For more information on tracing and logs see the [observability]({{< ref observa * [Service invocation overview]({{< ref service-invocation-overview.md >}}) * [Service invocation API specification]({{< ref service_invocation_api.md >}}) * [gRPC proxying community call video](https://youtu.be/B_vkXqptpXY?t=70) + +## Community call demo +Watch this [video](https://youtu.be/B_vkXqptpXY?t=308) on how to use the Dapr VS Code extension: + +
+ +
\ No newline at end of file From 852f3c0a6adc4552e0a11717d0a423e6a4e49dda Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Fri, 17 Sep 2021 14:31:10 -0700 Subject: [PATCH 087/115] Update timestamp on YT video --- .../service-invocation/howto-invoke-services-grpc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md index f8b293f72..8639791a7 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md +++ b/daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-services-grpc.md @@ -310,7 +310,7 @@ For more information on tracing and logs see the [observability]({{< ref observa * [gRPC proxying community call video](https://youtu.be/B_vkXqptpXY?t=70) ## Community call demo -Watch this [video](https://youtu.be/B_vkXqptpXY?t=308) on how to use the Dapr VS Code extension: +Watch this [video](https://youtu.be/B_vkXqptpXY?t=69) on how to use Dapr's gRPC proxying capability:
From 0df864472fd75b70654ed49a2b2fbbbc91b18156 Mon Sep 17 00:00:00 2001 From: Joni Collinge Date: Sun, 19 Sep 2021 08:05:56 +0100 Subject: [PATCH 088/115] add asb metadata docs --- .../setup-azure-servicebus.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md index 9632a470f..67791eacd 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md @@ -84,6 +84,38 @@ The above example uses secrets as plain strings. It is recommended to use a secr | publishMaxRetries | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5` | publishInitialRetryInternalInMs | N | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `500` | `500` +## Message metadata + +Azure Service Bus messages extend the Dapr message format with additional contextual metadata. Some metadata fields are set by Azure Service Bus itself (read-only) and others can be set by the client when publishing a message. + +### Sending a message with metadata + +To set Azure Service Bus metadata when publishing a message, add any of the following properties as either HTTP headers or gRPC message metadata. + +- `metadata.MessageId` +- `metadata.CorrelationId` +- `metadata.SessionId` +- `metadata.Label` +- `metadata.ReplyTo` +- `metadata.PartitionKey` +- `metadata.To` +- `metadata.ContentType` +- `metadata.ScheduledEnqueueTimeUtc` +- `metadata.ReplyToSessionId` + +### Receiving a message with metadata + +When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata. +In addition to the [settable metadata listed above](#sending-a-message-with-metadata), you can also access the following read-only message metadata. + +- `metadata.DeliveryCount` +- `metadata.LockedUntilUtc` +- `metadata.LockToken` +- `metadata.EnqueuedTimeUtc` +- `metadata.SequenceNumber` + +> To find out more details on the purpose of any of these metadata properties, please refer to [the official Azure Service Bus documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/message-headers-and-properties#message-headers). + ## Create an Azure Service Bus Follow the instructions [here](https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal) on setting up Azure Service Bus Topics. From 3ac50e57864e99a6ca4be584298a79d7f3d8870c Mon Sep 17 00:00:00 2001 From: Joni Collinge Date: Sun, 19 Sep 2021 08:12:58 +0100 Subject: [PATCH 089/115] improve consistency --- .../supported-pubsub/setup-azure-servicebus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md index 67791eacd..bc8a11089 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md @@ -90,7 +90,7 @@ Azure Service Bus messages extend the Dapr message format with additional contex ### Sending a message with metadata -To set Azure Service Bus metadata when publishing a message, add any of the following properties as either HTTP headers or gRPC message metadata. +To set Azure Service Bus metadata when sending a message, add any of the following properties as either HTTP headers or gRPC message metadata. - `metadata.MessageId` - `metadata.CorrelationId` From f2b362020f151e292cee9953ce0c0b1c2ee3933d Mon Sep 17 00:00:00 2001 From: Joni Collinge Date: Sun, 19 Sep 2021 08:20:47 +0100 Subject: [PATCH 090/115] use query params not headers --- .../supported-pubsub/setup-azure-servicebus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md index bc8a11089..446467691 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md @@ -90,7 +90,7 @@ Azure Service Bus messages extend the Dapr message format with additional contex ### Sending a message with metadata -To set Azure Service Bus metadata when sending a message, add any of the following properties as either HTTP headers or gRPC message metadata. +To set Azure Service Bus metadata when sending a message, set the query parameters on the HTTP request or the gRPC metadata as documented [here](https://docs.dapr.io/reference/api/pubsub_api/#metadata). - `metadata.MessageId` - `metadata.CorrelationId` From a6279eca751eddddf83f2f0e51ba8b8ef252a180 Mon Sep 17 00:00:00 2001 From: Joni Collinge Date: Sun, 19 Sep 2021 08:48:17 +0100 Subject: [PATCH 091/115] add note on message id --- .../supported-pubsub/setup-azure-servicebus.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md index 446467691..ee3def3da 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus.md @@ -103,6 +103,8 @@ To set Azure Service Bus metadata when sending a message, set the query paramete - `metadata.ScheduledEnqueueTimeUtc` - `metadata.ReplyToSessionId` +> **NOTE:** The `metadata.MessageId` property does not set the `id` property of the cloud event and should be treated in isolation. + ### Receiving a message with metadata When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata. @@ -114,7 +116,7 @@ In addition to the [settable metadata listed above](#sending-a-message-with-meta - `metadata.EnqueuedTimeUtc` - `metadata.SequenceNumber` -> To find out more details on the purpose of any of these metadata properties, please refer to [the official Azure Service Bus documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/message-headers-and-properties#message-headers). +To find out more details on the purpose of any of these metadata properties, please refer to [the official Azure Service Bus documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/message-headers-and-properties#message-headers). ## Create an Azure Service Bus From d2651cd3f267c23b01d942e1b863ab5fa3f27ee5 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Mon, 20 Sep 2021 12:11:59 -0700 Subject: [PATCH 092/115] updates to daprdocs, concepts, getting-started index pages --- daprdocs/content/en/_index.md | 195 ++++++++++++------ daprdocs/content/en/concepts/_index.md | 11 +- daprdocs/content/en/getting-started/_index.md | 2 + daprdocs/static/images/homepage/javalang.png | Bin 0 -> 6561 bytes 4 files changed, 144 insertions(+), 64 deletions(-) create mode 100644 daprdocs/static/images/homepage/javalang.png diff --git a/daprdocs/content/en/_index.md b/daprdocs/content/en/_index.md index da87a5014..5243416f2 100644 --- a/daprdocs/content/en/_index.md +++ b/daprdocs/content/en/_index.md @@ -7,16 +7,19 @@ no_list: true Welcome to the Dapr documentation site! -### Sections + +{{% alert title="What is Dapr?" color="primary" %}} +Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, +stateless and stateful applications that run on the cloud and edge and embraces the diversity of +languages and developer frameworks. Leveraging the benefits of a sidecar architecture, Dapr helps +you tackle the challenges that come with building microservices and keeps your code platform agnostic. +{{< button text="Get started" page="getting-started" >}} +{{% /alert %}} + + +### Start developing with Dapr
-
-
-
Concepts
-

Learn about Dapr, including its main features and capabilities.

- -
-
Getting started
@@ -24,6 +27,26 @@ Welcome to the Dapr documentation site!
+
+
+
Quickstarts
+

A collection of tutorials with code samples to get you started quickly with Dapr.

+ +
+
+
+
+
Concepts
+

Learn about Dapr, including its main features and capabilities.

+ +
+
+
+ + +### Learn more about Dapr + +
Developing applications
@@ -31,9 +54,13 @@ Welcome to the Dapr documentation site!
-
-
-
+
+
+
Building blocks
+

Capabilities that solve common development challenges for distributed applications.

+ +
+
Operations
@@ -41,6 +68,12 @@ Welcome to the Dapr documentation site!
+
+ + +### Additional info + +
Reference
@@ -58,64 +91,100 @@ Welcome to the Dapr documentation site!
-### Tooling +### Tooling and resources -
- - Visual studio code icon - -
-
IDE Integrations
-

Learn how to get up and running with Dapr in your preferred integrated development environment.

+
+
+
+
+ Visual studio code icon + IDE Integrations +
+

+ Learn how to get up and running with Dapr in your preferred integrated development environment. +

+ +
-
- - Code icon - -
-
Language SDKs
-

Create Dapr applications in your preferred language using the Dapr SDKs.

-
- +
+
+
+
+
+ Code icon + Language SDKs +
+

+ Create Dapr applications in your preferred language using the Dapr SDKs. +

+ +
+
+
+
+
+
+
+
.NET logo - -
-
.NET
-
+ .NET +
+

+ Learn more about the .NET SDK. +

+
-
- +
+
+
+
Python logo - -
-
Python
-
-
-
- - Java logo - -
-
Java
-
-
-
- - Go logo - -
-
Go
-
-
-
- - PHP logo - -
-
PHP
-
+ Python + +

+ Learn more about the Python SDK. +

+
-
+
+
+
+
+
+ Java logo + Java +
+

+ Learn more about the Java SDK. +

+ +
+
+
+
+
+ Go logo + Go +
+

+ Learn more about the Go SDK. +

+ +
+
+
+
+
+ PHP logo + PHP +
+

+ Learn more about the PHP SDK. +

+ +
+
+
\ No newline at end of file diff --git a/daprdocs/content/en/concepts/_index.md b/daprdocs/content/en/concepts/_index.md index e685e646b..739c90be0 100644 --- a/daprdocs/content/en/concepts/_index.md +++ b/daprdocs/content/en/concepts/_index.md @@ -4,4 +4,13 @@ title: "Dapr concepts" linkTitle: "Concepts" weight: 10 description: "Learn about Dapr including its main features and capabilities" ---- \ No newline at end of file +--- + +Welcome to the Dapr concepts guide! + + +{{% alert title="Getting started with Dapr" color="primary" %}} +If you are ready to jump in and start developing with Dapr, please +visit the [getting started section]({{}}). +{{< button text="Install Dapr" page="getting-started" >}} +{{% /alert %}} \ No newline at end of file diff --git a/daprdocs/content/en/getting-started/_index.md b/daprdocs/content/en/getting-started/_index.md index f82e9faca..238fed7b3 100644 --- a/daprdocs/content/en/getting-started/_index.md +++ b/daprdocs/content/en/getting-started/_index.md @@ -11,6 +11,7 @@ Welcome to the Dapr getting started guide! {{% alert title="Dapr Concepts" color="primary" %}} If you are looking for an introductory overview of Dapr and learn more about basic Dapr terminology, it is recommended to visit the [concepts section]({{}}). +{{< button text="Learn more" page="concepts" >}} {{% /alert %}} This guide will walk you through a series of steps to install, initialize and start using Dapr. The recommended way to get started with Dapr is to setup a local development environment (also referred to as [_self-hosted_ mode]({{< ref self-hosted >}})) which includes the Dapr CLI, Dapr sidecar binaries, and some default components that can help you start using Dapr quickly. @@ -23,3 +24,4 @@ The following steps in this guide are: 1. Explore Dapr quickstarts {{< button text="First step: Install the Dapr CLI >>" page="install-dapr-cli" >}} +

