mirror of https://github.com/dapr/docs.git
Restructuring middleware docs pages (#1190)
* First pass at restructuring the middleware docs pages * Tweaks * Updating custom middleware instructions. Grammatical tweak re: secrets in metadata values. * Adding descriptions for each middleware component to the supported middleware table * Table allignment * Various tweaks * its versus it's * Making Quickstart capitalized again * Better OAuth spec links for the two grant flows currently supported * Fixing two sentences * Update middleware-overview.md * Update middleware-bearer.md * Update middleware-oauth2.md * Update middleware-oauth2clientcredentials.md * Update middleware-opa.md * Update middleware-rate-limit.md * Update middleware-uppercase.md * Update middleware-rate-limit.md * Update middleware-opa.md * Update middleware-oauth2.md * Update middleware-bearer.md * Update middleware-oauth2.md * Update middleware-bearer.md * Update middleware-oauth2clientcredentials.md * Update middleware-opa.md * Update middleware-rate-limit.md * Update middleware-uppercase.md * Update daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials.md Co-authored-by: Mukundan Sundararajan <musundar@microsoft.com> * Update daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-rate-limit.md Co-authored-by: Mukundan Sundararajan <musundar@microsoft.com> * Update daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-opa.md Co-authored-by: Mukundan Sundararajan <musundar@microsoft.com> * Update daprdocs/content/en/developing-applications/middleware/middleware-overview.md Co-authored-by: Mukundan Sundararajan <musundar@microsoft.com> * Tweaks per PR * Small tweak * Small tweak Co-authored-by: Mark Fussell <mfussell@microsoft.com> Co-authored-by: Mukundan Sundararajan <musundar@microsoft.com> Co-authored-by: Ori Zohar <orzohar@microsoft.com>
This commit is contained in:
parent
de25be0407
commit
bbc10f8b4d
|
@ -33,34 +33,7 @@ spec:
|
|||
type: middleware.http.uppercase
|
||||
```
|
||||
|
||||
## Writing a custom middleware
|
||||
|
||||
Dapr uses [FastHTTP](https://github.com/valyala/fasthttp) to implement it's HTTP server. Hence, your HTTP middleware needs to be written as a FastHTTP handler. Your middleware needs to implement a middleware interface, which defines a **GetHandler** method that returns a **fasthttp.RequestHandler**:
|
||||
|
||||
```go
|
||||
type Middleware interface {
|
||||
GetHandler(metadata Metadata) (func(h fasthttp.RequestHandler) fasthttp.RequestHandler, error)
|
||||
}
|
||||
```
|
||||
|
||||
Your handler implementation can include any inbound logic, outbound logic, or both:
|
||||
|
||||
```go
|
||||
func GetHandler(metadata Metadata) fasthttp.RequestHandler {
|
||||
return func(h fasthttp.RequestHandler) fasthttp.RequestHandler {
|
||||
return func(ctx *fasthttp.RequestCtx) {
|
||||
// inboud logic
|
||||
h(ctx) // call the downstream handler
|
||||
// outbound logic
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Adding new middleware components
|
||||
Your middleware component can be contributed to the [components-contrib repository](https://github.com/dapr/components-contrib/tree/master/middleware).
|
||||
|
||||
Then submit another pull request against the [Dapr runtime repository](https://github.com/dapr/dapr) to register the new middleware type. You'll need to modify the **Load()** method in [registry.go]( https://github.com/dapr/dapr/blob/master/pkg/components/middleware/http/registry.go) to register your middleware using the **Register** method.
