Merge branch 'v1.11' into issue_3423

2023-06-29 17:03:58 -07:00 · 2023-06-29 17:03:58 -07:00 · b40f30c8cf
parent 0804779f01 f2f5f1e03e
commit b40f30c8cf
9 changed files with 106 additions and 9 deletions
--- a/daprdocs/content/en/concepts/security-concept.md
+++ b/daprdocs/content/en/concepts/security-concept.md
@ -211,6 +211,21 @@ The Dapr threat model is below.

 ## Security audit

+### June 2023
+
+In June 2023, Dapr completed a fuzzing audit done by Ada Logics.
+
+The audit achieved the following:
+
+- OSS-Fuzz integration
+- 39 new fuzzers for Dapr
+- Fuzz test coverage for Dapr Runtime, Kit and Components-contrib
+- All fuzzers running continuously after the audit has completed
+
+You can find the full report [here](/docs/Dapr-june-2023-fuzzing-audit-report.pdf).
+
+3 issues were found during the audit.
+
 ### February 2021

 In February 2021, Dapr went through a 2nd security audit targeting its 1.0 release by Cure53.
@ -255,4 +270,4 @@ Visit [this page]({{< ref support-security-issues.md >}}) to report a security i

 ## Related links

-[Operational Security]({{< ref "security.md" >}})
+[Operational Security]({{< ref "security.md" >}})
--- a/daprdocs/content/en/operations/support/support-release-policy.md
+++ b/daprdocs/content/en/operations/support/support-release-policy.md
@ -32,8 +32,8 @@ Patch support is for supported versions (current and previous).

 The Dapr's sidecar image is published to both [GitHub Container Registry](https://github.com/dapr/dapr/pkgs/container/daprd) and [Docker Registry](https://hub.docker.com/r/daprio/daprd/tags). The default image contains all components. From version 1.11, Dapr also offers a variation of the sidecar image, containing only stable components.

-* Default sidecar images: `daprio/daprd:<version>` or `ghcr.io/dapr/daprd:<version>` (for example `ghcr.io/dapr/daprd:1.11.0`)
-* Sidecar images for stable components: `daprio/daprd:<version>-stablecomponents` or `ghcr.io/dapr/daprd:<version>-stablecomponents` (for example `ghcr.io/dapr/daprd:1.11.0-stablecomponents`)
+* Default sidecar images: `daprio/daprd:<version>` or `ghcr.io/dapr/daprd:<version>` (for example `ghcr.io/dapr/daprd:1.11.1`)
+* Sidecar images for stable components: `daprio/daprd:<version>-stablecomponents` or `ghcr.io/dapr/daprd:<version>-stablecomponents` (for example `ghcr.io/dapr/daprd:1.11.1-stablecomponents`)

 On Kubernetes, the sidecar image can be overwritten for the application Deployment resource with the `dapr.io/sidecar-image` annotation. See more about [Dapr's arguments and annotations]({{<ref "arguments-annotations-overview.md" >}}). The default 'daprio/daprd:latest' image is used if not specified.

@ -45,6 +45,7 @@ The table below shows the versions of Dapr releases that have been tested togeth

 | Release date | Runtime     | CLI  | SDKs  | Dashboard  | Status |
 |--------------------|:--------:|:--------|---------|---------|---------|
+| June 22nd 2023 | 1.11.1</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) |
 | June 12th 2023 | 1.11.0</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) |
 | May 15th 2023 | 1.10.7</br>  | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported |
 | May 12th 2023 | 1.10.6</br>  | 1.10.0 | Java 1.8.0 </br>Go 1.7.0 </br>PHP 1.1.0 </br>Python 1.9.0 </br>.NET 1.10.0 </br>JS 3.0.0 | 0.11.0 | Supported |
@ -116,8 +117,8 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h
 |                          |                 1.9.6 |                   1.10.7 |
 | 1.8.0 to 1.8.6           |                   N/A |                    1.9.6 |
 | 1.9.0                    |                   N/A |                    1.9.6 |
-| 1.10.0                   |                   N/A |                   1.10.7 |
-| 1.11.0                   |                   N/A |                   1.11.0 |
+| 1.10.0                   |                   N/A |                   1.10.8 |
+| 1.11.0                   |                   N/A |                   1.11.1 |


 ## Upgrade on Hosting platforms
--- a/daprdocs/content/en/reference/api/bindings_api.md
+++ b/daprdocs/content/en/reference/api/bindings_api.md
@ -37,6 +37,45 @@ If running on kubernetes apply the component to your cluster.

