Merge branch 'v1.7' into v1.8

Signed-off-by: Nick Greenfield <nigreenf@microsoft.com>
2022-07-06 18:07:41 -07:00 · 2022-07-06 18:07:41 -07:00 · d9c48f7151
parent 281651ef8d dfbc33f110
commit d9c48f7151
3 changed files with 78 additions and 6 deletions
--- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md
+++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md
@ -0,0 +1,71 @@
+---
+type: docs
+title: "RouterChecker http request routing"
+linkTitle: "RouterChecker"
+description: "Use routerchecker middleware to block invalid http request routing"
+aliases:
+- /developing-applications/middleware/supported-middleware/middleware-routerchecker/
+---
+
+The RouterChecker HTTP [middleware]({{< ref middleware.md >}}) component leverages regexp to check the validity of HTTP request routing to prevent invalid routers from entering the Dapr cluster. In turn, the RouterChecker component filters out bad requests and reduces noise in the telemetry and log data.
+
+## Component format
+
+The RouterChecker applies a set of rules to the incoming HTTP request. You define these rules in the component metadata using regular expressions. In the following example, the HTTP request RouterChecker is set to validate all requests message against the `^[A-Za-z0-9/._-]+$`: regex.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: routerchecker 
+spec:
+  type: middleware.http.routerchecker
+  version: v1gi
+  metadata:
+  - name: rule
+    value: "^[A-Za-z0-9/._-]+$"
+```
+
+In this example, the above definition would result in the following PASS/FAIL cases:
+
+```shell
+PASS /v1.0/invoke/demo/method/method
+PASS /v1.0/invoke/demo.default/method/method
+PASS /v1.0/invoke/demo.default/method/01
+PASS /v1.0/invoke/demo.default/method/METHOD
+PASS /v1.0/invoke/demo.default/method/user/info
+PASS /v1.0/invoke/demo.default/method/user_info
+PASS /v1.0/invoke/demo.default/method/user-info
+
+FAIL /v1.0/invoke/demo.default/method/cat password
+FAIL /v1.0/invoke/demo.default/method/" AND 4210=4210 limit 1
+FAIL /v1.0/invoke/demo.default/method/"$(curl
+```
+
+## Spec metadata fields
+
+| Field | Details | Example |
+|-------|---------|---------|
+| rule | the regexp expression to be used by the HTTP request RouterChecker | `^[A-Za-z0-9/._-]+$`|
+
+## Dapr configuration
+
+To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}).
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Configuration
+metadata:
+  name: appconfig
+spec:
+  httpPipeline:
+    handlers:
+    - name: routerchecker 
+      type: middleware.http.routerchecker
+```
+
+## Related links
+
+- [Middleware]({{< ref middleware.md >}})
+- [Configuration concept]({{< ref configuration-concept.md >}})
+- [Configuration overview]({{< ref configuration-overview.md >}})
--- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
+++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
@ -35,8 +35,6 @@ spec:
    secretKeyRef:
      name: kafka-secrets
      key: saslPasswordSecret
-  - name: saslMechanism
-    value: "SHA-512"
  - name: maxMessageBytes # Optional.
    value: 1024
  - name: consumeRetryInterval # Optional.
@ -58,7 +56,6 @@ spec:
 | authType            | Y | Configure or disable authentication. Supported values: `none`, `password`, `mtls`, or `oidc` | `"password"`, `"none"`
 | saslUsername        | N | The SASL username used for authentication. Only required if `authType` is set to `"password"`. | `"adminuser"`
 | saslPassword        | N | The SASL password used for authentication. Can be `secretKeyRef` to use a [secret reference]({{< ref component-secrets.md >}}). Only required if `authType is set to `"password"`. | `""`, `"KeFg23!"`
-| saslMechanism      | N | The SASL Authentication Mechanism you wish to use. Only required if `authType` is set to `"password"`. Defaults to `PLAINTEXT` | `"SHA-512", "SHA-256", "PLAINTEXT"`
 | initialOffset       | N | The initial offset to use if no offset was previously committed. Should be "newest" or "oldest". Defaults to "newest". | `"oldest"`
 | maxMessageBytes     | N | The maximum size in bytes allowed for a single Kafka message. Defaults to 1024. | `2048`
 | consumeRetryInterval | N | The interval between retries when attempting to consume topics. Treats numbers without suffix as milliseconds. Defaults to 100ms. | `200ms` |
@ -116,7 +113,8 @@ spec:

 #### SASL Password

-Setting `authType` to `password` enables [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication. This requires setting the `saslUsername` and `saslPassword` fields.
+Setting `authType` to `password` enables [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication using the **PLAIN** mechanism. This requires setting
+the `saslUsername` and `saslPassword` fields. 

 ```yaml
 apiVersion: dapr.io/v1alpha1
@ -142,8 +140,6 @@ spec:
    secretKeyRef:
      name: kafka-secrets
      key: saslPasswordSecret
-  - name: saslMechanism
-    value: "SHA-512"
  - name: maxMessageBytes # Optional.
    value: 1024
  - name: consumeRetryInterval # Optional.
--- a/daprdocs/data/components/middleware/http.yaml
+++ b/daprdocs/data/components/middleware/http.yaml
@ -28,6 +28,11 @@
  state: Alpha
  version: v1
  description: Use Sentinel middleware to guarantee the reliability and resiliency of your application
+- component: RouterChecker
+  link: middleware-routerchecker
+  state: Alpha
+  version: v1
+  description: Use RouterChecker middleware to block invalid http request routing
 - component: Uppercase
  link: middleware-uppercase
  state: Stable