|
||||
|
||||
## Next steps
|
||||
|
||||
* [Middleware overview]({{< ref middleware-overview.md >}})
|
||||
* [How-To: Configure API authorization with OAuth]({{< ref oauth.md >}})
|
||||
|
|
|
@ -3,5 +3,5 @@ type: docs
|
|||
title: "Middleware"
|
||||
linkTitle: "Middleware"
|
||||
weight: 50
|
||||
description: "Customize Dapr processing pipelines by adding middleware components"
|
||||
description: "Customize processing pipelines by adding middleware components"
|
||||
---
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
---
|
||||
type: docs
|
||||
title: "Overview"
|
||||
linkTitle: "Overview"
|
||||
description: "General overview on set up of middleware components for Dapr"
|
||||
weight: 10000
|
||||
type: docs
|
||||
---
|
||||
|
||||
Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. Middleware pipelines are defined in Dapr configuration files.
|
||||
As with other [building block components]({{< ref component-schema.md >}}), middleware components are extensible and can be found in the [components-contrib repo](https://github.com/dapr/components-contrib/tree/master/middleware/http).
|
||||
|
||||
Middleware in Dapr is described using a `Component` file with the following schema:
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: <COMPONENT NAME>
|
||||
namespace: <NAMESPACE>
|
||||
spec:
|
||||
type: middleware.http.<MIDDLEWARE TYPE>
|
||||
version: v1
|
||||
metadata:
|
||||
- name: <KEY>
|
||||
value: <VALUE>
|
||||
- name: <KEY>
|
||||
value: <VALUE>
|
||||
...
|
||||
```
|
||||
The type of middleware is determined by the `type` field. Component setting values such as rate limits, OAuth credentials and other settings are put in the `metadata` section.
|
||||
Even though metadata values can contain secrets in plain text, it is recommended that you use a [secret store]({{< ref component-secrets.md >}}).
|
||||
|
||||
Next, a Dapr [configuration]({{< ref configuration-overview.md >}}) defines the pipeline of middleware components for your application.
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: <COMPONENT NAME>
|
||||
type: middleware.http.<MIDDLEWARE TYPE>
|
||||
- name: <COMPONENT NAME>
|
||||
type: middleware.http.<MIDDLEWARE TYPE>
|
||||
```
|
||||
|
||||
## Writing a custom middleware
|
||||
|
||||
Dapr uses [FastHTTP](https://github.com/valyala/fasthttp) to implement its HTTP server. Hence, your HTTP middleware needs to be written as a FastHTTP handler. Your middleware needs to implement a middleware interface, which defines a **GetHandler** method that returns a **fasthttp.RequestHandler**:
|
||||
|
||||
```go
|
||||
type Middleware interface {
|
||||
GetHandler(metadata Metadata) (func(h fasthttp.RequestHandler) fasthttp.RequestHandler, error)
|
||||
}
|
||||
```
|
||||
|
||||
Your handler implementation can include any inbound logic, outbound logic, or both:
|
||||
|
||||
```go
|
||||
func GetHandler(metadata Metadata) fasthttp.RequestHandler {
|
||||
return func(h fasthttp.RequestHandler) fasthttp.RequestHandler {
|
||||
return func(ctx *fasthttp.RequestCtx) {
|
||||
// inboud logic
|
||||
h(ctx) // call the downstream handler
|
||||
// outbound logic
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Adding new middleware components
|
||||
|
||||
Your middleware component can be contributed to the [components-contrib repository](https://github.com/dapr/components-contrib/tree/master/middleware).
|
||||
|
||||
After the components-contrib change has been accepted, submit another pull request against the [Dapr runtime repository](https://github.com/dapr/dapr) to register the new middleware type. You'll need to modify **[runtime.WithHTTPMiddleware](https://github.com/dapr/dapr/blob/f4d50b1369e416a8f7b93e3e226c4360307d1313/cmd/daprd/main.go#L394-L424)** method in [cmd/daprd/main.go](https://github.com/dapr/dapr/blob/master/cmd/daprd/main.go) to register your middleware with Dapr's runtime.