 > **Note:** In production never place passwords or secrets within Dapr component files. For information on securely storing and retrieving secrets using secret stores refer to [Setup Secret Store]({{< ref setup-secret-store >}})

+### Binding direction (optional)
+
+In some scenarios, it would be useful to provide additional information to Dapr to indicate the direction supported by the binding component. 
+Providing the supported binding direction helps the Dapr sidecar avoid the `"wait for the app to become ready"` state, where it waits indefinitely for the application to become available.
+
+You can specify the `direction` field as part of the component's metadata. The valid values for this field are: 
+- `"input"`
+- `"output"`
+- `"input, output"`
+
+Here a few scenarios when the `"direction"` metadata field could help:
+
+- When an application (detached from the sidecar) runs as a serverless workload and is scaled to zero, the `"wait for the app to become ready"` check done by the Dapr sidecar becomes pointless.
+
+- If the detached Dapr sidecar is scaled to zero and the application reaches the sidecar (before even starting an HTTP server), the `"wait for the app to become ready"` deadlocks the app and the sidecar into waiting for each other.
+
+### Example
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: kafkaevent
+spec:
+  type: bindings.kafka
+  version: v1
+  metadata:
+  - name: brokers
+    value: "http://localhost:5050"
+  - name: topics
+    value: "someTopic"
+  - name: publishTopic
+    value: "someTopic2"
+  - name: consumerGroup
+    value: "group1"
+  - name: "direction"
+    value: "input, output"
+```
+
 ## Invoking Service Code Through Input Bindings

 A developer who wants to trigger their app using an input binding can listen on a `POST` http endpoint with the route name being the same as `metadata.name`.
--- a/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md
+++ b/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md
@ -153,6 +153,36 @@ curl -X POST http://localhost:3500/v1.0/bindings/myServiceBusQueue \

 {{< /tabs >}}

+## Schedule a message
+
+A message can be scheduled for delayed processing.
+
+To schedule a message, use the `metadata` section in the request body during the binding invocation: the field name is `ScheduledEnqueueTimeUtc`.
+
+The supported timestamp formats are [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339).
+
+{{< tabs "Linux">}}
+
+{{% codetab %}}
+
+```shell
+curl -X POST http://localhost:3500/v1.0/bindings/myServiceBusQueue \
+  -H "Content-Type: application/json" \
+  -d '{
+        "data": {
+          "message": "Hi"
+        },
+        "metadata": {
+          "ScheduledEnqueueTimeUtc": "Tue, 02 Jan 2024 15:04:05 GMT"
+        },
+        "operation": "create"
+      }'
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
 ## Related links

 - [Basic schema for a Dapr component]({{< ref component-schema >}})
--- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md
+++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md
@ -22,22 +22,30 @@ spec:
  version: v1
  metadata:
    - name: audience
-      value: "<your token audience; e.g. the application's client ID>"
+      value: "<your token audience; i.e. the application's client ID>"
    - name: issuer
      value: "<your token issuer, e.g. 'https://accounts.google.com'>"

    # Optional values
    - name: jwksURL
-      value: "https://accounts.google.com/.well-known/openid-configuration"
+      value: "<JWKS URL, e.g. 'https://accounts.google.com/.well-known/openid-configuration'>"
 ```
+
 ## Spec metadata fields

 | Field | Required | Details | Example |
 |-------|:--------:|---------|---------|
 | `audience` | Y | The audience expected in the tokens. Usually, this corresponds to the client ID of your application that is created as part of a credential hosted by a OpenID Connect platform. | 
-| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`, `"https://login.salesforce.com"`
+| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`
 | `jwksURL` | N | Address of the JWKS (JWK Set containing the public keys for verifying tokens). If empty, will try to fetch the URL set in the OpenID Configuration document `<issuer>/.well-known/openid-configuration`.  | `"https://accounts.google.com/.well-known/openid-configuration"`

+Common values for `issuer` include:
+
+- Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application
+- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID
+- Google: `https://accounts.google.com`
+- Salesforce (Force.com): `https://login.salesforce.com`
+
 ## Dapr configuration

 To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}).
--- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md
+++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md
@ -137,6 +137,8 @@ To set Azure Service Bus metadata when sending a message, set the query paramete

 > **Note:** The `metadata.MessageId` property does not set the `id` property of the cloud event returned by Dapr and should be treated in isolation.

+> **Note:** The `metadata.ScheduledEnqueueTimeUtc` property supports the [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) timestamp formats.
+
 ### Receiving a message with metadata

 When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata.
--- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md
+++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md
@ -142,6 +142,8 @@ To set Azure Service Bus metadata when sending a message, set the query paramete

 > **NOTE:** If the `metadata.SessionId` property is not set but the topic requires sessions then an empty session id will be used.

+> **NOTE:** The `metadata.ScheduledEnqueueTimeUtc` property supports the [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) timestamp formats.
+
 ### Receiving a message with metadata

 When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata.
--- a/daprdocs/layouts/shortcodes/dapr-latest-version.html
+++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html
@ -1 +1 @@
-{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.0{{ else if .Get "cli" }}1.11.0{{ else }}1.11.0{{ end -}}
+{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.1{{ else if .Get "cli" }}1.11.0{{ else }}1.11.1{{ end -}}
--- a/daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf
+++ b/daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf