Merge branch 'v1.11' into ts-azure-app-config-subscribe-interval

2023-07-05 18:17:50 -04:00 · 2023-07-05 18:17:50 -04:00 · acc4b990d5
parent 8780bf5ff3 1d82e02130
commit acc4b990d5
8 changed files with 68 additions and 20 deletions
--- a/daprdocs/content/en/reference/api/secrets_api.md
+++ b/daprdocs/content/en/reference/api/secrets_api.md
@ -28,26 +28,20 @@ name | the name of the secret to get

 #### Query Parameters

-Some secret stores have **optional** metadata properties. metadata is populated using query parameters:
+Some secret stores support **optional**, per-request metadata properties. Use query parameters to provide those properties. For example:

 ```
 GET http://localhost:<daprPort>/v1.0/secrets/<secret-store-name>/<name>?metadata.version_id=15
 ```

-##### GCP Secret Manager
-The following optional meta can be provided to the GCP Secret Manager component
+Observe that not all secret stores support the same set of parameters. For example:
+- Hashicorp Vault, GCP Secret Manager and AWS Secret Manager support the `version_id` parameter
+- Only AWS Secret Manager supports the `version_stage` parameter 
+- Only Kubernetes Secrets supports the `namespace` parameter
+Check each [secret store's documentation]({{< ref supported-secret-stores.md >}}) for the list of supported parameters.

-Query Parameter | Description
--------- | -----------
-metadata.version_id | version for the given secret key

-##### AWS Secret Manager
-The following optional meta can be provided to the AWS Secret Manager component

-Query Parameter | Description
--------- | -----------
-metadata.version_id | version for the given secret key
-metadata.version_stage | version stage for the given secret key

 ### HTTP Response

@ -101,17 +95,11 @@ Code | Description
 ### Examples

 ```shell
-curl http://localhost:3500/v1.0/secrets/vault/db-secret
+curl http://localhost:3500/v1.0/secrets/mySecretStore/db-secret
 ```

 ```shell
-curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&metadata.version_stage=AAA
-```
-
-> Note, in case of deploying into namespace other than  default, the above query will also have to include the namespace metadata (e.g. `production` below)
-
-```shell
-curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&?metadata.namespace=production
+curl http://localhost:3500/v1.0/secrets/myAwsSecretStore/db-secret?metadata.version_id=15&metadata.version_stage=production
 ```

 ## Get Bulk Secret
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/alicloud-oos-parameter-store.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/alicloud-oos-parameter-store.md
@ -43,6 +43,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
 | accessKeySecret    | Y        | The AlibabaCloud Access Key Secret to access this resource              | `"accessKeySecret"`  |
 | securityToken      | N        | The AlibabaCloud Security Token to use                                  | `"securityToken"`    |

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api.md#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key
+`metadata.path` | (For bulk requests only) The path from the metadata. If not set, defaults to root path (all secrets).
+
 ## Create an AlibabaCloud OOS Parameter Store instance

 Setup AlibabaCloud OOS Parameter Store using the AlibabaCloud documentation: https://www.alibabacloud.com/help/en/doc-detail/186828.html.
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/aws-secret-manager.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/aws-secret-manager.md
@ -48,6 +48,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
 When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.  
 {{% /alert %}}

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key.
+`metadata.version_stage` | Version stage for the given secret key.
+
 ## Create an AWS Secrets Manager instance

 Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
@ -53,6 +53,15 @@ The Azure Key Vault secret store component supports authentication with Azure AD

 Additionally, you must provide the authentication fields as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key.
+`metadata.maxresults` | (For bulk requests only) Number of secrets to return, after which the request will be truncated.
+
 ## Example

 ### Prerequisites
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/gcp-secret-manager.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/gcp-secret-manager.md
@ -61,6 +61,14 @@ The above example uses secrets as plain strings. It is recommended to use a loca
 | client_x509_cert_url | N | The certificate URL for the client | `"https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com"`|
 | private_key | Y | The private key for authentication | `"privateKey"` |

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to the GCP Secret Manager component:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key.
+
 ## Setup GCP Secret Manager instance

 Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/hashicorp-vault.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/hashicorp-vault.md
@ -66,6 +66,14 @@ The above example uses secrets as plain strings. It is recommended to use a loca
 | enginePath | N | The [engine](https://www.vaultproject.io/api-docs/secret/kv/kv-v2) path in vault. Defaults to `"secret"` | `"kv"`, `"any"` |
 | vaultValueType | N | Vault value type. `map` means to parse the value into `map[string]string`, `text` means to use the value as a string. 'map' sets the `multipleKeyValuesPerSecret` behavior. `text` makes Vault behave as a secret store with name/value semantics.  Defaults to `"map"` | `"map"`, `"text"` |

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to Hashicorp Vault secret store component:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key.
+
 ## Setup Hashicorp Vault instance

 {{< tabs "Self-Hosted" "Kubernetes" >}}
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/huaweicloud-csms.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/huaweicloud-csms.md
@ -40,6 +40,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
 | accessKey       |    Y     | The HuaweiCloud Access Key to access this resource               | `"accessKey"`       |
 | secretAccessKey |    Y     | The HuaweiCloud Secret Access Key to access this resource        | `"secretAccessKey"` |

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.version_id` | Version for the given secret key.
+
+
 ## Setup HuaweiCloud Cloud Secret Management Service (CSMS) instance

 Setup HuaweiCloud Cloud Secret Management Service (CSMS) using the HuaweiCloud documentation: https://support.huaweicloud.com/intl/en-us/usermanual-dew/dew_01_9993.html.
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/kubernetes-secret-store.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/kubernetes-secret-store.md
@ -34,6 +34,14 @@ spec:
 ## Spec metadata fields
 For the Kubernetes secret store component, there are no metadata attributes.

+## Optional per-request metadata properties
+
+The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to Kubernetes secret store component:
+
+Query Parameter | Description
+--------- | -----------
+`metadata.namespace`| The namespace of the secret. If not specified, the namespace of the pod is used.
+
 ## Related links
 - [Secrets building block]({{< ref secrets >}})
 - [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})