|
||||
|
||||
## Related links
|
||||
|
||||
* [Middleware pipelines concept]({{< ref middleware-concept.md >}})
|
||||
* [Component schema]({{< ref component-schema.md >}})
|
||||
* [Configuration overview]({{< ref configuration-overview.md >}})
|
||||
* [Middleware quickstart](https://github.com/dapr/quickstarts/tree/master/middleware)
|
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
type: docs
|
||||
title: "How-To: Rate limiting"
|
||||
linkTitle: "Rate limiting"
|
||||
weight: 1000
|
||||
description: "Use Dapr rate limit middleware to limit requests per second"
|
||||
type: docs
|
||||
---
|
||||
|
||||
The Dapr Rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second.
|
||||
|
||||
## Middleware component definition
|
||||
|
||||
In the following definition, the maximum requests per second are set to 10:
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: ratelimit
|
||||
spec:
|
||||
type: middleware.http.ratelimit
|
||||
metadata:
|
||||
- name: maxRequestsPerSecond
|
||||
value: 10
|
||||
```
|
||||
Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*.
|
||||
|
||||
## Referencing the rate limit middleware
|
||||
|
||||
To be applied, the middleware must be referenced in a [Dapr Configuration]({{< ref configuration-concept.md >}}). See [Middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
## Related links
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Dapr configuration]({{< ref configuration-concept.md >}})
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
type: docs
|
||||
title: "Supported middleware"
|
||||
linkTitle: "Supported middleware"
|
||||
weight: 30000
|
||||
description: List of all the supported middleware components that can be injected in Dapr's processing pipeline.
|
||||
no_list: true
|
||||
---
|
||||
|
||||
### HTTP
|
||||
|
||||
| Name | Description | Status |
|
||||
|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|----------------------------|
|
||||
| [Rate limit]({{< ref middleware-rate-limit.md >}}) | Restricts the maximum number of allowed HTTP requests per second | Alpha |
|
||||
| [OAuth2]({{< ref middleware-oauth2.md >}}) | Enables the [OAuth2 Authorization Grant flow](https://tools.ietf.org/html/rfc6749#section-4.1) on a Web API | Alpha |
|
||||
| [OAuth2 client credentials]({{< ref middleware-oauth2clientcredentials.md >}}) | Enables the [OAuth2 Client Credentials Grant flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API | Alpha |
|
||||
| [Bearer]({{< ref middleware-bearer.md >}}) | Verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API | Alpha |
|
||||
| [Open Policy Agent]({{< ref middleware-opa.md >}}) | Applies [Rego/OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests | Alpha |
|
||||
| [Uppercase]({{< ref middleware-uppercase.md >}}) | Converts the body of the request to uppercase letters | GA (For local development) |
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
type: docs
|
||||
title: "Bearer"
|
||||
linkTitle: "Bearer"
|
||||
weight: 4000
|
||||
description: "Use bearer middleware to secure HTTP endpoints by verifying bearer tokens"
|
||||
type: docs
|
||||
---
|
||||
|
||||
The bearer [HTTP middleware]({{< ref middleware-concept.md >}}) verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
|
||||
|
||||
## Component format
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: bearer-token
|
||||
spec:
|
||||
type: middleware.http.bearer
|
||||
version: v1
|
||||
metadata:
|
||||
- name: clientId
|
||||
value: "<your client ID>"
|
||||
- name: issuerURL
|
||||
value: "https://accounts.google.com"
|
||||
```
|
||||
## Spec metadata fields
|
||||
|
||||
| Field | Details | Example |
|
||||
|----------------|---------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|
|
||||
| clientId | The client ID of your application that is created as part of a credential hosted by a OpenID Connect platform | |
|
||||
| issuerURL | URL identifier for the service. | `"https://accounts.google.com"`, `"https://login.salesforce.com"` |
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: bearer-token
|
||||
type: middleware.http.bearer
|
||||
```
|
||||
|
||||
## Related links
|
||||
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Configuration concept]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -0,0 +1,72 @@
|
|||
---
|
||||
type: docs
|
||||
title: "OAuth2"
|
||||
linkTitle: "OAuth2"
|
||||
weight: 2000
|
||||
description: "Use OAuth2 middleware to secure HTTP endpoints"
|
||||
---
|
||||
|
||||
The OAuth2 [HTTP middleware]({{< ref middleware-concept.md >}}) enables the [OAuth2 Authorization Code flow](https://tools.ietf.org/html/rfc6749#section-4.1) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
|
||||
|
||||
## Component format
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: oauth2
|
||||
spec:
|
||||
type: middleware.http.oauth2
|
||||
version: v1
|
||||
metadata:
|
||||
- name: clientId
|
||||
value: "<your client ID>"
|
||||
- name: clientSecret
|
||||
value: "<your client secret>"
|
||||