\ No newline at end of file diff --git a/daprdocs/static/images/homepage/javalang.png b/daprdocs/static/images/homepage/javalang.png new file mode 100644 index 0000000000000000000000000000000000000000..b6786a19405e6b6169c846d58625e71dedb055cd GIT binary patch literal 6561 zcmV;S8D8dzP)00Bh^0{{R3EuQaa00004XF*Lt006O% z3;baP00001b5ch_0Itp)=>Px#7<5HgbW?9;ba!ELWdLwtX>N2bZe?^JG%heMIczh2 zP5=M^32;bRa{vGi!vFvd!vV){sAK>D083CzR7FQ{Oj3fOQGuaRfuK==p;3XM=xhK| zfuZJY08)XW=WYN}f}!Vb0OxK1=5PQ~f}!Vb0OxK1=WPJyZUEl(j@000=6NklC^L(|Er?GT zZb5t^HSR%lLMXvah|Z^11-kX5hdTc&jR#lbaK14>}YtR{T zxwxdPK}P}~nW!4{3S;%SByB)PDiXx}3Qy()1dq5_>ZpiA6{_%t1zdVK7?%5fuN zi_@!$;zq9L9Wk2%HKYIIRL=H6qp?i{xw8Y%x{Ug7X+G$LNy9V51QiWl^C+ zk4#7x@`{$I=)W$^z#Jp=-w)Nai8(&C<>zTTH!(*N_wy7kAB{Plk*!fUYGR%T5qF`O zM5e!S3KtZt38D**HTSK%^Qr(3F{MOPS|HEgn5cq&ig~T$&1*Hf^Noq5eLaWS>QX-v zcpOI?Hy52#`Vr>>G6F^b>zB$cqMOXGMbZ&F!1p(1F^ya@4o%=$yvQv;j(!NOwXLILni=B2{ z0mVl6Eefk_6wXQ8JI)+aa6d%hobFt8EIUO8w@J*ojlwC1o(o2y^d4nfwB4z`T{TD3 z{zI5M+g^mhNLM4X1%1iW2pt70K>xx;7^U`&UyJ%{d6VACdG?scQ0D44{VHUaN{{vG2^ z(V@r3++7acvhRQNdL9*hv!KIMai*e6 z%)f3Fa{|8<&}8{Y-M1M2a11}axtCiSy^y!nwY$2d86SSeGPtN4rSBTi|A41T7!l}FCFxw48C4#<9VL;G% z@P+^A(>G$@bKv1v&a0!QPa*9)yQ>1c+0P#r2>K?4!1mBa-kHP#T&g_2C?Mdw0O&WP(J z!uU0WBj|^PB24r4Rm-%f*RX=SblX?SxS5%d{Td;;*y&vFWS%cz;900wpLMQnSko2Dt6{M`+FgdYt<<}Y8gal9D&2aO ztQB0dLU1-4NorjJP19hnK4W5T0CYhByX|<)ka?zgz&bib3!?Fa9hh1LNn^MEz{ae+qD87nJEW(dq5 zY)|d+`*c}_h?!WD0hMFs{Qe|t4eV_m>Nk};o|bbaIXNWqb{ej96`EdFVLPt8nPv^y zt={<%G;9%z-q-YJyFD&Cb=gn73eZD0+^84jaQj}khXC?XCvRr?dn%i!cIGl(bKM>} zK;(GXh8u2)ftvu0(^Wv|t_$>KFIy#$Xl3EN+(4Y(T^%jBW=uB1xV<4D^?3&k%3Pa7 z-z4_=dkxxd1eU!@TLMgui^20%Xgc{zd1=|YkVd$IXXZ27Ih4FJdkEiM!y|J`EGe6X z?^V`-bvWEQ6>9+fd5KQ$O0f6Cslv-sOQ5|YeQHo>($rS^yP`Psy2jZlyaa{x^Bbw5 zj9gB0shkB6(Z3YZ^MB_7d0+kHBTO081%nKu1a`nV#Y{) ze7ltNZ8)&#LPi?7auu`wmT=vdG!VshK^Hy;0lcMwjm0cqw9(LZ42$71IiX8|KE6ke z`w)X&d(6j{n;2c&GcsQEoCUe{jrjDQns!*1fE8Veu{^9?--A*9qwXt{_Zuq6RzN4d zbt{N{SEC_Q3l%8=sQczu^g848a4jP~Z)-Q*a{M=6A?PpH>G9L4H?_59pRT;1Gk^hO z;{z_bLeO8jPQZL=kN}F1hc6K3sGuCm=H`1^pSXyYmL!B*$FK{<=@^9V<5A(mx|JYX$v@y4%3# zOSHp&U(<(+E_{NsH6(Lfx zr|1FDhl(!cN5`&SLrLU&5i17$QE7FhX!sIcUV%Qn8C>NBrLRGv|1*bP(0h|E!spV5 z&wDet%JbJ6`U_Yc=nvG{kWZg+%^{ku*s~#x2KJrvfR5XtIX)$IF}Q@af!-AS9X(uh ziQ9(2pf_`jpe}eaz|KwkZn$(`ej=4QtPy{0pf?X*)?PkT%-Pom16`Ex26!^W^bCGp zLi<5W4IaH%9q0|}%9D{BGqRdxyX*@-y$qRoAVXt4zo&NdxX-#i zvSV_%Ud|7>9uB8$LQPLYw%Z1}@D^Pxp7W>V z!}QxzbkW0T5jwaAJ}2lk+=pwu+mHP|Uy|d;2LGV}!5l8T>@SDp>B6%tIh?z=pN}Io z-Gce!2CufMQiGcADY_U&z{YSb6F`(R*}Xw-u8ds0$CvYeFIw;KA;~^}ug7=K!&`sr z5AA;H@!Ey`HVX9Kep6kF(A;}J7H`@2;fErm1vL>TVv*c?cD!BowLI-;t!<}KZ`bf! z%BP9XkC(QI-(RxNLGMk}vecJg@URkR(PjAYC+17F@@BTa1^VgG=1%+TAshRSrEj<| zSdswLy*`}{+#dx8UApXhKGZ*9PNx&Gn;-Pk;j(W*eo0Q_-?I+aiYaR>$F^(tqwdpm z1I-*Zh-L-dHR+NLwo-L{zH^(t2zrfphbJ9QlcdQx)zhY4PaP9~`w(=aqs7HIAfWGZ zyG4;h)?ETK^WOqJORjAlzh9GVnm5+Pb$0Oq^-K+lqkk?Ts)sMn z4!w%a26_*2K%VQ{3H~D>W@ra)_d_`7-4O&&!50R4Y01QPSwlW(ALLx1C+A)*V>vy~ zPRHbSJ%ef~Svwbh&Vqfqg7#6tKsSpntasupND1)N&y=8NUBdp9(*kgxPRZf+tf`!V z$)Ju`KL%?$nHF@zQa{>f_z+7=mjFGx+%0v>!_21qKid2MxdCXPc!aDO47wT%djCfE zu65_1zxA}BU+-4Aon|oPwQ4ubFij@)o#nru13o(I z$uXP6fS+o5R;zW>g|YwZdFsn033_AEwp07D=3PTWeJALK>Cj!(*Td(Dy5sb8LeP(Q z59*DaueU>z98XyWhWG(;jdBC?qub{EXT9%x_vf8&*%;>(40;K?8G}$@dfZ@Txg36( z0ABiP-cdV_y&pZgZoq%OT&~w!Er*9BkKa#e{_pjAy*%1g_YZ9M_YgT>4A|Mu_E8M%M$U5l3LDh!nZA~F_r#-9HFm!1aN+9wa&Dr)xJ zGk4uNu35d^B#@Boz@#LUmr%vzp zXXY8!tenZ~^w|2AEln6eml}6`8rG%ZJYhsodwe)te{PqUW{3G@z+X|_;d<4JoZj84+&w`0WTV6J=;;o3kUl%{>l(jKUeV!_Tg$KW zDp}D6WSyL8=R{B7@01DZAe@8H{%+OVT-wo~DvGNk8qY%~qTNCp%xC<&Yv{@;u&b)q z$Na2bwt5vn?nUrD@1Xim_;E7~KHrMv0gCRzqk&=6*?o+frtHwOU>E5#O;RrPiG8RH z!8!G=)o0wrl7N7%vc0406df`L531qMfuzs)cV}l$$jXDt(i@WAGxU;%I^2^xIWlFX z`QT&D%HC5jlaIM{l0KD`JA40U4zB+6rcdPW>q%#Ul|I8wb|QBAojX5Y?rD<0 zP|~Mj|A0=9{hY?o@!rmue>>^jQyfuwxaCcH+P{fZ%<+8P-=mQI<=B25Jg)jO_zDwH z`<=@9o_~5Hx7*)&`9{)(3Ttl(mXXU3x6}RF9ER=w4ii=tcIJ;awRQin`5qh-|NWdU z9T|$#^*0|sgZ;hFc*m5cMY;|O(I?JnF4^sT{|Cv>!(U$l;;E=bX%C0r7the;MSM-m zw#a(TIL?n=jxoX0hWW#{a->jNQ>67wEU;m9H_mKdcL*=#(EdWCNS1S7)7>pHVn*zk zsjMI@Va`2~&@p^VN0`057M>w_s+@ZpEl>7T3r{J>KRV?IwMA+e7{I*phXd$ z%tMLpElc5xYDSlqC#2PF=fq!gxR^o?WqA=P0Df0GBmR@dxI_XC-OWd@7+$Y#>$VL& z=rGn5JH17aZK1O1FttY+OnckkB+rhYo=3DPf{Fy{QSM_$A8AEs{w8jr#| z+NRmIoyns{m>^Z7&UQ`$+L`y`YK8-*+M-BrI+utkZ?#pALHrBgniYj|_D&Jv6(Z

`rnbC288rwiF(0Tib4l~G11<<%E}v8H~u`b=n#n{@8%B5Nyf6%8=h2?6yJ z+Ij4zK53qVzSgpAx*N^ENm)iz&685i%OKE3B!#FD4WtRzKCAnR=sEa@`WzOuMa`(q zRA%0aSO!p@UoXh{!?v!tL=zgPEaQTwC{{!Zqi| zm5#WdCq_GQiBQy@T^2Nkwx54^&9aDgsyE~vL?|4B@`9PeVY~u)?{aN@+3_!+U9c^L zDvaoed#44-TKSOXd^hWUL)ZSOy|eWU9{f3@!dF%*6pVm-Fay{QKssZo%mUhXc|D+Q z3EK*E3HD*7hb&^A>O@BFXhpq{xiy%#3G|p49;6A1f-%mY>1YqohK8Pf)qUPb71Yvz zRvXX?`jT354m9VAI!kXG+n@c62fRGr#O|9F(9}qT@&cx)l@#B^_n;Z=!|_#okD2=?(<43%I=a2o zzm6!wts-S)-6|PbEF?>C#ZH^R-*i&odUMus zXHU=A*`{sk;N6k)1YLZw)r@VT(a6*F@mtW2jHix$rdIaqY>&-uZ;+l_OM^zLjG~Rd z&F)S!C6^P9>6kQfFmUM!>YgAC;_>qj6E7>5Uj26T=?U;nS*A=8TrKxW{9$v>jevLX z;m!)p4SAfitZ=B2R4YiSBCFgv(w$5g*3*n4y4`Ez&R8Ht zQ(vWm__O)Wtnx^6JYSn|fuY`mj4RUdzD9U;$(wA4zUI%cX)f`OCf-tX=QdPkbhmr6 zOsIAZO-D?aNk;;b5dD@BGb;(Q9+6?`8~K}t%q*#SajBoym0wl=9gukkDkC~p-sxR< zUsK_*L7{&S+RMv`iNr}eEVFp=03Wao_H(Ci&$-5QkM~6t{qaibjW;Q?dL^FYyqv2+ zs`PCY2C8!jF`Q#k&dd4e#_KJ2L=ZtSR|N{~+zU-6W*)xVo+xOORl>wfh)aC?!ei07 z9U>adJjBrFuDJ{L78cIBgG4ljYC%x0>ITM>=Gzu{w47rL)KW`tDjkaSh!;?xp$6p{ zj;jJJv<%zRd&EnfNWG%4!-2@CrJcBpoGWB`h%9U}wuBLRFA9JKrC{4?ZW=3dRa8=m z(pO^ywxiWSu!f@8XOJ&A*fnrX=Bq6IQ~4Mw8&1F8ENYUT9kpeoWk6X(thNAzXrxKB zvL%)EfUnusr_49d4ccnayH6v2ST5;o`SqkVke8`e0p;B4%S=>R2}7-wo~a0?%ofxa z8d#R31CM}3b;1m3gfVS5Xy|jSn~G<$v=gx%y$5Rn2Jcl1qW!XfzaV!#n%?FSC{|KW z*!E@(t%fP?=x*Z8&{Va6c`{NN8te)ybh@#y8J&VDv;GvuYeD3LmY%5^rCEP2TSFX>d>K0oyUThxW0N^GEF-8kD3g$qS6T79Nec^aCSr9#x}nUlvd8 zO@<_LSoULw!CGmwp1B;yxaz1D;w|f1em`%rCfb=ciT2^Os%T}|4_@Y1@kcLbhpv5# zUEetWCZAHr+R_(fH7^dY(hLpd?7YsYkx1gc2@Nr@RHDy2dXlYdw$hg!CDgQ)NCrPc! zDXDl;Q1t7cXWlH+bC-gsIQW6qooPpqD3S3EUV3J-p-+FYb&Zts%Acr$3KT5bhIR?} zTsq6>_T&p&BUKArxspIB)^2{*j%rdMws6W;POVxxWou__vTu0NK6lf)M_RUK9aLcJ zMyRG>qJ#{p9n56vW<;aTtEqPHqdMvLZ&{J!&)g33Y6T#-2m}IwKp+qZ1OkCTAP@)y;*;?oVmAB* THGBOs00000NkvXXu0mjf^ttv3 literal 0 HcmV?d00001 From cfbe58cc79fdb30ecc4c54789a1c75cc1556d573 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 21 Sep 2021 09:07:36 -0700 Subject: [PATCH 093/115] Update JS submodule --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index e8be7ab1d..6f4e986fb 100644 --- a/.gitmodules +++ b/.gitmodules @@ -22,4 +22,4 @@ url = https://github.com/dapr/java-sdk.git [submodule "sdkdocs/js"] path = sdkdocs/js - url = https://github.com/greenie-msft/js-sdk.git + url = https://github.com/dapr/js-sdk.git From dc2ae042cf1f3f6f3dbbe1da2d53b87fed70d36d Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 21 Sep 2021 09:14:43 -0700 Subject: [PATCH 094/115] Update JS submodule to lastest master --- sdkdocs/js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdkdocs/js b/sdkdocs/js index 8bfda5b1e..1e23f32ea 160000 --- a/sdkdocs/js +++ b/sdkdocs/js @@ -1 +1 @@ -Subproject commit 8bfda5b1e6ea46a8ca02ac22481e3ffec0dde4bd +Subproject commit 1e23f32eafdebe571db6e19717cf5317f09a5402 From 1869b61769ab22d4dc847bc8c1f6edb10c660e88 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 23 Sep 2021 08:53:18 -0700 Subject: [PATCH 095/115] Changes to reflect v1.4.1 hotfix --- .../content/en/operations/support/support-release-policy.md | 3 ++- daprdocs/layouts/shortcodes/dapr-latest-version.html | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index 3da876cee..7ae230695 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -41,7 +41,8 @@ The table below shows the versions of Dapr releases that have been tested togeth | Jun 16th 2021 | 1.2.2
| 1.2.0 | Java 1.1.0
Go 1.1.0
PHP 1.1.0
Python 1.1.0
.NET 1.2.0 | 0.6.0 | Unsupported | | Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | | Sep 14th 2021 | 1.3.1
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | -| Sep 15th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | +| Sep 15th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported | +| Sep 22nd 2021 | 1.4.1
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index ad7bebee8..35d4574c9 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.0{{ else }}1.4.0{{ end }} \ No newline at end of file +{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else }}1.4.1{{ end }} \ No newline at end of file From ce435e9e9267408cd1760d4240866ecad7cd2b33 Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 23 Sep 2021 08:58:33 -0700 Subject: [PATCH 096/115] Update upgrade paths --- .../support/support-release-policy.md | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index 7ae230695..5ec7285f2 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -55,19 +55,17 @@ General guidance on upgrading can be found for [self hosted mode]({{ Date: Thu, 23 Sep 2021 09:16:58 -0700 Subject: [PATCH 097/115] Update dapr-latest-version.html --- daprdocs/layouts/shortcodes/dapr-latest-version.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index 35d4574c9..51a33e07e 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else }}1.4.1{{ end }} \ No newline at end of file +{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end } From b450c9eab1a0e73b6994333add4aecd9cbcd271f Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Thu, 23 Sep 2021 16:19:24 +0000 Subject: [PATCH 098/115] Use CLI attr for Dapr CLI version short code --- daprdocs/content/en/getting-started/install-dapr-selfhost.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/getting-started/install-dapr-selfhost.md b/daprdocs/content/en/getting-started/install-dapr-selfhost.md index 984570f35..b9d0e3604 100644 --- a/daprdocs/content/en/getting-started/install-dapr-selfhost.md +++ b/daprdocs/content/en/getting-started/install-dapr-selfhost.md @@ -52,7 +52,7 @@ dapr --version Output should look like this: ``` -CLI version: {{% dapr-latest-version long="true" %}} +CLI version: {{% dapr-latest-version cli="true" %}} Runtime version: {{% dapr-latest-version long="true" %}} ``` From 8313211775f49183eda2fe7e4ad3009a4d8f4fc5 Mon Sep 17 00:00:00 2001 From: greenie-msft <56556602+greenie-msft@users.noreply.github.com> Date: Thu, 23 Sep 2021 09:23:08 -0700 Subject: [PATCH 099/115] Update dapr-latest-version.html --- daprdocs/layouts/shortcodes/dapr-latest-version.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index 51a33e07e..ca4e4bce1 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end } +{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end }} From 301022cc04dd885fc7649101c9769e9c7d31b069 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 23 Sep 2021 09:40:30 -0700 Subject: [PATCH 100/115] Remove newline from shortcode --- daprdocs/layouts/shortcodes/dapr-latest-version.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index ca4e4bce1..6f1027f0a 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{ if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end }} +{{- if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end -}} From df1d8e7d661f51c478681da98faaf0c5ff632a37 Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Tue, 21 Sep 2021 18:14:28 +0200 Subject: [PATCH 101/115] azure queue add missing param decodeBase64 --- .../components-reference/supported-bindings/storagequeues.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md b/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md index 2c6f79d75..502eb78d0 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md @@ -30,6 +30,8 @@ spec: value: "myqueue" - name: ttlInSeconds value: "60" + - name: decodeBase64 + value: "false" ``` {{% alert title="Warning" color="warning" %}} @@ -44,6 +46,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | storageAccessKey | Y | Input/Output | The Azure Storage access key | `"accessKey"` | | queue | Y | Input/Output | The name of the Azure Storage queue | `"myqueue"` | | ttlInSeconds | N | Output | Parameter to set the default message time to live. If this parameter is omitted, messages will expire after 10 minutes. See [also](#specifying-a-ttl-per-message) | `"60"` | +| decodeBase64 | N | Output | Configuration to decode base64 file content before saving to Blob Storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | ## Binding support From a927dd10286ce404c65481fc49aae88b2c76f02c Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Fri, 24 Sep 2021 18:10:00 -0400 Subject: [PATCH 102/115] * Tweaking the example to match what was demoed during the 9/21/2021 community call * Added example CEL expressions * Added link to 9/21/2021 community call youtube video * Added section headers for the right nav --- .../pubsub/howto-route-messages.md | 147 +++++++++++------- 1 file changed, 90 insertions(+), 57 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index b69926997..d0dd2c702 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -42,14 +42,14 @@ metadata: name: myevent-subscription spec: pubsubname: pubsub - topic: transactions + topic: inventory routes: rules: - - match: event.type == "withdraw.v3" - path: /withdraw.v3 - - match: event.type == "withdraw.v2" - path: /withdraw.v2 - default: /withdraw + - match: event.type == "widget" + path: /widgets + - match: event.type == "gadget" + path: /gadgets + default: /products scopes: - app1 - app2 @@ -77,24 +77,24 @@ def subscribe(): subscriptions = [ { 'pubsubname': 'pubsub', - 'topic': 'transactions', + 'topic': 'inventory', 'routes': { 'rules': [ { - 'match': 'event.type == "withdraw.v3"', - 'path': '/withdraw.v3' + 'match': 'event.type == "widget"', + 'path': '/widgets' }, { - 'match': 'event.type == "withdraw.v2"', - 'path': '/withdraw.v2' + 'match': 'event.type == "gadget"', + 'path': '/gadgets' }, ], - 'default': '/withdraw' + 'default': '/products' } }] return jsonify(subscriptions) -@app.route('/withdraw', methods=['POST']) +@app.route('/products', methods=['POST']) def ds_subscriber(): print(request.json, flush=True) return json.dumps({'success':True}), 200, {'ContentType':'application/json'} @@ -113,30 +113,30 @@ app.use(bodyParser.json({ type: 'application/*+json' })); const port = 3000 app.get('/dapr/subscribe', (req, res) => { - res.json([ - { - pubsubname: "pubsub", - topic: "transactions", - routes: { - rules: [ - { - match: 'event.type == "withdraw.v3"', - path: '/withdraw.v3' - }, - { - match: 'event.type == "withdraw.v2"', - path: '/withdraw.v2' - }, - ], - default: '/withdraw' - } - } - ]); + res.json([ + { + pubsubname: "pubsub", + topic: "inventory", + routes: { + rules: [ + { + match: 'event.type == "widget"', + path: '/widgets' + }, + { + match: 'event.type == "gadget"', + path: '/gadgets' + }, + ], + default: '/products' + } + } + ]); }) -app.post('/withdraw', (req, res) => { - console.log(req.body); - res.sendStatus(200); +app.post('/products', (req, res) => { + console.log(req.body); + res.sendStatus(200); }); app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) @@ -145,25 +145,25 @@ app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) {{% codetab %}} ```csharp - [Topic("pubsub", "transactions", "event.type ==\"withdraw.v3\"", 1)] - [HttpPost("withdraw.v3")] - public async Task> WithdrawV3(TransactionV3 transaction, [FromServices] DaprClient daprClient) + [Topic("pubsub", "inventory", "event.type ==\"widget\"", 1)] + [HttpPost("widgets")] + public async Task> HandleWidget(Widget transaction, [FromServices] DaprClient daprClient) { // Logic return account; } - [Topic("pubsub", "transactions", "event.type ==\"withdraw.v2\"", 2)] - [HttpPost("withdraw.v2")] - public async Task> WithdrawV2(TransactionV2 transaction, [FromServices] DaprClient daprClient) + [Topic("pubsub", "inventory", "event.type ==\"gadget\"", 2)] + [HttpPost("gadgets")] + public async Task> HandleGadget(Gadget transaction, [FromServices] DaprClient daprClient) { // Logic return account; } - [Topic("pubsub", "transactions")] - [HttpPost("withdraw")] - public async Task> Withdraw(Transaction transaction, [FromServices] DaprClient daprClient) + [Topic("pubsub", "inventory")] + [HttpPost("products")] + public async Task> HandleProduct(Product transaction, [FromServices] DaprClient daprClient) { // Logic return account; @@ -208,19 +208,19 @@ func configureSubscribeHandler(w http.ResponseWriter, _ *http.Request) { t := []subscription{ { PubsubName: "pubsub", - Topic: "transactions", + Topic: "inventory", Routes: routes{ Rules: []rule{ { - Match: `event.type == "withdraw.v3"`, - Path: "/withdraw.v3", + Match: `event.type == "widget"`, + Path: "/widgets", }, { - Match: `event.type == "withdraw.v2"`, - Path: "/withdraw.v2", + Match: `event.type == "gadget"`, + Path: "/gadgets", }, }, - Default: "/withdraw", + Default: "/products", }, }, } @@ -244,14 +244,14 @@ func main() { require_once __DIR__.'/vendor/autoload.php'; $app = \Dapr\App::create(configure: fn(\DI\ContainerBuilder $builder) => $builder->addDefinitions(['dapr.subscriptions' => [ - new \Dapr\PubSub\Subscription(pubsubname: 'pubsub', topic: 'transactions', routes: ( + new \Dapr\PubSub\Subscription(pubsubname: 'pubsub', topic: 'inventory', routes: ( rules: => [ - ('match': 'event.type == "withdraw.v3"', path: '/withdraw.v3'), - ('match': 'event.type == "withdraw.v2"', path: '/withdraw.v2'), + ('match': 'event.type == "widget"', path: '/widgets'), + ('match': 'event.type == "gadget"', path: '/gadgets'), ] - default: '/withdraw')), + default: '/products')), ]])); -$app->post('/withdraw', function( +$app->post('/products', function( #[\Dapr\Attributes\FromBody] \Dapr\PubSub\CloudEvent $cloudEvent, \Psr\Log\LoggerInterface $logger @@ -266,7 +266,34 @@ $app->start(); {{< /tabs >}} -In these examples, depending on the type of the event (`event.type`), the application will be called on `/withdraw.v3`, `/withdraw.v2` or `/withdraw`. The expressions are written as [Common Expression Language (CEL)](https://opensource.google/projects/cel) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. +## Common Expression Language (CEL) + +In these examples, depending on the type of the event (`event.type`), the application will be called on `/widgets`, `/gadgets` or `/products`. The expressions are written as [Common Expression Language (CEL)](https://github.com/google/cel-spec) where `event` represents the cloud event. Any of the attributes from the [CloudEvents core specification](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#required-attributes) can be referenced in the expression. + +### Example expressions + +Match "important" messages + +```javascript +has(event.data.important) && event.data.important == true +``` + +Match deposits greater than $10000 + +```javascript +event.type == "deposit" && event.data.amount > 10000 +``` + +Match multiple versions of a message + +```javascript +event.type == "mymessage.v1" +``` +```javascript +event.type == "mymessage.v2" +``` + +## CloudEvent attributes For reference, the following attributes are from the CloudEvents specification. @@ -476,7 +503,13 @@ Currently, comparisons to time (e.g. before or after "now") are not supported. ## Next steps -- Try the [Pub/Sub quickstart sample](https://github.com/dapr/quickstarts/tree/master/pub-sub) +Watch [this video](https://www.youtube.com/watch?v=QqJgRmbH82I&t=1063s) on how to use message routing with pub/sub. + +

+ +

+ +- Try the [Pub/Sub routing sample](https://github.com/dapr/samples/tree/master/pub-sub-routing) - Learn about [topic scoping]({{< ref pubsub-scopes.md >}}) - Learn about [message time-to-live]({{< ref pubsub-message-ttl.md >}}) - Learn [how to configure Pub/Sub components with multiple namespaces]({{< ref pubsub-namespaces.md >}}) From 82a460195bb0aab8b4855b0a6099bedf037bd81c Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Fri, 24 Sep 2021 18:19:29 -0700 Subject: [PATCH 103/115] Move access control community call video to the bottom of the page under a Community Call Demo section. --- .../en/operations/configuration/invoke-allowlist.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/invoke-allowlist.md b/daprdocs/content/en/operations/configuration/invoke-allowlist.md index 791c9fe08..288e3e5fd 100644 --- a/daprdocs/content/en/operations/configuration/invoke-allowlist.md +++ b/daprdocs/content/en/operations/configuration/invoke-allowlist.md @@ -10,12 +10,6 @@ Access control enables the configuration of policies that restrict what operatio An access control policy is specified in configuration and be applied to Dapr sidecar for the *called* application. Example access policies are shown below and access to the called app is based on the matched policy action. You can provide a default global action for all calling applications and if no access control policy is specified, the default behavior is to allow all calling applications to access to the called app. -Watch this [video](https://youtu.be/j99RN_nxExA?t=1108) on how to apply access control list for service invocation. - -
- -
- ## Concepts **TrustDomain** - A "trust domain" is a logical group to manage trust relationships. Every application is assigned a trust domain which can be specified in the access control list policy spec. If no policy spec is defined or an empty trust domain is specified, then a default value "public" is used. This trust domain is used to generate the identity of the application in the TLS cert. @@ -357,3 +351,10 @@ spec: - name: python image: dapriosamples/hello-k8s-python:edge ``` + +## Community call demo +Watch this [video](https://youtu.be/j99RN_nxExA?t=1108) on how to apply access control list for service invocation. + +
+ +
\ No newline at end of file From c44a9406041ae69d677e9a69c2531b288104ba38 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Sat, 25 Sep 2021 10:59:07 -0400 Subject: [PATCH 104/115] Moving the community call demo video to its own section --- .../building-blocks/pubsub/howto-route-messages.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index d0dd2c702..7c8d28a77 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -501,14 +501,16 @@ on the definition of OPTIONAL. Currently, comparisons to time (e.g. before or after "now") are not supported. {{% /alert %}} -## Next steps +## Community call demo -Watch [this video](https://www.youtube.com/watch?v=QqJgRmbH82I&t=1063s) on how to use message routing with pub/sub. +Watch [this video](https://www.youtube.com/watch?v=QqJgRmbH82I&t=1063s) on how to use message routing with pub/sub:

+## Next steps + - Try the [Pub/Sub routing sample](https://github.com/dapr/samples/tree/master/pub-sub-routing) - Learn about [topic scoping]({{< ref pubsub-scopes.md >}}) - Learn about [message time-to-live]({{< ref pubsub-message-ttl.md >}}) From ca8887a83aa50760126632488635d65798762e9d Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Sat, 25 Sep 2021 11:10:55 -0400 Subject: [PATCH 105/115] Fixing broken cloudevents links --- .../building-blocks/pubsub/howto-route-messages.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 7c8d28a77..75433a8b1 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -390,7 +390,7 @@ The following attributes are REQUIRED to be present in all CloudEvents: routing, observability, policy enforcement, etc. The format of this is producer defined and might include information such as the version of the `type` - see - [Versioning of CloudEvents in the Primer](primer.md#versioning-of-cloudevents) + [Versioning of CloudEvents in the Primer](https://github.com/cloudevents/spec/blob/v1.0.1/primer.md#versioning-of-cloudevents) for more information. - Constraints: - REQUIRED @@ -404,7 +404,7 @@ The following attributes are REQUIRED to be present in all CloudEvents: ### OPTIONAL Attributes The following attributes are OPTIONAL to appear in CloudEvents. See the -[Notational Conventions](#notational-conventions) section for more information +[Notational Conventions](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#notational-conventions) section for more information on the definition of OPTIONAL. #### datacontenttype @@ -413,12 +413,12 @@ on the definition of OPTIONAL. - Description: Content type of `data` value. This attribute enables `data` to carry any type of content, whereby format and encoding might differ from that of the chosen event format. For example, an event rendered using the - [JSON envelope](./json-format.md#3-envelope) format might carry an XML payload + [JSON envelope](https://github.com/cloudevents/spec/blob/v1.0.1/json-format.md#3-envelope) format might carry an XML payload in `data`, and the consumer is informed by this attribute being set to "application/xml". The rules for how `data` content is rendered for different `datacontenttype` values are defined in the event format specifications; for example, the JSON event format defines the relationship in - [section 3.1](./json-format.md#31-handling-of-data). + [section 3.1](https://github.com/cloudevents/spec/blob/v1.0.1/json-format.md#31-handling-of-data). For some binary mode protocol bindings, this field is directly mapped to the respective protocol's content-type metadata property. Normative rules for the @@ -447,7 +447,7 @@ on the definition of OPTIONAL. - Type: `URI` - Description: Identifies the schema that `data` adheres to. Incompatible changes to the schema SHOULD be reflected by a different URI. See - [Versioning of CloudEvents in the Primer](primer.md#versioning-of-cloudevents) + [Versioning of CloudEvents in the Primer](https://github.com/cloudevents/spec/blob/v1.0.1/primer.md#versioning-of-cloudevents) for more information. - Constraints: - OPTIONAL From 8f43af5199d1dc9e16a502cc39148847da51f3f4 Mon Sep 17 00:00:00 2001 From: Phil Kedy Date: Sat, 25 Sep 2021 11:16:05 -0400 Subject: [PATCH 106/115] Updating C# example --- .../building-blocks/pubsub/howto-route-messages.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md index 75433a8b1..5fac6c647 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-route-messages.md @@ -147,26 +147,26 @@ app.listen(port, () => console.log(`consumer app listening on port ${port}!`)) ```csharp [Topic("pubsub", "inventory", "event.type ==\"widget\"", 1)] [HttpPost("widgets")] - public async Task> HandleWidget(Widget transaction, [FromServices] DaprClient daprClient) + public async Task> HandleWidget(Widget widget, [FromServices] DaprClient daprClient) { // Logic - return account; + return stock; } [Topic("pubsub", "inventory", "event.type ==\"gadget\"", 2)] [HttpPost("gadgets")] - public async Task> HandleGadget(Gadget transaction, [FromServices] DaprClient daprClient) + public async Task> HandleGadget(Gadget gadget, [FromServices] DaprClient daprClient) { // Logic - return account; + return stock; } [Topic("pubsub", "inventory")] [HttpPost("products")] - public async Task> HandleProduct(Product transaction, [FromServices] DaprClient daprClient) + public async Task> HandleProduct(Product product, [FromServices] DaprClient daprClient) { // Logic - return account; + return stock; } ``` {{% /codetab %}} From dca5f3c17d85653f8dfebeeda6c3980010157b6b Mon Sep 17 00:00:00 2001 From: Long Date: Fri, 17 Sep 2021 09:43:40 +0000 Subject: [PATCH 107/115] bindings: support rabbitmq send any content types Signed-off-by: Long --- .../components-reference/supported-bindings/rabbitmq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md b/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md index 2671e0766..13f1b81e1 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md @@ -56,6 +56,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | prefetchCount | N | Input | Set the [Channel Prefetch Setting (QoS)](https://www.rabbitmq.com/confirms.html#channel-qos-prefetch). If this parameter is omiited, QoS would set value to 0 as no limit | `0` | | exclusive | N | Input/Output | Determines whether the topic will be an exclusive topic or not. Defaults to `"false"` | `"true"`, `"false"` | | maxPriority| N | Input/Output | Parameter to set the [priority queue](https://www.rabbitmq.com/priority.html). If this parameter is omitted, queue will be created as a general queue instead of a priority queue. Value between 1 and 255. See [also](#specifying-a-priority-per-message) | `"1"`, `"10"` | +| contentType | N | Input/Output | The content type of the message. Defaults to "text/plain". | `"text/plain"`, `"application/cloudevent+json"` and so on | ## Binding support This component supports both **input and output** binding interfaces. From 019ad846ea664f4cd8a42c925d1caec46a742e22 Mon Sep 17 00:00:00 2001 From: Lorenzo Montanari Date: Mon, 27 Sep 2021 14:52:36 +0200 Subject: [PATCH 108/115] Some fixes in secrets_api docs - Fixed some formattation issues - Removed erroneous backslashes from command snippets --- daprdocs/content/en/reference/api/secrets_api.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daprdocs/content/en/reference/api/secrets_api.md b/daprdocs/content/en/reference/api/secrets_api.md index e0a447535..84c39467d 100644 --- a/daprdocs/content/en/reference/api/secrets_api.md +++ b/daprdocs/content/en/reference/api/secrets_api.md @@ -95,14 +95,14 @@ Code | Description ### Examples ```shell -curl http://localhost:3500/v1.0/secrets/vault/db-secret \ +curl http://localhost:3500/v1.0/secrets/vault/db-secret ``` ```shell -curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&metadata.version_stage=AAA \ +curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&metadata.version_stage=AAA ``` -> Note, in case of deploying into namespace other than default`, the above query will also have to include the namespace metadata (e.g. `production` below) +> Note, in case of deploying into namespace other than default, the above query will also have to include the namespace metadata (e.g. `production` below) ```shell curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&?metadata.namespace=production @@ -165,7 +165,7 @@ Code | Description ### Examples ```shell -curl http://localhost:3500/v1.0/secrets/vault/bulk \ +curl http://localhost:3500/v1.0/secrets/vault/bulk ``` ```json From 823448b34e26595089e7d0918bb80340489e6bf2 Mon Sep 17 00:00:00 2001 From: Will Tsai Date: Thu, 30 Sep 2021 08:50:20 -0700 Subject: [PATCH 109/115] adding new layouts/partials/feedback.html config to override docsy theme feedback widget settings --- daprdocs/layouts/partials/feedback.html | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 daprdocs/layouts/partials/feedback.html diff --git a/daprdocs/layouts/partials/feedback.html b/daprdocs/layouts/partials/feedback.html new file mode 100644 index 000000000..811b3c879 --- /dev/null +++ b/daprdocs/layouts/partials/feedback.html @@ -0,0 +1,62 @@ + +
+ + + + + + +
+ From 2c6a46e61e91e1cace10fa548d08badfe80cd9be Mon Sep 17 00:00:00 2001 From: Javier Vela Date: Thu, 30 Sep 2021 23:13:09 +0200 Subject: [PATCH 110/115] gcp bucket update MR comments --- .../components-reference/supported-bindings/gcpbucket.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md index 1d5bc8fe6..e314b1849 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md @@ -172,7 +172,7 @@ The response body will contain the following JSON: ### Get object -To perform a get file operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: +To perform a get file operation, invoke the GCP bucket binding with a `POST` method and the following JSON body: ```json { @@ -215,7 +215,7 @@ The response body contains the value stored in the object. ### Delete object -To perform a delete object operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: +To perform a delete object operation, invoke the GCP bucket binding with a `POST` method and the following JSON body: ```json { From 1aef16edfc5ef65412c422ad1a32ce454a020ed0 Mon Sep 17 00:00:00 2001 From: Bernd Verst <4535280+berndverst@users.noreply.github.com> Date: Thu, 30 Sep 2021 15:53:39 -0700 Subject: [PATCH 111/115] Deny iFrame embeds --- daprdocs/staticwebapp.config.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 daprdocs/staticwebapp.config.json diff --git a/daprdocs/staticwebapp.config.json b/daprdocs/staticwebapp.config.json new file mode 100644 index 000000000..df65c3647 --- /dev/null +++ b/daprdocs/staticwebapp.config.json @@ -0,0 +1,6 @@ +{ + "globalHeaders": { + "X-Frame-Options": "DENY" + } +} + From 7e1a8acc3ef8c7c8dc718a0bb4e1acef104c3824 Mon Sep 17 00:00:00 2001 From: Bernd Verst <4535280+berndverst@users.noreply.github.com> Date: Thu, 30 Sep 2021 16:23:04 -0700 Subject: [PATCH 112/115] Deny iFrame embeds --- daprdocs/staticwebapp.config.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 daprdocs/staticwebapp.config.json diff --git a/daprdocs/staticwebapp.config.json b/daprdocs/staticwebapp.config.json new file mode 100644 index 000000000..df65c3647 --- /dev/null +++ b/daprdocs/staticwebapp.config.json @@ -0,0 +1,6 @@ +{ + "globalHeaders": { + "X-Frame-Options": "DENY" + } +} + From f4f47f916b28da9eecb285fdfa64dd3419d6a7cc Mon Sep 17 00:00:00 2001 From: Taction Date: Fri, 1 Oct 2021 22:40:02 +0800 Subject: [PATCH 113/115] add redis username metadata --- .../supported-bindings/redis.md | 37 ++++++++++--------- .../supported-pubsub/setup-redis-pubsub.md | 1 + .../supported-state-stores/setup-redis.md | 1 + 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md b/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md index ce35caf27..e07ec5d5e 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md @@ -40,25 +40,26 @@ The above example uses secrets as plain strings. It is recommended to use a secr |--------------------|:--------:|------------|-----|---------| | redisHost | Y | Output | The Redis host address | `"localhost:6379"` | | redisPassword | Y | Output | The Redis password | `"password"` | +| redisUsername | N | Output | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `"username"` | | enableTLS | N | Output | If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS. Defaults to `"false"` | `"true"`, `"false"` | -| failover | N | Property to enabled failover configuration. Needs sentinalMasterName to be set. Defaults to `"false"` | `"true"`, `"false"` -| sentinelMasterName | N | The sentinel master name. See [Redis Sentinel Documentation](https://redis.io/topics/sentinel) | `""`, `"127.0.0.1:6379"` -| redeliverInterval | N | The interval between checking for pending messages to redelivery. Defaults to `"60s"`. `"0"` disables redelivery. | `"30s"` -| processingTimeout | N | The amount time a message must be pending before attempting to redeliver it. Defaults to `"15s"`. `"0"` disables redelivery. | `"30s"` -| redisType | N | The type of redis. There are two valid values, one is `"node"` for single node mode, the other is `"cluster"` for redis cluster mode. Defaults to `"node"`. | `"cluster"` -| redisDB | N | Database selected after connecting to redis. If `"redisType"` is `"cluster"` this option is ignored. Defaults to `"0"`. | `"0"` -| redisMaxRetries | N | Maximum number of times to retry commands before giving up. Default is to not retry failed commands. | `"5"` -| redisMinRetryInterval | N | Minimum backoff for redis commands between each retry. Default is `"8ms"`; `"-1"` disables backoff. | `"8ms"` -| redisMaxRetryInterval | N | Maximum backoff for redis commands between each retry. Default is `"512ms"`;`"-1"` disables backoff. | `"5s"` -| dialTimeout | N | Dial timeout for establishing new connections. Defaults to `"5s"`. | `"5s"` -| readTimeout | N | Timeout for socket reads. If reached, redis commands will fail with a timeout instead of blocking. Defaults to `"3s"`, `"-1"` for no timeout. | `"3s"` -| writeTimeout | N | Timeout for socket writes. If reached, redis commands will fail with a timeout instead of blocking. Defaults is readTimeout. | `"3s"` -| poolSize | N | Maximum number of socket connections. Default is 10 connections per every CPU as reported by runtime.NumCPU. | `"20"` -| poolTimeout | N | Amount of time client waits for a connection if all connections are busy before returning an error. Default is readTimeout + 1 second. | `"5s"` -| maxConnAge | N | Connection age at which the client retires (closes) the connection. Default is to not close aged connections. | `"30m"` -| minIdleConns | N | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"` -| idleCheckFrequency | N | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"` -| idleTimeout | N | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"` +| failover | N | Output | Property to enabled failover configuration. Needs sentinalMasterName to be set. Defaults to `"false"` | `"true"`, `"false"` +| sentinelMasterName | N | Output | The sentinel master name. See [Redis Sentinel Documentation](https://redis.io/topics/sentinel) | `""`, `"127.0.0.1:6379"` +| redeliverInterval | N | Output | The interval between checking for pending messages to redelivery. Defaults to `"60s"`. `"0"` disables redelivery. | `"30s"` +| processingTimeout | N | Output | The amount time a message must be pending before attempting to redeliver it. Defaults to `"15s"`. `"0"` disables redelivery. | `"30s"` +| redisType | N | Output | The type of redis. There are two valid values, one is `"node"` for single node mode, the other is `"cluster"` for redis cluster mode. Defaults to `"node"`. | `"cluster"` +| redisDB | N | Output | Database selected after connecting to redis. If `"redisType"` is `"cluster"` this option is ignored. Defaults to `"0"`. | `"0"` +| redisMaxRetries | N | Output | Maximum number of times to retry commands before giving up. Default is to not retry failed commands. | `"5"` +| redisMinRetryInterval | N | Output | Minimum backoff for redis commands between each retry. Default is `"8ms"`; `"-1"` disables backoff. | `"8ms"` +| redisMaxRetryInterval | N | Output | Maximum backoff for redis commands between each retry. Default is `"512ms"`;`"-1"` disables backoff. | `"5s"` +| dialTimeout | N | Output | Dial timeout for establishing new connections. Defaults to `"5s"`. | `"5s"` +| readTimeout | N | Output | Timeout for socket reads. If reached, redis commands will fail with a timeout instead of blocking. Defaults to `"3s"`, `"-1"` for no timeout. | `"3s"` +| writeTimeout | N | Output | Timeout for socket writes. If reached, redis commands will fail with a timeout instead of blocking. Defaults is readTimeout. | `"3s"` +| poolSize | N | Output | Maximum number of socket connections. Default is 10 connections per every CPU as reported by runtime.NumCPU. | `"20"` +| poolTimeout | N | Output | Amount of time client waits for a connection if all connections are busy before returning an error. Default is readTimeout + 1 second. | `"5s"` +| maxConnAge | N | Output | Connection age at which the client retires (closes) the connection. Default is to not close aged connections. | `"30m"` +| minIdleConns | N | Output | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"` +| idleCheckFrequency | N | Output | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"` +| idleTimeout | N | Output | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"` ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-redis-pubsub.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-redis-pubsub.md index 394beeaea..9b5787a98 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-redis-pubsub.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-redis-pubsub.md @@ -41,6 +41,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr |--------------------|:--------:|---------|---------| | redisHost | Y | Connection-string for the redis host. If `"redisType"` is `"cluster"` it can be multiple hosts separated by commas or just a single host | `localhost:6379`, `redis-master.default.svc.cluster.local:6379` | redisPassword | Y | Password for Redis host. No Default. Can be `secretKeyRef` to use a secret reference | `""`, `"KeFg23!"` +| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `""`, `"default"` | consumerID | N | The consumer group ID | `"myGroup"` | enableTLS | N | If the Redis instance supports TLS with public certificates, can be configured to be enabled or disabled. Defaults to `"false"` | `"true"`, `"false"` | redeliverInterval | N | The interval between checking for pending messages to redelivery. Defaults to `"60s"`. `"0"` disables redelivery. | `"30s"` diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md index 36c01fb57..c0234cdf7 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md @@ -60,6 +60,7 @@ If you wish to use Redis as an actor store, append the following to the yaml. |--------------------|:--------:|---------|---------| | redisHost | Y | Connection-string for the redis host | `localhost:6379`, `redis-master.default.svc.cluster.local:6379` | redisPassword | Y | Password for Redis host. No Default. Can be `secretKeyRef` to use a secret reference | `""`, `"KeFg23!"` +| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `""`, `"default"` | consumerID | N | The consumer group ID | `"myGroup"` | enableTLS | N | If the Redis instance supports TLS with public certificates, can be configured to be enabled or disabled. Defaults to `"false"` | `"true"`, `"false"` | maxRetries | N | Maximum number of retries before giving up. Defaults to `3` | `5`, `10` From 015f20850cf0721dc695b2f349bdb5d75cb22bb6 Mon Sep 17 00:00:00 2001 From: Mark Fussell Date: Wed, 6 Oct 2021 15:15:03 -0700 Subject: [PATCH 114/115] Update rabbitmq.md Added - name: contentType value: "text/plain" --- .../components-reference/supported-bindings/rabbitmq.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md b/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md index 13f1b81e1..b548d9872 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md @@ -38,6 +38,8 @@ spec: value: false - name: maxPriority value: 5 +- name: contentType + value: "text/plain" ``` {{% alert title="Warning" color="warning" %}} From 36bb4e5c012e89e9b5037bc2f5736d7d30e5cc8d Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 14 Oct 2021 14:03:34 -0700 Subject: [PATCH 115/115] upmerge v1.4 into v1.5 (#1851) * Closing issue #1410 * Update setup-sqlserver.md Incorporating feedback * Adding DaprCon card at top of main page * Close i tag * Bump runtime version references to 1.4.3 and supported versions table * Fixing closing b tag * Address PR review comments * Corrected upgrade paths * Update kubectl links * Update supported versions table Co-authored-by: Donovan Brown Co-authored-by: Ori Zohar Co-authored-by: Nick Greenfield --- daprdocs/content/en/_index.md | 16 ++++++++++++++++ .../hosting/kubernetes/cluster/setup-aks.md | 2 +- .../hosting/kubernetes/cluster/setup-gke.md | 2 +- .../kubernetes/cluster/setup-minikube.md | 2 +- .../hosting/kubernetes/kubernetes-deploy.md | 2 +- .../en/operations/monitoring/logging/fluentd.md | 2 +- .../monitoring/metrics/azure-monitor.md | 2 +- .../operations/monitoring/metrics/prometheus.md | 2 +- .../support/support-release-policy.md | 16 +++++++++------- .../supported-state-stores/setup-sqlserver.md | 8 ++++---- .../layouts/shortcodes/dapr-latest-version.html | 2 +- daprdocs/static/images/daprcon.png | Bin 0 -> 28556 bytes 12 files changed, 37 insertions(+), 19 deletions(-) create mode 100644 daprdocs/static/images/daprcon.png diff --git a/daprdocs/content/en/_index.md b/daprdocs/content/en/_index.md index 5243416f2..6ca2cff4c 100644 --- a/daprdocs/content/en/_index.md +++ b/daprdocs/content/en/_index.md @@ -3,6 +3,22 @@ type: docs no_list: true --- +
+
+
+
+ DaprCon logo + Join us for DaprCon on October 19th-20th, 2021! +
+

+ The first ever DaprCon will take place October 19th-20th, 2021 virtually! Tune in for free and attend technical sessions, panels and real world examples from the community on building applications with Dapr!

Learn more >> +

+ +
+
+
+ +

# Dapr Docs Welcome to the Dapr documentation site! diff --git a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-aks.md b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-aks.md index 905ef73b7..0323ba208 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-aks.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-aks.md @@ -12,7 +12,7 @@ description: > ## Prerequisites - [Docker](https://docs.docker.com/install/) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) ## Deploy an Azure Kubernetes Service cluster diff --git a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-gke.md b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-gke.md index 5a7b7607c..53d278669 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-gke.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-gke.md @@ -8,7 +8,7 @@ description: "Setup a Google Kubernetes Engine cluster" ### Prerequisites -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Google Cloud SDK](https://cloud.google.com/sdk) ## Create a new cluster diff --git a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-minikube.md b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-minikube.md index ef1d0110d..09762c9fd 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-minikube.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-minikube.md @@ -12,7 +12,7 @@ description: > ## Prerequisites - [Docker](https://docs.docker.com/install/) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Minikube](https://minikube.sigs.k8s.io/docs/start/) > Note: For Windows, enable Virtualization in BIOS and [install Hyper-V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v) diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md index afa7a238a..81b62d716 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md @@ -15,7 +15,7 @@ For more information on what is deployed to your Kubernetes cluster read the [Ku ## Prerequisites - Install [Dapr CLI]({{< ref install-dapr-cli.md >}}) -- Install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- Install [kubectl](https://kubernetes.io/docs/tasks/tools/) - Kubernetes cluster (see below if needed) ### Create cluster diff --git a/daprdocs/content/en/operations/monitoring/logging/fluentd.md b/daprdocs/content/en/operations/monitoring/logging/fluentd.md index 0c15c1584..fd0758418 100644 --- a/daprdocs/content/en/operations/monitoring/logging/fluentd.md +++ b/daprdocs/content/en/operations/monitoring/logging/fluentd.md @@ -9,7 +9,7 @@ description: "How to install Fluentd, Elastic Search, and Kibana to search logs ## Prerequisites - Kubernetes (> 1.14) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Helm 3](https://helm.sh/) ## Install Elastic search and Kibana diff --git a/daprdocs/content/en/operations/monitoring/metrics/azure-monitor.md b/daprdocs/content/en/operations/monitoring/metrics/azure-monitor.md index 852716e76..c253d4f42 100644 --- a/daprdocs/content/en/operations/monitoring/metrics/azure-monitor.md +++ b/daprdocs/content/en/operations/monitoring/metrics/azure-monitor.md @@ -10,7 +10,7 @@ description: "Enable Dapr metrics and logs with Azure Monitor for Azure Kubernet - [Azure Kubernetes Service](https://docs.microsoft.com/en-us/azure/aks/) - [Enable Azure Monitor For containers in AKS](https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Helm 3](https://helm.sh/) ## Enable Prometheus metric scrape using config map diff --git a/daprdocs/content/en/operations/monitoring/metrics/prometheus.md b/daprdocs/content/en/operations/monitoring/metrics/prometheus.md index b81f1f539..b179b75a0 100644 --- a/daprdocs/content/en/operations/monitoring/metrics/prometheus.md +++ b/daprdocs/content/en/operations/monitoring/metrics/prometheus.md @@ -67,7 +67,7 @@ Once Prometheus is running, you'll be able to visit its dashboard by visiting `h ### Prerequisites - Kubernetes (> 1.14) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Helm 3](https://helm.sh/) ### Install Prometheus diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index 5ec7285f2..a07e40e4e 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -42,7 +42,9 @@ The table below shows the versions of Dapr releases that have been tested togeth | Jul 26th 2021 | 1.3
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | | Sep 14th 2021 | 1.3.1
| 1.3.0 | Java 1.2.0
Go 1.2.0
PHP 1.1.0
Python 1.2.0
.NET 1.3.0 | 0.7.0 | Supported | | Sep 15th 2021 | 1.4
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported | -| Sep 22nd 2021 | 1.4.1
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | +| Sep 22nd 2021 | 1.4.1
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported +| Sep 24th 2021 | 1.4.2
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported | +| Oct 7th 2021 | 1.4.3
| 1.4.0 | Java 1.3.0
Go 1.3.0
PHP 1.2.0
Python 1.3.0
.NET 1.4.0 | 0.8.0 | Supported (current) | ## Upgrade paths After the 1.0 release of the runtime there may be situations where it is necessary to explicitly upgrade through an additional release to reach the desired target. For example an upgrade from v1.0 to v1.2 may need go pass through v1.1 @@ -56,16 +58,16 @@ General guidance on upgrading can be found for [self hosted mode]({{ # Required. - name: tableName - value: # Required. + value: # Optional. defaults to "state" - name: keyType value: # Optional. defaults to "string" - name: keyLength @@ -52,8 +52,8 @@ If you wish to use SQL server as an [actor state store]({{< ref "state_api.md#co | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| connectionString | Y | The connection string used to connect | `"Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;Password=myPassword;"` -| tableName | Y | The name of the table to use. Alpha-numeric with underscores | `"table_name"` +| connectionString | Y | The connection string used to connect. If the connection string contains the database it must already exist. If the database is omitted a default database named `"Dapr"` is created. | `"Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;Password=myPassword;"` +| tableName | N | The name of the table to use. Alpha-numeric with underscores. Defaults to `"state"` | `"table_name"` | keyType | N | The type of key used. Defaults to `"string"` | `"string"` | keyLength | N | The max length of key. Used along with `"string"` keytype. Defaults to `"200"` | `"200"` | schema | N | The schema to use. Defaults to `"dbo"` | `"dapr"`,`"dbo"` @@ -69,7 +69,7 @@ If you wish to use SQL server as an [actor state store]({{< ref "state_api.md#co In order to setup SQL Server as a state store, you need the following properties: -- **Connection String**: the SQL Server connection string. For example: server=localhost;user id=sa;password=your-password;port=1433;database=mydatabase; +- **Connection String**: The SQL Server connection string. For example: server=localhost;user id=sa;password=your-password;port=1433;database=mydatabase; - **Schema**: The database schema to use (default=dbo). Will be created if does not exist - **Table Name**: The database table name. Will be created if does not exist - **Indexed Properties**: Optional properties from json data which will be indexed and persisted as individual column diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index 6f1027f0a..9a456a8b3 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{- if .Get "short" }}1.4{{ else if .Get "long" }}1.4.1{{ else if .Get "cli" }}1.4.0{{ else }}1.4.1{{ end -}} +{{- if .Get "short" }}1.4{{ else if .Get "long" }}1.4.3{{ else if .Get "cli" }}1.4.0{{ else }}1.4.3{{ end -}} diff --git a/daprdocs/static/images/daprcon.png b/daprdocs/static/images/daprcon.png new file mode 100644 index 0000000000000000000000000000000000000000..ed0d3882c1825758c5b9ef7da8ff1da4e051163b GIT binary patch literal 28556 zcmeFZWmHtr_dk5;4y9ozk*+~vKi5s;8Zk!}GI3F*!m!lAnx z=DGO&{hwI>=iT$-dGlp0)~tK(KKtym&%P)2{_OKc`>`4sF(WYm0A!CID(eCOZX^KU zJR-ygOMH)EJKztI%R>`)0HEc(`Nw*sdv_Ns#B$eFQv|;EL)O3tTw4V#1pp|IBe}G~ z0|00CN6HHNK3JPqsD$*1&#XSz{RsxtoVTC1W*kp%lqbHowY{_GMUwcfnO-eLrM<(# z^u5pz|MDT+YO0xA8zNW_w@|aL-;4*}S>92-BVQaibc_7fW?IZD$*pv`5P|-rHq_mp z<)(C^rkxcy|&jqY6O@+=NQhsfy|-vT*QK1m;fgPWDn!vh2e@6()%#s{L#y5I1ypwJneVV{ZoFk z98ohYd4p5{kj;j$QW0a(NJ%{Idx9OZej^5#;dKILB$%5Td;LR(kIyMm70{+p`vc17 zul9%KvIjF(S}MKUZWP9e=3zj-`jOCSIqFQ9#li>HwKg=A!_48ye;#%a^^pJyBSAqB z+Ki9Yz#e01e}!<5N3M)xhw$CBgP-ZU*mBxJAiw1G%;g?X7^~d zL)j(EB&2J-n*0g5md{svc~TmpFe4Z*nbc+F*uxlvHY+}|T!@}gni|klpY5%$uVZQy zP9wm2s|dvN~H0vbIKP=Qe<=1dM#RW7+My zi#%R!2@(PPG~?Jq@b>2|uM66uuBYYd2O|`nz2#7Z*_6PcZtS6P?(wg9>jBJV*Y3$n zS?nfIwZ=f6;_AWxCc)N_rR$?Eae@Y54C%yGmd{-KNjT_EaWxhk5McY>Vpxt4pq;jm zKkTB*#JG*bwzP=fucQHFvYruUb+Vja%K6?S8~&=u4j7Y5b$)VX{INH`i-ZDx@=)AC zy`@!SI>M)ff#Cpr3Sy=eX2imn@qh(z=c316&Av_C9^`Hhz@?ZS!GIaw9}sD1AyVF~0vhT=jAc&oo>;Q;ghAUno3J%Rlnii+tU!Qd7MacAYnn(DoOI&iO;uq{kG!~=e+C0Rcg#{WqQn!_@0 ztt}3yD7#kyj)C>E3()MN(l!XP4nMNbMB(D+UgfxmS+g9TLsU$ET& z2Dwd+_47mb*{|b)%QEG8Y*O?p;s0hgGLzkK}$pp#*e&8fh27JF>lbfD&`fD8PBLalrCDgk0+t!w* zpZ~2M`qYCp$N@Hur&ApD{c0`P-L3W!_8q{O@Z!}VTWzPg8pYw5I#8yqE;cYO)FPxn7F`3>uF}7*?)KK(R1KU!Zg48mCcqk6+us}9Wo3=4@s-Z|!BQWt zyygQFBm>~n>IT}0Xe;M@J7J0j`G@ql0=Gd^yIm)7uJ%IFR5s(mWp(vJ$Mn%Q`@G?P z7}n3GHPt~ucFM9A}&wpS3R|)^0Eukn0ZY3ir4HJk%CDfgy+!=p{K_|QYUfn%FZ66SD)YPcj)?jC? z+?)`(eZO5M>Ge37mrU^#so_>NDGLLC3Us!JFdaE z{g_za%`CYh1LYdYp&6ub%j#dxuE%5}GM}clxR>9(p%WHWYcZt$anPov1RY z#mdZGrKpwH!qv^BmTKK*%j4$`^O`E1Uez)9b2dH{?rC3$COHJWGQv8feGQ(wqU4XGg9o#r@Q__ znhY%)nrXjA`vmo@$V_tS(#Ay6lccVvr^?;^`6)625xVyrDk2q^S$F?_C4);?9Im|9 zNR0p95+Z!cOkWw}(W(tQ&hrti-pW@Y(EchMxJH34Ik`sdQS-;Cjj%YnNzZObZ3IoW zz--06aFD5RyAE&@u|X@xANP^6&`iAaBlE8D%babrTiS@t?`_Aom-+nksnV^KDn%jY zTN23{gdSz@C0X7&$q97tnJPD~iIWSY#l%2Xgrz5(EW8fJ@}-6j0Ln@p4+5a8Sui#d3Wp}u6I&f(Hgfy z=3f1n@hg48r%tL5f_(iwmY)HKqgM1)a?YqU z9Kj3x<&u|Maj3Vo^+bnlR@E=+d6qh69fuM#KCKOPcO(FNh ze&=AA)qSU6C^_R(j@zH^rgxU1*+i10VY;F|75)`Zlu^#bwH39-4l{f1fk+*?8!_za zlb~JC{?>FWqQAT+T%|&vF!R#v(uFJk>}1B5M|W*V88*L{U8VUEY@*()(|@)(HdGW- zrxBWcF|T#h{H_5u6C>L+MI6cX1X>l)y*Ejan#ApncrtEr%a_8BITokKG5D5yP>GY_ zW6zl$?&PeAnQvPW%3+hfCYE;!d(`~Cw|9RWv3Q%Z@5`u4K@@3|t51*w8`~xcx*x8P z;3l$v+U~oPPx6mFC%#NJ1QM*ZLB5UjpiLqj~qsNW^#hd z-j7+u1*}=-`s_^CBXiZl9{rh-3qGF_;f_*k*L8U8#W4W;g**z{GI+J@b@}D2&+W8Y z`0AkUdiM0W*q#qm?gaXiH~A;MrcB;JD7qPRa%LS?O4<}?YK{#|Uq-dUfoR#roZ!{k*@Iw=>I znpyw3@N;O@{;x#_j>AgzrmvGIL&faSYq3IUf~9hQq*+>Pb#f;%M_8z~s#NQ4!} z=CcBwX(CF$aZwa1K$15`|FR@#@9gc{46(K^x5EcUEufXtg7+F+cS4`q%?A;N+pHUZ zs`bJeQkCL*IZOO@#ijRhf%S6r&%?eqRjk*BkDwk@QJw7_tPr|N4OwePm{8)6p ztfZa_ZM?4r|MCosIGFH|1wRRstW%46^&ZxV=c)u{kw3cr6?`1W;2n$9agN5*L2Zk>*xBv(kj}>^$gi`{ z7y6UTI&c-=e#J#E(L!1!N7u^K?QGL6#e<(hFR+G~u!B;XtI@*0t=Mu;(ftN=q^LS* z_tO3Qw8o~jZ^>)D+gztKu(Km-!4)PjvN#}Dy-TvWFqQ@PQjTu7Z83>O5u96OM1pM1 z*gPnTi6RBwB~M(ZeOqU*`^3@4`k4ov0qf$dY`M5}C<-Ej+i$T(Ne1gD4eCmHQSM@X zBWbqh2xKOP8}m-lNiNSfGxTqfCcUYQ7^;~0$};RvNDeVnQ|%UxfOWkP7Z@uo=CYDX z;!na{kgTxkaaQHJ1yrUrUL)zrPnOH#2AP7-M`94^m-Vju*8-lfEDR zebWrp#q+A?a0Q&8hgM12>Ey-F;+0FtzlK9#g->EVe&}n-ib)rEvk24;OM2F7F`vW(m<$v>B2jnOK1ARNeCNQN?G)@a&InIpm3{yf z6%lu2PL=*-QWsB&6IYw_H`y`WqqdbM7GqOR(jBgN;iB7r2Q9{OT?lEr7ecwWeqdDX zg;+;5k3i?RJv8w8*O|57cddb8T%{MaKXf>MYb{c*{HU*ZM;_Pfm6<_U*V_91K!a0~ zG;2bg$K(2!yV{JHPkTA2T73$cljwDJhZCdb^NYRn)q*+5M!kdq2`lN=R&wy(8Qo^G zJO9Ol)d7B~=k|$EWV{IitxQBN$d}cEK;qF6?>$<3GbRL;z9(&q^O`Ry!*OCZC^+Y> zdhqS>bG_=pR&D#LhFY`li^&hPW9g?AY=;6jSLu=cWrt=|6J}?JQzoL$|3a;&*UH3Z$*Uvas)@Bx+o6V*kG^4nuwC`%Re4zd zFUm+!cE_a;_zRT1Mka@s4%`@Hp5HQjwaHD{JCr?z@8ZfYzOp*fi29RIktT6aJDKvv z7?Oo*M!US8<<}aCSkQd$LbzOb*!!??N6vbvE%1IZSWT5j%#s8&ccRU@w619rE8=ja z!{MNaMfXy^oEP8&lz_45p4Hm?ILa1>HhnPQ+K-h~Mq0Xdw(i5HwP}*5JMDDXe)DZy zBla@z`^UespSR)JJd+Gy_o}VQpd=QtN8t~D8cv)pX%yhg_LV!lPtVt9I1ZmElX~jpZsi@|5U9Wtg{*5}x#1Ri07SCbCF`T@A5z zM4NRbJ2kd3o+7aa0th#0P=aX4ETHXvYKl|^kgYhlb{!fS_LQ)g8?F7JB zi;bF+!}5CYc`fF?y#&hHoh0(Ozp(~%5fuI=%N~RRAc5p>^TcMwMkl_`&PWC4K2Fe< z=<(!f8eE;VK(ABpP&t9_LBc(5qLf!H`(tx)d*fry>-?j^q7;#k9Kc~T#$PyGn-ECJ zfvlCgiVm(s6!8Z}1f9J-iB;*ga3+E0x4vg~&r;3%6LjKo2LP4@JO6~$6KVEsV6KB7 zqemqbYuIcUNvr#QlHe4o!}jjy{gDL*If@`#zRyoD*Fx-lF-F{tAEy&q6;n*0Rl$OR z^Z_9biCh<`-x~n{aH!GEn-S>agOGv$(iO8@4LY?bgWB9CWoEcu4F}uhBG5Xv1f4uV z>bzt@oB8*+1UxY_gxnFd-J@aI6_V@wtL|9Z@e(DVx7;BEe4sLcLE<_HfxpLjLA zQ0!i%B(}rfRRN$ZOSft*JxEErpa`7rToZ@qLA`fLiZf-a-v*2|)r|BG&_JgQjqEd@U0x0`Ae9qCf@`OM;=?#IBTI4`x706Pz_%8EjJRn*ArptCd{hW;2 z@o(^zF0RD?e)`9EX?4>S00f%FTyjZ^?+wAbZr#h0ATao_fd!P^?WQ@Vpvasd%p#^D ziG;A@ION<2VaS`eBc+S)nPT4lzWtUqgTV*j=WPuwhYT|Kn$}%y!$PZL|y zH}8)nP;x;WdE-;`PQ)&J6FCCNJGsS)s2QK&KDwK@e&ay|Q&xIno- zc_hfkA*X;5&@QcN4t|DfEOBBXvdDv{%^))dghb~hGB!oRiBNjbTvJee7S8N9#l=O8 zp)Wj~X_Sg1Lb?lSu>oyy+@96%VeDhzr=?GV1weGcg5_=gNbn&^M-Ug-#WGMTd%n#_ zuPcZ8vIk1q^t+RDdsm;Ap;~oT{`6HD{3i>-$ z$0!BfCOxOxjp{a*a@CTQPwZFl+A<6{E>{Gry3Gkvi(cGd188@o|#^(ZIHgb?T;<# zx+dlYRzI=-@P1a04||bZ>lS-&wrNUc#3rN<&Ge#DrD4<$}gg*Zm;|!vk>H63?)GYnR z)p=)N2P2acmT4ha*u&jM3~a4Xc5&OM`1;h6LT8@g`uA7i0*rZuwWl3QA| zwRjdf15Ctg;ErNuSnPA(;X=@+5BoqT0*Bs5VEb z>9-TAwnCkxF{)3JqWZ$(R{pI5->?5RQN741GqVn86RB#S=tK9oR>T0b<4$4OVUf?; z;IFoXqrGyPpc~LtL$FzrCF|hw(U%@n;hoG5eOhukwbAmFrJHM^-ST2sE^cF|DR`J`;g=b|V~1>0e@LVI3~2bv&&%F- zZ)>m9vWD4NZeP^Tg|!d=**}Y4s866(?;TMXv44<4Vjs+2b$ja!kKsfpG45XWLnZ;A> zyl}}qPHr8P#LvULdU_C{lS+$l0)oZ;=-N@ zG-QLXX1bic4_ZWfpcpDj!J5zX>6K&;+Dv}@UkZo>W?Su15zMeQpeDV2-AStQTS zB@Kf%4LjdnC=4xqvNYT;YJLCop#6P!Qcr!L!#GT{SE-h&W~fO>*drm#NQ*p$@zp7I zmzmRJ+tQfFf>(=`xM);e?V1mROAg}NyC@A4=s&d*OhA&)@7P8cyVcPsLFg}BA~#vW z{?WB9vfWLa!Nc{IUr8X6OkpS@CMICvGGb-CBYxt<*)4t6yzH!MuFP>ZI8VLs&lZ(< zxMEbd(D`waUS~JC$6gO@_0p-fkC@)k7m=n-4*ES&kkzM_lIggL|aAPuG{KIiOiW?Y*I!)ACWh7P>RwB!yRxtBQ5mTfba%SHwa}_Bk8jx9IW(-* z@!4zS&Xkqv+8VmYDoxnTwXPSIovt{tHrs86BKez!dVA$jLN=>@q@C6o_Xz@hguNHU z|H{QTr___XLZ8BuDwKQJB1}0;_N==#bVXCYaPv#1tnYa@+e&BmvfZEtZ~GikO0^K> z^dGeKjVGf>r72|13qkls$V1_b3YETV43i3S)!kS~0}VPSAbKkO1sbuWGbJcoWTpRo zGtuO(h>m|}*J>ukuicnJ^CA|%lkTEUeJ#bO-9zPw>yx7wPj`_;Z4pE2(r(j|lSUV{ z33$EoF!CRM^n_zouEwGJ2m$0*p5Wa|{!T6(gP;+(9fW^FVJGoJxe%dmZ#{|vRravL z{deG0=5I;Wak*c+X;Ou$-zpq{;)H_;H;>-S9i=6^srZ)DdDU9_bHg+HL4JbTgjVW6 zZH2R=>CO(!Ze>f0kwFkWWuBdyD+MAbQJ}gw;+$)RuIE;?XsogwkL7?*)DbGT1WNAJu6c!L63Z?OSYWnJ*LP1fz+sCX$8K`-dBC8lvQ{b4 zwPoZ`nsr&%7P308y3=^fD-$`4R&a)B5$;pAcY_2-yjMP%i$fRnSNWf_8aW`LOYGDQ{=c$kAEEAzkWFa*ZcRD$bZ=Wb zSB56)PKxh@U1ca1g!$|KVvjMY*V7{1bT|slP&~;AS8}2&j>u3dD+^aV`5vx>xfr+_ z<3~vrvU^g9jVEe`h`4&mGLWi#BXBo})gk>tLyRi8>iFhI?&>cU@wB9#idah#w*3@w z!la8s(t*8teYI&DEF2^_F0^zt)18v@ZGiHG+Z*HGog(>wl_-)tR__!)gTIr9Yb}et z`s-$W-Xi1@nWRpaJ@`D)rOVaS7|Lr=0i?bgS}pQ{zu0x4`w+~X^3_$WII@n8lluJl zcy*1WwO5Sw>J6IuAgOjU<%xyV2czOLY=mNP_8EWUqQ4bBm0s*faZ0#Kd@1SlUTxT$ zvpCH18hyZamv35_ds0OL4>D}~;`jnQV_vN4R3uJ>)!Vz@=ci7MwJF_+v%gC zL*Qhw5>~{cW#W!tE}5rttJ-KyUmQ}eVrm^F4gWi6yHxj^AuV*|0Cqk6(G5nP>>$uO z16dXQ{nRzr>$@yrWH-zydXs0$+!)gLYi#I~7H4~axjH*#W`di?xX_tLQfa9+#E-8% zVhdac!isodNrA`0LEGxj)sB{57_q8tzvieuI97lzrg;Sk#M-E}u*>q65QrM7M{Io< zh}4Fh^H@&Vcg|7dZ{K_X4>KRQ4M|F}noyV_gdgZW2xi4qYPMg=`SHjE(r1`9BZ{@B zfVQ_0ic2IO7!NWi=6EqkwM6*IB_Oi-;N;r5o{2z1DTriXO8q7#?Lv|_Rki1G4R+$g zGTeQha7uboX61dy$bnAr-LOw?xukx-Z&iGnnS5A&UQaMfZZtVy-ffz+yVf8+^;Lr8 zVj*&Q#Gby_FqVwd{lJy7>ulQSF?vmEl~&m+VmT-LFJk3YeNXKBzRsIPJ&r)`0_ z{$&#WC>HFacg~nmA-C)|`e7fxj{Ppg&}E|h_dax`!kAb_MiW9|@d6QxUmOW<4oABm z4f<#HNY#ecGq`(Xrn!cHvpf!EpZiu>kQ;pcJ*Gc>!aWBe#b{L6|2}f$pw^)IT52XS z_cBF^owwfnypZ{g_40T zuauco=UZCkt1Jh?WyNakCxwiuO{2L31Of6INwW6~=|BAKk9Nquc2zR@jC?3z2F`t) z{<82IeUhW-;_N9mQ3lxLS6X5}TRHmS5KkN3-w|0x!IC_2ia-WaWw!o>g zc>kP-8_m+I%u+~A%$g5&F)b|%D)KIr1v|)<_ z6*?Kem96lur>?;Cc0PZtlnm=(|5^gKHD?u7O48@oR@zOU?JP$h-1l0YObjr zSA}RV$xqjcZql%#3byr@q}LTz*`ScQee95(@&ZgLhRqOfvGTpX!^Gp#>gJ8m>{e(B zR<_cd3EP;plMjMk^D~|fW{a8Iou5KeV_Q{`DNM#NHlZZIrYwnrfuKM@eC^s8WbP6z&N|y*;5zI!*2|=b{k0BGo$oO)OLiM5PMvJP+ z+~JbIOJi!22qhXw_GdDZFYWK2ZORbmXQg4B@S9EsZ9An@tgm4&cq5ial7>y;B8e_AvqC6zM`v5n7>`YEMb#0@1K~&KHoOrEy1HzO3?EY zOSxy&_C?Z|t^815y*~tRD3qtuu94`1C*)B#YI(zE&_6BhiL!$%j2P>z>XZN2qta@; z1)eEVLMGbIpv-J~JPkoL7JR)i!PgdKw5r`DY!qDIVvbAT?3=kYcYV`Z#Z24{)g528 z58{s0cv4D~u~o29Y^UK3J+nu3;ZS)yd32nB2N~H))BZ-Exzvj41*rw?7ge;z5Utn_ z*ebQXbd!&6{|;_Xe;w?_SH2xubr7?wIn85C&%e|1(fuwMmwO7s6vsy|-bj_0N66k5 zTJGL_iBy;H z12l_fVoYnh+u=twJTMMYCSt@4YDkSJG9c`+PVDoFCb-)>HSj!MGW1CYph{roG~)?g z6TV6f3BcEXX=JNWTHVf0pDOEokA%y=KiM)`7*{WWap{z#dy*g_=b7EBME(tQD}fr8 z<~!p3_P?O0oMYT1ow2u&nMjBE=B#&tz)$5#9&-T@=*y+`6Bzx5bP*?}Rrd>aHd(wP z;mV!ixg3F8f$$gbG@rL@v;<;@6Lb)F8>t0ILEOWjYm)>3WsoujWqu7}dRDnyVtROh zkT=F}1_S(Ffz?7D#^Wi;S5GI6?L$f7cfeRRq|cl!G@DmrNSaZ;bn)SAVLp%e8t8H; z9mOkY0}3a2jCnZeE96tZNDL3bvp1&&P5pQqA2TBq+bOm4z)-2{l~IR$%KP*qL36Rt z?6m_foYA~K?7jBID`Kv@pyjvznnWTugFMn{3qR&O*UL}z*~_IT#i_I9jmUXUVsrET z{9GjLqU*L3(-k478jV2bz_SS>^S@o>4_e!`KDS~)euUW53s95XNfE$0dv-Qv8PGCA zZ>}RE_G0Q$lEb3mOr*+)-LLykc~{V_UqnQV-At5z*qfO#WgG-n$qT%OSKuzbUHaJK zljYw(Eli*%PD?tb46TBvQkOUn^4=3MmPQF>zQIBkFw^jm*>Jz56GWkV{LxS(3$kYAd*}-v~&oU?o0t*u~>^*b;%L ziPJZ5c8?1cE2J*1nqpEIMNi_?5MZcXS{;+p$Rq5*F>L7_Bn zG@aDp*=AaE_Rs3MSkmCiTY?$Vj5aA_S@s$$G&qv2iG!+%GTf z8`)OsM8S}?olV31(Wk6n-Ekuv8*3+SeD1JWW6NN1!;XolM-+vh>c0mP9Zp+7pRWXX ziDhqRx{{8!efRa8re`{_;VO}P&s(Iq7C(Wx!lZXd2-Nn-?UH6I?NzwfyuC2Q6+VwqXks36!3o_KV zQ`!lnB(4AS^0>h%N6!z@+X=dj<572zni6!e!~H!$)ya6bdQG}{n+qHQj{g&Wa0t5H zJ3X#osg~85N+IVeItBSwlD`}Q&+pcWPCro9mVqVoy~(L^AIfdjz^dJ4#q^Cxr9|X7 ziMr&zj11b+z(@xjeGRy$=9cc;(I8c;C20(Rd*`r86zOu-j0|RDV5;?VHi&y=q`ZJ7 zycqj%0DUR`C4<-C!=SKKr+rMJZ4QKe#&_q+I$n_;#)`29noht?`}(q!!-%h1w@usM z*Kr#4o)PPiM3s1s7nPuM+>bX;?6iFS&)P)-W^O>eZH+bRY)*QS+LbqC)=_p}l&o;2 zJ-&jWO!DvYunm;eem7J*prQMVUeeveaWDvR>IxNi?6iDs`P4a+m*%|Hd^4O((ij&! zkcnkw6jTLi_x++y)b9HGI*sACk7x>A_GzMLzZS30Ypzq+U;n$9pVe#$+?#< zBn*e<^?92nSCL#_4{6R%Kwp=&7Gqt+%M7yXQWr)er8hx}UJV3?y&g8nm$OCTdR>?P zal?^$gM_d@JlUZCzIFtUic83Sd@Cih(pr{bY4v69=4%## zZn-p$#?+u~$V8ON-Wzyf-`Wy7UEKMFiz^| znkGsY0&*^)*rEQ+=sy=ON<3nua2+sm7yK*RUt2Nz81M*CWU?s*;y{l~ip%OYVT2#IH!B^EF@2v_@ECTHoLjoI+oo@4 z_x5}3*ZvxKrpym!I0RAwWEj4*New9r02QeN*|GiUha8{6+?E6$tVj+eZ~2Cj_xh%t;U&^ za7CF!YKEU*>g}P=UyYjiKLCB|tb7LgAhhkIc!oO#cVhfx*mS+4sVQ1s);0t z9)%DY6RF+0DAvbK?*2I)H<}!zcwtpX{HRcqZ|(#PVO_>KvJkW!=E=RofZ_Pgjw0W- z%hJ;Q)%klI@K*s2&?-hWiGnk;Cb>o7k(~)q#|N9Qnv>(RzCL3g0u8((9c6X-NeS+B z>QzhRU6Wv@4)&Z&G0p`VNBZDe@zEOeXUmGyyQROxT9h=2O$Os|vk5wH+}>@+Tgx>( zuT8giP5*Y%9Y4)4ZlIOC9-=FlbV!ALoYbr&SNZ~CZW&w+VSZ2}+Mj2-Z$4-%Wm;?2 zcEg1QMoUI|=4K-u=T2jzGli-ARRck3zmDm&| zYffKu``I~!+l`TJ==nP? z??`FK1;J;$dTEc z3y7x!ygJr|PSmRS%J>_$1%zQLL-YZ3FmkZ7@D2bj69pUsO`rAS?_U*QmKz zYT+~COSo4BQ_f+1!IN! z{ay7Hck@krrB}R~E-yTHO0l3S{xYu(8(m$hXLeURT1gHd1fbvX9{F|W<@OuuFmy+2 z-h1z-vsffsv7y~0fAwjGq=!QBOIXaWd?o_#+4K%cwwVf}i}y`v(CQW5aE1B?uP0T6(CG|CbjF;cWQN|4PczHvRE^G_&M32` zoQtaxg2uSGD76=R?pO2l$|s@gvzOMB9o;!a_HlXX&4X8gosDdTmwqrj=q}6m_cgFo#E1mdP`-bw-gTiQPV)7p^-axfHar9WwB2q$GJpU4rZGQSG(o zxBOP_>pN(;(@mB{x6}8sd4xazRQ8q7fv+gQr{krj5myZW^JupdIhb+V?K(8v?g_$@ zG$cBa#Sse(_AU;wnT{!z;erw1X_n9RgEEKP-IgKtQyWF^E43lOyeeb!BpbNa%L@mZR0e&4Ww%}1`SG)HC9+xO{* z-_aE6)PE8Ik@*dR0fz!p!sLD#Jf(|1<4#-btUEWE8A*B| z@YS^&3C{CN*b^&MbGDk$RrMl{k{d5liRi5^+g}IDiH(m^MOIV0ES?K+m_Cfm2;Cao^p7 z2Ta(=3|LxU9aRN1oWHcbM}Y_tMOOg+XYn&KNG60&Q|v#~x1w=?p5M3b754lN%l@@3 zrOlKr36wz~>|xWIob-H+D+pd32M$mI+H{WR+Swq?LZv=WVCB*r&{w=^ESz z5=cM;zNrS^B+NL2E@fb~1-X1|23BqY0V4n2NfEYZf&dd15cL8&01G`Lqxwf z{Mjo>R69Y4x@A(UrXL@Wr|>*TJUA!D5(UL+ogE_XD}3d*sa4|!X0HK$cU784`}C?V z0UIV#dsVVgJIXElzCx^!>n@|&fvs9>HX8^jP2P@bTIUm7c~04vswK~E11Yta$Bz*$ z->1Y}?3P=#%O{YUdWKndIH~7KQ>e+Y0QUrr+BsTcELf@rR3C!W&*$aWj=73{G%<+- zxW~^x=6F9^wDP;04dp5j%%5+tN^R%1iX-v9E3iB;Po|0 zK>*7CqG`$0Z+@g#hMtf7SM~}vINFjWE+7I(BAe3X2E-JND7%k}F%`y_=L}Z@eu{yp zs0Tx7@WM%!&-aVm2n*lb5aWZy1t4UKCeQ8R0Q)jWBX4v)*bb0zml}Ipbtg1iQOUtZ zP^B3nWkH@owLn?+V^u+FTBG?ExBNl@Ea89!R+eM%HHEgkgjLjQ*aRw`(`62Phk!ky7VMT)IJYfeHvoh?I;KsGb*yrTO5Iy zvt#^PX`wNQ*WjlgNLfzmFU~a$6N_0S0uf4@N+y#3l8Ztiv+d4*=1rV#V>ZQ5`V#_>5{k2UpTR$L?obkpGsC$2QIBS z`&ln#Y_jG^GMB**&Cs(;I`$QovvN2oObe6=!%dO>-Up$jOcSpjnbg5o->cj{ng3!< zEpYE@9K;)Dzh{228g-jI@YtRI1^LBRNTcC7QTrzZvj-QzWoHF`n0MYhFz|EqC`~HB zrbQB{Ik*Rj%qNE{4ys`mY=h-kuHR<*XOl!V(@03xTc4@h-`g^L1ZSiL6;4j~D7A9m zzG0%n1`YaGpYJ@}S{?l(5w}IZ&kNSK4L&}1?zFr>S_T#|b+#bF5@w_}xpV)BK?OnJ zC(VoastK4)>7Czc{IJO#-n-P#z%}#tL723x4HBIbu2@DGbX?g&XUW9UGAei)p%joB z;Nqbv#||$}zC(Y%>IT$cZf_Y&hUby}K0{I9fk8q*qBbGzpXFsL*Ym|S{;>3x;Xn)m zKOhUj%oN-{Bm$>R=A-B9zO#nnFJN&;E1|j%gsH#K7IX0)`xjM%#|e1(%a^$bh}_jN zo7{f*8NW)sXD?VSIa!GQzCJ?G{r8v01e~=@SV>afQb$u76jAOL5-Je!kah!vfIpnm z333>B&}5z$zzGJ_m&QfVQcw*ICh!~av%Banvi7och_CHVEBavO03uJ49HhpS#cPPJ%0l$j$|ALIs`)94dn9T=&A(*y{#wW13=OMH~j%((mL1(Lrh3i9=-Y+j}| zQClOh`wY-n$=Vqlx0S2?5{w+?OWHpB#>bv@gQg~*QnBRn-N?!uw0|J5yG9;2W@;`F zwSPTU=Sy0=%Nlfig8tfuMj^#FSZkFVTrbD2)KB!7mdoT>_321ySf^A@xEkL#z()J_ zBa1UBk@ZZWu7MM@x-85P7-giAO7~Dj$D9?ljil9HM@mDD7W{IH_INmhtHv&7YV7y-=Ksx&WSJ8RnBxELy%rCQitF<0{**w!U_eV;C>jZWy=ch>aDP`a4&XJ&UJ z_z+R#_Rs2}Ps1sG&e>HnO+)$APfU5VGGGR)acv=m0YT4wwx7o?>#MK%Ky_XqHEz)z zW&m7PVt&QaFTaS`1gIgdxC8ihYbcZGVE?~?DCJgbh4?Px}TWv1n4p)X%w(zX0 zc~U}&K%CBa1R5;L?9joX?NkEu2pn`}Sv7T?L$jI4qJ)2Ec3KJFVIS(->NB&H2*MGk zB-Q#8m8ATlJaM8?_{da$H4AxMt!uiYMUyo1OHT2$%xmt%cI}Ff?0=S3w61^n;iqyr7Z393jGK0fqN?w_Nxy`o89btDsKlEG>{v*KXtH z^+A?Y%a8k#UiZ*a34}$($zXJ)$XPXq74eif6y&`q@_Ul6O1(Z zeSx%2Zq0g7w0+s`a}> zMlr3`UDU($;K}NqIt(Y|ia9wbTnq`SPV61SJO8B#!8?WVpbGaNvjn?NbtW+3eG}k_nS1j`upr2T#&}?