Merge branch 'v1.11' into wasm-binding

daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md

@@ -78,7 +78,7 @@ In the fan-out/fan-in design pattern, you execute multiple tasks simultaneously
 
 <img src="/images/workflow-overview/workflows-fanin-fanout.png" width=800 alt="Diagram showing how the fan-out/fan-in workflow pattern works">
 
-In addition to the challenges mentioned in [the previous pattern]({{< ref "workflow-overview.md#task-chaining" >}}), there are several important questions to consider when implementing the fan-out/fan-in pattern manually:
+In addition to the challenges mentioned in [the previous pattern]({{< ref "workflow-patterns.md#task-chaining" >}}), there are several important questions to consider when implementing the fan-out/fan-in pattern manually:
 
 - How do you control the degree of parallelism?
 - How do you know when to trigger subsequent aggregation steps?

daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-podman.md

@@ -11,7 +11,7 @@ This article provides guidance on running Dapr with Podman on a Windows/Linux/ma
 ## Prerequisites
 
 - [Dapr CLI]({{< ref install-dapr-cli.md >}})
-- [Podman](https://podman.io/getting-started/installation.html)
+- [Podman](https://podman.io/docs/tutorials/installation)
 
 ## Initialize Dapr environment
 

daprdocs/content/en/reference/components-reference/supported-bindings/s3.md

@@ -70,6 +70,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.  
 {{% /alert %}}
 
+
+### S3 Bucket Creation
+{{< tabs "Minio" "LocalStack" "AWS" >}}
+
+{{% codetab %}}
 ### Using with Minio
 
 [Minio](https://min.io/) is a service that exposes local storage as S3-compatible block storage, and it's a popular alternative to S3 especially in development environments. You can use the S3 binding with Minio too, with some configuration tweaks:
@@ -78,6 +83,70 @@ When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernet
 3. The value for `region` is not important; you can set it to `us-east-1`.
 4. Depending on your environment, you may need to set `disableSSL` to `true` if you're connecting to Minio using a non-secure connection (using the `http://` protocol). If you are using a secure connection (`https://` protocol) but with a self-signed certificate, you may need to set `insecureSSL` to `true`.
 
+{{% /codetab %}}
+
+{{% codetab %}}
+For local development, the [LocalStack project](https://github.com/localstack/localstack) is used to integrate AWS S3. Follow [these instructions](https://github.com/localstack/localstack#running) to run LocalStack.
+
+To run LocalStack locally from the command line using Docker, use a `docker-compose.yaml` similar to the following:
+
+```yaml
+version: "3.8"
+
+services:
+  localstack:
+    container_name: "cont-aws-s3"
+    image: localstack/localstack:1.4.0
+    ports:
+      - "127.0.0.1:4566:4566"
+    environment:
+      - DEBUG=1
+      - DOCKER_HOST=unix:///var/run/docker.sock
+    volumes:
+      - "<PATH>/init-aws.sh:/etc/localstack/init/ready.d/init-aws.sh"  # init hook
+      - "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+```
+
+To use the S3 component, you need to use an existing bucket. The example above uses a [LocalStack Initialization Hook](https://docs.localstack.cloud/references/init-hooks/) to setup the bucket.
+
+To use LocalStack with your S3 binding, you need to provide the `endpoint` configuration in the component metadata. The `endpoint` is unnecessary when running against production AWS.
+
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+    name: aws-s3
+    namespace: default
+spec:
+  type: bindings.aws.s3
+  version: v1
+  metadata:
+    - name: bucket
+      value: conformance-test-docker
+    - name: endpoint
+      value: "http://localhost:4566"
+    - name: accessKey
+      value: "my-access"
+    - name: secretKey
+      value: "my-secret"
+    - name: region
+      value: "us-east-1"
+```
+
+{{% /codetab %}}
+
+{{% codetab %}}
+
+To use the S3 component, you need to use an existing bucket. Follow the [AWS documentation for creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html).
+
+{{% /codetab %}}
+
+
+
+{{< /tabs >}}
+
 ## Binding support
 
 This component supports **output binding** with the following operations:

daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md

@@ -25,6 +25,10 @@ spec:
     value: service_account
   - name: projectId
     value: <PROJECT_ID> # replace
+  - name: endpoint # Optional. 
+    value: "http://localhost:8085"
+  - name: consumerID # Optional - defaults to the app's own ID
+    value: <CONSUMER_ID> 
   - name: identityProjectId
     value: <IDENTITY_PROJECT_ID> # replace
   - name: privateKeyId
@@ -46,11 +50,17 @@ spec:
   - name: disableEntityManagement
     value: "false"
   - name: enableMessageOrdering
-    value: "false"
+    value: "false"  
+  - name: orderingKey # Optional
+    value: <ORDERING_KEY>
   - name: maxReconnectionAttempts # Optional
     value: 30
   - name: connectionRecoveryInSec # Optional
     value: 2
+  - name: deadLetterTopic # Optional
+    value: <EXISTING_PUBSUB_TOPIC>
+  - name: maxDeliveryAttempts # Optional
+    value: 5
 ```
 {{% alert title="Warning" color="warning" %}}
 The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
@@ -60,8 +70,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 
 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
-| type           | N | GCP credentials type. Only `service_account` is supported. Defaults to `service_account`  | `service_account`
 | projectId     | Y | GCP project id| `myproject-123`
+| endpoint       | N  | GCP endpoint for the component to use. Only used for local development (for example) with [GCP Pub/Sub Emulator](https://cloud.google.com/pubsub/docs/emulator). The `endpoint` is unnecessary when running against the GCP production API. | `"http://localhost:8085"`
+| `consumerID`         | N        | The Consumer ID organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the consumer ID is not set, the Dapr runtime will set it to the Dapr application ID. The `consumerID`, along with the `topic` provided as part of the request, are used to build the Pub/Sub subscription ID |
 | identityProjectId | N | If the GCP pubsub project is different from the identity project, specify the identity project using this attribute  | `"myproject-123"`
 | privateKeyId | N | If using explicit credentials, this field should contain the `private_key_id` field from the service account json document | `"my-private-key"`
 | privateKey    | N |  If using explicit credentials, this field should contain the `private_key` field from the service account json | `-----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B`
@@ -73,18 +84,78 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 | clientX509CertUrl | N | If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json | `https://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com`
 | disableEntityManagement | N | When set to `"true"`, topics and subscriptions do not get created automatically. Default: `"false"` | `"true"`, `"false"`
 | enableMessageOrdering | N | When set to `"true"`, subscribed messages will be received in order, depending on publishing and permissions configuration. | `"true"`, `"false"`
+| orderingKey |N | The key provided in the request. It's used when `enableMessageOrdering` is set to `true` to order messages based on such key. | "my-orderingkey"
 | maxReconnectionAttempts | N  |Defines the maximum number of reconnect attempts. Default: `30` | `30`
 | connectionRecoveryInSec | N  |Time in seconds to wait between connection recovery attempts. Default: `2` | `2`
+| deadLetterTopic | N  | Name of the GCP Pub/Sub Topic. This topic **must** exist before using this component.  | `"myapp-dlq"`
+| maxDeliveryAttempts | N  | Maximum number of attempts to deliver the message. If `deadLetterTopic` is specified, `maxDeliveryAttempts` is the maximum number of attempts for failed processing of messages. Once that number is reached, the message will be moved to the dead-letter topic. Default: `5` | `5`
+| type           | N | **DEPRECATED** GCP credentials type. Only `service_account` is supported. Defaults to `service_account`  | `service_account`
+
+
 
 {{% alert title="Warning" color="warning" %}}