- name: scopes
|
||||
value: "https://www.googleapis.com/auth/userinfo.email"
|
||||
- name: authURL
|
||||
value: "https://accounts.google.com/o/oauth2/v2/auth"
|
||||
- name: tokenURL
|
||||
value: "https://accounts.google.com/o/oauth2/token"
|
||||
- name: redirectURL
|
||||
value: "http://dummy.com"
|
||||
- name: authHeaderName
|
||||
value: "authorization"
|
||||
- name: forceHTTPS
|
||||
value: "false"
|
||||
```
|
||||
## Spec metadata fields
|
||||
| Field | Details | Example |
|
||||
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------|
|
||||
| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
|
||||
| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
|
||||
| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` |
|
||||
| authURL | The endpoint of the OAuth2 authorization server | `"https://accounts.google.com/o/oauth2/v2/auth"` |
|
||||
| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` |
|
||||
| redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | `"https://myapp.com"` |
|
||||
| authHeaderName | The authorization header name to forward to your application | `"authorization"` |
|
||||
| forceHTTPS | If true, enforces the use of TLS/SSL | `"true"`,`"false"` |
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: oauth2
|
||||
type: middleware.http.oauth2
|
||||
```
|
||||
|
||||
## Related links
|
||||
- [Configure API authorization with OAuth]({{< ref oauth >}})
|
||||
- [Middleware OAuth quickstart](https://github.com/dapr/quickstarts/tree/master/middleware)
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Configuration concept]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -0,0 +1,72 @@
|
|||
---
|
||||
type: docs
|
||||
title: "OAuth2 client credentials"
|
||||
linkTitle: "OAuth2 client credentials"
|
||||
weight: 3000
|
||||
description: "Use OAuth2 client credentials middleware to secure HTTP endpoints"
|
||||
---
|
||||
|
||||
The OAuth2 client credentials [HTTP middleware]({{< ref middleware-concept.md >}}) enables the [OAuth2 Client Credentials flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code.
|
||||
|
||||
## Component format
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: oauth2clientcredentials
|
||||
spec:
|
||||
type: middleware.http.oauth2clientcredentials
|
||||
version: v1
|
||||
metadata:
|
||||
- name: clientId
|
||||
value: "<your client ID>"
|
||||
- name: clientSecret
|
||||
value: "<your client secret>"
|
||||
- name: scopes
|
||||
value: "https://www.googleapis.com/auth/userinfo.email"
|
||||
- name: tokenURL
|
||||
value: "https://accounts.google.com/o/oauth2/token"
|
||||
- name: headerName
|
||||
value: "authorization"
|
||||
```
|
||||
## Spec metadata fields
|
||||
|
||||
| Field | Details | Example |
|
||||
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|
|
||||
| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
|
||||
| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | |
|
||||
| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` |
|
||||
| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` |
|
||||
| headerName | The authorization header name to forward to your application | `"authorization"` |
|
||||
| endpointParamsQuery | Specifies additional parameters for requests to the token endpoint | `true` |
|
||||
| authStyle | Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below | `0` |
|
||||
|
||||
### Possible values for `authStyle`
|
||||
|
||||
| Value | Meaning |
|
||||
|-------|---------|
|
||||
| `1` | Sends the "client_id" and "client_secret" in the POST body as application/x-www-form-urlencoded parameters. |
|
||||
| `2` | Sends the "client_id" and "client_secret" using HTTP Basic Authorization. This is an optional style described in the [OAuth2 RFC 6749 section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1). |
|
||||
| `0` | Means to auto-detect which authentication style the provider wants by trying both ways and caching the successful way for the future. |
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in a [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: oauth2clientcredentials
|
||||
type: middleware.http.oauth2clientcredentials
|
||||
```
|
||||
|
||||
## Related links
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Configuration concept]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -1,15 +1,14 @@
|
|||
---
|
||||
type: docs
|
||||
title: "How-To: Apply Open Policy Agent (OPA) policies"
|
||||
linkTitle: "Apply OPA policies"
|
||||
weight: 2000
|
||||
description: "Use Dapr middleware to apply Open Policy Agent (OPA) policies on incoming requests"
|
||||
type: docs
|
||||
title: "Apply Open Policy Agent (OPA) policies"
|
||||
linkTitle: "Open Policy Agent (OPA)"
|
||||
weight: 6000
|
||||
description: "Use middleware to apply Open Policy Agent (OPA) policies on incoming requests"
|
||||
---
|
||||
|
||||
The Dapr Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware-concept.md >}}) allows applying [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints.
|
||||
The Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware-concept.md >}}) applys [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints.
|
||||
|
||||
## Middleware component definition
|
||||
## Component format
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
|
@ -21,8 +20,8 @@ spec:
|
|||
type: middleware.http.opa
|
||||
version: v1
|
||||
metadata:
|
||||
# `includedHeaders` is a comma-seperated set of case-insensitive headers to include in the request input.
|
||||
# Request headers are not passed to the policy by default. Include to recieve incoming request headers in
|
||||
# `includedHeaders` is a comma-separated set of case-insensitive headers to include in the request input.
|
||||
# Request headers are not passed to the policy by default. Include to receive incoming request headers in
|
||||
# the input
|
||||
- name: includedHeaders
|
||||
value: "x-my-custom-header, x-jwt-header"
|
||||
|
@ -69,6 +68,30 @@ spec:
|
|||
|
||||
You can prototype and experiment with policies using the [official opa playground](https://play.openpolicyagent.org). For example, [you can find the example policy above here](https://play.openpolicyagent.org/p/oRIDSo6OwE).
|
||||
|
||||
## Spec metadata fields
|
||||
|
||||
| Field | Details | Example |
|
||||
|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|
|
||||
| rego | The Rego policy language | See above |
|
||||
| defaultStatus | The status code to return for denied responses | `"https://accounts.google.com"`, `"https://login.salesforce.com"` |
|
||||
| includedHeaders | A comma-separated set of case-insensitive headers to include in the request input. Request headers are not passed to the policy by default. Include to receive incoming request headers in the input | `"x-my-custom-header, x-jwt-header"` |
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: my-policy
|
||||
type: middleware.http.opa
|
||||
```
|
||||
|
||||
## Input
|
||||
|
||||
This middleware supplies a [`HTTPRequest`](#httprequest) as input.
|
||||
|
@ -95,7 +118,7 @@ type HTTPRequest struct {
|
|||
query map[string][]string
|
||||
// The request headers
|
||||
// NOTE: By default, no headers are included. You must specify what headers
|
||||
// you want to recieve via `spec.metadata.includedHeaders` (see above)
|
||||
// you want to receive via `spec.metadata.includedHeaders` (see above)
|
||||
headers map[string]string
|
||||
// The request scheme (e.g. http, https)
|
||||
scheme string
|
||||
|
@ -184,4 +207,7 @@ type Result struct {
|
|||
## Related links
|
||||
|
||||
- [Open Policy Agent](https://www.openpolicyagent.org)
|
||||
- [HTTP API Example](https://www.openpolicyagent.org/docs/latest/http-api-authorization/)
|
||||
- [HTTP API example](https://www.openpolicyagent.org/docs/latest/http-api-authorization/)
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Configuration concept]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
type: docs
|
||||
title: "Rate limiting"
|
||||
linkTitle: "Rate limiting"
|
||||
weight: 1000
|
||||
description: "Use rate limit middleware to limit requests per second"
|
||||
---
|
||||
|
||||
The rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second. Rate limiting can protect your application from denial of service (DOS) attacks. DOS attacks can be initiated by malicious 3rd parties but also by bugs in your software (a.k.a. a "friendly fire" DOS attack).
|
||||
|
||||
## Component format
|
||||
|
||||
In the following definition, the maximum requests per second are set to 10:
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: ratelimit
|
||||
spec:
|
||||
type: middleware.http.ratelimit
|
||||
metadata:
|
||||
- name: maxRequestsPerSecond
|
||||
value: 10
|
||||
```
|
||||
|
||||
## Spec metadata fields
|
||||
|
||||
| Field | Details | Example |
|
||||
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
|
||||
| maxRequestsPerSecond | The maximum requests per second by remote IP and path. Something to consider is that **the limit is enforced independently in each Dapr sidecar and not cluster wide** | `10` |
|
||||
|
||||
Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*.
|
||||
|
||||
Alternatively, the [max concurrency setting]({{< ref control-concurrency.md >}}) can be used to rate limit applications and applies to all traffic regardless of remote IP or path.
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: ratelimit
|
||||
type: middleware.http.ratelimit
|
||||
```
|
||||
|
||||
## Related links
|
||||
|
||||
- [Control max concurrently]({{< ref control-concurrency.md >}})
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Dapr configuration]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
type: docs
|
||||
title: "Uppercase request body"
|
||||
linkTitle: "Uppercase"
|
||||
weight: 9999
|
||||
description: "Test your HTTP pipeline is functioning with the uppercase middleware"
|
||||
---
|
||||
|
||||
The uppercase [HTTP middleware]({{< ref middleware-concept.md >}}) converts the body of the request to uppercase letters and is used for testing that the pipeline is functioning. It should only be used for local development.
|
||||
|
||||
## Component format
|
||||
|
||||
In the following definition, the maximum requests per second are set to 10:
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Component
|
||||
metadata:
|
||||
name: uppercase
|
||||
spec:
|
||||
type: middleware.http.uppercase
|
||||
```
|
||||
|
||||
This component has no `metadata` to configure.
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
kind: Configuration
|
||||
metadata:
|
||||
name: appconfig
|
||||
spec:
|
||||
httpPipeline:
|
||||
handlers:
|
||||
- name: uppercase
|
||||
type: middleware.http.uppercase
|
||||
```
|
||||
|
||||
## Related links
|
||||
|
||||
- [Middleware concept]({{< ref middleware-concept.md >}})
|
||||
- [Configuration concept]({{< ref configuration-concept.md >}})
|
||||
- [Configuration overview]({{< ref configuration-overview.md >}})
|
|
@ -33,7 +33,7 @@ spec:
|
|||
```
|
||||
|
||||
The type of pub/sub is determined by the `type` field, and properties such as connection strings and other metadata are put in the `.metadata` section.
|
||||
Even though you can put plain text secrets in there, it is recommended you use a [secret store]({{< ref component-secrets.md >}}) using a `secretKeyRef`
|
||||
Even though metadata values can contain secrets in plain text, it is recommended you use a [secret store]({{< ref component-secrets.md >}}) using a `secretKeyRef`.
|
||||
|
||||
Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring and using pub/sub components.
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ spec:
|
|||
```
|
||||
|
||||
The type of database is determined by the `type` field, and things like connection strings and other metadata are put in the `.metadata` section.
|
||||
Even though you can put plain text secrets in there, it is recommended you use a [secret store]({{< ref component-secrets.md >}}).
|
||||
Even though metadata values can contain secrets in plain text, it is recommended you use a [secret store]({{< ref component-secrets.md >}}).
|
||||
|
||||
Visit [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to configure a state store component.
|
||||
|
||||
|
|
Loading…
Reference in New Issue