diff --git a/.github/holopin.yml b/.github/holopin.yml new file mode 100644 index 00000000000..44a7f0c8a4f --- /dev/null +++ b/.github/holopin.yml @@ -0,0 +1,6 @@ +organization: dapr +defaultSticker: clmjkxscc122740fl0mkmb7egi +stickers: + - + id: clmjkxscc122740fl0mkmb7egi + alias: ghc2023 diff --git a/daprdocs/config.toml b/daprdocs/config.toml index 959683fbf3b..c5f2f7bee40 100644 --- a/daprdocs/config.toml +++ b/daprdocs/config.toml @@ -124,6 +124,18 @@ id = "G-60C6Q1ETC1" source = "../translations/docs-zh/content/sdks_dotnet" target = "content/developing-applications/sdks/dotnet" lang = "zh-hans" + [[module.mounts]] + source = "../translations/docs-zh/content/sdks_java" + target = "content/developing-applications/sdks/java" + lang = "zh-hans" + [[module.mounts]] + source = "../translations/docs-zh/content/sdks_go" + target = "content/developing-applications/sdks/go" + lang = "zh-hans" + [[module.mounts]] + source = "../translations/docs-zh/content/sdks_js" + target = "content/developing-applications/sdks/js" + lang = "zh-hans" # Markdown Engine - Allow inline html [markup] @@ -181,7 +193,7 @@ url_latest_version = "https://docs.dapr.io" url = "#" [[params.versions]] version = "v1.12 (latest)" - url = "https://docs.dapr.io" + url = "#" [[params.versions]] version = "v1.11" url = "https://v1-11.docs.dapr.io" diff --git a/daprdocs/content/en/concepts/security-concept.md b/daprdocs/content/en/concepts/security-concept.md index d7ceef443b4..64667e34d4b 100644 --- a/daprdocs/content/en/concepts/security-concept.md +++ b/daprdocs/content/en/concepts/security-concept.md @@ -81,7 +81,7 @@ The diagram below shows how the Sentry system service issues certificates for ap ### Preventing IP addresses on Dapr -To prevent Dapr sidecars from being called on any IP address (especially in production environments such as Kubernetes), Dapr restricts its listening IP addresses only to `localhost`. Use the [dapr-listen-addresses]({{}}) setting you need to enable other addresses. +To prevent Dapr sidecars from being called on any IP address (especially in production environments such as Kubernetes), Dapr restricts its listening IP addresses to `localhost`. Use the [dapr-listen-addresses]({{}}) setting if you need to enable access from external addresses. ## Secure Dapr to application communication diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-runtime-config.md b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-runtime-config.md index ce7008c1962..99b08040217 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-runtime-config.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-runtime-config.md @@ -59,7 +59,7 @@ public void ConfigureServices(IServiceCollection services) services.AddSingleton(); } ``` -[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}). +[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}). {{% /codetab %}} diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-timers-reminders.md b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-timers-reminders.md index e889e6317aa..8168aa39b8b 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/actors-timers-reminders.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/actors-timers-reminders.md @@ -137,7 +137,7 @@ Refer [api spec]({{< ref "actors_api.md#invoke-reminder" >}}) for more details. ## Error handling -When an actor's method completes successfully, the runtime will contineu to invoke the method at the specified timer or reminder schedule. However, if the method throws an exception, the runtime catches it and logs the error message in the Dapr sidecar logs, without retrying. +When an actor's method completes successfully, the runtime will continue to invoke the method at the specified timer or reminder schedule. However, if the method throws an exception, the runtime catches it and logs the error message in the Dapr sidecar logs, without retrying. To allow actors to recover from failures and retry after a crash or restart, you can persist an actor's state by configuring a state store, like Redis or Azure Cosmos DB. diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors-partitioning.md b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors-partitioning.md index ad3473d9093..0d4017096e9 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors-partitioning.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors-partitioning.md @@ -57,7 +57,7 @@ public void ConfigureServices(IServiceCollection services) } ``` -[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}). +[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}). {{% /codetab %}} diff --git a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md index 9a309f26604..16c7bbf4383 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md +++ b/daprdocs/content/en/developing-applications/building-blocks/actors/howto-actors.md @@ -26,7 +26,7 @@ Alternatively, you can use [Dapr SDKs to use actors]({{< ref "developing-applica ## Save state with actors -You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state mangement capabaility. +You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state management capabaility. To use actors, your state store must support multi-item transactions. This means your state store component must implement the `TransactionalStore` interface. diff --git a/daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md b/daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md index 980a39f79a3..5df403fb7b4 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md @@ -76,14 +76,14 @@ Read the [Use output bindings to interface with external resources guide]({{< re ## Binding directions (optional) -You can provide the `direction` metadata field to indicate the direction(s) supported by the binding component. In doing so, the Dapr sidecar avoids the `"wait for the app to become ready"` state reducing the lifecycle dependency between the Dapr sidecar and the application: +You can provide the `direction` metadata field to indicate the direction(s) supported by the binding component. In doing so, the Dapr sidecar avoids the `"wait for the app to become ready"` state, reducing the lifecycle dependency between the Dapr sidecar and the application: - `"input"` - `"output"` - `"input, output"` {{% alert title="Note" color="primary" %}} -It is highly recommended that all bindings should include the `direction` property. +It is highly recommended that all input bindings should include the `direction` property. {{% /alert %}} [See a full example of the bindings `direction` metadata.]({{< ref "bindings_api.md#binding-direction-optional" >}}) diff --git a/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md b/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md index 79792f588cc..48e582a3c37 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md @@ -45,7 +45,7 @@ While both HTTP and gRPC are supported in the alpha release, using the gRPC APIs ### Cryptographic components -The Dapr cryptography building block incldues two kinds of components: +The Dapr cryptography building block includes two kinds of components: - **Components that allow interacting with management services or vaults ("key vaults").** Similar to how Dapr offers an "abstraction layer" on top of various secret stores or state stores, these components allow interacting with various key vaults such as Azure Key Vault (with more coming in future Dapr releases). With these components, cryptographic operations on the private keys are performed within the vaults and Dapr never sees your private keys. diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-bulk.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-bulk.md index 3961d37570d..5228b5975e3 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-bulk.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-bulk.md @@ -81,13 +81,13 @@ async function start() { { entryID: "entry-2", contentType: "application/cloudevents+json", - event: { + event: { specversion: "1.0", source: "/some/source", type: "example", - id: "1234", - data: "foo message 2", - datacontenttype: "text/plain" + id: "1234", + data: "foo message 2", + datacontenttype: "text/plain" }, }, { @@ -115,7 +115,7 @@ using System.Collections.Generic; using Dapr.Client; const string PubsubName = "my-pubsub-name"; -const string TopicName = "topic-a"; +const string TopicName = "topic-a"; IReadOnlyList BulkPublishData = new List() { new { Id = "17", Amount = 10m }, new { Id = "18", Amount = 20m }, @@ -130,10 +130,10 @@ if (res == null) { } if (res.FailedEntries.Count > 0) { - Console.WriteLine("Some events failed to be published!"); + Console.WriteLine("Some events failed to be published!"); foreach (var failedEntry in res.FailedEntries) { - Console.WriteLine("EntryId: " + failedEntry.Entry.EntryId + " Error message: " + + Console.WriteLine("EntryId: " + failedEntry.Entry.EntryId + " Error message: " + failedEntry.ErrorMessage); } } @@ -205,7 +205,7 @@ func main() { { "entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002", "event": { - "message": "second JSON message" + "message": "second JSON message" }, "contentType": "application/json" } @@ -236,7 +236,7 @@ curl -X POST http://localhost:3500/v1.0-alpha1/publish/bulk/my-pubsub-name/topic { "entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002", "event": { - "message": "second JSON message" + "message": "second JSON message" }, "contentType": "application/json" }, @@ -258,7 +258,7 @@ Invoke-RestMethod -Method Post -ContentType 'application/json' -Uri 'http://loca { "entryId": "b1f40bd6-4af2-11ed-b878-0242ac120002", "event": { - "message": "second JSON message" + "message": "second JSON message" }, "contentType": "application/json" }, @@ -271,7 +271,7 @@ Invoke-RestMethod -Method Post -ContentType 'application/json' -Uri 'http://loca ## Subscribing messages in bulk -The bulk subscribe API allows you to subscribe multiple messages from a topic in a single request. +The bulk subscribe API allows you to subscribe multiple messages from a topic in a single request. As we know from [How to: Publish & Subscribe to topics]({{< ref howto-publish-subscribe.md >}}), there are two ways to subscribe to topic(s): - **Declaratively** - subscriptions are defined in an external file. @@ -286,7 +286,7 @@ metadata: name: order-pub-sub spec: topic: orders - routes: + routes: default: /checkout pubsubname: order-pub-sub bulkSubscribe: @@ -300,11 +300,11 @@ scopes: In the example above, `bulkSubscribe` is _optional_. If you use `bulkSubscribe`, then: - `enabled` is mandatory and enables or disables bulk subscriptions on this topic -- You can optionally configure the max number of messages (`maxMessagesCount`) delivered in a bulk message. -Default value of `maxMessagesCount` for components not supporting bulk subscribe is 100 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}). +- You can optionally configure the max number of messages (`maxMessagesCount`) delivered in a bulk message. +Default value of `maxMessagesCount` for components not supporting bulk subscribe is 100 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}). If a component supports bulk subscribe, then default value for this parameter can be found in that component doc. - You can optionally provide the max duration to wait (`maxAwaitDurationMs`) before a bulk message is sent to the app. -Default value of `maxAwaitDurationMs` for components not supporting bulk subscribe is 1000 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}). +Default value of `maxAwaitDurationMs` for components not supporting bulk subscribe is 1000 i.e. for default bulk events between App and Dapr. Please refer [How components handle publishing and subscribing to bulk messages]({{< ref pubsub-bulk >}}). If a component supports bulk subscribe, then default value for this parameter can be found in that component doc. The application receives an `EntryId` associated with each entry (individual message) in the bulk message. This `EntryId` must be used by the app to communicate the status of that particular entry. If the app fails to notify on an `EntryId` status, it's considered a `RETRY`. @@ -313,16 +313,16 @@ A JSON-encoded payload body with the processing status against each entry needs ```json { - "statuses": - [ + "statuses": + [ { "entryId": "", "status": "" - }, + }, { "entryId": "", "status": "" - } + } ] } ``` @@ -477,37 +477,21 @@ For event publish/subscribe, two kinds of network transfers are involved. 1. From/To *App* To/From *Dapr*. 1. From/To *Dapr* To/From *Pubsub Broker*. -These are the opportunities where optimization is possible. When optimized, a Bulk requests are, which reduce number of overall calls and thus increase throughput and provide better latency. +These are the opportunities where optimization is possible. When optimized, Bulk requests are made, which reduce the overall number of calls and thus increases throughput and provides better latency. On enabling Bulk Publish and/or Bulk Subscribe, the communication between the App and Dapr sidecar (Point 1 above) is optimized for **all components**. -Optimization from Dapr sidecar to the pub/sub broker would depend on a number of factors, for example: -- If the broker inherently supports Bulk pub/sub -- If the Dapr component is updated to support the use of bulk APIs provided by the broker. +Optimization from Dapr sidecar to the pub/sub broker depends on a number of factors, for example: +- Broker must inherently support Bulk pub/sub +- The Dapr component must be updated to support the use of bulk APIs provided by the broker Currently, the following components are updated to support this level of optimization: - - - - - - - - - - - - - - - - - - - - - -
ComponentBulk PublishBulk Subscribe
KafkaYesYes
Azure ServicebusYesYes
Azure EventhubsYesYes
+ +| Component | Bulk Publish | Bulk Subscribe | +|:--------------------:|:--------:|--------| +| Kafka | Yes | Yes | +| Azure Servicebus | Yes | Yes | +| Azure Eventhubs | Yes | Yes | ## Demos diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-cloudevents.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-cloudevents.md index b6f46bb2970..ca14d145eae 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-cloudevents.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-cloudevents.md @@ -106,7 +106,7 @@ with DaprClient() as client: result = client.publish_event( pubsub_name='order_pub_sub', topic_name='orders', - publish_metadata={'cloudevent.id: 'd99b228f-6c73-4e78-8c4d-3f80a043d317', cloudevent.source: 'payment'} + publish_metadata={'cloudevent.id': 'd99b228f-6c73-4e78-8c4d-3f80a043d317', 'cloudevent.source': 'payment'} ) ``` @@ -160,7 +160,7 @@ The JSON payload then reflects the new `source` and `id` values: ``` {{% alert title="Important" color="warning" %}} -While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telementry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}}) +While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telemetry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}}) {{% /alert %}} diff --git a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md index ed6b72cc38d..041dcec8b82 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md @@ -114,7 +114,7 @@ All Dapr pub/sub components support the at-least-once guarantee. ### Consumer groups and competing consumers pattern -Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explict consumer group overrides. +Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explicit consumer group overrides. When multiple instances of the same application (with same `app-id`) subscribe to a topic, Dapr delivers each message to *only one instance of **that** application*. This concept is illustrated in the diagram below. diff --git a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-outbox.md b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-outbox.md index c53930f2acd..2831802729a 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-outbox.md +++ b/daprdocs/content/en/developing-applications/building-blocks/state-management/howto-outbox.md @@ -109,4 +109,4 @@ spec: Watch [this video for an overview of the outbox pattern](https://youtu.be/rTovKpG0rhY?t=1338):
- + diff --git a/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md b/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md index 923bc37947e..f5b6dae8b6d 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md +++ b/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md @@ -63,10 +63,6 @@ When you create an application with workflow code and run it with Dapr, you can [Learn more about how manage a workflow using HTTP calls.]({{< ref workflow_api.md >}}) -### Manage other workflow runtimes with workflow components - -You can call other workflow runtimes (for example, Temporal and Netflix Conductor) by writing your own workflow component. - ## Workflow patterns Dapr Workflow simplifies complex, stateful coordination requirements in microservice architectures. The following sections describe several application patterns that can benefit from Dapr Workflow. @@ -109,8 +105,9 @@ Want to skip the quickstarts? Not a problem. You can try out the workflow buildi With Dapr Workflow in beta stage comes the following limitation(s): -- **State stores:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, you're not able to use NoSQL databases. Only SQL databases are supported in the latest release. -- **Application instances:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, only a maximum of 2 application instances is supported. +- **State stores:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, using the NoSQL databases as a state store results in limitations around storing internal states. For example, CosmosDB has a maximum single operation item limit of only 100 states in a single request. + +- **Horizontal scaling:** For the {{% dapr-latest-version cli="true" %}} beta release of Dapr Workflow, if you scale out Dapr sidecars or your application pods to more than 2, then the concurrency of the workflow execution drops. It is recommended to test with 1 or 2 instances, and no more than 2. ## Watch the demo diff --git a/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md b/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md index 9d23a64062f..c7aebca4e9e 100644 --- a/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md +++ b/daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md @@ -109,21 +109,53 @@ catch (TaskFailedException) // Task failures are surfaced as TaskFailedException ```java -public static void main(String[] args) throws InterruptedException { - DaprWorkflowClient client = new DaprWorkflowClient(); +public class ChainWorkflow extends Workflow { + @Override + public WorkflowStub create() { + return ctx -> { + StringBuilder sb = new StringBuilder(); + String wfInput = ctx.getInput(String.class); + String result1 = ctx.callActivity("Step1", wfInput, String.class).await(); + String result2 = ctx.callActivity("Step2", result1, String.class).await(); + String result3 = ctx.callActivity("Step3", result2, String.class).await(); + String result = sb.append(result1).append(',').append(result2).append(',').append(result3).toString(); + ctx.complete(result); + }; + } +} - try (client) { - client.raiseEvent(instanceId, "TestEvent", "TestEventPayload"); + class Step1 implements WorkflowActivity { - System.out.println(separatorStr); - System.out.println("** Registering parallel Events to be captured by allOf(t1,t2,t3) **"); - client.raiseEvent(instanceId, "event1", "TestEvent 1 Payload"); - client.raiseEvent(instanceId, "event2", "TestEvent 2 Payload"); - client.raiseEvent(instanceId, "event3", "TestEvent 3 Payload"); - System.out.printf("Events raised for workflow with instanceId: %s\n", instanceId); + @Override + public Object run(WorkflowActivityContext ctx) { + Logger logger = LoggerFactory.getLogger(Step1.class); + logger.info("Starting Activity: " + ctx.getName()); + // Do some work + return null; + } + } - } -} + class Step2 implements WorkflowActivity { + + @Override + public Object run(WorkflowActivityContext ctx) { + Logger logger = LoggerFactory.getLogger(Step2.class); + logger.info("Starting Activity: " + ctx.getName()); + // Do some work + return null; + } + } + + class Step3 implements WorkflowActivity { + + @Override + public Object run(WorkflowActivityContext ctx) { + Logger logger = LoggerFactory.getLogger(Step3.class); + logger.info("Starting Activity: " + ctx.getName()); + // Do some work + return null; + } + } ``` {{% /codetab %}} @@ -225,46 +257,23 @@ await context.CallActivityAsync("PostResults", sum); ```java -public static void main(String[] args) throws InterruptedException { - DaprWorkflowClient client = new DaprWorkflowClient(); - - try (client) { - - System.out.println(separatorStr); - System.out.println("**SendExternalMessage**"); - client.raiseEvent(instanceId, "TestEvent", "TestEventPayload"); - - // Get events to process in parallel - System.out.println(separatorStr); - System.out.println("** Registering parallel Events to be captured by allOf(t1,t2,t3) **"); - client.raiseEvent(instanceId, "event1", "TestEvent 1 Payload"); - client.raiseEvent(instanceId, "event2", "TestEvent 2 Payload"); - client.raiseEvent(instanceId, "event3", "TestEvent 3 Payload"); - System.out.printf("Events raised for workflow with instanceId: %s\n", instanceId); - - // Register the raised events to be captured - System.out.println(separatorStr); - System.out.println("** Registering Event to be captured by anyOf(t1,t2,t3) **"); - client.raiseEvent(instanceId, "e2", "event 2 Payload"); - System.out.printf("Event raised for workflow with instanceId: %s\n", instanceId); - - // Wait for all tasks to complete and aggregate results - System.out.println(separatorStr); - System.out.println("**WaitForInstanceCompletion**"); - try { - WorkflowInstanceStatus waitForInstanceCompletionResult = - client.waitForInstanceCompletion(instanceId, Duration.ofSeconds(60), true); - System.out.printf("Result: %s%n", waitForInstanceCompletionResult); - } catch (TimeoutException ex) { - System.out.printf("waitForInstanceCompletion has an exception:%s%n", ex); +public class FaninoutWorkflow extends Workflow { + @Override + public WorkflowStub create() { + return ctx -> { + // Get a list of N work items to process in parallel. + Object[] workBatch = ctx.callActivity("GetWorkBatch", Object[].class).await(); + // Schedule the parallel tasks, but don't wait for them to complete yet. + List> tasks = Arrays.stream(workBatch) + .map(workItem -> ctx.callActivity("ProcessWorkItem", workItem, int.class)) + .collect(Collectors.toList()); + // Everything is scheduled. Wait here until all parallel tasks have completed. + List results = ctx.allOf(tasks).await(); + // Aggregate all N outputs and publish the result. + int sum = results.stream().mapToInt(Integer::intValue).sum(); + ctx.complete(sum); + }; } - - System.out.println(separatorStr); - System.out.println("**purgeInstance**"); - boolean purgeResult = client.purgeInstance(instanceId); - System.out.printf("purgeResult: %s%n", purgeResult); - - } } ``` @@ -640,42 +649,34 @@ public override async Task RunAsync(WorkflowContext context, OrderP ```java -public static void main(String[] args) throws InterruptedException { - DaprWorkflowClient client = new DaprWorkflowClient(); - - try (client) { - String eventInstanceId = client.scheduleNewWorkflow(DemoWorkflow.class); - System.out.printf("Started new workflow instance with random ID: %s%n", eventInstanceId); - client.raiseEvent(eventInstanceId, "TestException", null); - System.out.printf("Event raised for workflow with instanceId: %s\n", eventInstanceId); - - System.out.println(separatorStr); - String instanceToTerminateId = "terminateMe"; - client.scheduleNewWorkflow(DemoWorkflow.class, null, instanceToTerminateId); - System.out.printf("Started new workflow instance with specified ID: %s%n", instanceToTerminateId); - - TimeUnit.SECONDS.sleep(5); - System.out.println("Terminate this workflow instance manually before the timeout is reached"); - client.terminateWorkflow(instanceToTerminateId, null); - System.out.println(separatorStr); - - String restartingInstanceId = "restarting"; - client.scheduleNewWorkflow(DemoWorkflow.class, null, restartingInstanceId); - System.out.printf("Started new workflow instance with ID: %s%n", restartingInstanceId); - System.out.println("Sleeping 30 seconds to restart the workflow"); - TimeUnit.SECONDS.sleep(30); - - System.out.println("**SendExternalMessage: RestartEvent**"); - client.raiseEvent(restartingInstanceId, "RestartEvent", "RestartEventPayload"); - - System.out.println("Sleeping 30 seconds to terminate the eternal workflow"); - TimeUnit.SECONDS.sleep(30); - client.terminateWorkflow(restartingInstanceId, null); - } - - System.out.println("Exiting DemoWorkflowClient."); - System.exit(0); +public class ExternalSystemInteractionWorkflow extends Workflow { + @Override + public WorkflowStub create() { + return ctx -> { + // ...other steps... + Integer orderCost = ctx.getInput(int.class); + // Require orders over a certain threshold to be approved + if (orderCost > ORDER_APPROVAL_THRESHOLD) { + try { + // Request human approval for this order + ctx.callActivity("RequestApprovalActivity", orderCost, Void.class).await(); + // Pause and wait for a human to approve the order + boolean approved = ctx.waitForExternalEvent("ManagerApproval", Duration.ofDays(3), boolean.class).await(); + if (!approved) { + // The order was rejected, end the workflow here + ctx.complete("Process reject"); + } + } catch (TaskCanceledException e) { + // An approval timeout results in automatic order cancellation + ctx.complete("Process cancel"); + } + } + // ...other steps... + // End the workflow with a success result + ctx.complete("Process approved"); + }; + } } ``` diff --git a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md index 59dce6d2305..d25f63f11c8 100644 --- a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md +++ b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md @@ -3,5 +3,5 @@ type: docs title: "Authenticate to Azure" linkTitle: "Authenticate to Azure" weight: 1600 -description: "Learn about authenticating Azure components using Azure Active Directory or Managed Identities" +description: "Learn about authenticating Azure components using Microsoft Entra ID or Managed Identities" --- \ No newline at end of file diff --git a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md index b020548eeef..6e4ffbeee3d 100644 --- a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md +++ b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md @@ -2,27 +2,27 @@ type: docs title: "Authenticating to Azure" linkTitle: "Overview" -description: "How to authenticate Azure components using Azure AD and/or Managed Identities" +description: "How to authenticate Azure components using Microsoft Entra ID and/or Managed Identities" aliases: - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/" - "/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity/" weight: 10000 --- -Most Azure components for Dapr support authenticating with Azure AD (Azure Active Directory). Thanks to this: +Most Azure components for Dapr support authenticating with Microsoft Entra ID. Thanks to this: - Administrators can leverage all the benefits of fine-tuned permissions with Azure Role-Based Access Control (RBAC). - Applications running on Azure services such as Azure Container Apps, Azure Kubernetes Service, Azure VMs, or any other Azure platform services can leverage [Managed Identities (MI)](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) and [Workload Identity](https://learn.microsoft.com/azure/aks/workload-identity-overview). These offer the ability to authenticate your applications without having to manage sensitive credentials. -## About authentication with Azure AD +## About authentication with Microsoft Entra ID -Azure AD is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services. +Microsoft Entra ID is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services. -Azure AD is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc. +Microsoft Entra ID is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc. > In Azure terminology, an application is also called a "Service Principal". -Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Azure AD whenever possible to take advantage of many benefits, including: +Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Microsoft Entra ID whenever possible to take advantage of many benefits, including: - [Managed Identities and Workload Identity](#managed-identities-and-workload-identity) - [Role-Based Access Control](#role-based-access-control) @@ -31,7 +31,7 @@ Some Azure components offer alternative authentication methods, such as systems ### Managed Identities and Workload Identity -With Managed Identities (MI), your application can authenticate with Azure AD and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level. +With Managed Identities (MI), your application can authenticate with Microsoft Entra ID and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level. Once using MI, your code doesn't have to deal with credentials, which: @@ -48,11 +48,11 @@ When using Azure Role-Based Access Control (RBAC) with supported services, permi ### Auditing -Using Azure AD provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests. +Using Microsoft Entra ID provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests. ### (Optional) Authentication using certificates -While Azure AD allows you to use MI, you still have the option to authenticate using certificates. +While Microsoft Entra ID allows you to use MI, you still have the option to authenticate using certificates. ## Support for other Azure environments @@ -66,7 +66,7 @@ By default, Dapr components are configured to interact with Azure resources in t ## Credentials metadata fields -To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component). +To authenticate with Microsoft Entra ID, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component). ### Metadata options @@ -82,7 +82,7 @@ Depending on how you've passed credentials to your Dapr services, you have multi | Field | Required | Details | Example | |---------------------|----------|--------------------------------------|----------------------------------------------| -| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | +| `azureTenantId` | Y | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | | `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | | `azureClientSecret` | Y | Client secret (application password) | `"Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"` | @@ -92,7 +92,7 @@ When running on Kubernetes, you can also use references to Kubernetes secrets fo | Field | Required | Details | Example | |--------|--------|--------|--------| -| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | +| `azureTenantId` | Y | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | | `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | | `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key (in PFX/PKCS#12 format) | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` | | `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX/PKCS#12 file containing the certificate and private key | `"/path/to/file.pem"` | @@ -127,7 +127,7 @@ Using this authentication method does not require setting any metadata option. ### Example usage in a Dapr component -In this example, you will set up an Azure Key Vault secret store component that uses Azure AD to authenticate. +In this example, you will set up an Azure Key Vault secret store component that uses Microsoft Entra ID to authenticate. {{< tabs "Self-Hosted" "Kubernetes">}} @@ -279,11 +279,11 @@ To use a **certificate**: ## Next steps -{{< button text="Generate a new Azure AD application and Service Principal >>" page="howto-aad.md" >}} +{{< button text="Generate a new Microsoft Entra ID application and Service Principal >>" page="howto-aad.md" >}} ## References -- [Azure AD app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential) +- [Microsoft Entra ID app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential) - [Azure Managed Service Identity (MSI) overview](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) - [Secrets building block]({{< ref secrets >}}) - [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}}) diff --git a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md index d1be027ca98..abb67782420 100644 --- a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md +++ b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md @@ -1,9 +1,9 @@ --- type: docs -title: "How to: Generate a new Azure AD application and Service Principal" -linkTitle: "How to: Generate Azure AD and Service Principal" +title: "How to: Generate a new Microsoft Entra ID application and Service Principal" +linkTitle: "How to: Generate Microsoft Entra ID and Service Principal" weight: 30000 -description: "Learn how to generate an Azure Active Directory and use it as a Service Principal" +description: "Learn how to generate an Microsoft Entra ID and use it as a Service Principal" --- ## Prerequisites @@ -23,9 +23,9 @@ az login az account set -s [your subscription id] ``` -### Create an Azure AD application +### Create an Microsoft Entra ID application -Create the Azure AD application with: +Create the Microsoft Entra ID application with: ```sh # Friendly name for the application / Service Principal @@ -107,7 +107,7 @@ When adding the returned values to your Dapr component's metadata: ### Create a Service Principal -Once you have created an Azure AD application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources. +Once you have created an Microsoft Entra ID application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources. To create the Service Principal, run the following command: @@ -124,7 +124,7 @@ Expected output: Service Principal ID: 1d0ccf05-5427-4b5e-8eb4-005ac5f9f163 ``` -The returned value above is the **Service Principal ID**, which is different from the Azure AD application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application +The returned value above is the **Service Principal ID**, which is different from the Microsoft Entra ID application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application You'll use the Service Principal ID to grant permissions to an application to access Azure resources. Meanwhile, **the client ID** is used by your application to authenticate. You'll use the client ID in Dapr manifests to configure authentication with Azure services. diff --git a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md index 5eb6a8f8683..28aa976dc6a 100644 --- a/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md +++ b/daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md @@ -10,7 +10,7 @@ description: "Learn how to use Managed Identities" Using Managed Identities (MI), authentication happens automatically by virtue of your application running on top of an Azure service that has an assigned identity. -For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Azure AD application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Azure AD, transparently and without you having to specify any credentials. +For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Microsoft Entra ID application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Microsoft Entra ID, transparently and without you having to specify any credentials. To get started with managed identities, you need to assign an identity to a new or existing Azure resource. The instructions depend on the service use. Check the following official documentation for the most appropriate instructions: diff --git a/daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers.md b/daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers.md index 952fdb9ed38..d39a45aeb16 100644 --- a/daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers.md +++ b/daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers.md @@ -45,7 +45,7 @@ dapr init #### Example: create a Java Dev Container for Dapr -This is an exmaple of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java). +This is an example of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java). Place this in a file called `.devcontainer/devcontainer.json` in your project: diff --git a/daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md b/daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md index 350ef0f4219..2d85efa1136 100644 --- a/daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md +++ b/daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md @@ -14,7 +14,7 @@ The Multi-App Run template file is a YAML file that you can use to run multiple - Use the multi-app template - View started applications - Stop the multi-app template -- Stucture the multi-app template file +- Structure the multi-app template file ## Use the multi-app template @@ -93,7 +93,7 @@ Stop the multi-app run template anytime with either of the following commands: ```cmd # the template file needs to be called `dapr.yaml` by default if a directory path is given -dapr stop -f +dapr stop -f ``` or: diff --git a/daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md b/daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md index 7da6714cea1..8959672d09a 100644 --- a/daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md +++ b/daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md @@ -23,7 +23,209 @@ This example uses the Dapr SDK, which leverages gRPC and is **strongly** recomme Currently, you can experience the cryptography API using the Go SDK. -{{< tabs "Go" >}} +{{< tabs "JavaScript" "Go" >}} + + +{{% codetab %}} + +> This quickstart includes a JavaScript application called `crypto-quickstart`. + +### Pre-requisites + +For this example, you will need: + +- [Dapr CLI and initialized environment](https://docs.dapr.io/getting-started). +- [Latest Node.js installed](https://nodejs.org/download/). + +- [Docker Desktop](https://www.docker.com/products/docker-desktop) + +- [OpenSSL](https://www.openssl.org/source/) available on your system + +### Step 1: Set up the environment + +Clone the [sample provided in the Quickstarts repo](https://github.com/dapr/quickstarts/tree/master/cryptography) + +```bash +git clone https://github.com/dapr/quickstarts.git +``` + +In the terminal, from the root directory, navigate to the cryptography sample. + +```bash +cd cryptography/javascript/sdk +``` + +Navigate into the folder with the source code: + +```bash +cd ./crypto-quickstart +``` + +Install the dependencies: + +```bash +npm install +``` + +### Step 2: Run the application with Dapr + +The application code defines two required keys: + +- Private RSA key +- A 256-bit symmetric (AES) key + +Generate two keys, an RSA key and and AES key using OpenSSL and write these to two files: + +```bash +mkdir -p keys +# Generate a private RSA key, 4096-bit keys +openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out keys/rsa-private-key.pem +# Generate a 256-bit key for AES +openssl rand -out keys/symmetric-key-256 32 +``` + +Run the Go service app with Dapr: + +```bash +dapr run --app-id crypto-quickstart --resources-path ../../../components/ -- npm start +``` + +**Expected output** + +``` +== APP == 2023-10-25T14:30:50.435Z INFO [GRPCClient, GRPCClient] Opening connection to 127.0.0.1:58173 +== APP == == Encrypting message using buffers +== APP == Encrypted the message, got 856 bytes +== APP == == Decrypting message using buffers +== APP == Decrypted the message, got 24 bytes +== APP == The secret is "passw0rd" +== APP == == Encrypting message using streams +== APP == Encrypting federico-di-dio-photography-Q4g0Q-eVVEg-unsplash.jpg to encrypted.out +== APP == Encrypted the message to encrypted.out +== APP == == Decrypting message using streams +== APP == Decrypting encrypted.out to decrypted.out.jpg +== APP == Decrypted the message to decrypted.out.jpg +``` + +### What happened? + +#### `local-storage.yaml` + +Earlier, you created a directory inside `crypto-quickstarts` called `keys`. In [the `local-storage` component YAML](https://github.com/dapr/quickstarts/tree/master/cryptography/components/local-storage.yaml), the `path` metadata maps to the newly created `keys` directory. + +```yml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: localstorage +spec: + type: crypto.dapr.localstorage + version: v1 + metadata: + - name: path + # Path is relative to the folder where the example is located + value: ./keys +``` + +#### `index.mjs` + +[The application file](https://github.com/dapr/quickstarts/blob/master/cryptography/javascript/sdk/crypto-quickstart/index.mjs) encrypts and decrypts messages and files using the RSA and AES keys that you generated. The application creates a new Dapr SDK client: + +```javascript +async function start() { + const client = new DaprClient({ + daprHost, + daprPort, + communicationProtocol: CommunicationProtocolEnum.GRPC, + }); + + // Encrypt and decrypt a message from a buffer + await encryptDecryptBuffer(client); + + // Encrypt and decrypt a message using streams + await encryptDecryptStream(client); +} +``` + +##### Encrypting and decrypting a string using the RSA key + +Once the client is created, the application encrypts a message: + +```javascript +async function encryptDecryptBuffer(client) { + // Message to encrypt + const plaintext = `The secret is "passw0rd"` + + // First, encrypt the message + console.log("== Encrypting message using buffers"); + + const encrypted = await client.crypto.encrypt(plaintext, { + componentName: "localstorage", + keyName: "rsa-private-key.pem", + keyWrapAlgorithm: "RSA", + }); + + console.log("Encrypted the message, got", encrypted.length, "bytes"); +``` + +The application then decrypts the message: + +```javascript + // Decrypt the message + console.log("== Decrypting message using buffers"); + const decrypted = await client.crypto.decrypt(encrypted, { + componentName: "localstorage", + }); + + console.log("Decrypted the message, got", decrypted.length, "bytes"); + console.log(decrypted.toString("utf8")); + + // ... +} +``` + +##### Encrypt and decrpyt a large file using the AES key + +Next, the application encrypts a large image file: + +```javascript +async function encryptDecryptStream(client) { + // First, encrypt the message + console.log("== Encrypting message using streams"); + console.log("Encrypting", testFileName, "to encrypted.out"); + + await pipeline( + createReadStream(testFileName), + await client.crypto.encrypt({ + componentName: "localstorage", + keyName: "symmetric-key-256", + keyWrapAlgorithm: "A256KW", + }), + createWriteStream("encrypted.out"), + ); + + console.log("Encrypted the message to encrypted.out"); +``` + +The application then decrypts the large image file: + +```javascript + // Decrypt the message + console.log("== Decrypting message using streams"); + console.log("Decrypting encrypted.out to decrypted.out.jpg"); + await pipeline( + createReadStream("encrypted.out"), + await client.crypto.decrypt({ + componentName: "localstorage", + }), + createWriteStream("decrypted.out.jpg"), + ); + + console.log("Decrypted the message to decrypted.out.jpg"); +} +``` + +{{% /codetab %}} {{% codetab %}} diff --git a/daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md b/daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md index 61306891165..06f6402cf2d 100644 --- a/daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md +++ b/daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md @@ -986,7 +986,7 @@ Verify you have the following files included in the service directory: Run the `order-processor` subscriber service alongside a Dapr sidecar. ```bash -dapr run --app-port 5001 --app-id order-processing --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- npm run start +dapr run --app-port 5002 --app-id order-processing --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- npm run start ``` In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar. @@ -1140,7 +1140,7 @@ dotnet build Run the `order-processor` subscriber service alongside a Dapr sidecar. ```bash -dapr run --app-id order-processor --resources-path ../../../components --app-port 7005 -- dotnet run +dapr run --app-id order-processor --resources-path ../../../components --app-port 7006 -- dotnet run ``` In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar. @@ -1457,7 +1457,7 @@ go build . Run the `order-processor` subscriber service alongside a Dapr sidecar. ```bash -dapr run --app-port 6002 --app-id order-processor-sdk --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- go run . +dapr run --app-port 6005 --app-id order-processor-sdk --app-protocol http --dapr-http-port 3501 --resources-path ../../../components -- go run . ``` In the `order-processor` subscriber, we're subscribing to the Redis instance called `orderpubsub` [(as defined in the `pubsub.yaml` component)]({{< ref "#pubsubyaml-component-file" >}}) and topic `orders`. This enables your app code to talk to the Redis component instance through the Dapr sidecar. diff --git a/daprdocs/content/en/getting-started/tutorials/get-started-component.md b/daprdocs/content/en/getting-started/tutorials/get-started-component.md index 9f460ed0e7d..7c829e5d779 100644 --- a/daprdocs/content/en/getting-started/tutorials/get-started-component.md +++ b/daprdocs/content/en/getting-started/tutorials/get-started-component.md @@ -64,6 +64,12 @@ In the above file definition: Launch a Dapr sidecar that will listen on port 3500 for a blank application named `myapp`: + +PowerShell environment: +```bash +dapr run --app-id myapp --dapr-http-port 3500 --resources-path ../ +``` +non-PowerShell environment: ```bash dapr run --app-id myapp --dapr-http-port 3500 --resources-path . ``` diff --git a/daprdocs/content/en/operations/components/pluggable-components-registration.md b/daprdocs/content/en/operations/components/pluggable-components-registration.md index dda3e302005..10f6a057715 100644 --- a/daprdocs/content/en/operations/components/pluggable-components-registration.md +++ b/daprdocs/content/en/operations/components/pluggable-components-registration.md @@ -25,7 +25,7 @@ While Dapr's built-in components come [included with the runtime](https://github 1. Pluggable components need to be started and ready to take requests _before_ Dapr itself is started. 2. The [Unix Domain Socket][uds] file used for the pluggable component communication need to be made accessible to both Dapr and pluggable component. -In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernets Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core). +In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernetes Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core). This also changes the approach to share [Unix Domain Socket][uds] files between Dapr and pluggable components. diff --git a/daprdocs/content/en/operations/configuration/control-concurrency.md b/daprdocs/content/en/operations/configuration/control-concurrency.md index 7633820d6c9..85b240c19b5 100644 --- a/daprdocs/content/en/operations/configuration/control-concurrency.md +++ b/daprdocs/content/en/operations/configuration/control-concurrency.md @@ -11,7 +11,7 @@ Using Dapr, you can control how many requests and events will invoke your applic *Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* -*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). * +*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an important difference between the two approaches. The rate limit middleware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). * Watch this [video](https://youtu.be/yRI5g6o_jp8?t=1710) on how to control concurrency and rate limiting ". diff --git a/daprdocs/content/en/operations/configuration/secret-scope.md b/daprdocs/content/en/operations/configuration/secret-scope.md index 37ba0ff1873..39796447268 100644 --- a/daprdocs/content/en/operations/configuration/secret-scope.md +++ b/daprdocs/content/en/operations/configuration/secret-scope.md @@ -44,7 +44,7 @@ The `allowedSecrets` and `deniedSecrets` list values take priorty over the `defa |----- | ------- | -----------| ----------| ------------ | 1 - Only default access | deny/allow | empty | empty | deny/allow | 2 - Default deny with allowed list | deny | ["s1"] | empty | only "s1" can be accessed -| 3 - Default allow with deneied list | allow | empty | ["s1"] | only "s1" cannot be accessed +| 3 - Default allow with denied list | allow | empty | ["s1"] | only "s1" cannot be accessed | 4 - Default allow with allowed list | allow | ["s1"] | empty | only "s1" can be accessed | 5 - Default deny with denied list | deny | empty | ["s1"] | deny | 6 - Default deny/allow with both lists | deny/allow | ["s1"] | ["s2"] | only "s1" can be accessed @@ -69,7 +69,7 @@ spec: defaultAccess: deny ``` -For applications that need to be deined access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod. +For applications that need to be denied access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod. ```yaml dapr.io/config: appconfig diff --git a/daprdocs/content/en/operations/observability/tracing/jaeger.md b/daprdocs/content/en/operations/observability/tracing/jaeger.md deleted file mode 100644 index 7ef470a37fe..00000000000 --- a/daprdocs/content/en/operations/observability/tracing/jaeger.md +++ /dev/null @@ -1,187 +0,0 @@ ---- -type: docs -title: "How-To: Set up Jaeger for distributed tracing" -linkTitle: "Jaeger" -weight: 3000 -description: "Set up Jaeger for distributed tracing" -type: docs ---- - -Dapr supports the Zipkin protocol. Since Jaeger is compatible with Zipkin, the Zipkin protocol can be used to communication with Jaeger. - -## Configure self hosted mode - -### Setup - -The simplest way to start Jaeger is to use the pre-built all-in-one Jaeger image published to DockerHub: - -```bash -docker run -d --name jaeger \ - -e COLLECTOR_ZIPKIN_HOST_PORT=:9412 \ - -p 16686:16686 \ - -p 9412:9412 \ - jaegertracing/all-in-one:1.22 -``` - - -Next, create the following YAML files locally: - -* **config.yaml**: Note that because we are using the Zipkin protocol -to talk to Jaeger, we specify the `zipkin` section of tracing -configuration set the `endpointAddress` to address of the Jaeger -instance. - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: tracing - namespace: default -spec: - tracing: - samplingRate: "1" - zipkin: - endpointAddress: "http://localhost:9412/api/v2/spans" -``` - -To launch the application referring to the new YAML file, you can use -`--config` option: - -```bash -dapr run --app-id mynode --app-port 3000 node app.js --config config.yaml -``` - -### Viewing Traces -To view traces, in your browser go to http://localhost:16686 to see the Jaeger UI. - -## Configure Kubernetes -The following steps shows you how to configure Dapr to send distributed tracing data to Jaeger running as a container in your Kubernetes cluster, how to view them. - -### Setup - -First create the following YAML file to install Jaeger, file name is `jaeger-operator.yaml` - -#### Development and test - -By default, the allInOne Jaeger image uses memory as the backend storage and it is not recommended to use this in a production environment. - -```yaml -apiVersion: jaegertracing.io/v1 -kind: "Jaeger" -metadata: - name: jaeger -spec: - strategy: allInOne - ingress: - enabled: false - allInOne: - image: jaegertracing/all-in-one:1.22 - options: - query: - base-path: /jaeger -``` - -#### Production -Jaeger uses Elasticsearch as the backend storage, and you can create a secret in k8s cluster to access Elasticsearch server with access control. - - -```shell -kubectl create secret generic jaeger-secret --from-literal=ES_PASSWORD='xxx' --from-literal=ES_USERNAME='xxx' -n ${NAMESPACE} -``` - -```yaml -apiVersion: jaegertracing.io/v1 -kind: "Jaeger" -metadata: - name: jaeger -spec: - strategy: production - query: - options: - log-level: info - query: - base-path: /jaeger - collector: - maxReplicas: 5 - resources: - limits: - cpu: 500m - memory: 516Mi - storage: - type: elasticsearch - esIndexCleaner: - enabled: false ## turn the job deployment on and off - numberOfDays: 7 ## number of days to wait before deleting a record - schedule: "55 23 * * *" ## cron expression for it to run - image: jaegertracing/jaeger-es-index-cleaner ## image of the job - secretName: jaeger-secret - options: - es: - server-urls: http://elasticsearch:9200 -``` - -The pictures are as follows, include Elasticsearch and Grafana tracing data: - -![jaeger-storage-es](/images/jaeger_storage_elasticsearch.png) - -![grafana](/images/jaeger_grafana.png) - - -Now, use the above YAML file to install Jaeger - -```bash -# Install Jaeger -helm repo add jaegertracing https://jaegertracing.github.io/helm-charts -helm install jaeger-operator jaegertracing/jaeger-operator -kubectl apply -f jaeger-operator.yaml - -# Wait for Jaeger to be up and running -kubectl wait deploy --selector app.kubernetes.io/name=jaeger --for=condition=available -``` - -Next, create the following YAML file locally: - -* **tracing.yaml** - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: tracing - namespace: default -spec: - tracing: - samplingRate: "1" - zipkin: - endpointAddress: "http://jaeger-collector.default.svc.cluster.local:9411/api/v2/spans" -``` - -Finally, deploy the the Dapr component and configuration files: - -```bash -kubectl apply -f tracing.yaml -``` - -In order to enable this configuration for your Dapr sidecar, add the following annotation to your pod spec template: - -```yml -annotations: - dapr.io/config: "tracing" -``` - -That's it! Your Dapr sidecar is now configured for use with Jaeger. - -### Viewing Tracing Data - -To view traces, connect to the Jaeger Service and open the UI: - -```bash -kubectl port-forward svc/jaeger-query 16686 -``` - -In your browser, go to `http://localhost:16686` and you will see the Jaeger UI. - -![jaeger](/images/jaeger_ui.png) - -## References -- [Jaeger Getting Started](https://www.jaegertracing.io/docs/1.21/getting-started/#all-in-one) diff --git a/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector-jaeger.md b/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector-jaeger.md new file mode 100644 index 00000000000..6ee6727beb5 --- /dev/null +++ b/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector-jaeger.md @@ -0,0 +1,142 @@ +--- +type: docs +title: "Using OpenTelemetry Collector to collect traces to send to Jaeger" +linkTitle: "Using the OpenTelemetry for Jaeger" +weight: 1200 +description: "How to push trace events to Jaeger distributed tracing platform, using the OpenTelemetry Collector." +type: docs +--- + +While Dapr supports writing traces using OpenTelemetry (OTLP) and Zipkin protocols, Zipkin support for Jaeger has been deprecated in favor of OTLP. Although Jaeger supports OTLP directly, the recommended approach for production is to use the OpenTelemetry Collector to collect traces from Dapr and send them to Jaeger, allowing your application to