Merge branch 'master' into http-wasm-middleware-config

.build-tools/builtin-authentication-profiles.yaml

@@ -13,6 +13,14 @@ aws:
         required: true
         sensitive: true
         example: '"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"'
+      - name: sessionToken
+        required: false
+        sensitive: true
+        description: |
+          AWS session token to use. A session token is only required if you are using
+          temporary security credentials.
+        example: '"TOKEN"'
+        type: string
   - title: "AWS: Credentials from Environment Variables"
     description: Use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the environment
 
@@ -95,3 +103,72 @@ azuread:
           - AzurePublicCloud
           - AzureChinaCloud
           - AzureUSGovernmentCloud
+
+gcp:
+  - title: "GCP API Authentication with Service Account Key"
+    description: |
+      Authenticate authenticates API calls with the given service account or refresh token JSON credentials.
+    metadata:
+      - name: privateKeyID
+        required: true
+        sensitive: true
+        description: |
+          The GCP private key id. Replace with the value of "private_key_id" field of the Service Account Key file.
+        example: '"privateKeyID"'
+      - name: privateKey
+        required: true
+        sensitive: true
+        description: |
+          The GCP credentials private key. Replace with the value of "private_key" field of the Service Account Key file.
+        example: '"-----BEGIN PRIVATE KEY-----\nMIIE...\\n-----END PRIVATE KEY-----\n"'
+      - name: type
+        type: string
+        required: false
+        description: |
+          The GCP credentials type.
+        example: '"service_account"'
+        allowedValues:
+          - service_account
+      - name: projectID
+        type: string
+        required: true
+        description: |
+          GCP project id.
+        example: '"projectID"'
+      - name: clientEmail
+        type: string
+        required: true
+        description: |
+          GCP client email.
+        example: '"[email protected]"'
+      - name: clientID
+        type: string
+        required: true
+        description: |
+          The GCP client ID.
+        example: '"0123456789-0123456789"'
+      - name: authURI
+        type: string
+        required: false
+        description: |
+          The GCP account OAuth2 authorization server endpoint URI.
+        example: '"https://accounts.google.com/o/oauth2/auth"'
+      - name: tokenURI
+        type: string
+        required: false
+        description: |
+         The GCP account token server endpoint URI.
+        example: '"https://oauth2.googleapis.com/token"'
+      - name: authProviderX509CertURL
+        type: string
+        required: false
+        description: |
+          The GCP URL of the public x509 certificate, used to verify the signature
+           on JWTs, such as ID tokens, signed by the authentication provider.
+        example: '"https://www.googleapis.com/oauth2/v1/certs"'
+      - name: clientX509CertURL
+        type: string
+        required: false
+        description: |
+          The GCP URL of the public x509 certificate, used to verify JWTs signed by the client.
+        example: '"https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com"'

.build-tools/go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/invopop/jsonschema v0.6.0
 	github.com/spf13/cobra v1.6.1
 	github.com/xeipuuv/gojsonschema v1.2.1-0.20201027075954-b076d39a02e5
-	golang.org/x/exp v0.0.0-20230711153332-06a737ee72cb
+	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b
 	gopkg.in/yaml.v3 v3.0.1
 	sigs.k8s.io/yaml v1.3.0
 )

.build-tools/go.sum

@@ -37,8 +37,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.1-0.20201027075954-b076d39a02e5 h1:ImnGIsrcG8vwbovhYvvSY8fagVV6QhCWSWXfzwGDLVs=
 github.com/xeipuuv/gojsonschema v1.2.1-0.20201027075954-b076d39a02e5/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-golang.org/x/exp v0.0.0-20230711153332-06a737ee72cb h1:xIApU0ow1zwMa2uL1VDNeQlNVFTWMQxZUZCMDy0Q4Us=
-golang.org/x/exp v0.0.0-20230711153332-06a737ee72cb/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=

.github/infrastructure/terraform/conformance/state/aws/dynamodb/dynamodb.tf

@@ -34,6 +34,10 @@ resource "aws_dynamodb_table" "conformance_test_basic_table" {
   billing_mode   = "PROVISIONED"
   read_capacity  = "10"
   write_capacity = "10"
+  ttl {
+    attribute_name = "expiresAt"
+    enabled        = true
+  }
   attribute {
     name = "key"
     type = "S"

.github/workflows/certification.yml

@@ -258,7 +258,7 @@ jobs:
         set +e
         gotestsum --jsonfile ${{ env.TEST_OUTPUT_FILE_PREFIX }}_certification.json \
           --junitfile ${{ env.TEST_OUTPUT_FILE_PREFIX }}_certification.xml --format standard-quiet -- \
-          -coverprofile=cover.out -covermode=set -tags=certtests -coverpkg=${{ matrix.source-pkg }}
+          -coverprofile=cover.out -covermode=set -tags=certtests -timeout=30m -coverpkg=${{ matrix.source-pkg }}
         status=$?
         echo "Completed certification tests for ${{ matrix.component }} ... "
         if test $status -ne 0; then

.golangci.yml

@@ -124,6 +124,8 @@ linters-settings:
       - "golang.org/x/net/context": "must use context"
       - "github.com/pkg/errors": "must use standard library (errors package and/or fmt.Errorf)"
       - "github.com/Sirupsen/logrus": "must use github.com/dapr/kit/logger"
+      - "github.com/labstack/gommon/log": "must use github.com/dapr/kit/logger"
+      - "github.com/gobuffalo/logger": "must use github.com/dapr/kit/logger"
       - "github.com/agrea/ptr": "must use github.com/dapr/kit/ptr"
       - "github.com/cenkalti/backoff$": "must use github.com/cenkalti/backoff/v4"
       - "github.com/cenkalti/backoff/v2": "must use github.com/cenkalti/backoff/v4"
@@ -133,6 +135,14 @@ linters-settings:
       - "github.com/golang-jwt/jwt/v4": "must use github.com/lestrrat-go/jwx/v2"
       - "github.com/lestrrat-go/jwx/jwa": "must use github.com/lestrrat-go/jwx/v2"
       - "github.com/lestrrat-go/jwx/jwt": "must use github.com/lestrrat-go/jwx/v2"
+      - "github.com/lestrrat-go/jwx/jws": "must use github.com/lestrrat-go/jwx/v2"
+      - "github.com/gogo/status": "must use google.golang.org/grpc/status"
+      - "github.com/gogo/protobuf": "must use google.golang.org/protobuf"
+      - "k8s.io/utils/pointer": "must use github.com/dapr/kit/ptr"
+      - "k8s.io/utils/ptr": "must use github.com/dapr/kit/ptr"
+      - "github.com/ghodss/yaml": "must use sigs.k8s.io/yaml"
+      - "gopkg.in/yaml.v2": "must use gopkg.in/yaml.v3"
+      - "github.com/go-chi/chi$": "must use github.com/go-chi/chi/v5"
   misspell:
     # Correct spellings using locale preferences for US or UK.
     # Default is to use a neutral variety of English.