 If `enableMessageOrdering` is set to "true", the roles/viewer or roles/pubsub.viewer role will be required on the service account in order to guarantee ordering in cases where order tokens are not embedded in the messages. If this role is not given, or the call to Subscription.Config() fails for any other reason, ordering by embedded order tokens will still function correctly.
 {{% /alert %}}
 
+## GCP Credentials
+
+Since the GCP Pub/Sub component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained further in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
+
 ## Create a GCP Pub/Sub
+
+{{< tabs "Self-Hosted" "GCP" >}}
+
+{{% codetab %}}
+For local development, the [GCP Pub/Sub Emulator](https://cloud.google.com/pubsub/docs/emulator) is used to test the GCP Pub/Sub Component. Follow [these instructions](https://cloud.google.com/pubsub/docs/emulator#start) to run the GCP Pub/Sub Emulator.
+
+To run the GCP Pub/Sub Emulator locally using Docker, use the following `docker-compose.yaml`:
+
+```yaml
+version: '3'
+services:
+  pubsub:
+    image: gcr.io/google.com/cloudsdktool/cloud-sdk:422.0.0-emulators
+    ports:
+      - "8085:8085"
+    container_name: gcp-pubsub
+    entrypoint: gcloud beta emulators pubsub start --project local-test-prj --host-port 0.0.0.0:8085
+
+```
+
+In order to use the GCP Pub/Sub Emulator with your pub/sub binding, you need to provide the `endpoint` configuration in the component metadata. The `endpoint` is unnecessary when running against the GCP Production API.
+
+The **projectId** attribute must match the `--project` used in either the `docker-compose.yaml` or Docker command.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: gcp-pubsub
+spec:
+  type: pubsub.gcp.pubsub
+  version: v1
+  metadata:
+  - name: projectId
+    value: "local-test-prj"
+  - name: consumerID
+    value: "testConsumer"
+  - name: endpoint
+    value: "localhost:8085"
+```
+
+{{% /codetab %}}
+
+
+{{% codetab %}}
+
 You can use either "explicit" or "implicit" credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the `projectId` attribute is needed, all other are optional.
 
 Follow the instructions [here](https://cloud.google.com/pubsub/docs/quickstart-console) on setting up Google Cloud Pub/Sub system.
 
+{{% /codetab %}}
+
+{{< /tabs >}}
+
 ## Related links
 - [Basic schema for a Dapr component]({{< ref component-schema >}})
 - Read [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components

daprdocs/content/en/reference/components-reference/supported-state-stores/setup-firestore.md

@@ -21,30 +21,32 @@ spec:
   type: state.gcp.firestore
   version: v1
   metadata:
-  - name: type
-    value: <REPLACE-WITH-CREDENTIALS-TYPE> # Required. Example: "serviceaccount"
   - name: project_id
     value: <REPLACE-WITH-PROJECT-ID> # Required.
+  - name: endpoint # Optional. 
+    value: "http://localhost:8432"
   - name: private_key_id
-    value: <REPLACE-WITH-PRIVATE-KEY-ID> # Required.
+    value: <REPLACE-WITH-PRIVATE-KEY-ID> # Optional.
   - name: private_key
-    value: <REPLACE-WITH-PRIVATE-KEY> # Required.
+    value: <REPLACE-WITH-PRIVATE-KEY> # Optional, but Required if `private_key_id` is specified.
   - name: client_email
-    value: <REPLACE-WITH-CLIENT-EMAIL> # Required.
+    value: <REPLACE-WITH-CLIENT-EMAIL> # Optional, but Required if `private_key_id` is specified.
   - name: client_id
-    value: <REPLACE-WITH-CLIENT-ID> # Required.
+    value: <REPLACE-WITH-CLIENT-ID> # Optional, but Required if `private_key_id` is specified.
   - name: auth_uri
-    value: <REPLACE-WITH-AUTH-URI> # Required.
+    value: <REPLACE-WITH-AUTH-URI> # Optional.
   - name: token_uri
-    value: <REPLACE-WITH-TOKEN-URI> # Required.
+    value: <REPLACE-WITH-TOKEN-URI> # Optional.
   - name: auth_provider_x509_cert_url
-    value: <REPLACE-WITH-AUTH-X509-CERT-URL> # Required.
+    value: <REPLACE-WITH-AUTH-X509-CERT-URL> # Optional.
   - name: client_x509_cert_url
-    value: <REPLACE-WITH-CLIENT-x509-CERT-URL> # Required.
+    value: <REPLACE-WITH-CLIENT-x509-CERT-URL> # Optional.
   - name: entity_kind
     value: <REPLACE-WITH-ENTITY-KIND> # Optional. default: "DaprState"
   - name: noindex
     value: <REPLACE-WITH-BOOLEAN> # Optional. default: "false"
+  - name: type 
+    value: <REPLACE-WITH-CREDENTIALS-TYPE> # Deprecated.
 ```
 
 {{% alert title="Warning" color="warning" %}}
@@ -55,17 +57,23 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 
 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
-| type               | Y        | The credentials type | `"serviceaccount"`
 | project_id         | Y        | The ID of the GCP project to use | `"project-id"`
-| private_key_id     | Y        | The ID of the prvate key to use  | `"private-key-id"`
+| endpoint       | N  | GCP endpoint for the component to use. Only used for local development with (for example) [GCP Datastore Emulator](https://cloud.google.com/datastore/docs/tools/datastore-emulator). The `endpoint` is unnecessary when running against the GCP production API. | `"localhost:8432"`
-| client_email       | Y        | The email address for the client | `"eample@example.com"`
+| private_key_id     | N        | The ID of the prvate key to use  | `"private-key-id"`
-| client_id          | Y        | The client id value to use for authentication | `"client-id"`
+| privateKey         | N |  If using explicit credentials, this field should contain the `private_key` field from the service account json | `-----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B`
-| auth_uri           | Y        | The authentication URI to use | `"https://accounts.google.com/o/oauth2/auth"`
+| client_email       | N        | The email address for the client | `"eample@example.com"`
-| token_uri          | Y        | The token URI to query for Auth token | `"https://oauth2.googleapis.com/token"`
+| client_id          | N        | The client id value to use for authentication | `"client-id"`
-| auth_provider_x509_cert_url | Y | The auth provider certificate URL | `"https://www.googleapis.com/oauth2/v1/certs"`
+| auth_uri           | N        | The authentication URI to use | `"https://accounts.google.com/o/oauth2/auth"`
-| client_x509_cert_url | Y      | The client certificate URL | `"https://www.googleapis.com/robot/v1/metadata/x509/x"`
+| token_uri          | N        | The token URI to query for Auth token | `"https://oauth2.googleapis.com/token"`
+| auth_provider_x509_cert_url | N | The auth provider certificate URL | `"https://www.googleapis.com/oauth2/v1/certs"`
+| client_x509_cert_url | N      | The client certificate URL | `"https://www.googleapis.com/robot/v1/metadata/x509/x"`
 | entity_kind          | N      | The entity name in Filestore. Defaults to `"DaprState"` | `"DaprState"`
 | noindex              | N      | Whether to disable indexing of state entities. Use this setting if you encounter Firestore index size limitations. Defaults to `"false"` | `"true"`
+| type                 | N       | **DEPRECATED** The credentials type | `"serviceaccount"`
+
+
+## GCP Credentials
+Since the GCP Firestore component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
 
 ## Setup GCP Firestore
 
@@ -74,7 +82,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 {{% codetab %}}
 You can use the GCP Datastore emulator to run locally using the instructions [here](https://cloud.google.com/datastore/docs/tools/datastore-emulator).
 
-You can then interact with the server using `localhost:8081`.
+You can then interact with the server using `http://localhost:8432`.
 {{% /codetab %}}
 
 {{% codetab %}}

daprdocs/data/components/bindings/aws.yaml

@@ -8,7 +8,7 @@
     output: true
 - component: AWS S3
   link: s3
-  state: Alpha
+  state: Stable
   version: v1
   since: "1.0"
   features:

daprdocs/data/components/pubsub/gcp.yaml

@@ -1,6 +1,6 @@
 - component: GCP Pub/Sub
   link: setup-gcp-pubsub
-  state: Alpha
+  state: Stable
   version: v1
   since: "1.0"
   features:

daprdocs/data/components/state_stores/gcp.yaml

@@ -1,6 +1,6 @@
 - component: GCP Firestore
   link: setup-firestore
-  state: Alpha
+  state: Stable
   version: v1
   since: "1.0"
   features: