dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3879 from hhunter-ms/upmerge_11-21 

Upmerge 11/21: 1.12 --> 1.13
This commit is contained in:
Hannah Hunter 2023-11-21 10:28:47 -05:00 committed by GitHub
parent 2842655d75 0aec60c6c9
commit 869e908ef3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
109 changed files with 851 additions and 637 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/holopin.yml vendored Normal file
View File

@ -0,0 +1,6 @@
organization: dapr
defaultSticker: clmjkxscc122740fl0mkmb7egi
stickers:
-
id: clmjkxscc122740fl0mkmb7egi
alias: ghc2023

14
daprdocs/config.toml
View File

@ -124,6 +124,18 @@ id = "G-60C6Q1ETC1"
source = "../translations/docs-zh/content/sdks_dotnet"
target = "content/developing-applications/sdks/dotnet"
lang = "zh-hans"
[[module.mounts]]
source = "../translations/docs-zh/content/sdks_java"
target = "content/developing-applications/sdks/java"
lang = "zh-hans"
[[module.mounts]]
source = "../translations/docs-zh/content/sdks_go"
target = "content/developing-applications/sdks/go"
lang = "zh-hans"
[[module.mounts]]
source = "../translations/docs-zh/content/sdks_js"
target = "content/developing-applications/sdks/js"
lang = "zh-hans"
# Markdown Engine - Allow inline html
[markup]
@ -181,7 +193,7 @@ url_latest_version = "https://docs.dapr.io"
url = "#"
[[params.versions]]
version = "v1.12 (latest)"
url = "https://docs.dapr.io"
url = "#"
[[params.versions]]
version = "v1.11"
url = "https://v1-11.docs.dapr.io"

2
daprdocs/content/en/concepts/security-concept.md
View File

@ -81,7 +81,7 @@ The diagram below shows how the Sentry system service issues certificates for ap
### Preventing IP addresses on Dapr
To prevent Dapr sidecars from being called on any IP address (especially in production environments such as Kubernetes), Dapr restricts its listening IP addresses only to `localhost`. Use the [dapr-listen-addresses]({{<ref arguments-annotations-overview>}}) setting you need to enable other addresses.
To prevent Dapr sidecars from being called on any IP address (especially in production environments such as Kubernetes), Dapr restricts its listening IP addresses to `localhost`. Use the [dapr-listen-addresses]({{<ref arguments-annotations-overview>}}) setting if you need to enable access from external addresses.
## Secure Dapr to application communication

2
daprdocs/content/en/developing-applications/building-blocks/actors/actors-runtime-config.md
View File

@ -59,7 +59,7 @@ public void ConfigureServices(IServiceCollection services)
services.AddSingleton<BankService>();
}
```
[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
{{% /codetab %}}

2
daprdocs/content/en/developing-applications/building-blocks/actors/actors-timers-reminders.md
View File

@ -137,7 +137,7 @@ Refer [api spec]({{< ref "actors_api.md#invoke-reminder" >}}) for more details.
## Error handling
When an actor's method completes successfully, the runtime will contineu to invoke the method at the specified timer or reminder schedule. However, if the method throws an exception, the runtime catches it and logs the error message in the Dapr sidecar logs, without retrying.
When an actor's method completes successfully, the runtime will continue to invoke the method at the specified timer or reminder schedule. However, if the method throws an exception, the runtime catches it and logs the error message in the Dapr sidecar logs, without retrying.
To allow actors to recover from failures and retry after a crash or restart, you can persist an actor's state by configuring a state store, like Redis or Azure Cosmos DB.

2
daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors-partitioning.md
View File

@ -57,7 +57,7 @@ public void ConfigureServices(IServiceCollection services)
}
```
[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
{{% /codetab %}}

2
daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md
View File

@ -26,7 +26,7 @@ Alternatively, you can use [Dapr SDKs to use actors]({{< ref "developing-applica
## Save state with actors
You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state mangement capabaility.
You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state management capabaility.
To use actors, your state store must support multi-item transactions. This means your state store component must implement the `TransactionalStore` interface.

4
daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md
View File

@ -76,14 +76,14 @@ Read the [Use output bindings to interface with external resources guide]({{< re
## Binding directions (optional)
You can provide the `direction` metadata field to indicate the direction(s) supported by the binding component. In doing so, the Dapr sidecar avoids the `"wait for the app to become ready"` state reducing the lifecycle dependency between the Dapr sidecar and the application:
You can provide the `direction` metadata field to indicate the direction(s) supported by the binding component. In doing so, the Dapr sidecar avoids the `"wait for the app to become ready"` state, reducing the lifecycle dependency between the Dapr sidecar and the application:
- `"input"`
- `"output"`
- `"input, output"`
{{% alert title="Note" color="primary" %}}
It is highly recommended that all bindings should include the `direction` property.
It is highly recommended that all input bindings should include the `direction` property.
{{% /alert %}}
[See a full example of the bindings `direction` metadata.]({{< ref "bindings_api.md#binding-direction-optional" >}})

2
daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md
View File

@ -45,7 +45,7 @@ While both HTTP and gRPC are supported in the alpha release, using the gRPC APIs
### Cryptographic components
The Dapr cryptography building block incldues two kinds of components:
The Dapr cryptography building block includes two kinds of components:
- **Components that allow interacting with management services or vaults ("key vaults").**
Similar to how Dapr offers an "abstraction layer" on top of various secret stores or state stores, these components allow interacting with various key vaults such as Azure Key Vault (with more coming in future Dapr releases). With these components, cryptographic operations on the private keys are performed within the vaults and Dapr never sees your private keys.

74
daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-bulk.md
View File

@ -81,13 +81,13 @@ async function start() {
{
entryID: "entry-2",
contentType: "application/cloudevents+json",
event: {
event: {
specversion: "1.0",
source: "/some/source",
type: "example",
id: "1234",
data: "foo message 2",
datacontenttype: "text/plain"
id: "1234",
data: "foo message 2",
datacontenttype: "text/plain"
},
},
{
@ -115,7 +115,7 @@ using System.Collections.Generic;
using Dapr.Client;
const string PubsubName = "my-pubsub-name";
const string TopicName = "topic-a";
const string TopicName = "topic-a";
IReadOnlyList<object> BulkPublishData = new List<object>() {
new { Id = "17", Amount = 10m },
new { Id = "18", Amount = 20m },
@ -130,10 +130,10 @@ if (res == null) {
}
if (res.FailedEntries.Count > 0)
{
Console.WriteLine("Some events failed to be published!");
Console.WriteLine("Some events failed to be published!");
foreach (var failedEntry in res.FailedEntries)
{
Console.WriteLine("EntryId: " + failedEntry.Entry.EntryId + " Error message: " +
Console.WriteLine("EntryId: " + failedEntry.Entry.EntryId + " Error message: " +
failedEntry.ErrorMessage);
}
}
@ -205,7 +205,7 @@ func main() {
{
"entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002",
"event": {
"message": "second JSON message"
"message": "second JSON message"
},
"contentType": "application/json"
}
@ -236,7 +236,7 @@ curl -X POST http://localhost:3500/v1.0-alpha1/publish/bulk/my-pubsub-name/topic
{
"entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002",
"event": {
"message": "second JSON message"
"message": "second JSON message"
},
"contentType": "application/json"
},
@ -258,7 +258,7 @@ Invoke-RestMethod -Method Post -ContentType 'application/json' -Uri 'http://loca
{
"entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002",
"event": {
"message": "second JSON message"
"message": "second JSON message"
},
"contentType": "application/json"
},
@ -271,7 +271,7 @@ Invoke-RestMethod -Method Post -ContentType 'application/json' -Uri 'http://loca
## Subscribing messages in bulk
The bulk subscribe API allows you to subscribe multiple messages from a topic in a single request.
The bulk subscribe API allows you to subscribe multiple messages from a topic in a single request.
As we know from [How to: Publish & Subscribe to topics]({{< ref howto-publish-subscribe.md >}}), there are two ways to subscribe to topic(s):
- **Declaratively** - subscriptions are defined in an external file.
@ -286,7 +286,7 @@ metadata:
name: order-pub-sub
spec:
topic: orders
routes:
routes:
default: /checkout
pubsubname: order-pub-sub
bulkSubscribe:
@ -300,11 +300,11 @@ scopes:
In the example above, `bulkSubscribe` is _optional_. If you use `bulkSubscribe`, then:
- `enabled` is mandatory and enables or disables bulk subscriptions on this topic
- You can optionally configure the max number of messages (`maxMessagesCount`) delivered in a bulk message.
Default value of `maxMessagesCount` for components not supporting bulk subscribe is 100 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}).
- You can optionally configure the max number of messages (`maxMessagesCount`) delivered in a bulk message.
Default value of `maxMessagesCount` for components not supporting bulk subscribe is 100 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}).
If a component supports bulk subscribe, then default value for this parameter can be found in that component doc.
- You can optionally provide the max duration to wait (`maxAwaitDurationMs`) before a bulk message is sent to the app.
Default value of `maxAwaitDurationMs` for components not supporting bulk subscribe is 1000 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}).
Default value of `maxAwaitDurationMs` for components not supporting bulk subscribe is 1000 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}).
If a component supports bulk subscribe, then default value for this parameter can be found in that component doc.
The application receives an `EntryId` associated with each entry (individual message) in the bulk message. This `EntryId` must be used by the app to communicate the status of that particular entry. If the app fails to notify on an `EntryId` status, it's considered a `RETRY`.
@ -313,16 +313,16 @@ A JSON-encoded payload body with the processing status against each entry needs
```json
{
"statuses":
[
"statuses":
[
{
"entryId": "<entryId1>",
"status": "<status>"
},
},
{
"entryId": "<entryId2>",
"status": "<status>"
}
}
]
}
```
@ -477,37 +477,21 @@ For event publish/subscribe, two kinds of network transfers are involved.
1. From/To *App* To/From *Dapr*.
1. From/To *Dapr* To/From *Pubsub Broker*.
These are the opportunities where optimization is possible. When optimized, a Bulk requests are, which reduce number of overall calls and thus increase throughput and provide better latency.
These are the opportunities where optimization is possible. When optimized, Bulk requests are made, which reduce the overall number of calls and thus increases throughput and provides better latency.
On enabling Bulk Publish and/or Bulk Subscribe, the communication between the App and Dapr sidecar (Point 1 above) is optimized for **all components**.
Optimization from Dapr sidecar to the pub/sub broker would depend on a number of factors, for example:
- If the broker inherently supports Bulk pub/sub
- If the Dapr component is updated to support the use of bulk APIs provided by the broker.
Optimization from Dapr sidecar to the pub/sub broker depends on a number of factors, for example:
- Broker must inherently support Bulk pub/sub
- The Dapr component must be updated to support the use of bulk APIs provided by the broker
Currently, the following components are updated to support this level of optimization:
<table width="100%">
<tr>
<th>Component</th>
<th>Bulk Publish</th>
<th>Bulk Subscribe</th>
</tr>
<tr>
<td>Kafka</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Azure Servicebus</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Azure Eventhubs</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
| Component | Bulk Publish | Bulk Subscribe |
|:--------------------:|:--------:|--------|
| Kafka | Yes | Yes |
| Azure Servicebus | Yes | Yes |
| Azure Eventhubs | Yes | Yes |
## Demos

4
daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-cloudevents.md
View File

@ -106,7 +106,7 @@ with DaprClient() as client:
result = client.publish_event(
pubsub_name='order_pub_sub',
topic_name='orders',
publish_metadata={'cloudevent.id: 'd99b228f-6c73-4e78-8c4d-3f80a043d317', cloudevent.source: 'payment'}
publish_metadata={'cloudevent.id': 'd99b228f-6c73-4e78-8c4d-3f80a043d317', 'cloudevent.source': 'payment'}
)
```
@ -160,7 +160,7 @@ The JSON payload then reflects the new `source` and `id` values:
```
{{% alert title="Important" color="warning" %}}
While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telementry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}})
While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telemetry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}})
{{% /alert %}}

2
daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md
View File

@ -114,7 +114,7 @@ All Dapr pub/sub components support the at-least-once guarantee.
### Consumer groups and competing consumers pattern
Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explict consumer group overrides.
Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explicit consumer group overrides.
When multiple instances of the same application (with same `app-id`) subscribe to a topic, Dapr delivers each message to *only one instance of **that** application*. This concept is illustrated in the diagram below.

2
daprdocs/content/en/developing-applications/building-blocks/state-management/howto-outbox.md
View File

@ -109,4 +109,4 @@ spec:
Watch [this video for an overview of the outbox pattern](https://youtu.be/rTovKpG0rhY?t=1338):
<div class="embed-responsive embed-responsive-16by9">
<iframe width="360" height="315" src="https://youtu.be/rTovKpG0rhY?t=1338" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<iframe width="360" height="315" src="https://www.youtube-nocookie.com/embed/rTovKpG0rhY?si=1xlS54vcdYnLLtOL&amp;start=1338" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

9
daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md
View File

@ -63,10 +63,6 @@ When you create an application with workflow code and run it with Dapr, you can
[Learn more about how manage a workflow using HTTP calls.]({{< ref workflow_api.md >}})
### Manage other workflow runtimes with workflow components
You can call other workflow runtimes (for example, Temporal and Netflix Conductor) by writing your own workflow component.
## Workflow patterns
Dapr Workflow simplifies complex, stateful coordination requirements in microservice architectures. The following sections describe several application patterns that can benefit from Dapr Workflow.
@ -109,8 +105,9 @@ Want to skip the quickstarts? Not a problem. You can try out the workflow buildi
With Dapr Workflow in beta stage comes the following limitation(s):
- **State stores:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, you're not able to use NoSQL databases. Only SQL databases are supported in the latest release.
- **Application instances:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, only a maximum of 2 application instances is supported.
- **State stores:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, using the NoSQL databases as a state store results in limitations around storing internal states. For example, CosmosDB has a maximum single operation item limit of only 100 states in a single request.
- **Horizontal scaling:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, if you scale out Dapr sidecars or your application pods to more than 2, then the concurrency of the workflow execution drops. It is recommended to test with 1 or 2 instances, and no more than 2.
## Watch the demo

175
daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md
View File

@ -109,21 +109,53 @@ catch (TaskFailedException) // Task failures are surfaced as TaskFailedException
<!--java-->
```java
public static void main(String[] args) throws InterruptedException {
DaprWorkflowClient client = new DaprWorkflowClient();
try (client) {
client.raiseEvent(instanceId, "TestEvent", "TestEventPayload");
System.out.println(separatorStr);
System.out.println("** Registering parallel Events to be captured by allOf(t1,t2,t3) **");
client.raiseEvent(instanceId, "event1", "TestEvent 1 Payload");
client.raiseEvent(instanceId, "event2", "TestEvent 2 Payload");
client.raiseEvent(instanceId, "event3", "TestEvent 3 Payload");
System.out.printf("Events raised for workflow with instanceId: %s\n", instanceId);
}
public class ChainWorkflow extends Workflow {
@Override
public WorkflowStub create() {
return ctx -> {
StringBuilder sb = new StringBuilder();
String wfInput = ctx.getInput(String.class);
String result1 = ctx.callActivity("Step1", wfInput, String.class).await();
String result2 = ctx.callActivity("Step2", result1, String.class).await();
String result3 = ctx.callActivity("Step3", result2, String.class).await();
String result = sb.append(result1).append(',').append(result2).append(',').append(result3).toString();
ctx.complete(result);
};
}
}
class Step1 implements WorkflowActivity {
@Override
public Object run(WorkflowActivityContext ctx) {
Logger logger = LoggerFactory.getLogger(Step1.class);
logger.info("Starting Activity: " + ctx.getName());
// Do some work
return null;
}
}
class Step2 implements WorkflowActivity {
@Override
public Object run(WorkflowActivityContext ctx) {
Logger logger = LoggerFactory.getLogger(Step2.class);
logger.info("Starting Activity: " + ctx.getName());
// Do some work
return null;
}
}
class Step3 implements WorkflowActivity {
@Override
public Object run(WorkflowActivityContext ctx) {
Logger logger = LoggerFactory.getLogger(Step3.class);
logger.info("Starting Activity: " + ctx.getName());
// Do some work
return null;
}
}
```
{{% /codetab %}}
@ -225,46 +257,23 @@ await context.CallActivityAsync("PostResults", sum);
<!--java-->
```java
public static void main(String[] args) throws InterruptedException {
DaprWorkflowClient client = new DaprWorkflowClient();
try (client) {
System.out.println(separatorStr);
System.out.println("**SendExternalMessage**");
client.raiseEvent(instanceId, "TestEvent", "TestEventPayload");
// Get events to process in parallel
System.out.println(separatorStr);
System.out.println("** Registering parallel Events to be captured by allOf(t1,t2,t3) **");
client.raiseEvent(instanceId, "event1", "TestEvent 1 Payload");
client.raiseEvent(instanceId, "event2", "TestEvent 2 Payload");
client.raiseEvent(instanceId, "event3", "TestEvent 3 Payload");
System.out.printf("Events raised for workflow with instanceId: %s\n", instanceId);
// Register the raised events to be captured
System.out.println(separatorStr);
System.out.println("** Registering Event to be captured by anyOf(t1,t2,t3) **");
client.raiseEvent(instanceId, "e2", "event 2 Payload");
System.out.printf("Event raised for workflow with instanceId: %s\n", instanceId);
// Wait for all tasks to complete and aggregate results
System.out.println(separatorStr);
System.out.println("**WaitForInstanceCompletion**");
try {
WorkflowInstanceStatus waitForInstanceCompletionResult =
client.waitForInstanceCompletion(instanceId, Duration.ofSeconds(60), true);
System.out.printf("Result: %s%n", waitForInstanceCompletionResult);
} catch (TimeoutException ex) {
System.out.printf("waitForInstanceCompletion has an exception:%s%n", ex);
public class FaninoutWorkflow extends Workflow {
@Override
public WorkflowStub create() {
return ctx -> {
// Get a list of N work items to process in parallel.
Object[] workBatch = ctx.callActivity("GetWorkBatch", Object[].class).await();
// Schedule the parallel tasks, but don't wait for them to complete yet.
List<Task<Integer>> tasks = Arrays.stream(workBatch)
.map(workItem -> ctx.callActivity("ProcessWorkItem", workItem, int.class))
.collect(Collectors.toList());
// Everything is scheduled. Wait here until all parallel tasks have completed.
List<Integer> results = ctx.allOf(tasks).await();
// Aggregate all N outputs and publish the result.
int sum = results.stream().mapToInt(Integer::intValue).sum();
ctx.complete(sum);
};
}
System.out.println(separatorStr);
System.out.println("**purgeInstance**");
boolean purgeResult = client.purgeInstance(instanceId);
System.out.printf("purgeResult: %s%n", purgeResult);
}
}
```
@ -640,42 +649,34 @@ public override async Task<OrderResult> RunAsync(WorkflowContext context, OrderP
<!--java-->
```java
public static void main(String[] args) throws InterruptedException {
DaprWorkflowClient client = new DaprWorkflowClient();
public class ExternalSystemInteractionWorkflow extends Workflow {
@Override
public WorkflowStub create() {
return ctx -> {
// ...other steps...
Integer orderCost = ctx.getInput(int.class);
// Require orders over a certain threshold to be approved
if (orderCost > ORDER_APPROVAL_THRESHOLD) {
try {
// Request human approval for this order
ctx.callActivity("RequestApprovalActivity", orderCost, Void.class).await();
// Pause and wait for a human to approve the order
boolean approved = ctx.waitForExternalEvent("ManagerApproval", Duration.ofDays(3), boolean.class).await();
if (!approved) {
// The order was rejected, end the workflow here
ctx.complete("Process reject");
}
} catch (TaskCanceledException e) {
// An approval timeout results in automatic order cancellation
ctx.complete("Process cancel");
}
}
// ...other steps...
try (client) {
String eventInstanceId = client.scheduleNewWorkflow(DemoWorkflow.class);
System.out.printf("Started new workflow instance with random ID: %s%n", eventInstanceId);
client.raiseEvent(eventInstanceId, "TestException", null);
System.out.printf("Event raised for workflow with instanceId: %s\n", eventInstanceId);
System.out.println(separatorStr);
String instanceToTerminateId = "terminateMe";
client.scheduleNewWorkflow(DemoWorkflow.class, null, instanceToTerminateId);
System.out.printf("Started new workflow instance with specified ID: %s%n", instanceToTerminateId);
TimeUnit.SECONDS.sleep(5);
System.out.println("Terminate this workflow instance manually before the timeout is reached");
client.terminateWorkflow(instanceToTerminateId, null);
System.out.println(separatorStr);
String restartingInstanceId = "restarting";
client.scheduleNewWorkflow(DemoWorkflow.class, null, restartingInstanceId);
System.out.printf("Started new workflow instance with ID: %s%n", restartingInstanceId);
System.out.println("Sleeping 30 seconds to restart the workflow");
TimeUnit.SECONDS.sleep(30);
System.out.println("**SendExternalMessage: RestartEvent**");
client.raiseEvent(restartingInstanceId, "RestartEvent", "RestartEventPayload");
System.out.println("Sleeping 30 seconds to terminate the eternal workflow");
TimeUnit.SECONDS.sleep(30);
client.terminateWorkflow(restartingInstanceId, null);
// End the workflow with a success result
ctx.complete("Process approved");
};
}
System.out.println("Exiting DemoWorkflowClient.");
System.exit(0);
}
```

2
daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md
View File

@ -3,5 +3,5 @@ type: docs
title: "Authenticate to Azure"
linkTitle: "Authenticate to Azure"
weight: 1600
description: "Learn about authenticating Azure components using Azure Active Directory or Managed Identities"
description: "Learn about authenticating Azure components using Microsoft Entra ID or Managed Identities"
---

30
daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md
View File

@ -2,27 +2,27 @@
type: docs
title: "Authenticating to Azure"
linkTitle: "Overview"
description: "How to authenticate Azure components using Azure AD and/or Managed Identities"
description: "How to authenticate Azure components using Microsoft Entra ID and/or Managed Identities"
aliases:
- "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/"
- "/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity/"
weight: 10000
---
Most Azure components for Dapr support authenticating with Azure AD (Azure Active Directory). Thanks to this:
Most Azure components for Dapr support authenticating with Microsoft Entra ID. Thanks to this:
- Administrators can leverage all the benefits of fine-tuned permissions with Azure Role-Based Access Control (RBAC).
- Applications running on Azure services such as Azure Container Apps, Azure Kubernetes Service, Azure VMs, or any other Azure platform services can leverage [Managed Identities (MI)](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) and [Workload Identity](https://learn.microsoft.com/azure/aks/workload-identity-overview). These offer the ability to authenticate your applications without having to manage sensitive credentials.
## About authentication with Azure AD
## About authentication with Microsoft Entra ID
Azure AD is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services.
Microsoft Entra ID is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services.
Azure AD is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc.
Microsoft Entra ID is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc.
> In Azure terminology, an application is also called a "Service Principal".
Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Azure AD whenever possible to take advantage of many benefits, including:
Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Microsoft Entra ID whenever possible to take advantage of many benefits, including:
- [Managed Identities and Workload Identity](#managed-identities-and-workload-identity)
- [Role-Based Access Control](#role-based-access-control)
@ -31,7 +31,7 @@ Some Azure components offer alternative authentication methods, such as systems
### Managed Identities and Workload Identity
With Managed Identities (MI), your application can authenticate with Azure AD and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level.
With Managed Identities (MI), your application can authenticate with Microsoft Entra ID and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level.
Once using MI, your code doesn't have to deal with credentials, which:
@ -48,11 +48,11 @@ When using Azure Role-Based Access Control (RBAC) with supported services, permi
### Auditing
Using Azure AD provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests.
Using Microsoft Entra ID provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests.
### (Optional) Authentication using certificates
While Azure AD allows you to use MI, you still have the option to authenticate using certificates.
While Microsoft Entra ID allows you to use MI, you still have the option to authenticate using certificates.
## Support for other Azure environments
@ -66,7 +66,7 @@ By default, Dapr components are configured to interact with Azure resources in t
## Credentials metadata fields
To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component).
To authenticate with Microsoft Entra ID, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component).
### Metadata options
@ -82,7 +82,7 @@ Depending on how you've passed credentials to your Dapr services, you have multi
| Field | Required | Details | Example |
|---------------------|----------|--------------------------------------|----------------------------------------------|
| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
| `azureTenantId` | Y | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
| `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` |
| `azureClientSecret` | Y | Client secret (application password) | `"Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"` |
@ -92,7 +92,7 @@ When running on Kubernetes, you can also use references to Kubernetes secrets fo
| Field | Required | Details | Example |
|--------|--------|--------|--------|
| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
| `azureTenantId` | Y | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
| `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` |
| `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key (in PFX/PKCS#12 format) | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` |
| `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX/PKCS#12 file containing the certificate and private key | `"/path/to/file.pem"` |
@ -127,7 +127,7 @@ Using this authentication method does not require setting any metadata option.
### Example usage in a Dapr component
In this example, you will set up an Azure Key Vault secret store component that uses Azure AD to authenticate.
In this example, you will set up an Azure Key Vault secret store component that uses Microsoft Entra ID to authenticate.
{{< tabs "Self-Hosted" "Kubernetes">}}
@ -279,11 +279,11 @@ To use a **certificate**:
## Next steps
{{< button text="Generate a new Azure AD application and Service Principal >>" page="howto-aad.md" >}}
{{< button text="Generate a new Microsoft Entra ID application and Service Principal >>" page="howto-aad.md" >}}
## References
- [Azure AD app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential)
- [Microsoft Entra ID app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential)
- [Azure Managed Service Identity (MSI) overview](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})

14
daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md
View File

@ -1,9 +1,9 @@
---
type: docs
title: "How to: Generate a new Azure AD application and Service Principal"
linkTitle: "How to: Generate Azure AD and Service Principal"
title: "How to: Generate a new Microsoft Entra ID application and Service Principal"
linkTitle: "How to: Generate Microsoft Entra ID and Service Principal"
weight: 30000
description: "Learn how to generate an Azure Active Directory and use it as a Service Principal"
description: "Learn how to generate an Microsoft Entra ID and use it as a Service Principal"
---
## Prerequisites
@ -23,9 +23,9 @@ az login
az account set -s [your subscription id]
```
### Create an Azure AD application
### Create an Microsoft Entra ID application
Create the Azure AD application with:
Create the Microsoft Entra ID application with:
```sh
# Friendly name for the application / Service Principal
@ -107,7 +107,7 @@ When adding the returned values to your Dapr component's metadata:
### Create a Service Principal
Once you have created an Azure AD application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources.
Once you have created an Microsoft Entra ID application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources.
To create the Service Principal, run the following command:
@ -124,7 +124,7 @@ Expected output:
Service Principal ID: 1d0ccf05-5427-4b5e-8eb4-005ac5f9f163
```
The returned value above is the **Service Principal ID**, which is different from the Azure AD application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application
The returned value above is the **Service Principal ID**, which is different from the Microsoft Entra ID application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application
You'll use the Service Principal ID to grant permissions to an application to access Azure resources.
Meanwhile, **the client ID** is used by your application to authenticate. You'll use the client ID in Dapr manifests to configure authentication with Azure services.

2
daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md
View File

@ -10,7 +10,7 @@ description: "Learn how to use Managed Identities"
Using Managed Identities (MI), authentication happens automatically by virtue of your application running on top of an Azure service that has an assigned identity.
For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Azure AD application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Azure AD, transparently and without you having to specify any credentials.
For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Microsoft Entra ID application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Microsoft Entra ID, transparently and without you having to specify any credentials.
To get started with managed identities, you need to assign an identity to a new or existing Azure resource. The instructions depend on the service use. Check the following official documentation for the most appropriate instructions:

2
daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers.md
View File

@ -45,7 +45,7 @@ dapr init
#### Example: create a Java Dev Container for Dapr
This is an exmaple of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java).
This is an example of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java).
Place this in a file called `.devcontainer/devcontainer.json` in your project:

4
daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md
View File

@ -14,7 +14,7 @@ The Multi-App Run template file is a YAML file that you can use to run multiple
- Use the multi-app template
- View started applications
- Stop the multi-app template
- Stucture the multi-app template file
- Structure the multi-app template file
## Use the multi-app template
@ -93,7 +93,7 @@ Stop the multi-app run template anytime with either of the following commands:
```cmd
# the template file needs to be called `dapr.yaml` by default if a directory path is given
dapr stop -f
dapr stop -f <dir_path>
```
or:

204
daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md
View File

@ -23,7 +23,209 @@ This example uses the Dapr SDK, which leverages gRPC and is **strongly** recomme
Currently, you can experience the cryptography API using the Go SDK.
{{< tabs "Go" >}}
{{< tabs "JavaScript" "Go" >}}
<!-- JavaScript -->
{{% codetab %}}
> This quickstart includes a JavaScript application called `crypto-quickstart`.
### Pre-requisites
For this example, you will need:
- [Dapr CLI and initialized environment](https://docs.dapr.io/getting-started).
- [Latest Node.js installed](https://nodejs.org/download/).
<!-- IGNORE_LINKS -->
- [Docker Desktop](https://www.docker.com/products/docker-desktop)
<!-- END_IGNORE -->
- [OpenSSL](https://www.openssl.org/source/) available on your system
### Step 1: Set up the environment
Clone the [sample provided in the Quickstarts repo](https://github.com/dapr/quickstarts/tree/master/cryptography)
```bash
git clone https://github.com/dapr/quickstarts.git
```
In the terminal, from the root directory, navigate to the cryptography sample.
```bash
cd cryptography/javascript/sdk
```
Navigate into the folder with the source code:
```bash
cd ./crypto-quickstart
```
Install the dependencies:
```bash
npm install
```
### Step 2: Run the application with Dapr
The application code defines two required keys:
- Private RSA key
- A 256-bit symmetric (AES) key
Generate two keys, an RSA key and and AES key using OpenSSL and write these to two files:
```bash
mkdir -p keys
# Generate a private RSA key, 4096-bit keys
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out keys/rsa-private-key.pem
# Generate a 256-bit key for AES
openssl rand -out keys/symmetric-key-256 32
```
Run the Go service app with Dapr:
```bash
dapr run --app-id crypto-quickstart --resources-path ../../../components/ -- npm start
```
**Expected output**
```
== APP == 2023-10-25T14:30:50.435Z INFO [GRPCClient, GRPCClient] Opening connection to 127.0.0.1:58173
== APP == == Encrypting message using buffers
== APP == Encrypted the message, got 856 bytes
== APP == == Decrypting message using buffers
== APP == Decrypted the message, got 24 bytes
== APP == The secret is "passw0rd"
== APP == == Encrypting message using streams
== APP == Encrypting federico-di-dio-photography-Q4g0Q-eVVEg-unsplash.jpg to encrypted.out
== APP == Encrypted the message to encrypted.out
== APP == == Decrypting message using streams
== APP == Decrypting encrypted.out to decrypted.out.jpg
== APP == Decrypted the message to decrypted.out.jpg
```
### What happened?
#### `local-storage.yaml`
Earlier, you created a directory inside `crypto-quickstarts` called `keys`. In [the `local-storage` component YAML](https://github.com/dapr/quickstarts/tree/master/cryptography/components/local-storage.yaml), the `path` metadata maps to the newly created `keys` directory.
```yml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: localstorage
spec:
type: crypto.dapr.localstorage
version: v1
metadata:
- name: path
# Path is relative to the folder where the example is located
value: ./keys
```
#### `index.mjs`
[The application file](https://github.com/dapr/quickstarts/blob/master/cryptography/javascript/sdk/crypto-quickstart/index.mjs) encrypts and decrypts messages and files using the RSA and AES keys that you generated. The application creates a new Dapr SDK client:
```javascript
async function start() {
const client = new DaprClient({
daprHost,
daprPort,
communicationProtocol: CommunicationProtocolEnum.GRPC,
});
// Encrypt and decrypt a message from a buffer
await encryptDecryptBuffer(client);
// Encrypt and decrypt a message using streams
await encryptDecryptStream(client);
}
```
##### Encrypting and decrypting a string using the RSA key
Once the client is created, the application encrypts a message:
```javascript
async function encryptDecryptBuffer(client) {
// Message to encrypt
const plaintext = `The secret is "passw0rd"`
// First, encrypt the message
console.log("== Encrypting message using buffers");
const encrypted = await client.crypto.encrypt(plaintext, {
componentName: "localstorage",
keyName: "rsa-private-key.pem",
keyWrapAlgorithm: "RSA",
});
console.log("Encrypted the message, got", encrypted.length, "bytes");
```
The application then decrypts the message:
```javascript
// Decrypt the message
console.log("== Decrypting message using buffers");
const decrypted = await client.crypto.decrypt(encrypted, {
componentName: "localstorage",
});
console.log("Decrypted the message, got", decrypted.length, "bytes");
console.log(decrypted.toString("utf8"));
// ...
}
```
##### Encrypt and decrpyt a large file using the AES key
Next, the application encrypts a large image file:
```javascript
async function encryptDecryptStream(client) {
// First, encrypt the message
console.log("== Encrypting message using streams");
console.log("Encrypting", testFileName, "to encrypted.out");
await pipeline(
createReadStream(testFileName),
await client.crypto.encrypt({
componentName: "localstorage",
keyName: "symmetric-key-256",
keyWrapAlgorithm: "A256KW",
}),
createWriteStream("encrypted.out"),
);
console.log("Encrypted the message to encrypted.out");
```
The application then decrypts the large image file:
```javascript
// Decrypt the message
console.log("== Decrypting message using streams");
console.log("Decrypting encrypted.out to decrypted.out.jpg");
await pipeline(
createReadStream("encrypted.out"),
await client.crypto.decrypt({
componentName: "localstorage",
}),
createWriteStream("decrypted.out.jpg"),
);
console.log("Decrypted the message to decrypted.out.jpg");
}
```
{{% /codetab %}}
<!-- Go -->
{{% codetab %}}

6
daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md
View File

@ -986,7 +986,7 @@ Verify you have the following files included in the service directory:
Run the `order-processor` subscriber service alongside a Dapr sidecar.
```bash
dapr run --app-port 5001 --app-id order-processing --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- npm run start
dapr run --app-port 5002 --app-id order-processing --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- npm run start
```
In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar.
@ -1140,7 +1140,7 @@ dotnet build
Run the `order-processor` subscriber service alongside a Dapr sidecar.
```bash
dapr run --app-id order-processor --resources-path ../../../components --app-port 7005 -- dotnet run
dapr run --app-id order-processor --resources-path ../../../components --app-port 7006 -- dotnet run
```
In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar.
@ -1457,7 +1457,7 @@ go build .
Run the `order-processor` subscriber service alongside a Dapr sidecar.
```bash
dapr run --app-port 6002 --app-id order-processor-sdk --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- go run .
dapr run --app-port 6005 --app-id order-processor-sdk --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- go run .
```
In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar.

6
daprdocs/content/en/getting-started/tutorials/get-started-component.md
View File

@ -64,6 +64,12 @@ In the above file definition:
Launch a Dapr sidecar that will listen on port 3500 for a blank application named `myapp`:
PowerShell environment:
```bash
dapr run --app-id myapp --dapr-http-port 3500 --resources-path ../
```
non-PowerShell environment:
```bash
dapr run --app-id myapp --dapr-http-port 3500 --resources-path .
```

2
daprdocs/content/en/operations/components/pluggable-components-registration.md
View File

@ -25,7 +25,7 @@ While Dapr's built-in components come [included with the runtime](https://github
1. Pluggable components need to be started and ready to take requests _before_ Dapr itself is started.
2. The [Unix Domain Socket][uds] file used for the pluggable component communication need to be made accessible to both Dapr and pluggable component.
In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernets Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core).
In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernetes Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core).
This also changes the approach to share [Unix Domain Socket][uds] files between Dapr and pluggable components.

2
daprdocs/content/en/operations/configuration/control-concurrency.md
View File

@ -11,7 +11,7 @@ Using Dapr, you can control how many requests and events will invoke your applic
*Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.*
*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). *
*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an important difference between the two approaches. The rate limit middleware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). *
Watch this [video](https://youtu.be/yRI5g6o_jp8?t=1710) on how to control concurrency and rate limiting ".

4
daprdocs/content/en/operations/configuration/secret-scope.md
View File

@ -44,7 +44,7 @@ The `allowedSecrets` and `deniedSecrets` list values take priorty over the `defa
|----- | ------- | -----------| ----------| ------------
| 1 - Only default access | deny/allow | empty | empty | deny/allow
| 2 - Default deny with allowed list | deny | ["s1"] | empty | only "s1" can be accessed
| 3 - Default allow with deneied list | allow | empty | ["s1"] | only "s1" cannot be accessed
| 3 - Default allow with denied list | allow | empty | ["s1"] | only "s1" cannot be accessed
| 4 - Default allow with allowed list | allow | ["s1"] | empty | only "s1" can be accessed
| 5 - Default deny with denied list | deny | empty | ["s1"] | deny
| 6 - Default deny/allow with both lists | deny/allow | ["s1"] | ["s2"] | only "s1" can be accessed
@ -69,7 +69,7 @@ spec:
defaultAccess: deny
```
For applications that need to be deined access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod.
For applications that need to be denied access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod.
```yaml
dapr.io/config: appconfig

187
daprdocs/content/en/operations/observability/tracing/jaeger.md
View File

@ -1,187 +0,0 @@
---
type: docs
title: "How-To: Set up Jaeger for distributed tracing"
linkTitle: "Jaeger"
weight: 3000
description: "Set up Jaeger for distributed tracing"
type: docs
---
Dapr supports the Zipkin protocol. Since Jaeger is compatible with Zipkin, the Zipkin protocol can be used to communication with Jaeger.
## Configure self hosted mode
### Setup
The simplest way to start Jaeger is to use the pre-built all-in-one Jaeger image published to DockerHub:
```bash
docker run -d --name jaeger \
-e COLLECTOR_ZIPKIN_HOST_PORT=:9412 \
-p 16686:16686 \
-p 9412:9412 \
jaegertracing/all-in-one:1.22
```
Next, create the following YAML files locally:
* **config.yaml**: Note that because we are using the Zipkin protocol
to talk to Jaeger, we specify the `zipkin` section of tracing
configuration set the `endpointAddress` to address of the Jaeger
instance.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: tracing
namespace: default
spec:
tracing:
samplingRate: "1"
zipkin:
endpointAddress: "http://localhost:9412/api/v2/spans"
```
To launch the application referring to the new YAML file, you can use
`--config` option:
```bash
dapr run --app-id mynode --app-port 3000 node app.js --config config.yaml
```
### Viewing Traces
To view traces, in your browser go to http://localhost:16686 to see the Jaeger UI.
## Configure Kubernetes
The following steps shows you how to configure Dapr to send distributed tracing data to Jaeger running as a container in your Kubernetes cluster, how to view them.
### Setup
First create the following YAML file to install Jaeger, file name is `jaeger-operator.yaml`
#### Development and test
By default, the allInOne Jaeger image uses memory as the backend storage and it is not recommended to use this in a production environment.
```yaml
apiVersion: jaegertracing.io/v1
kind: "Jaeger"
metadata:
name: jaeger
spec:
strategy: allInOne
ingress:
enabled: false
allInOne:
image: jaegertracing/all-in-one:1.22
options:
query:
base-path: /jaeger
```
#### Production
Jaeger uses Elasticsearch as the backend storage, and you can create a secret in k8s cluster to access Elasticsearch server with access control.
```shell
kubectl create secret generic jaeger-secret --from-literal=ES_PASSWORD='xxx' --from-literal=ES_USERNAME='xxx' -n ${NAMESPACE}
```
```yaml
apiVersion: jaegertracing.io/v1
kind: "Jaeger"
metadata:
name: jaeger
spec:
strategy: production
query:
options:
log-level: info
query:
base-path: /jaeger
collector:
maxReplicas: 5
resources:
limits:
cpu: 500m
memory: 516Mi
storage:
type: elasticsearch
esIndexCleaner:
enabled: false ## turn the job deployment on and off
numberOfDays: 7 ## number of days to wait before deleting a record
schedule: "55 23 * * *" ## cron expression for it to run
image: jaegertracing/jaeger-es-index-cleaner ## image of the job
secretName: jaeger-secret
options:
es:
server-urls: http://elasticsearch:9200
```
The pictures are as follows, include Elasticsearch and Grafana tracing data:
![jaeger-storage-es](/images/jaeger_storage_elasticsearch.png)
![grafana](/images/jaeger_grafana.png)
Now, use the above YAML file to install Jaeger
```bash
# Install Jaeger
helm repo add jaegertracing https://jaegertracing.github.io/helm-charts
helm install jaeger-operator jaegertracing/jaeger-operator
kubectl apply -f jaeger-operator.yaml
# Wait for Jaeger to be up and running
kubectl wait deploy --selector app.kubernetes.io/name=jaeger --for=condition=available
```
Next, create the following YAML file locally:
* **tracing.yaml**
```yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: tracing
namespace: default
spec:
tracing:
samplingRate: "1"
zipkin:
endpointAddress: "http://jaeger-collector.default.svc.cluster.local:9411/api/v2/spans"
```
Finally, deploy the the Dapr component and configuration files:
```bash
kubectl apply -f tracing.yaml
```
In order to enable this configuration for your Dapr sidecar, add the following annotation to your pod spec template:
```yml
annotations:
dapr.io/config: "tracing"
```
That's it! Your Dapr sidecar is now configured for use with Jaeger.
### Viewing Tracing Data
To view traces, connect to the Jaeger Service and open the UI:
```bash
kubectl port-forward svc/jaeger-query 16686
```
In your browser, go to `http://localhost:16686` and you will see the Jaeger UI.
![jaeger](/images/jaeger_ui.png)
## References
- [Jaeger Getting Started](https://www.jaegertracing.io/docs/1.21/getting-started/#all-in-one)

142
daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector-jaeger.md Normal file
View File

@ -0,0 +1,142 @@
---
type: docs
title: "Using OpenTelemetry Collector to collect traces to send to Jaeger"
linkTitle: "Using the OpenTelemetry for Jaeger"
weight: 1200
description: "How to push trace events to Jaeger distributed tracing platform, using the OpenTelemetry Collector."
type: docs
---
While Dapr supports writing traces using OpenTelemetry (OTLP) and Zipkin protocols, Zipkin support for Jaeger has been deprecated in favor of OTLP. Although Jaeger supports OTLP directly, the recommended approach for production is to use the OpenTelemetry Collector to collect traces from Dapr and send them to Jaeger, allowing your application to quickly offload data and take advantage of features like retries, batching, and encryption. For more information, read the Open Telemetry Collector [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector).
{{< tabs Self-hosted Kubernetes >}}
{{% codetab %}}
<!-- self-hosted -->
## Configure Jaeger in self-hosted mode
### Local setup
The simplest way to start Jaeger is to run the pre-built, all-in-one Jaeger image published to DockerHub and expose the OTLP port:
```bash
docker run -d --name jaeger \
-p 4317:4317 \
-p 16686:16686 \
jaegertracing/all-in-one:1.49
```
Next, create the following `config.yaml` file locally:
> **Note:** Because you are using the Open Telemetry protocol to talk to Jaeger, you need to fill out the `otel` section of the tracing configuration and set the `endpointAddress` to the address of the Jaeger container.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: tracing
namespace: default
spec:
tracing:
samplingRate: "1"
stdout: true
otel:
endpointAddress: "localhost:4317"
isSecure: false
protocol: grpc
```
To launch the application referring to the new YAML configuration file, use
the `--config` option. For example:
```bash
dapr run --app-id myapp --app-port 3000 node app.js --config config.yaml
```
### View traces
To view traces in your browser, go to `http://localhost:16686` to see the Jaeger UI.
{{% /codetab %}}
{{% codetab %}}
<!-- kubernetes -->
## Configure Jaeger on Kubernetes with the OpenTelemetry Collector
The following steps show you how to configure Dapr to send distributed tracing data to the OpenTelemetry Collector which, in turn, sends the traces to Jaeger.
### Prerequisites
- [Install Dapr on Kubernetes]({{< ref kubernetes >}})
- [Set up Jaeger](https://www.jaegertracing.io/docs/1.49/operator/) using the Jaeger Kubernetes Operator
### Set up OpenTelemetry Collector to push to Jaeger
To push traces to your Jaeger instance, install the OpenTelemetry Collector on your Kubernetes cluster.
1. Download and inspect the [`open-telemetry-collector-jaeger.yaml`](/docs/open-telemetry-collector/open-telemetry-collector-jaeger.yaml) file.
1. In the data section of the `otel-collector-conf` ConfigMap, update the `otlp/jaeger.endpoint` value to reflect the endpoint of your Jaeger collector Kubernetes service object.
1. Deploy the OpenTelemetry Collector into the same namespace where your Dapr-enabled applications are running:
```sh
kubectl apply -f open-telemetry-collector-jaeger.yaml
```
### Set up Dapr to send traces to OpenTelemetryCollector
Create a Dapr configuration file to enable tracing and export the sidecar traces to the OpenTelemetry Collector.
1. Use the [`collector-config-otel.yaml`](/docs/open-telemetry-collector/collector-config-otel.yaml) file to create your own Dapr configuration.
1. Update the `namespace` and `otel.endpointAddress` values to align with the namespace where your Dapr-enabled applications and OpenTelemetry Collector are deployed.
1. Apply the configuration with:
```sh
kubectl apply -f collector-config.yaml
```
### Deploy your app with tracing enabled
Apply the `tracing` Dapr configuration by adding a `dapr.io/config` annotation to the application deployment that you want to enable distributed tracing for, as shown in the following example:
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
...
spec:
...
template:
metadata:
...
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: "MyApp"
dapr.io/app-port: "8080"
dapr.io/config: "tracing"
```
You can register multiple tracing exporters at the same time, and the tracing logs are forwarded to all registered exporters.
Thats it! Theres no need to include the OpenTelemetry SDK or instrument your application code. Dapr automatically handles the distributed tracing for you.
### View traces
To view Dapr sidecar traces, port-forward the Jaeger Service and open the UI:
```bash
kubectl port-forward svc/jaeger-query 16686 -n observability
```
In your browser, go to `http://localhost:16686` and you will see the Jaeger UI.
![jaeger](/images/jaeger_ui.png)
{{% /codetab %}}
{{< /tabs >}}
## References
- [Jaeger Getting Started](https://www.jaegertracing.io/docs/1.49/getting-started/)
- [Jaeger Kubernetes Operator](https://www.jaegertracing.io/docs/1.49/operator/)
- [OpenTelemetry Collector Exporters](https://opentelemetry.io/docs/collector/configuration/#exporters)

4
daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector.md
View File

@ -6,9 +6,9 @@ weight: 900
description: "How to use Dapr to push trace events through the OpenTelemetry Collector."
---
Dapr directly writes traces using the OpenTelemetry (OTEL) protocol as the **recommended** method. For observability tools that support OTEL protocol, it is recommended to use the OpenTelemetry Collector, as it allows your application to quickly offload data and includes features, such as retries, batching, and encryption. For more information, read the Open Telemetry [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector).
Dapr directly writes traces using the OpenTelemetry (OTLP) protocol as the **recommended** method. For observability tools that support the OTLP directly, it is recommended to use the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector), as it allows your application to quickly offload data and includes features, such as retries, batching, and encryption. For more information, read the Open Telemetry Collector [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector).
Dapr can also write traces using the Zipkin protocol. Previous to supporting the OTEL protocol, you use the Zipkin protocol with the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector) to send traces to observability tools such as AWS X-Ray, Google Cloud Operations Suite, and Azure Monitor. Both protocol approaches are valid, however OTEL is the recommended choice.
Dapr can also write traces using the Zipkin protocol. Prior to supporting the OTLP protocol, the Zipkin protocol was used with the OpenTelemetry Collector to send traces to observability tools such as AWS X-Ray, Google Cloud Operations Suite, and Azure Monitor. Both protocol approaches are valid, however the OpenTelemetry protocol is the recommended choice.
![Using OpenTelemetry Collect to integrate with many backend](/images/open-telemetry-collector.png)

2
daprdocs/content/en/operations/observability/tracing/setup-tracing.md
View File

@ -75,6 +75,6 @@ turns on tracing for the sidecar.
Learn how to set up tracing with one of the following tools:
- [OTEL Collector]({{< ref otel-collector >}})
- [New Relic]({{< ref newrelic.md >}})
- [Jaeger]({{< ref jaeger.md >}})
- [Jaeger]({{< ref open-telemetry-collector-jaeger.md >}})
- [Zipkin]({{< ref zipkin.md >}})
- [Datadog]({{< ref datadog.md >}})

2
daprdocs/content/en/operations/performance-and-scalability/perf-service-invocation.md
View File

@ -54,7 +54,7 @@ The baseline test included direct, non-encrypted traffic, without telemetry, dir
### Control plane performance
The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system compoment.
The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system component.
When running in a highly available production setup, the Dapr control plane consumes ~0.02 vCPU and 185 Mb.
| Component | vCPU | Memory

2
daprdocs/content/en/operations/security/api-token.md
View File

@ -60,7 +60,7 @@ To rotate the configured token in self-hosted, update the `DAPR_API_TOKEN` envir
### Kubernetes
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
```yaml
apiVersion: v1

2
daprdocs/content/en/operations/security/app-api-token.md
View File

@ -61,7 +61,7 @@ To rotate the configured token in self-hosted, update the `APP_API_TOKEN` enviro
### Kubernetes
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
```yaml
apiVersion: v1

2
daprdocs/content/en/operations/security/mtls.md
View File

@ -486,7 +486,7 @@ By default, system services will look for the credentials in `/var/run/dapr/cred
*Note: If you signed the cert root with a different private key, restart the Dapr instances.*
## Community call video on certificate rotation
Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certicates are expiring.
Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certificates are expiring.
<div class="embed-responsive embed-responsive-16by9">
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/Hkcx9kBDrAc?start=1400"></iframe>

4
daprdocs/content/en/operations/security/oauth.md
View File

@ -16,7 +16,7 @@ The main difference between the two flows is that the `Authorization Code Grant
Different authorization servers provide different application registration experiences. Here are some samples:
<!-- IGNORE_LINKS -->
* [Azure AAD](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code)
* [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code)
* [Facebook](https://developers.facebook.com/apps)
* [Fitbit](https://dev.fitbit.com/build/reference/web-api/oauth2/)
* [GitHub](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/)
@ -37,7 +37,7 @@ Authorization/Token URLs of some of the popular authorization servers:
<!-- IGNORE_LINKS -->
| Server | Authorization URL | Token URL |
|---------|-------------------|-----------|
|Azure AAD|<https://login.microsoftonline.com/{tenant}/oauth2/authorize>|<https://login.microsoftonline.com/{tenant}/oauth2/token>|
|Microsoft Entra ID|<https://login.microsoftonline.com/{tenant}/oauth2/authorize>|<https://login.microsoftonline.com/{tenant}/oauth2/token>|
|GitHub|<https://github.com/login/oauth/authorize>|<https://github.com/login/oauth/access_token>|
|Google|<https://accounts.google.com/o/oauth2/v2/auth>|<https://accounts.google.com/o/oauth2/token> <https://www.googleapis.com/oauth2/v4/token>|
|Twitter|<https://api.twitter.com/oauth/authorize>|<https://api.twitter.com/oauth2/token>|

24
daprdocs/content/en/operations/support/support-release-policy.md
View File

@ -45,11 +45,17 @@ The table below shows the versions of Dapr releases that have been tested togeth
| Release date | Runtime | CLI | SDKs | Dashboard | Status | Release notes |
|--------------------|:--------:|:--------|---------|---------|---------|------------|
| October 11th 2023 | 1.12.0</br> | 1.12.0 | Java 1.10.0 </br>Go 1.9.0 </br>PHP 1.1.0 </br>Python 1.11.0 </br>.NET 1.12.0 </br>JS 3.1.2 | 0.13.0 | Supported (current) | [v1.12.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.0) |
| November 18th 2023 | 1.12.2</br> | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported (current) | [v1.12.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.2) |
| November 16th 2023 | 1.12.1</br> | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported | [v1.12.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.1) |
| October 11th 2023 | 1.12.0</br> | 1.12.0 | Java 1.10.0 </br>Go 1.9.0 </br>PHP 1.1.0 </br>Python 1.11.0 </br>.NET 1.12.0 </br>JS 3.1.2 | 0.14.0 | Supported | [v1.12.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.0) |
| November 18th 2023 | 1.11.6</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.6 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.6) |
| November 3rd 2023 | 1.11.5</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.5 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.5) |
| October 5th 2023 | 1.11.4</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.4 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.4) |
| August 31st 2023 | 1.11.3</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.3 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.3) |
| July 20th 2023 | 1.11.2</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.2) |
| June 22nd 2023 | 1.11.1</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.1) |
| June 12th 2023 | 1.11.0</br> | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported | [v1.11.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.0) |
| November 18th 2023 | 1.10.10</br> | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported | [v1.10.10 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.10) |
| July 20th 2023 | 1.10.9</br> | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported | [v1.10.9 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.9) |
| June 22nd 2023 | 1.10.8</br> | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported | [v1.10.8 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.8) |
| May 15th 2023 | 1.10.7</br> | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported | |
@ -60,12 +66,12 @@ The table below shows the versions of Dapr releases that have been tested togeth
| February 24 2023 | 1.10.2</br> | 1.10.0 | Java 1.8.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 2.5.0 | 0.11.0 | Supported | |
| February 20 2023 | 1.10.1</br> | 1.10.0 | Java 1.8.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 2.5.0 | 0.11.0 | Supported | |
| February 14 2023 | 1.10.0</br> | 1.10.0 | Java 1.8.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 2.5.0 | 0.11.0 | Supported| |
| December 2nd 2022 | 1.9.5</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| November 17th 2022 | 1.9.4</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| November 4th 2022 | 1.9.3</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| November 1st 2022 | 1.9.2</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.1 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| October 26th 2022 | 1.9.1</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.1 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| October 13th 2022 | 1.9.0</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Supported | |
| December 2nd 2022 | 1.9.5</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| November 17th 2022 | 1.9.4</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| November 4th 2022 | 1.9.3</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| November 1st 2022 | 1.9.2</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.1 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| October 26th 2022 | 1.9.1</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.1 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| October 13th 2022 | 1.9.0</br> | 1.9.1 | Java 1.7.0 </br>Go 1.6.0 </br>PHP 1.1.0 </br>Python 1.8.3 </br>.NET 1.9.0 </br>JS 2.4.2 | 0.11.0 | Unsupported | |
| October 26th 2022 | 1.8.6</br> | 1.8.1 | Java 1.6.0 </br>Go 1.5.0 </br>PHP 1.1.0 </br>Python 1.7.0 </br>.NET 1.8.0 </br>JS 2.3.0 | 0.11.0 | Unsupported | |
| October 13th 2022 | 1.8.5</br> | 1.8.1 | Java 1.6.0 </br>Go 1.5.0 </br>PHP 1.1.0 </br>Python 1.7.0 </br>.NET 1.8.0 </br>JS 2.3.0 | 0.11.0 | Unsupported | |
| August 10th 2022 | 1.8.4</br> | 1.8.1 | Java 1.6.0 </br>Go 1.5.0 </br>PHP 1.1.0 </br>Python 1.7.0 </br>.NET 1.8.0 </br>JS 2.3.0 | 0.11.0 | Unsupported | |
@ -121,9 +127,9 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h
Dapr can support multiple hosting platforms for production. With the 1.0 release the two supported platforms are Kubernetes and physical machines. For Kubernetes upgrades see [Production guidelines on Kubernetes]({{< ref kubernetes-production.md >}})
### Supported versions of dependencies
### Supported versions of dependencies
Below is a list of software that the latest version of Dapr (v{{% dapr-latest-version long="true" %}}) has been tested against.
Below is a list of software that the latest version of Dapr (v{{% dapr-latest-version long="true" %}}) has been tested against.
| Dependency | Supported Version |
|-----------------------|----------------------------------------------------------------------------------------------------------------------------------|

2
daprdocs/content/en/operations/support/support-security-issues.md
View File

@ -12,4 +12,4 @@ The Dapr organization and team makes security a central focus of how we operate
To report a security issue, please privately email the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE)
The Dapr maintainers will triage and respond ASAP and then patch and send an annoucement within 30 days.
The Dapr maintainers will triage and respond ASAP and then patch and send an announcement within 30 days.

6
daprdocs/content/en/reference/api/configuration_api.md
View File

@ -65,7 +65,11 @@ curl -X GET 'http://localhost:3500/v1.0/configuration/mystore?key=myConfigKey'
> The above command returns the following JSON:
```json
[{"key":"myConfigKey","value":"myConfigValue"}]
{
"myConfigKey": {
"value":"myConfigValue"
}
}
```
## Subscribe Configuration

2
daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md
View File

@ -24,7 +24,7 @@ dapr mtls renew-certificate [flags]
| Name | Environment Variable | Default | Description |
| -------------- | -------------------- | ----------------- | ------------------------------------------- |
| `--help`, `-h` | | | help for renew-certificate
| `--kubernetes`, `-k` | | `false` | supprted platform| |
| `--kubernetes`, `-k` | | `false` | supported platform| |
| `--valid-until` | | 365 days | Validity for newly created certificates |
| `--restart` | | false | Restarts Dapr control plane services (Sentry service, Operator service and Placement server) |
| `--timeout` | | 300 sec | The timeout for the certificate renewal process |

2
daprdocs/content/en/reference/cli/dapr-stop.md
View File

@ -25,7 +25,7 @@ dapr stop [flags]
| -------------------- | -------------------- | ------- | -------------------------------- |
| `--app-id`, `-a` | `APP_ID` | | The application id to be stopped |
| `--help`, `-h` | | | Print this help message |
| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only availale in Linux/MacOS |
| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only available in Linux/MacOS |
### Examples

5
daprdocs/content/en/reference/components-reference/supported-bindings/alicloudoss.md
View File

@ -28,8 +28,6 @@ spec:
value: "[access-key]"
- name: bucket
value: "[bucket]"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -44,13 +42,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `accessKeyID` | Y | Output | Access key ID credential. |
| `accessKey` | Y | Output | Access key credential. |
| `bucket` | Y | Output | Name of the storage bucket. |
| `direction` | N | Output | Direction of the binding. | `"output"`
## Binding support
This component supports **output binding** with the following operations:
- `create`: [Create object](#create-object)
- `create`: [Create object](#create-object)
### Create object

5
daprdocs/content/en/reference/components-reference/supported-bindings/alicloudsls.md
View File

@ -26,8 +26,6 @@ spec:
value: "[accessKey-secret]"
- name: Endpoint
value: "[endpoint]"
- name: direction
value: "output"
```
## Spec metadata fields
@ -37,13 +35,12 @@ spec:
| `AccessKeyID` | Y | Output | Access key ID credential. |
| `AccessKeySecret` | Y | Output | Access key credential secret |
| `Endpoint` | Y | Output | Alicloud SLS endpoint. |
| `direction` | N | Output | Direction of the binding. | `"output"`
## Binding support
This component supports **output binding** with the following operations:
- `create`: [Create object](#create-object)
- `create`: [Create object](#create-object)
### Request format

5
daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md
View File

@ -32,8 +32,6 @@ spec:
value: "[table]"
- name: endpoint
value: "[endpoint]"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -49,13 +47,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `accessKey` | Y | Output | Access key credential. |
| `instanceName` | Y | Output | Name of the instance. |
| `tableName` | Y | Output | Name of the table. |
| `direction` | N | Output | Direction of the binding. | `"output"`
## Binding support
This component supports **output binding** with the following operations:
- `create`: [Create object](#create-object)
- `create`: [Create object](#create-object)
### Create object

7
daprdocs/content/en/reference/components-reference/supported-bindings/apns.md
View File

@ -30,8 +30,6 @@ spec:
secretKeyRef:
name: <SECRET>
key: "<SECRET-KEY-NAME>"
- name: direction
value: "output"
```
## Spec metadata fields
@ -41,14 +39,15 @@ spec:
| `key-id` | Y | Output | The identifier for the private key from the Apple Developer Portal | `"private-key-id`" |
| `team-id` | Y | Output | The identifier for the organization or author from the Apple Developer Portal | `"team-id"` |
| `private-key` | Y | Output| Is a PKCS #8-formatted private key. It is intended that the private key is stored in the secret store and not exposed directly in the configuration. See [here](#private-key) for more details | `"pem file"` |
| `direction` | N | Output| The direction of the binding. | `"output"` |
### Private key
The APNS binding needs a cryptographic private key in order to generate authentication tokens for the APNS service.
The private key can be generated from the Apple Developer Portal and is provided as a PKCS #8 file with the private key stored in PEM format.
The private key should be stored in the Dapr secret store and not stored directly in the binding's configuration file.
A sample configuration file for the APNS binding is shown below:
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -68,7 +67,9 @@ spec:
name: apns-secrets
key: private-key
```
If using Kubernetes, a sample secret configuration may look like this:
```yaml
apiVersion: v1
kind: Secret

9
daprdocs/content/en/reference/components-reference/supported-bindings/blobstorage.md
View File

@ -33,8 +33,6 @@ spec:
# value: <integer>
# - name: publicAccessLevel
# value: <publicAccessLevel>
# - name: direction
# value: "output"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
@ -45,17 +43,16 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|--------|---------|---------|
| `accountName` | Y | Input/Output | The name of the Azure Storage account | `"myexmapleaccount"` |
| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Azure AD authentication. | `"access-key"` |
| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Microsoft Entra ID authentication. | `"access-key"` |
| `containerName` | Y | Output | The name of the Blob Storage container to write to | `myexamplecontainer` |
| `endpoint` | N | Input/Output | Optional custom endpoint URL. This is useful when using the [Azurite emulator](https://github.com/Azure/azurite) or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (`http://` or `https://`), the IP or FQDN, and optional port. | `"http://127.0.0.1:10000"`
| `decodeBase64` | N | Output | Configuration to decode base64 file content before saving to Blob Storage. (In case of saving a file with binary content). Defaults to `false` | `true`, `false` |
| `getBlobRetryCount` | N | Output | Specifies the maximum number of HTTP GET requests that will be made while reading from a RetryReader Defaults to `10` | `1`, `2`
| `publicAccessLevel` | N | Output | Specifies whether data in the container may be accessed publicly and the level of access (only used if the container is created by Dapr). Defaults to `none` | `blob`, `container`, `none`
| `direction` | N | Output | The direction of the binding. | `"output"`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Blob Storage binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Blob Storage binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
## Binding support

4
daprdocs/content/en/reference/components-reference/supported-bindings/cloudflare-queues.md
View File

@ -46,9 +46,6 @@ spec:
# URL of the Worker (required if the Worker has been pre-created outside of Dapr)
- name: workerUrl
value: ""
# Direction of the binding
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -64,7 +61,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `cfAccountID` | Y/N | Output | Cloudflare account ID. Required to have Dapr manage the worker. | `"456789abcdef8b5588f3d134f74ac"def`
| `cfAPIToken` | Y/N | Output | API token for Cloudflare. Required to have Dapr manage the Worker. | `"secret-key"`
| `workerUrl` | Y/N | Output | URL of the Worker. Required if the Worker has been pre-provisioned outside of Dapr. | `"https://mydaprqueue.mydomain.workers.dev"`
| `direction` | N | Output | Direction of the binding. | `"output"`
> When you configure Dapr to create your Worker for you, you may need to set a longer value for the `initTimeout` property of the component, to allow enough time for the Worker script to be deployed. For example: `initTimeout: "120s"`

7
daprdocs/content/en/reference/components-reference/supported-bindings/commercetools.md
View File

@ -11,8 +11,6 @@ aliases:
To setup commercetools GraphQL binding create a component of type `bindings.commercetools`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -34,9 +32,8 @@ spec:
value: "*****************"
- name: scopes # required.
value: "<project-scopes>"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
{{% /alert %}}
@ -51,7 +48,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `clientID` | Y | Output | The commercetools client ID for the project | |
| `clientSecret` | Y | Output | The commercetools client secret for the project | |
| `scopes` | Y | Output | The commercetools scopes for the project | `"manage_project:project-key"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
For more information see [commercetools - Creating an API Client](https://docs.commercetools.com/getting-started/create-api-client#create-an-api-client) and [commercetools - Regions](https://docs.commercetools.com/api/general-concepts#regions).
@ -61,7 +57,6 @@ This component supports **output binding** with the following operations:
- `create`
## Related links
- [Basic schema for a Dapr component]({{< ref component-schema >}})

8
daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdb.md
View File

@ -11,7 +11,6 @@ aliases:
To setup Azure Cosmos DB binding create a component of type `bindings.azure.cosmosdb`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -31,8 +30,6 @@ spec:
value: "Orders"
- name: partitionKey
value: "<message>"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -48,13 +45,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `database` | Y | Output | The name of the Cosmos DB database | `"OrderDb"` |
| `collection` | Y | Output | The name of the container inside the database. | `"Orders"` |
| `partitionKey` | Y | Output | The name of the key to extract from the payload (document to be created) that is used as the partition key. This name must match the partition key specified upon creation of the Cosmos DB container. | `"OrderId"`, `"message"` |
| `direction` | N | Output | The direction of the binding. | `"output"` |
For more information see [Azure Cosmos DB resource model](https://docs.microsoft.com/azure/cosmos-db/account-databases-containers-items).
### Azure Active Directory (Azure AD) authentication
### Microsoft Entra ID authentication
The Azure Cosmos DB binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Cosmos DB binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad).

4
daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdbgremlinapi.md
View File

@ -9,7 +9,6 @@ description: "Detailed documentation on the Azure Cosmos DB (Gremlin API) bindin
To setup an Azure Cosmos DB (Gremlin API) binding create a component of type `bindings.azure.cosmosdb.gremlinapi`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -25,8 +24,6 @@ spec:
value: "*****"
- name: username
value: "*****"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -40,7 +37,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `url` | Y | Output | The Cosmos DB url for Gremlin APIs | `"wss://******.gremlin.cosmos.azure.com:443/"` |
| `masterKey` | Y | Output | The Cosmos DB account master key | `"masterKey"` |
| `username` | Y | Output | The username of the Cosmos DB database | `"/dbs/<database_name>/colls/<graph_name>"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
For more information see [Quickstart: Azure Cosmos Graph DB using Gremlin](https://docs.microsoft.com/azure/cosmos-db/graph/create-graph-console).

3
daprdocs/content/en/reference/components-reference/supported-bindings/dynamodb.md
View File

@ -32,8 +32,6 @@ spec:
value: "*****************"
- name: sessionToken
value: "*****************"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -49,7 +47,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `accessKey` | Y | Output | The AWS Access Key to access this resource | `"key"` |
| `secretKey` | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` |
| `sessionToken` | N | Output | The AWS session token to use | `"sessionToken"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
{{% alert title="Important" color="warning" %}}
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.

8
daprdocs/content/en/reference/components-reference/supported-bindings/eventgrid.md
View File

@ -90,9 +90,9 @@ This component supports **output binding** with the following operations:
- `create`: publishes a message on the Event Grid topic
## Azure AD credentials
## Microsoft Entra ID credentials
The Azure Event Grid binding requires an Azure AD application and service principal for two reasons:
The Azure Event Grid binding requires an Microsoft Entra ID application and service principal for two reasons:
- Creating an [event subscription](https://docs.microsoft.com/azure/event-grid/concepts#event-subscriptions) when Dapr is started (and updating it if the Dapr configuration changes)
- Authenticating messages delivered by Event Hubs to your application.
@ -106,7 +106,7 @@ Requirements:
- [Microsoft.Graph module for PowerShell](https://learn.microsoft.com/powershell/microsoftgraph/installation) for PowerShell installed:
`Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force`
For the first purpose, you will need to [create an Azure Service Principal](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). After creating it, take note of the Azure AD application's **clientID** (a UUID), and run the following script with the Azure CLI:
For the first purpose, you will need to [create an Azure Service Principal](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). After creating it, take note of the Microsoft Entra ID application's **clientID** (a UUID), and run the following script with the Azure CLI:
```bash
# Set the client ID of the app you created
@ -140,7 +140,7 @@ Connect-MgGraph -Scopes "Application.Read.All","Application.ReadWrite.All"
./setup-eventgrid-sp.ps1 $clientId
```
> Note: if your directory does not have a Service Principal for the application "Microsoft.EventGrid", you may need to run the command `Connect-MgGraph` and sign in as an admin for the Azure AD tenant (this is related to permissions on the Azure AD directory, and not the Azure subscription). Otherwise, please ask your tenant's admin to sign in and run this PowerShell command: `New-MgServicePrincipal -AppId "4962773b-9cdb-44cf-a8bf-237846a00ab7"` (the UUID is a constant)
> Note: if your directory does not have a Service Principal for the application "Microsoft.EventGrid", you may need to run the command `Connect-MgGraph` and sign in as an admin for the Microsoft Entra ID tenant (this is related to permissions on the Microsoft Entra ID directory, and not the Azure subscription). Otherwise, please ask your tenant's admin to sign in and run this PowerShell command: `New-MgServicePrincipal -AppId "4962773b-9cdb-44cf-a8bf-237846a00ab7"` (the UUID is a constant)
### Testing locally

16
daprdocs/content/en/reference/components-reference/supported-bindings/eventhubs.md
View File

@ -28,10 +28,10 @@ spec:
- name: consumerGroup
value: "myapp"
# Either connectionString or eventHubNamespace is required
# Use connectionString when *not* using Azure AD
# Use connectionString when *not* using Microsoft Entra ID
- name: connectionString
value: "Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"
# Use eventHubNamespace when using Azure AD
# Use eventHubNamespace when using Microsoft Entra ID
- name: eventHubNamespace
value: "namespace"
- name: enableEntityManagement
@ -68,9 +68,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|------------|-----|---------|
| `eventHub` | Y* | Input/Output | The name of the Event Hubs hub ("topic"). Required if using Azure AD authentication or if the connection string doesn't contain an `EntityPath` value | `mytopic` |
| `connectionString` | Y* | Input/Output | Connection string for the Event Hub or the Event Hub namespace.<br>* Mutally exclusive with `eventHubNamespace` field.<br>* Required when not using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"`
| `eventHubNamespace` | Y* | Input/Output | The Event Hub Namespace name.<br>* Mutally exclusive with `connectionString` field.<br>* Required when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"`
| `eventHub` | Y* | Input/Output | The name of the Event Hubs hub ("topic"). Required if using Microsoft Entra ID authentication or if the connection string doesn't contain an `EntityPath` value | `mytopic` |
| `connectionString` | Y* | Input/Output | Connection string for the Event Hub or the Event Hub namespace.<br>* Mutally exclusive with `eventHubNamespace` field.<br>* Required when not using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"`
| `eventHubNamespace` | Y* | Input/Output | The Event Hub Namespace name.<br>* Mutally exclusive with `connectionString` field.<br>* Required when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"`
| `enableEntityManagement` | N | Input/Output | Boolean value to allow management of the EventHub namespace and storage account. Default: `false` | `"true", "false"`
| `resourceGroupName` | N | Input/Output | Name of the resource group the Event Hub namespace is part of. Required when entity management is enabled | `"test-rg"`
| `subscriptionID` | N | Input/Output | Azure subscription ID value. Required when entity management is enabled | `"azure subscription id"`
@ -78,14 +78,14 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `messageRetentionInDays` | N | Input/Output | Number of days to retain messages for in the newly created Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"90"`
| `consumerGroup` | Y | Input | The name of the [Event Hubs Consumer Group](https://docs.microsoft.com/azure/event-hubs/event-hubs-features#consumer-groups) to listen on | `"group1"` |
| `storageAccountName` | Y | Input | Storage account name to use for the checkpoint store. |`"myeventhubstorage"`
| `storageAccountKey` | Y* | Input | Storage account key for the checkpoint store account.<br>* When using Azure AD, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"`
| `storageAccountKey` | Y* | Input | Storage account key for the checkpoint store account.<br>* When using Microsoft Entra ID, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"`
| `storageConnectionString` | Y* | Input | Connection string for the checkpoint store, alternative to specifying `storageAccountKey` | `"DefaultEndpointsProtocol=https;AccountName=myeventhubstorage;AccountKey=<account-key>"`
| `storageContainerName` | Y | Input | Storage container name for the storage account name. | `"myeventhubstoragecontainer"`
| `direction` | N | Input/Output | The direction of the binding. | `"input"`, `"output"`, `"input, output"`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Event Hubs pub/sub component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Event Hubs pub/sub component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md
View File

@ -47,8 +47,6 @@ spec:
value: "<bool>"
- name: encodeBase64
value: "<bool>"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -72,7 +70,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `client_x509_cert_url` | Y | Output | GCP credentials project x509 cert url | `https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com`
| `decodeBase64` | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` |
| `encodeBase64` | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` |
| `direction` | N | Output | The direction of the binding. | `"output"`
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/graghql.md
View File

@ -27,8 +27,6 @@ spec:
value: "adminkey"
- name: header:Cache-Control
value: "no-cache"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -42,7 +40,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `endpoint` | Y | Output | GraphQL endpoint string See [here](#url-format) for more details | `"http://localhost:4000/graphql/graphql"` |
| `header:[HEADERKEY]` | N | Output | GraphQL header. Specify the header key in the `name`, and the header value in the `value`. | `"no-cache"` (see above) |
| `variable:[VARIABLEKEY]` | N | Output | GraphQL query variable. Specify the variable name in the `name`, and the variable value in the `value`. | `"123"` (see below) |
| `direction` | N | Output | The direction of the binding | `"output"` |
### Endpoint and Header format

3
daprdocs/content/en/reference/components-reference/supported-bindings/http.md
View File

@ -40,8 +40,6 @@ spec:
# key: "mytoken"
#- name: securityTokenHeader
# value: "Authorization: Bearer" # OPTIONAL <header name for the security token>
#- name: direction
# value: "output"
```
## Spec metadata fields
@ -56,7 +54,6 @@ spec:
| `MTLSRenegotiation` | N | Output | Type of mTLS renegotiation to be used | `RenegotiateOnceAsClient`
| `securityToken` | N | Output | The value of a token to be added to a HTTP request as a header. Used together with `securityTokenHeader` |
| `securityTokenHeader` | N | Output | The name of the header for `securityToken` on a HTTP request |
| `direction` | N | Output |The direction of the binding | `"output"`
### How to configure mTLS-related fields in metadata

3
daprdocs/content/en/reference/components-reference/supported-bindings/huawei-obs.md
View File

@ -30,8 +30,6 @@ spec:
# optional fields
- name: region
value: "<your-bucket-region>"
- name: direction
value: "<your-binding-direction>"
```
{{% alert title="Warning" color="warning" %}}
@ -47,7 +45,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `accessKey` | Y | Output | The Huawei Access Key (AK) to access this resource | `"************"` |
| `secretKey` | Y | Output | The Huawei Secret Key (SK) to access this resource | `"************"` |
| `region` | N | Output | The specific Huawei region of the bucket | `"cn-north-4"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/influxdb.md
View File

@ -29,8 +29,6 @@ spec:
value: "<ORG>"
- name: bucket # Required
value: "<BUCKET>"
- name: direction
value: "<DIRECTION>"
```
{{% alert title="Warning" color="warning" %}}
@ -45,7 +43,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `token` | Y | Output | The authorization token for InfluxDB | `"mytoken"` |
| `org` | Y | Output | The InfluxDB organization | `"myorg"` |
| `bucket` | Y | Output | Bucket name to write to | `"mybucket"` |
| `direction` | N | Output | Direction of the binding | `"output"` |
## Binding support

2
daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md
View File

@ -46,7 +46,7 @@ spec:
- name: maxMessageBytes # Optional.
value: "1024"
- name: version # Optional.
value: "1.0.0"
value: "2.0.0"
- name: direction
value: "input, output"
```

5
daprdocs/content/en/reference/components-reference/supported-bindings/kitex.md
View File

@ -34,13 +34,12 @@ spec:
value: "echo"
- name: version
value: "0.5.0"
- name: direction
value: "output"
```
## Spec metadata fields
The `InvokeRequest.Metadata` for `bindings.kitex` requires the client to fill in four required items when making a call:
- `hostPorts`
- `destService`
- `methodName`
@ -52,8 +51,6 @@ The `InvokeRequest.Metadata` for `bindings.kitex` requires the client to fill in
| `destService` | Y | Output | Service name of the Kitex server (Thrift) | `"echo"` |
| `methodName` | Y | Output | Method name under a specific service name of the Kitex server (Thrift) | `"echo"` |
| `version` | Y | Output | Kitex version | `"0.5.0"` |
| `direction` | N | Output | Direction of the binding | `"output"` |
## Binding support

4
daprdocs/content/en/reference/components-reference/supported-bindings/kubemq.md
View File

@ -51,7 +51,7 @@ This component supports both **input and output** binding interfaces.
{{< tabs "Self-Hosted" "Kubernetes">}}
{{% codetab %}}
1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key.
1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key).
2. Wait for an email confirmation with your Key
You can run a KubeMQ broker with Docker:
@ -64,7 +64,7 @@ You can then interact with the server using the client port: `localhost:50000`
{{% /codetab %}}
{{% codetab %}}
1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key.
1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key).
2. Wait for an email confirmation with your Key
Then Run the following kubectl commands:

6
daprdocs/content/en/reference/components-reference/supported-bindings/localstorage.md
View File

@ -23,16 +23,13 @@ spec:
metadata:
- name: rootPath
value: "<string>"
- name: direction
value: "<direction>"
```
## Spec metadata fields
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|--------|---------|---------|
| `rootPath` | Y | Input / Output | The root path anchor to which files can be read / saved | `"/temp/files"` |
| `direction` | N | Input / Output | The direction of the binding | `"output"` |
| `rootPath` | Y | Output | The root path anchor to which files can be read / saved | `"/temp/files"` |
## Binding support
@ -265,6 +262,5 @@ By default the Local Storage output binding auto generates a UUID as the file na
- [Basic schema for a Dapr component]({{< ref component-schema >}})
- [Bindings building block]({{< ref bindings >}})
- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}})
- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}})
- [Bindings API reference]({{< ref bindings_api.md >}})

6
daprdocs/content/en/reference/components-reference/supported-bindings/mysql.md
View File

@ -36,8 +36,6 @@ spec:
value: "<CONNECTION_MAX_LIFE_TIME>"
- name: connMaxIdleTime
value: "<CONNECTION_MAX_IDLE_TIME>"
- name: direction
value: "<DIRECTION_OF_BINDING>"
```
{{% alert title="Warning" color="warning" %}}
@ -54,8 +52,7 @@ Note that you can not use secret just for username/password. If you use secret,
| `maxIdleConns` | N | Output | The max idle connections. Integer greater than 0 | `"10"` |
| `maxOpenConns` | N | Output | The max open connections. Integer greater than 0 | `"10"` |
| `connMaxLifetime` | N | Output | The max connection lifetime. Duration string | `"12s"` |
| `connMaxIdleTime` | N | Output | The max connection idel time. Duration string | `"12s"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
| `connMaxIdleTime` | N | Output | The max connection idle time. Duration string | `"12s"` |
### SSL connection
@ -192,6 +189,5 @@ The `close` operation can be used to explicitly close the DB connection and retu
- [Basic schema for a Dapr component]({{< ref component-schema >}})
- [Bindings building block]({{< ref bindings >}})
- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}})
- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}})
- [Bindings API reference]({{< ref bindings_api.md >}})

6
daprdocs/content/en/reference/components-reference/supported-bindings/openai.md
View File

@ -36,14 +36,14 @@ The above example uses `apiKey` as a plain string. It is recommended to use a s
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|--------|---------|---------|
| `endpoint` | Y | Output | Azure OpenAI service endpoint URL. | `"https://myopenai.openai.azure.com"` |
| `apiKey` | Y* | Output | The access key of the Azure OpenAI service. Only required when not using Azure AD authentication. | `"1234567890abcdef"` |
| `apiKey` | Y* | Output | The access key of the Azure OpenAI service. Only required when not using Microsoft Entra ID authentication. | `"1234567890abcdef"` |
| `azureTenantId` | Y* | Input | The tenant ID of the Azure OpenAI resource. Only required when `apiKey` is not provided. | `"tenentID"` |
| `azureClientId` | Y* | Input | The client ID that should be used by the binding to create or update the Azure OpenAI Subscription and to authenticate incoming messages. Only required when `apiKey` is not provided.| `"clientId"` |
| `azureClientSecret` | Y* | Input | The client secret that should be used by the binding to create or update the Azure OpenAI Subscription and to authenticate incoming messages. Only required when `apiKey` is not provided. | `"clientSecret"` |
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure OpenAI binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure OpenAI binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
#### Example Configuration

12
daprdocs/content/en/reference/components-reference/supported-bindings/postgresql.md
View File

@ -25,8 +25,6 @@ spec:
# Connection string
- name: connectionString
value: "<CONNECTION STRING>"
- name: direction
value: "<DIRECTION_OF_BINDING>"
```
{{% alert title="Warning" color="warning" %}}
@ -43,15 +41,15 @@ The following metadata options are **required** to authenticate using a PostgreS
|--------|:--------:|---------|---------|
| `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"`
### Authenticate using Azure AD
### Authenticate using Microsoft Entra ID
Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
| Field | Required | Details | Example |
|--------|:--------:|---------|---------|
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` |
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` |
| `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` |
| `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` |

3
daprdocs/content/en/reference/components-reference/supported-bindings/postmark.md
View File

@ -30,8 +30,6 @@ spec:
value: "dave@dapr.io" # optional
- name: subject
value: "Hello!" # optional
- name: direction
value: "output" # optional
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
@ -48,7 +46,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `emailCc` | N | Output | If set this specifies the 'cc' email address of the email message | `"me@example.com"` |
| `emailBcc` | N | Output | If set this specifies the 'bcc' email address of the email message | `"me@example.com"` |
| `subject` | N | Output | If set this specifies the subject of the email message | `"me@example.com"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
You can specify any of the optional metadata properties on the output binding request too (e.g. `emailFrom`, `emailTo`, `subject`, etc.)

5
daprdocs/content/en/reference/components-reference/supported-bindings/redis.md
View File

@ -11,7 +11,6 @@ aliases:
To setup Redis binding create a component of type `bindings.redis`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -27,8 +26,6 @@ spec:
value: "**************"
- name: enableTLS
value: "<bool>"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -61,7 +58,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `minIdleConns` | N | Output | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"`
| `idleCheckFrequency` | N | Output | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"`
| `idleTimeout` | N | Output | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"`
| `direction` | N | Output | Direction of the binding. | `"output"`
## Binding support
@ -226,6 +222,5 @@ The Dapr CLI automatically deploys a local redis instance in self hosted mode as
- [Basic schema for a Dapr component]({{< ref component-schema >}})
- [Bindings building block]({{< ref bindings >}})
- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}})
- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}})
- [Bindings API reference]({{< ref bindings_api.md >}})

3
daprdocs/content/en/reference/components-reference/supported-bindings/s3.md
View File

@ -44,8 +44,6 @@ spec:
value: "<bool>"
- name: insecureSSL
value: "<bool>"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -67,7 +65,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `encodeBase64` | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `"true"` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `"false"` | `"true"`, `"false"` |
| `disableSSL` | N | Output | Allows to connect to non `https://` endpoints. Defaults to `"false"` | `"true"`, `"false"` |
| `insecureSSL` | N | Output | When connecting to `https://` endpoints, accepts invalid or self-signed certificates. Defaults to `"false"` | `"true"`, `"false"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
{{% alert title="Important" color="warning" %}}
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.

3
daprdocs/content/en/reference/components-reference/supported-bindings/sendgrid.md
View File

@ -41,8 +41,6 @@ spec:
value: '{"customer":{"name":"John Smith"}}' # optional
- name: apiKey
value: "YOUR_API_KEY" # required, this is your SendGrid key
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -61,7 +59,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `emailCc` | N | Output | If set this specifies the 'cc' email address of the email message. Only a single email address is allowed. Optional field, see [below](#example-request-payload) | `"me@example.com"` |
| `emailBcc` | N | Output | If set this specifies the 'bcc' email address of the email message. Only a single email address is allowed. Optional field, see [below](#example-request-payload) | `"me@example.com"` |
| `subject` | N | Output | If set this specifies the subject of the email message. Optional field, see [below](#example-request-payload) | `"subject of the email"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
## Binding support

8
daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md
View File

@ -67,10 +67,10 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|-----------------|----------|---------|
| `connectionString` | Y | Input/Output | The Service Bus connection string. Required unless using Azure AD authentication. | `"Endpoint=sb://************"` |
| `connectionString` | Y | Input/Output | The Service Bus connection string. Required unless using Microsoft Entra ID authentication. | `"Endpoint=sb://************"` |
| `queueName` | Y | Input/Output | The Service Bus queue name. Queue names are case-insensitive and will always be forced to lowercase. | `"queuename"` |
| `timeoutInSec` | N | Input/Output | Timeout for all invocations to the Azure Service Bus endpoint, in seconds. *Note that this option impacts network calls and it's unrelated to the TTL applies to messages*. Default: `"60"` | `"60"` |
| `namespaceName`| N | Input/Output | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` |
| `namespaceName`| N | Input/Output | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` |
| `disableEntityManagement` | N | Input/Output | When set to true, queues and subscriptions do not get created automatically. Default: `"false"` | `"true"`, `"false"`
| `lockDurationInSec` | N | Input/Output | Defines the length in seconds that a message will be locked for before expiring. Used during subscription creation only. Default set by server. | `"30"`
| `autoDeleteOnIdleInSec` | N | Input/Output | Time in seconds to wait before auto deleting idle subscriptions. Used during subscription creation only. Default: `"0"` (disabled) | `"3600"`
@ -90,9 +90,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `publishInitialRetryIntervalInMs` | N | Output | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `"500"` | `"500"`
| `direction` | N | Input/Output | The direction of the binding | `"input"`, `"output"`, `"input, output"`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Service Bus Queues binding component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Service Bus Queues binding component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
#### Example Configuration

3
daprdocs/content/en/reference/components-reference/supported-bindings/ses.md
View File

@ -40,8 +40,6 @@ spec:
value: "bcc@example.com"
- name: subject
value: "subject"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -61,7 +59,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `emailCc` | N | Output | If set, this specifies the email address to CC in. See [also](#example-request) | `"me@example.com"` |
| `emailBcc` | N | Output | If set, this specifies email address to BCC in. See [also](#example-request) | `"me@example.com"` |
| `subject` | N | Output | If set, this specifies the subject of the email message. See [also](#example-request) | `"subject of mail"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
{{% alert title="Important" color="warning" %}}
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.

13
daprdocs/content/en/reference/components-reference/supported-bindings/signalr.md
View File

@ -25,8 +25,6 @@ spec:
value: "Endpoint=https://<your-azure-signalr>.service.signalr.net;AccessKey=<your-access-key>;Version=1.0;"
- name: hub # Optional
value: "<hub name>"
- name: direction
value: "<direction of binding>"
```
{{% alert title="Warning" color="warning" %}}
@ -39,15 +37,14 @@ The above example uses secrets as plain strings. It is recommended to use a secr
|--------------------|:--------:|------------|-----|---------|
| `connectionString` | Y | Output | The Azure SignalR connection string | `"Endpoint=https://<your-azure-signalr>.service.signalr.net;AccessKey=<your-access-key>;Version=1.0;"` |
| `hub` | N | Output | Defines the hub in which the message will be send. The hub can be dynamically defined as a metadata value when publishing to an output binding (key is "hub") | `"myhub"` |
| `endpoint` | N | Output | Endpoint of Azure SignalR; required if not included in the `connectionString` or if using Azure AD | `"https://<your-azure-signalr>.service.signalr.net"`
| `endpoint` | N | Output | Endpoint of Azure SignalR; required if not included in the `connectionString` or if using Microsoft Entra ID | `"https://<your-azure-signalr>.service.signalr.net"`
| `accessKey` | N | Output | Access key | `"your-access-key"`
| `direction` | N | Output | The direction of the binding | `"output"`
### Azure Active Directory (Azure AD) authentication
### Microsoft Entra ID authentication
The Azure SignalR binding component supports authentication using all Azure Active Directory mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Azure AD authentication mechanism.
The Azure SignalR binding component supports authentication using all Microsoft Entra ID mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Microsoft Entra ID authentication mechanism.
You have two options to authenticate this component with Azure AD:
You have two options to authenticate this component with Microsoft Entra ID:
- Pass individual metadata keys:
- `endpoint` for the endpoint
@ -55,7 +52,7 @@ You have two options to authenticate this component with Azure AD:
- Pass a connection string with `AuthType=aad` specified:
- System-assigned managed identity: `Endpoint=https://<servicename>.service.signalr.net;AuthType=aad;Version=1.0;`
- User-assigned managed identity: `Endpoint=https://<servicename>.service.signalr.net;AuthType=aad;ClientId=<clientid>;Version=1.0;`
- Azure AD application: `Endpoint=https://<servicename>.service.signalr.net;AuthType=aad;ClientId=<clientid>;ClientSecret=<clientsecret>;TenantId=<tenantid>;Version=1.0;`
- Microsoft Entra ID application: `Endpoint=https://<servicename>.service.signalr.net;AuthType=aad;ClientId=<clientid>;ClientSecret=<clientsecret>;TenantId=<tenantid>;Version=1.0;`
Note that you cannot use a connection string if your application's ClientSecret contains a `;` character.
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/smtp.md
View File

@ -43,8 +43,6 @@ spec:
value: "subject"
- name: priority
value: "[value 1-5]"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -66,7 +64,6 @@ The example configuration shown above, contain a username and password as plain-
| `emailBcc` | N | Output | If set, this specifies email address to BCC in. See [also](#example-request) | `"me@example.com"` |
| `subject` | N | Output | If set, this specifies the subject of the email message. See [also](#example-request) | `"subject of mail"` |
| `priority` | N | Output | If set, this specifies the priority (X-Priority) of the email message, from 1 (lowest) to 5 (highest) (default value: 3). See [also](#example-request) | `"1"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/sns.md
View File

@ -32,8 +32,6 @@ spec:
value: "*****************"
- name: sessionToken
value: "*****************"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
@ -49,7 +47,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `accessKey` | Y | Output | The AWS Access Key to access this resource | `"key"` |
| `secretKey` | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` |
| `sessionToken` | N | Output | The AWS session token to use | `"sessionToken"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
{{% alert title="Important" color="warning" %}}
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.

6
daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md
View File

@ -52,7 +52,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|------------|-----|---------|
| `accountName` | Y | Input/Output | The name of the Azure Storage account | `"account1"` |
| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Azure AD authentication. | `"access-key"` |
| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Microsoft Entra ID authentication. | `"access-key"` |
| `queueName` | Y | Input/Output | The name of the Azure Storage queue | `"myqueue"` |
| `pollingInterval` | N | Output | Set the interval to poll Azure Storage Queues for new messages, as a Go duration value. Default: `"10s"` | `"30s"` |
| `ttlInSeconds` | N | Output | Parameter to set the default message time to live. If this parameter is omitted, messages will expire after 10 minutes. See [also](#specifying-a-ttl-per-message) | `"60"` |
@ -62,9 +62,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `visibilityTimeout` | N | Input | Allows setting a custom queue visibility timeout to avoid immediate retrying of recently failed messages. Defaults to 30 seconds. | `"100s"` |
| `direction` | N | Input/Output | Direction of the binding. | `"input"`, `"output"`, `"input, output"` |
### Azure Active Directory (Azure AD) authentication
### Microsoft Entra ID authentication
The Azure Storage Queue binding component supports authentication using all Azure Active Directory mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Azure AD authentication mechanism.
The Azure Storage Queue binding component supports authentication using all Microsoft Entra ID mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Microsoft Entra ID authentication mechanism.
## Binding support

5
daprdocs/content/en/reference/components-reference/supported-bindings/twilio.md
View File

@ -11,8 +11,6 @@ aliases:
To setup Twilio SMS binding create a component of type `bindings.twilio.sms`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -30,8 +28,6 @@ spec:
value: "*****************"
- name: authToken # required.
value: "*****************"
- name: direction
value: "output"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
@ -45,7 +41,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `fromNumber` | Y | Output | The sender phone number | `"222-222-2222"` |
| `accountSid` | Y | Output | The Twilio account SID | `"account sid"` |
| `authToken` | Y | Output | The Twilio auth token | `"auth token"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
## Binding support

9
daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md
View File

@ -71,18 +71,15 @@ spec:
type: bindings.wasm
version: v1
metadata:
- name: url
value: "file://uppercase.wasm"
- name: direction
value: "output"
- name: url
value: "file://uppercase.wasm"
```
## Spec metadata fields
| Field | Details | Required | Example |
|-------|----------------------------------------------------------------|----------|----------------|
| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` |
| `direction` | The direction of the binding | false | `"output"` |
| `url` | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` |
## Binding support

3
daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-command.md
View File

@ -28,8 +28,6 @@ spec:
value: "true"
- name: caCertificatePath
value: "/path/to/ca-cert"
- name: direction
value: "output"
```
## Spec metadata fields
@ -40,7 +38,6 @@ spec:
| `gatewayKeepAlive` | N | Output | Sets how often keep alive messages should be sent to the gateway. Defaults to 45 seconds | `"45s"` |
| `usePlainTextConnection` | N | Output | Whether to use a plain text connection or not | `"true"`, `"false"` |
| `caCertificatePath` | N | Output | The path to the CA cert | `"/path/to/ca-cert"` |
| `direction` | N | Output | The direction of the binding | `"output"` |
## Binding support

6
daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-jobworker.md
View File

@ -47,10 +47,10 @@ spec:
- name: fetchVariables
value: "productId, productName, productKey"
- name: autocomplete
value: "true"
value: "true"
- name: retryBackOff
value: "30s"
- name: direction
value: "30s"
- name: direction
value: "input"
```

10
daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md
View File

@ -52,8 +52,8 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|----------------------------|:--------:|---------|---------|
| connectionString | Y* | Connection String for the Azure App Configuration instance. No Default. Can be `secretKeyRef` to use a secret reference. *Mutally exclusive with host field. *Not to be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used | `Endpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000`
| host | N* | Endpoint for the Azure App Configuration instance. No Default. *Mutally exclusive with connectionString field. *To be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used | `https://dapr.azconfig.io`
| connectionString | Y* | Connection String for the Azure App Configuration instance. No Default. Can be `secretKeyRef` to use a secret reference. *Mutally exclusive with host field. *Not to be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/azure-authentication/authenticating-azure/) is used | `Endpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000`
| host | N* | Endpoint for the Azure App Configuration instance. No Default. *Mutally exclusive with connectionString field. *To be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/azure-authentication/authenticating-azure/) is used | `https://dapr.azconfig.io`
| maxRetries | N | Maximum number of retries before giving up. Defaults to `3` | `5`, `10`
| retryDelay | N | RetryDelay specifies the initial amount of delay to use before retrying an operation. The delay increases exponentially with each retry up to the maximum specified by MaxRetryDelay. Defaults to `4` seconds; `"-1"` disables delay between retries. | `4s`
| maxRetryDelay | N | MaxRetryDelay specifies the maximum delay allowed before retrying an operation. Typically the value is greater than or equal to the value specified in RetryDelay. Defaults to `120` seconds; `"-1"` disables the limit | `120s`
@ -65,11 +65,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr
Access an App Configuration instance using its connection string, which is available in the Azure portal. Since connection strings contain credential information, you should treat them as secrets and [use a secret store]({{< ref component-secrets.md >}}).
## Authenticating with Azure AD
## Authenticating with Microsoft Entra ID
The Azure App Configuration configuration store component also supports authentication with Azure AD. Before you enable this component:
The Azure App Configuration configuration store component also supports authentication with Microsoft Entra ID. Before you enable this component:
- Read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
- Create an Azure AD application (also called Service Principal).
- Create an Microsoft Entra ID application (also called Service Principal).
- Alternatively, create a managed identity for your application platform.
## Set up Azure App Configuration

12
daprdocs/content/en/reference/components-reference/supported-configuration-stores/postgresql-configuration-store.md
View File

@ -67,15 +67,15 @@ The following metadata options are **required** to authenticate using a PostgreS
|--------|:--------:|---------|---------|
| `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"`
### Authenticate using Azure AD
### Authenticate using Microsoft Entra ID
Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
| Field | Required | Details | Example |
|--------|:--------:|---------|---------|
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` |
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` |
| `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` |
| `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` |
@ -112,7 +112,7 @@ Authenticating with Azure AD is supported with Azure Database for PostgreSQL. Al
3. Create a TRIGGER on configuration table. An example function to create a TRIGGER is as follows:
```sh
CREATE OR REPLACE FUNCTION configuration_event() RETURNS TRIGGER AS $$
CREATE OR REPLACE FUNCTION notify_event() RETURNS TRIGGER AS $$
DECLARE
data json;
notification json;

1
daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md
View File

@ -10,6 +10,7 @@ aliases:
## Component format
To setup Redis configuration store create a component of type `configuration.redis`. See [this guide]({{< ref "howto-manage-configuration.md#configure-a-dapr-configuration-store" >}}) on how to create and apply a configuration store configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component

6
daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md
View File

@ -32,12 +32,12 @@ spec:
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}).
{{% /alert %}}
## Authenticating with Azure AD
## Authenticating with Microsoft Entra ID
The Azure Key Vault cryptography component supports authentication with Azure AD only. Before you enable this component:
The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component:
1. Read the [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) document.
1. Create an [Azure AD application]({{< ref "howto-aad.md" >}}) (also called a Service Principal).
1. Create an [Microsoft Entra ID application]({{< ref "howto-aad.md" >}}) (also called a Service Principal).
1. Alternatively, create a [managed identity]({{< ref "howto-mi.md" >}}) for your application platform.
## Spec metadata fields

2
daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md
View File

@ -42,7 +42,7 @@ spec:
Common values for `issuer` include:
- Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application
- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID
- Microsoft Entra ID: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID
- Google: `https://accounts.google.com`
- Salesforce (Force.com): `https://login.salesforce.com`

2
daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md
View File

@ -31,7 +31,7 @@ spec:
value: 403
# `readBody` controls whether the middleware reads the entire request body in-memory and make it
# availble for policy decisions.
# available for policy decisions.
- name: readBody
value: "false"

2
daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md
View File

@ -51,7 +51,7 @@ How to compile this is described later.
| Field | Details | Required | Example |
|-------|----------------------------------------------------------------|----------|----------------|
| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` |
| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `enviroment=production`,`{"environment":"production"}` |
| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `environment=production`,`{"environment":"production"}` |
## Dapr configuration

2
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
View File

@ -46,7 +46,7 @@ spec:
- name: consumeRetryInterval # Optional.
value: 200ms
- name: version # Optional.
value: 0.10.2.0
value: 2.0.0
- name: disableTls # Optional. Disable TLS. This is not safe for production!! You should read the `Mutual TLS` section for how to use TLS.
value: "true"
```

2
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-aws-snssqs.md
View File

@ -84,7 +84,7 @@ The above example uses secrets as plain strings. It is recommended to use [a sec
| secretKey | Y | Secret for the AWS user/role. If using an `AssumeRole` access, you will also need to provide a `sessionToken` |`"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"`
| region | Y | The AWS region where the SNS/SQS assets are located or be created in. See [this page](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/?p=ugi&l=na) for valid regions. Ensure that SNS and SQS are available in that region | `"us-east-1"`
| consumerID | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. See the [pub/sub broker component file]({{< ref setup-pubsub.md >}}) to learn how ConsumerID is automatically generated. | `"channel1"`
| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unncessary when running against production AWS | `"http://localhost:4566"`
| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unnecessary when running against production AWS | `"http://localhost:4566"`
| sessionToken | N | AWS session token to use. A session token is only required if you are using temporary security credentials | `"TOKEN"`
| messageReceiveLimit | N | Number of times a message is received, after processing of that message fails, that once reached, results in removing of that message from the queue. If `sqsDeadLettersQueueName` is specified, `messageReceiveLimit` is the number of times a message is received, after processing of that message fails, that once reached, results in moving of the message to the SQS dead-letters queue. Default: `10` | `10`
| sqsDeadLettersQueueName | N | Name of the dead letters queue for this application | `"myapp-dlq"`

18
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md
View File

@ -23,10 +23,10 @@ spec:
version: v1
metadata:
# Either connectionString or eventHubNamespace is required
# Use connectionString when *not* using Azure AD
# Use connectionString when *not* using Microsoft Entra ID
- name: connectionString
value: "Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"
# Use eventHubNamespace when using Azure AD
# Use eventHubNamespace when using Microsoft Entra ID
- name: eventHubNamespace
value: "namespace"
- name: consumerID # Optional. If not supplied, the runtime will create one.
@ -62,11 +62,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| `connectionString` | Y* | Connection string for the Event Hub or the Event Hub namespace.<br>* Mutally exclusive with `eventHubNamespace` field.<br>* Required when not using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"`
| `eventHubNamespace` | Y* | The Event Hub Namespace name.<br>* Mutally exclusive with `connectionString` field.<br>* Required when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"`
| `connectionString` | Y* | Connection string for the Event Hub or the Event Hub namespace.<br>* Mutally exclusive with `eventHubNamespace` field.<br>* Required when not using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"`
| `eventHubNamespace` | Y* | The Event Hub Namespace name.<br>* Mutally exclusive with `connectionString` field.<br>* Required when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"`
| `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. | `"channel1"`
| `storageAccountName` | Y | Storage account name to use for the checkpoint store. |`"myeventhubstorage"`
| `storageAccountKey` | Y* | Storage account key for the checkpoint store account.<br>* When using Azure AD, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"`
| `storageAccountKey` | Y* | Storage account key for the checkpoint store account.<br>* When using Microsoft Entra ID, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"`
| `storageConnectionString` | Y* | Connection string for the checkpoint store, alternative to specifying `storageAccountKey` | `"DefaultEndpointsProtocol=https;AccountName=myeventhubstorage;AccountKey=<account-key>"`
| `storageContainerName` | Y | Storage container name for the storage account name. | `"myeventhubstoragecontainer"`
| `enableEntityManagement` | N | Boolean value to allow management of the EventHub namespace and storage account. Default: `false` | `"true", "false"`
@ -75,9 +75,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `partitionCount` | N | Number of partitions for the new Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"2"`
| `messageRetentionInDays` | N | Number of days to retain messages for in the newly created Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"90"`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Event Hubs pub/sub component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Event Hubs pub/sub component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
#### Example Configuration
@ -110,7 +110,7 @@ spec:
value: "1"
- name: messageRetentionInDays
# Checkpoint store attributes
# In this case, we're using Azure AD to access the storage account too
# In this case, we're using Microsoft Entra ID to access the storage account too
- name: storageAccountName
value: "myeventhubstorage"
- name: storageContainerName
@ -191,7 +191,7 @@ When entity management is enabled in the metadata, as long as the application ha
The Evet Hub name is the `topic` field in the incoming request to publish or subscribe to, while the consumer group name is the name of the Dapr app which subscribes to a given Event Hub. For example, a Dapr app running on Kubernetes with name `dapr.io/app-id: "myapp"` requires an Event Hubs consumer group named `myapp`.
Entity management is only possible when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) and not using a connection string.
Entity management is only possible when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) and not using a connection string.
> Dapr passes the name of the consumer group to the Event Hub, so this is not supplied in the metadata.

10
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md
View File

@ -25,7 +25,7 @@ spec:
type: pubsub.azure.servicebus.queues
version: v1
metadata:
# Required when not using Azure AD Authentication
# Required when not using Microsoft Entra ID Authentication
- name: connectionString
value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}"
# - name: consumerID # Optional
@ -70,9 +70,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Azure AD authentication. | See example above
| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Microsoft Entra ID authentication. | See example above
| `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. | `"channel1"`
| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` |
| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` |
| `timeoutInSec` | N | Timeout for sending messages and for management operations. Default: `60` |`30`
| `handlerTimeoutInSec`| N | Timeout for invoking the app's handler. Default: `60` | `30`
| `lockRenewalInSec` | N | Defines the frequency at which buffered message locks will be renewed. Default: `20`. | `20`
@ -89,9 +89,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `publishMaxRetries` | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5`
| `publishInitialRetryIntervalInMs` | N | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `500` | `500`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Service Bus Queues pubsub component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Service Bus Queues pubsub component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
#### Example Configuration

10
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md
View File

@ -26,7 +26,7 @@ spec:
type: pubsub.azure.servicebus.topics
version: v1
metadata:
# Required when not using Azure AD Authentication
# Required when not using Microsoft Entra ID Authentication
- name: connectionString
value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}"
# - name: consumerID # Optional: defaults to the app's own ID
@ -73,8 +73,8 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Azure AD authentication. | See example above
| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` |
| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Microsoft Entra ID authentication. | See example above
| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` |
| `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. (`appID`) value. |
| `timeoutInSec` | N | Timeout for sending messages and for management operations. Default: `60` |`30`
| `handlerTimeoutInSec`| N | Timeout for invoking the app's handler. Default: `60` | `30`
@ -92,9 +92,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `publishMaxRetries` | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5`
| `publishInitialRetryIntervalInMs` | N | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `500` | `500`
### Azure Active Directory (AAD) authentication
### Microsoft Entra ID authentication
The Azure Service Bus Topics pubsub component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Service Bus Topics pubsub component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
#### Example Configuration

4
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-kubemq.md
View File

@ -45,7 +45,7 @@ spec:
{{< tabs "Self-Hosted" "Kubernetes">}}
{{% codetab %}}
1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key.
1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key).
2. Wait for an email confirmation with your Key
You can run a KubeMQ broker with Docker:
@ -58,7 +58,7 @@ You can then interact with the server using the client port: `localhost:50000`
{{% /codetab %}}
{{% codetab %}}
1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key.
1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key).
2. Wait for an email confirmation with your Key
Then Run the following kubectl commands:

4
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md
View File

@ -10,9 +10,9 @@ aliases:
## ⚠️ Deprecation notice
{{% alert title="Warning" color="warning" %}}
This component is **deprecated** because the [NATS Streaming Server](hhttps://nats-io.gitbook.io/legacy-nats-docs/nats-streaming-server-aka-stan/developing-with-stan) was deprecated in June 2023 and no longer receives updates. Users are encouraged to switch to using [JetStream]({{< ref setup-jetstream >}} as an alternative.
This component is **deprecated** because the [NATS Streaming Server](https://nats-io.gitbook.io/legacy-nats-docs/nats-streaming-server-aka-stan/developing-with-stan) was deprecated in June 2023 and no longer receives updates. Users are encouraged to switch to using [JetStream]({{< ref setup-jetstream >}}) as an alternative.
This component will be **removed in the Dapr v1.13 release.
This component will be **removed in the Dapr v1.13 release**.
{{% /alert %}}
## Component format

26
daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
View File

@ -36,11 +36,11 @@ spec:
value : "[pfx_certificate_file_fully_qualified_local_path]"
```
## Authenticating with Azure AD
## Authenticating with Microsoft Entra ID
The Azure Key Vault secret store component supports authentication with Azure AD only. Before you enable this component:
The Azure Key Vault secret store component supports authentication with Microsoft Entra ID only. Before you enable this component:
1. Read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
1. Create an Azure AD application (also called Service Principal).
1. Create an Microsoft Entra ID application (also called Service Principal).
1. Alternatively, create a managed identity for your application platform.
## Spec metadata fields
@ -70,7 +70,7 @@ Query Parameter | Description
- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)
- [jq](https://stedolan.github.io/jq/download/)
- You are using bash or zsh shell
- You've created an Azure AD application (Service Principal) per the instructions in [Authenticating to Azure]({{< ref authenticating-azure.md >}}). You will need the following values:
- You've created an Microsoft Entra ID application (Service Principal) per the instructions in [Authenticating to Azure]({{< ref authenticating-azure.md >}}). You will need the following values:
| Value | Description |
| ----- | ----------- |
@ -113,7 +113,7 @@ Query Parameter | Description
--location "${LOCATION}"
```
1. Using RBAC, assign a role to the Azure AD application so it can access the Key Vault.
1. Using RBAC, assign a role to the Microsoft Entra ID application so it can access the Key Vault.
In this case, assign the "Key Vault Secrets User" role, which has the "Get secrets" permission over Azure Key Vault.
```sh
@ -133,7 +133,7 @@ Other less restrictive roles, like "Key Vault Secrets Officer" and "Key Vault Ad
#### Using a client secret
To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory. Use the following template, filling in [the Azure AD application you created]({{< ref authenticating-azure.md >}}):
To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory. Use the following template, filling in [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}):
```yaml
apiVersion: dapr.io/v1alpha1
@ -156,7 +156,7 @@ spec:
#### Using a certificate
If you want to use a **certificate** saved on the local disk instead, use the following template. Fill in the details of [the Azure AD application you created]({{< ref authenticating-azure.md >}}):
If you want to use a **certificate** saved on the local disk instead, use the following template. Fill in the details of [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}):
```yaml
apiVersion: dapr.io/v1alpha1
@ -179,7 +179,7 @@ spec:
{{% /codetab %}}
{{% codetab %}}
In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. Before you start, you need the details of [the Azure AD application you created]({{< ref authenticating-azure.md >}}).
In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. Before you start, you need the details of [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}).
#### Using a client secret
@ -298,11 +298,11 @@ In Kubernetes, you store the client secret or the certificate into the Kubernete
kubectl apply -f azurekeyvault.yaml
```
1. Create and assign a managed identity at the pod-level via either:
- [Azure AD workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) (preferred method)
- [Azure AD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#create-a-pod-identity)
- [Microsoft Entra ID workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) (preferred method)
- [Microsoft Entra ID pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#create-a-pod-identity)
**Important**: While both Azure AD pod identity and workload identity are in preview, currently Azure AD Workload Identity is planned for general availability (stable state).
**Important**: While both Microsoft Entra ID pod identity and workload identity are in preview, currently Microsoft Entra ID Workload Identity is planned for general availability (stable state).
1. After creating a workload identity, give it `read` permissions:
- [On your desired KeyVault instance](https://docs.microsoft.com/azure/key-vault/general/assign-access-policy?tabs=azure-cli#assign-the-access-policy)
@ -319,11 +319,11 @@ In Kubernetes, you store the client secret or the certificate into the Kubernete
aadpodidbinding: $POD_IDENTITY_NAME
```
#### Using Azure managed identity directly vs. via Azure AD workload identity
#### Using Azure managed identity directly vs. via Microsoft Entra ID workload identity
When using **managed identity directly**, you can have multiple identities associated with an app, requiring `azureClientId` to specify which identity should be used.
However, when using **managed identity via Azure AD workload identity**, `azureClientId` is not necessary and has no effect. The Azure identity to be used is inferred from the service account tied to an Azure identity via the Azure federated identity.
However, when using **managed identity via Microsoft Entra ID workload identity**, `azureClientId` is not necessary and has no effect. The Azure identity to be used is inferred from the service account tied to an Azure identity via the Azure federated identity.
{{% /codetab %}}

2
daprdocs/content/en/reference/components-reference/supported-secret-stores/envvar-secret-store.md
View File

@ -41,7 +41,7 @@ spec:
For security reasons, this component cannot be used to access these environment variables:
- `APP_API_TOKEN`
- Any variable whose name begines with the `DAPR_` prefix
- Any variable whose name begins with the `DAPR_` prefix
## Related Links
- [Secrets building block]({{< ref secrets >}})

10
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md
View File

@ -37,7 +37,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| `accountName` | Y | The storage account name | `"mystorageaccount"`.
| `accountKey` | Y (unless using Azure AD) | Primary or secondary storage key | `"key"`
| `accountKey` | Y (unless using Microsoft Entra ID) | Primary or secondary storage key | `"key"`
| `containerName` | Y | The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist | `"container"`
| `azureEnvironment` | N | Optional name for the Azure environment if using a different Azure cloud | `"AZUREPUBLICCLOUD"` (default value), `"AZURECHINACLOUD"`, `"AZUREUSGOVERNMENTCLOUD"`, `"AZUREGERMANCLOUD"`
| `endpoint` | N | Optional custom endpoint URL. This is useful when using the [Azurite emulator](https://github.com/Azure/azurite) or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (`http://` or `https://`), the IP or FQDN, and optional port. | `"http://127.0.0.1:10000"`
@ -60,9 +60,9 @@ In order to setup Azure Blob Storage as a state store, you will need the followi
- **accountKey**: Primary or secondary storage account key.
- **containerName**: The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist.
### Authenticating with Azure AD
### Authenticating with Microsoft Entra ID
This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is recommended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure.
This component supports authentication with Microsoft Entra ID as an alternative to use account keys. Whenever possible, it is recommended that you use Microsoft Entra ID for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure.
> The following scripts are optimized for a bash or zsh shell and require the following apps installed:
>
@ -71,7 +71,7 @@ This component supports authentication with Azure AD as an alternative to use ac
>
> You must also be authenticated with Azure in your Azure CLI.
1. To get started with using Azure AD for authenticating the Blob Storage state store component, make sure you've created an Azure AD application and a Service Principal as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
1. To get started with using Microsoft Entra ID for authenticating the Blob Storage state store component, make sure you've created an Microsoft Entra ID application and a Service Principal as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
Once done, set a variable with the ID of the Service Principal that you created:
```sh
@ -96,7 +96,7 @@ This component supports authentication with Azure AD as an alternative to use ac
--scope "${RG_ID}/providers/Microsoft.Storage/storageAccounts/${STORAGE_ACCOUNT_NAME}"
```
When authenticating your component using Azure AD, the `accountKey` field is not required. Instead, please specify the required credentials in the component's metadata (if any) according to the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
When authenticating your component using Microsoft Entra ID, the `accountKey` field is not required. Instead, please specify the required credentials in the component's metadata (if any) according to the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
For example:

14
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-cosmosdb.md
View File

@ -46,14 +46,14 @@ If you wish to use Cosmos DB as an actor store, append the following to the yam
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| url | Y | The Cosmos DB url | `"https://******.documents.azure.com:443/"`.
| masterKey | Y* | The key to authenticate to the Cosmos DB account. Only required when not using Azure AD authentication. | `"key"`
| masterKey | Y* | The key to authenticate to the Cosmos DB account. Only required when not using Microsoft Entra ID authentication. | `"key"`
| database | Y | The name of the database | `"db"`
| collection | Y | The name of the collection (container) | `"collection"`
| actorStateStore | N | Consider this state store for actors. Defaults to `"false"` | `"true"`, `"false"`
### Azure Active Directory (Azure AD) authentication
### Microsoft Entra ID authentication
The Azure Cosmos DB state store component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Azure AD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Cosmos DB state store component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad).
@ -66,7 +66,7 @@ You can read additional information for setting up Cosmos DB with Azure AD aut
In order to setup Cosmos DB as a state store, you need the following properties:
- **URL**: the Cosmos DB url. for example: `https://******.documents.azure.com:443/`
- **Master Key**: The key to authenticate to the Cosmos DB account. Skip this if using Azure AD authentication.
- **Master Key**: The key to authenticate to the Cosmos DB account. Skip this if using Microsoft Entra ID authentication.
- **Database**: The name of the database
- **Collection**: The name of the collection (or container)
@ -136,9 +136,9 @@ curl -X POST http://localhost:3500/v1.0/state/<store_name> \
For **actor** state operations, the partition key is generated by Dapr using the `appId`, the actor type, and the actor id, such that data for the same actor always ends up under the same partition (you do not need to specify it). This is because actor state operations must use transactions, and in Cosmos DB the items in a transaction must be on the same partition.
## Setting up Cosmos DB for authenticating with Azure AD
## Setting up Cosmos DB for authenticating with Microsoft Entra ID
When using the Dapr Cosmos DB state store and authenticating with Azure AD, you need to perform a few additional steps to set up your environment.
When using the Dapr Cosmos DB state store and authenticating with Microsoft Entra ID, you need to perform a few additional steps to set up your environment.
Prerequisites:
@ -147,7 +147,7 @@ Prerequisites:
- [jq](https://stedolan.github.io/jq/download/)
- The scripts below are optimized for a bash or zsh shell
### Granting your Azure AD application access to Cosmos DB
### Granting your Microsoft Entra ID application access to Cosmos DB
> You can find more information on the [official documentation](https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac), including instructions to assign more granular permissions.

10
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-tablestorage.md
View File

@ -45,11 +45,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `serviceURL` | N | The full storage service endpoint URL. Useful for Azure environments other than public cloud. | `"https://mystorageaccount.table.core.windows.net/"`
| `skipCreateTable` | N | Skips the check for and, if necessary, creation of the specified storage table. This is useful when using active directory authentication with minimal privileges. Defaults to `false`. | `"true"`
### Azure Active Directory (Azure AD) authentication
### Microsoft Entra ID authentication
The Azure Cosmos DB state store component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Azure AD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
The Azure Cosmos DB state store component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}).
You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad).
You can read additional information for setting up Cosmos DB with Microsoft Entra ID authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad).
## Option 1: Setup Azure Table Storage
@ -59,7 +59,7 @@ If you wish to create a table for Dapr to use, you can do so beforehand. However
In order to setup Azure Table Storage as a state store, you will need the following properties:
- **AccountName**: The storage account name. For example: **mystorageaccount**.
- **AccountKey**: Primary or secondary storage key. Skip this if using Azure AD authentication.
- **AccountKey**: Primary or secondary storage key. Skip this if using Microsoft Entra ID authentication.
- **TableName**: The name of the table to be used for Dapr state. The table will be created for you if it doesn't exist, unless the `skipCreateTable` option is enabled.
- **cosmosDbMode**: Set this to `false` to connect to Azure Tables.
@ -71,7 +71,7 @@ If you wish to create a table for Dapr to use, you can do so beforehand. However
In order to setup Azure Cosmos DB Table API as a state store, you will need the following properties:
- **AccountName**: The Cosmos DB account name. For example: **mycosmosaccount**.
- **AccountKey**: The Cosmos DB master key. Skip this if using Azure AD authentication.
- **AccountKey**: The Cosmos DB master key. Skip this if using Microsoft Entra ID authentication.
- **TableName**: The name of the table to be used for Dapr state. The table will be created for you if it doesn't exist, unless the `skipCreateTable` option is enabled.
- **cosmosDbMode**: Set this to `true` to connect to Azure Tables.

4
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-memcached.md
View File

@ -25,7 +25,7 @@ spec:
- name: maxIdleConnections
value: <REPLACE-WITH-MAX-IDLE-CONNECTIONS> # Optional. default: "2"
- name: timeout
value: <REPLACE-WITH-TIMEOUT> # Optional. default: "1000ms"
value: <REPLACE-WITH-TIMEOUT> # Optional. default: "1000"
```
{{% alert title="Warning" color="warning" %}}
@ -38,7 +38,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
|--------------------|:--------:|---------|---------|
| hosts | Y | Comma delimited endpoints | `"memcached.default.svc.cluster.local:11211"`
| maxIdleConnections | N | The max number of idle connections. Defaults to `"2"` | `"3"`
| timeout | N | The timeout for the calls. Defaults to `"1000ms"` | `"1000ms"`
| timeout | N | The timeout for the calls in milliseconds. Defaults to `"1000"` | `"1000"`
## Setup Memcached

10
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-postgresql.md
View File

@ -61,15 +61,15 @@ The following metadata options are **required** to authenticate using a PostgreS
|--------|:--------:|---------|---------|
| `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"`
### Authenticate using Azure AD
### Authenticate using Microsoft Entra ID
Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity.
| Field | Required | Details | Example |
|--------|:--------:|---------|---------|
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` |
| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` |
| `connectionString` | Y | The connection string for the PostgreSQL database.<br>This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` |
| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` |
| `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` |
| `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` |

Some files were not shown because too many files have changed in this diff Show More