bindings/aws/s3/metadata.yaml

@@ -0,0 +1,78 @@
+# yaml-language-server: $schema=../../../component-metadata-schema.json
+schemaVersion: v1
+type: bindings
+name: aws.s3
+version: v1
+status: stable
+title: "AWS S3"
+urls:
+  - title: Reference
+    url: https://docs.dapr.io/reference/components-reference/supported-bindings/s3/
+binding:
+  output: true
+  operations:
+    - name: create
+      description: "Create blob"
+    - name: get
+      description: "Get blob"
+    - name: delete
+      description: "Delete blob"
+    - name: list
+      description: "List blob"
+capabilities: []
+builtinAuthenticationProfiles:
+  - name: "aws"
+metadata:
+  - name: bucket
+    required: true
+    description: |
+      The name of the S3 bucket to write to.
+    example: '"bucket"'
+    type: string
+  - name: region
+    required: true
+    description: |
+      The specific AWS region where the S3 bucket is located.
+    example: '"us-east-1"'
+    type: string
+  - name: endpoint
+    required: false
+    description: |
+      AWS endpoint for the component to use, to connect to S3-compatible services or emulators.
+      Do not use this when running against production AWS.
+    example: '"http://localhost:4566"'
+    type: string
+  - name: forcePathStyle
+    description: |
+      Currently Amazon S3 SDK supports virtual-hosted-style and path-style access.
+      When false (the default), uses virtual-hosted-style format, i.e.: `https://<your bucket>.<endpoint>/<key>`. 
+      When true, uses path-style format, i.e.: `https://<endpoint>/<your bucket>/<key>`.
+    type: bool
+    default: 'false'
+    example: '"true", "false"'
+  - name: decodeBase64
+    description: |
+      Configuration to decode base64 file content before saving to bucket storage.
+      (In case of saving a file with binary content).
+    type: bool
+    default: 'false'
+    example: '"true", "false"'
+  - name: encodeBase64
+    description: |
+      Configuration to encode base64 file content before returning the content.
+      (In case of opening a file with binary content).
+    type: bool
+    default: 'false'
+    example: '"true", "false"'
+  - name: disableSSL
+    description: |
+      Allows to connect to non-`https://` endpoints. 
+    type: bool
+    default: 'false'
+    example: '"true", "false"'
+  - name: insecureSSL
+    description: |
+      When connecting to `https://` endpoints, accepts self-signed or invalid certificates.
+    type: bool
+    default: 'false'
+    example: '"true", "false"'

bindings/aws/s3/s3.go

@@ -63,20 +63,20 @@ type AWSS3 struct {
 
 type s3Metadata struct {
 	// Ignored by metadata parser because included in built-in authentication profile
-	AccessKey string `json:"accessKey" mapstructure:"accessKey" mdignore:"true"`
-	SecretKey string `json:"secretKey" mapstructure:"secretKey" mdignore:"true"`
+	AccessKey    string `json:"accessKey" mapstructure:"accessKey" mdignore:"true"`
+	SecretKey    string `json:"secretKey" mapstructure:"secretKey" mdignore:"true"`
+	SessionToken string `json:"sessionToken" mapstructure:"sessionToken" mdignore:"true"`
 
 	Region         string `json:"region" mapstructure:"region"`
 	Endpoint       string `json:"endpoint" mapstructure:"endpoint"`
-	SessionToken   string `json:"sessionToken" mapstructure:"sessionToken"`
 	Bucket         string `json:"bucket" mapstructure:"bucket"`
 	DecodeBase64   bool   `json:"decodeBase64,string" mapstructure:"decodeBase64"`
 	EncodeBase64   bool   `json:"encodeBase64,string" mapstructure:"encodeBase64"`
 	ForcePathStyle bool   `json:"forcePathStyle,string" mapstructure:"forcePathStyle"`
 	DisableSSL     bool   `json:"disableSSL,string" mapstructure:"disableSSL"`
 	InsecureSSL    bool   `json:"insecureSSL,string" mapstructure:"insecureSSL"`
-	FilePath       string `mapstructure:"filePath"`
-	PresignTTL     string `mapstructure:"presignTTL"`
+	FilePath       string `json:"filePath" mapstructure:"filePath"   mdignore:"true"`
+	PresignTTL     string `json:"presignTTL" mapstructure:"presignTTL"  mdignore:"true"`
 }
 
 type createResponse struct {

bindings/azure/openai/metadata.yaml

@@ -31,8 +31,4 @@ metadata:
   - name: endpoint
     required: true
     description: "Endpoint of the Azure OpenAI service"
-    example: '"https://myopenai.openai.azure.com"'
-  - name: deploymentID
-    required: true
-    description: "ID of the model deployment in the Azure OpenAI service"
-    example: '"my-model"'
+    example: '"https://myopenai.openai.azure.com"'