+wF8-&D)N~%y3!RwW7_`^I1_AUb7)S&DE`a`(#N${(5e4wk&)L3T8V7LM8NL?r-D?X8VTtFk$Zstjda?u z*1^LwMw~&j8;X>S#5*J)tDCE!A3xQHmehwLvyu>Tva*Xfk&!)elsehlWt>wNTJDma zoz7lmuajha$jY9lIL^4caJJ+3eqZ0;a9A4Nc_;meTnp7mg;E4>(S^f&st?=gW6oDV0u=?@a1uxt`}*j z`a#C;xR;Yvt?qBT59azhS)d>&kc=Rq7dPv?L*7{s_{E2+h$HG#|EM=ht&dg>zZ9l1 zh*PPd$ZPDrgq57g^uq5Br9v0*TnTj=vK{Wb2t5jE<${7aKTE%#bk=zYME^H%W2)qZ zZCUm;+UyE<39kF?bNJ|%GdF8Pm4Cgp-L_80XW;E^GjnZCbCOZDLJD;bF23>s@LeaI zfWSXrUx2metH3?gS1D^-OO`Mv1x!uwoE{drAL80z4J4l`wjbsFeidFO#Dx!-ZxITi zkP#5T@BI(J9X{acT{kEkwYoTNX>{^K-1?JFn&hJTHXNN5Q)8{PJvm%eReOMa6ODxL z{~{^}$v~*@UxTCsEK$g*Y=f5G6yW-xL1BuXdkPjV$eDaO?)KM7CLi2|%5m0otx#OE za-@&Q-m?cfa2NFCye*6_O$YFc9EL#RzX6x+sHB1%R*D|}S#M^D$=~`Jp+>Q6g|%R0$|_r;hFXa^yG>5oQDood7Py;IE+6t3CNNy1Xg4Ndp0*Fqo@z}yT#C5T(dEj_-dy4KHc zSyi0MF9+QHd9>p}YR_7045a(~&ng>_jt@x+LhRK4;9}*zlt-KLAs4H;mE@x&7M~g6 z+dvI!jeROt?MhPKDH!hbr{59t6KeguW&;U1eio4Jo3vP+ep-bs&OfskhuM86m4aR- zi$T=GnMbfbOiXfqPq=|}r0MOX7CG)#;kL&nBU8rq*jT(yVBdpKl61dCshDYI7IoUf z*eLnqZB$cdWkz#}+L!Z?Dv%NoaujlZc5>i*$0pFlXwdIGjRhHY5&t?IF0S|vzqIhk zWya5oD3{7g{R{aWsGL4wsOlc}ogHyhIo>2lq1sbvK0zK_AP5{9ih7+CHLVGmU;#mj>kwDt?LAC7I=U4UeBGyzZL>%&b-&3{Fh~hP4f~7QFCA~s z16pHko$!hS_fDR8;>soMvhxsR`@QRc9(=a63;R_095)h*Qqew{_NsiO>K&=wcHv5o zCpB%8%Q-&NK~PbJ$PuOjDssr&N3#=*)zu-dD!ahz=h{P$4%~m6B8?lT+Z0mY0y>Cp zs@1qktnm+Yb$^T`Jv9uxHXovjpX;3TWEXB(N&Lj0{J{`i+dO|M;NguY4--wfM=HBY zgVl$ATeP|QhKkMy6zuwX!j=hfwT%d*h!k-#(5Z&MJ|F_)&EFU^Y%q=`>XBjwupjud z)EnU-Pseri72-{LAik>)DvTu~r2G~RJu91u^RD_DJd5Ri%I8eeDBauc!r0eVZ!QT* z%CU*?EB9Sf5HgC6@TU2k{Q0ISEh;_0p14_w<@gZSR@V~D-AbAn_q;D~>fz&Sth;Cg zEonQWspDE}GnFIY;@2i4i%SWX9(*fIZ9%N#cdsA)M<=-eQ@z)7#PeLINNwJB)oRi$2j(Et@C~+O%8l#3yrW!^P!Ve?`R5{vMDIGnIwLTu>G}YY- zSWnxL5FXYd^}s(n*0?QKTphJv>@M%Gk3J#y+fH5M!` zi+;?h%^*>--3bSn5;fK6@cGFt=w%lpVxY*qpkI;psIBpP(akL(oDw-E*6o{AL>(ji z01)*Fph|3`4OMM+$i2*4vj0Z{MiAW0d@(@V+aB7vP?SR6C-@Zl8*=~iNuuxjsF3=` zpC1MLOad=H&#ZFv;G71gDtdVJ+LA}8lIO6SS6lGjV+;$Sopsfl0}G`-BL@fwDK?+T3h-p(z{t zF;H&AGzdtBv-R9YHw=Vp+SBwo=gZI%EgT0!!rZu!^AmXer!F&s_wK4>3P>g z7?YFI=eD|q8iPT5VlN;kQ6gn1W;W~CH+KTm>Of!q!lI`9ecI=NWd%{%oRC=4;DWv_ ztYrV;uBL{)mJq=(bo1wUb0RP_2LkzVlW*ZkX_c7m`L~hLCK}wWO7>g7EO8+PxGJ`| zD?=iMi<%!}VCufJR^8iqm@qMc~=e~~G z8?7u8gJ!?ox=E*aFV~;b&pq<$phVwO$o9wa%<&}D<945pX5w}hWqq8HC#!)Hb>}Ef zTRN1P{{6SvkL-cgR-`>~|Gx!&Pa_J^8uYp{fvESvSN=Vpy-sjM6*&qSEyBc@Zl!+S_#n0;ZssOsx6uZ-kGkg5pY18_SpDVYDehIvsuBXPyOiR$ z!CnqZ#`W9ly$!ksYxJ&AM#hOpVV!AbPECdngcwIz?U>4|U`$U;n34kwL+00!S2l=D7e1Rh=}OD?b|IWm zGbs)_01S8|&yPXCnD&Qjx`$q@js|M@%L1Zcy4-&9sv_aq+VC~}lQc%;!Q$fW{7g_9 zzYY`;8vn(R2W7rAxMVsMztF4_;ji@-S6unI!8dNX;qk?GzoTrRc-G1B5V-!Vo(vD` z58crwqXotT!@gv=P=5GaiQI=!T0>D=tugt&m&CVBmErJP&O85gtvH{-7} ziD+)=sN&CoT9l4$n@OF=)QAti#Q7cz&nKXkJ@6)W>vaiJf~+CrCuQRkmV@s=Wv4m% z@a=hCIgE#PGJ#+19yU7lperi@Q!`Q>n`Jp1geNyWC!#D)Lahs2O&6*RqD=j*dRL7>?2Msr)5OfRF7nhm z;U5+TtEmp7YHRAg1aI#-!m2#>7|rkM&T|YU>l)2*E%h0RkJXj@U}_05SXq2fO>mFN zwzl)4EV)N2m`d}`c+>Yx9-%q)7Ns4I-;BR;)rGKyXhrN{c4N{ zkD4H(bVCJQ-muT)4XV|#qjkoV*WaGeUx zI3J=;eGhteT2aI<8Iy;p7Oe8kFPa35!L<1&%*#ayVEA2 zN!2-aYzSLIVW_Dss>QBeAaGAaC5$2V;y`2l2D!$O%2?+DY-KxeS&`DecJM5A)h;rQ zDa_Gk*3j5usv3QcwSHiR^;;*oIlG_Hd+j$->dp4J`KSfW)gD{vpe_%}5h3i(S>1_ZG*dPy3F)T{n!%xph3MSSf zErcFyTbcLsI!Fxk?#?n_eyMBD-zIb(j7%pV*^ z+A1-#IOoAEPVUW`DO3u&Vk%}PrbdnjD-N)abH!*!O+$gYylKn~aBVByh34XE(VhsNi@D%xpL))cR|oi#;Np zU5XX^=Ezzkz3v)@(8G=?w3ld*Z%Uyvfj{J%TtTbgSfCiPX>DMC-x=h32vi0L75ge1 zm8W9%HAy#SNQqxyzoSzwHJnHF;%*k(XWy5PZ^K{C6YV+pt8@@;QIEcIk(SQ5%ktMK+1i!{74LU)Po0A{dl6mC1xIc3Eq*)Uayj8H?6 zauFB9Oc=#{)M(If$R1nfApwfk6#Jgtao;|Fxl=a${`6hRu#^m!?Z+f--v+M{Aia(D{Bl`loFln>ah>W2ab_P|qD4 zxKEg}9HxiOe6*|X#ONAnKM$)ia9cKJ#!l_THySevxL%Zh4DreGESI*2e0tiKsFWE? zZxj#evvRZTN5RE&BY~=~L!sS5BX*+#|5SnTVeZ{8F{+CHtzc{P3>INpvyV4K?ar0; zryKtU)F4boc)@0Y(x1N6VPqc^%=3dTUz*EwD*WgL&p%EW0#%W#8fH?6{Bj$T=k4Xf z4N;zlxcQk=Ooq?XZT5MaWvQk(WN05`+rn=q3=~J0A?|f?GXtn;gH2-5axp(g?kyaa z-eu68HC+k58>-Tr+peRx0?@b82lp*g!KTSr{-@a0%J;z4lnG#7DzHSp=D$Ar{PB6N zu4%>RdQZyj>-e`*|2|%E=NIA%0x^Mgh+i!v=^24WUFGP{musg z28!pb()AnfP0?2)lml~F3-I4 zBYGs6z8zG4!Si-GW(7fqE$&%B1t!-T`m^-ntSur*k+ryi0tele(@0=CD8x8b?qp&# zCiy=dRBe)^4?i-+Eq{kg*KAic9lf0EkSlQD?DaRlnHkqnTqr%pHvYuqK6c;A6;N|c z-zon*TX8@idSxw0sU2z<>UZE_T;TeRW%5GaSd{nM@%@Rr=SVk3Gq!;i{MjoBLa@HW z5)vFgmd~}8_cPx4YIvaTqFlBNiQprPvL_QWVZ|EnlXXk9(`T&?QZ>fl99N_`#(uUt zbE)-Wk+_z(^<_IAiw3w%3jhLOFf0Tj8=IvFGeBHH$v>PZVI9!!z-+;x-jwx9vzP0? zuGC7UzfLm$Q~3P?tHBzH91b@p_c1f#4*7b-q`|?#BI*O#o!f)GW~zJS=oBCNrNs8= z2!OE|W>@`pjAdedvFb;BC65Ahy{Qe%K%Dsg{l04XnlaXUykzDPp0o2p8vB){RB{(^ z-4bEiRMsaVL(AD5_IW+iceu-er1w<-^wI{jp>k+*b+$lSW9@=1lxs3*e+vmm&-+1T z*kEkIJ}2x1(+Kp9fyQ~g0!rLu=nKsjz`wZ~QO(SkCZ@)oy7Yc5MJ@i}JJ#eH^zaj8 z&z-epjXg`t;IdqMzhKKDoQCXTr|)DrhEvA9j>Ki%pD^4z1VqSVF%DR5&?n1n$G*Ne zM`i$txcQA1a{9oj-=aW3NqHdoEGm8O2BTyu%~e+hE&%IjAdAPDben1zZcLRF;}N}k zlVl9P=0z$~fG^#F4zS^L@PdKlXw~+v&OZI^5yQHjj*k&q_%;Kj>;5}9qWWjX{-7lr zW-$FbzZ$(J(wFaDNtH@cLrIt)YJ_F99F(% zHZNu%rR`CO-s1b`KgA_{6~8`T~Rt(?RbOeUoS@ezJn{tZ0U zRkqwb#x`omMGUXp9<|6*1sK9^o23!OlC9{zp1a#^+|@(D=MDu}-%%AXU4`G*H;4(9 z2zrQoJbdr^|3D^g!7t)Sz$S#dreiWM3AwUuN73$&gVo@V*+~I)0Ixv_BEqdbQi=26A&}b zId%;A-I0x@ac86|SwAe%@!ihIL~5GtF)-ZrY3a)0Kv6RzS1at{jL<5B2Em2|oHidf zkk3t`5;vD`1i;e}+O4vdKJ{z!wo6?d9W!=3X_z1cT7bu{`t1E37YpvPya)6cGS05Pu5;FIY?g~TO{D6kZ)Ft zs53<=<3&c8{x3?$~vuTpx5#BBuV#qrqw`xX0pw0#=Ozh zOe5bv3z7Oo^jk?&p{p@#O+v*tHPYvO)+Rdmh=Gh$n#S%RtcTd8vHkxu6n({R^g^fc zc*jQ*5=_&l6Tn}BP`pvd!UjfIn`HuZQ}=_9R<;yxWt!t>l1yjhSQKDIj;OEcg;-Y}^! zQ^Ix^yqO3=xV6NsSD6);3URbLU1}jYhzqE<;a5ef`IO|l&coUhKY`8KLZR!r0D8jC zi?>B7_=E-nsIB^-`cy=lmsOt>F~7BBP`9e{6S;()RUjMyc~}eQmfLxt_U?o_u*6O~ zP`1Y6d>-kT|K~Hdq*z`VfOnp;ZAyK*FbV|nM-ze1(g2A+D{K?Ax`?kC7%LxdTJvo` zvqyc;C4g_T2wyGd5rB$HJPt1FwT=AMdxH{>r~`oV1?a;c_^18Ew@jmZnwivfG@!w3 zSxi9;K!S>1Xia|Hq6l|26aC^CK0tHW@yye*7kHi@po5WR0@l^#`+D~sX%Al`Aq)8Sq+JxABrfI;>sQHZ?1e3UlVq`hdtJew@U%hXNULhjC}G6 z6*T2=x?KF?<AjgJ|3QUgeh>Qt+38Yqe|sYY7px%Ntbcoz{ zY<|$(UH@{om6?{P2d+*^K0sg_<-Mh7wYTv*E@iDH!i|HG_u_%Xa1Szwg_9{j#{fmZ znAUxJ_{IKjq>8J|YaJntpv;hyta>hP6wjO^4eFvWh@a9HtTTR7o|4=HKr=N*) z#8d@|OR*bC^(PEk7c1N~!NTPXsg|%My_a7?7|Xv)9vapkJy4!kc5NQ&&I?SUc!X_+ zz$;%Q=7$62)iWlNlIBL*4r%6mS6b!~79zs869-KCUzpOn0u*u|!Tyx0d^45%$T_iq#?qiA(;@|PGYa4DwSqSV&i-Yu@C zcu;Y#0J~{^5nj8yWOS}8%7&TqiYkTamY0{7d1W6trg5!twNH#BEB@0=ajEs9v4+X9 z=RQ;a9-(;l{P7%s8z@_mo(|DeU7X>?f3W;TpX8r;xWu7Tfnf45a&i z+>^V@;N5E|key*0)758z+!U4!@JyIDT5y5-i?1@!9_Y${2Rd3Um0DpjwMq%^#46OU z8YRa2bWC2a@ZgW0{F4#%+rpg%FPD2LV|9wHdE-^l6}Dq-nMbtm{i98Ju>0dpQalpb zDf%nv#*1MD&q_vpgS<;RIZ3Dt^yzy~KhLxo4Xs9Pn?YsM*iIVNt+-W}zw{pY675w+@;0rf$BfTBUxq1x!HdE)HV)K4@IX%b}TJg)UNDKTe22{nr zs>79vzw`6-lpRO%_h+rx005aj0m`Ouu>ShwS+G5G(A?8OGfGsimL5-=f9G~vt zkF`E8???#kgwU+JB{+7M?2kYOZUWkp_p$#v+-?1!R`u>e59!ym50qs)`JUmh;HEV3 z6eRZyAFvsF|B~IyrZI=QRG5U){MFo2HNOy_*Lw*r`nqCAZVHToP?yqD_w7_stF#K; zq8@h+ftp3~2nELI89EGc0jH? z1 zLp+FqEg}8Mz424XN!3X&WW`V7qel9ZK&`~ z-eB)xXd_63`ZA@G3QORf6QC4(iLKSBeTonaLl}cQWd5)&LYZr!(Xnf|a7~EZGjJp9 zkGI2Pbq>5?tzfdl>l31M2+pnsi2?)DX{#T)MJQ|vtz5Wd{NFATGatF0d|Y08Y;X?h8G$J|bwM#Q`ZX0r$Oqw}$!7<)&8P_?(Krn8*Kv z1`(C``q;o&K_*)miuo(wF&{iW#1rJtuLA;aXV%lnCU3p%up0+3L)YI{6XFG3Tx5ad#+5YgYpcR{+bqmo?I$_8Jc}zzq!OnD zG_7g=dAQ4mSNe)p4Z02;9jCJjUIp)~-aCgHknK hyDuU~Ad#Cw;%=z6FOd7rfM7uGXdB)x)^vFO{{TP4244UG literal 0 HcmV?d00001