quickly offload data and take advantage of features like retries, batching, and encryption. For more information, read the Open Telemetry Collector [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector). +{{< tabs Self-hosted Kubernetes >}} + +{{% codetab %}} + +## Configure Jaeger in self-hosted mode + +### Local setup + +The simplest way to start Jaeger is to run the pre-built, all-in-one Jaeger image published to DockerHub and expose the OTLP port: + +```bash +docker run -d --name jaeger \ + -p 4317:4317 \ + -p 16686:16686 \ + jaegertracing/all-in-one:1.49 +``` + +Next, create the following `config.yaml` file locally: + +> **Note:** Because you are using the Open Telemetry protocol to talk to Jaeger, you need to fill out the `otel` section of the tracing configuration and set the `endpointAddress` to the address of the Jaeger container. + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing + namespace: default +spec: + tracing: + samplingRate: "1" + stdout: true + otel: + endpointAddress: "localhost:4317" + isSecure: false + protocol: grpc +``` + +To launch the application referring to the new YAML configuration file, use +the `--config` option. For example: + +```bash +dapr run --app-id myapp --app-port 3000 node app.js --config config.yaml +``` + +### View traces + +To view traces in your browser, go to `http://localhost:16686` to see the Jaeger UI. +{{% /codetab %}} + +{{% codetab %}} + +## Configure Jaeger on Kubernetes with the OpenTelemetry Collector + +The following steps show you how to configure Dapr to send distributed tracing data to the OpenTelemetry Collector which, in turn, sends the traces to Jaeger. + +### Prerequisites + +- [Install Dapr on Kubernetes]({{< ref kubernetes >}}) +- [Set up Jaeger](https://www.jaegertracing.io/docs/1.49/operator/) using the Jaeger Kubernetes Operator + +### Set up OpenTelemetry Collector to push to Jaeger + +To push traces to your Jaeger instance, install the OpenTelemetry Collector on your Kubernetes cluster. + +1. Download and inspect the [`open-telemetry-collector-jaeger.yaml`](/docs/open-telemetry-collector/open-telemetry-collector-jaeger.yaml) file. + +1. In the data section of the `otel-collector-conf` ConfigMap, update the `otlp/jaeger.endpoint` value to reflect the endpoint of your Jaeger collector Kubernetes service object. + +1. Deploy the OpenTelemetry Collector into the same namespace where your Dapr-enabled applications are running: + + ```sh + kubectl apply -f open-telemetry-collector-jaeger.yaml + ``` + +### Set up Dapr to send traces to OpenTelemetryCollector + +Create a Dapr configuration file to enable tracing and export the sidecar traces to the OpenTelemetry Collector. + +1. Use the [`collector-config-otel.yaml`](/docs/open-telemetry-collector/collector-config-otel.yaml) file to create your own Dapr configuration. + +1. Update the `namespace` and `otel.endpointAddress` values to align with the namespace where your Dapr-enabled applications and OpenTelemetry Collector are deployed. + +1. Apply the configuration with: + + ```sh + kubectl apply -f collector-config.yaml + ``` + +### Deploy your app with tracing enabled + +Apply the `tracing` Dapr configuration by adding a `dapr.io/config` annotation to the application deployment that you want to enable distributed tracing for, as shown in the following example: + + ```yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + ... + spec: + ... + template: + metadata: + ... + annotations: + dapr.io/enabled: "true" + dapr.io/app-id: "MyApp" + dapr.io/app-port: "8080" + dapr.io/config: "tracing" + ``` + +You can register multiple tracing exporters at the same time, and the tracing logs are forwarded to all registered exporters. + +That’s it! There’s no need to include the OpenTelemetry SDK or instrument your application code. Dapr automatically handles the distributed tracing for you. + +### View traces + +To view Dapr sidecar traces, port-forward the Jaeger Service and open the UI: + +```bash +kubectl port-forward svc/jaeger-query 16686 -n observability +``` + +In your browser, go to `http://localhost:16686` and you will see the Jaeger UI. + +![jaeger](/images/jaeger_ui.png) +{{% /codetab %}} + +{{< /tabs >}} +## References + +- [Jaeger Getting Started](https://www.jaegertracing.io/docs/1.49/getting-started/) +- [Jaeger Kubernetes Operator](https://www.jaegertracing.io/docs/1.49/operator/) +- [OpenTelemetry Collector Exporters](https://opentelemetry.io/docs/collector/configuration/#exporters) diff --git a/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector.md b/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector.md index aeff1a2c966..51c75123c01 100644 --- a/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector.md +++ b/daprdocs/content/en/operations/observability/tracing/otel-collector/open-telemetry-collector.md @@ -6,9 +6,9 @@ weight: 900 description: "How to use Dapr to push trace events through the OpenTelemetry Collector." --- -Dapr directly writes traces using the OpenTelemetry (OTEL) protocol as the **recommended** method. For observability tools that support OTEL protocol, it is recommended to use the OpenTelemetry Collector, as it allows your application to quickly offload data and includes features, such as retries, batching, and encryption. For more information, read the Open Telemetry [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector). +Dapr directly writes traces using the OpenTelemetry (OTLP) protocol as the **recommended** method. For observability tools that support the OTLP directly, it is recommended to use the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector), as it allows your application to quickly offload data and includes features, such as retries, batching, and encryption. For more information, read the Open Telemetry Collector [documentation](https://opentelemetry.io/docs/collector/#when-to-use-a-collector). -Dapr can also write traces using the Zipkin protocol. Previous to supporting the OTEL protocol, you use the Zipkin protocol with the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector) to send traces to observability tools such as AWS X-Ray, Google Cloud Operations Suite, and Azure Monitor. Both protocol approaches are valid, however OTEL is the recommended choice. +Dapr can also write traces using the Zipkin protocol. Prior to supporting the OTLP protocol, the Zipkin protocol was used with the OpenTelemetry Collector to send traces to observability tools such as AWS X-Ray, Google Cloud Operations Suite, and Azure Monitor. Both protocol approaches are valid, however the OpenTelemetry protocol is the recommended choice. ![Using OpenTelemetry Collect to integrate with many backend](/images/open-telemetry-collector.png) diff --git a/daprdocs/content/en/operations/observability/tracing/setup-tracing.md b/daprdocs/content/en/operations/observability/tracing/setup-tracing.md index 3ae01b27603..4fd3f40bca6 100644 --- a/daprdocs/content/en/operations/observability/tracing/setup-tracing.md +++ b/daprdocs/content/en/operations/observability/tracing/setup-tracing.md @@ -75,6 +75,6 @@ turns on tracing for the sidecar. Learn how to set up tracing with one of the following tools: - [OTEL Collector]({{< ref otel-collector >}}) - [New Relic]({{< ref newrelic.md >}}) -- [Jaeger]({{< ref jaeger.md >}}) +- [Jaeger]({{< ref open-telemetry-collector-jaeger.md >}}) - [Zipkin]({{< ref zipkin.md >}}) - [Datadog]({{< ref datadog.md >}}) \ No newline at end of file diff --git a/daprdocs/content/en/operations/performance-and-scalability/perf-service-invocation.md b/daprdocs/content/en/operations/performance-and-scalability/perf-service-invocation.md index 6246f346037..3b201e56ecd 100644 --- a/daprdocs/content/en/operations/performance-and-scalability/perf-service-invocation.md +++ b/daprdocs/content/en/operations/performance-and-scalability/perf-service-invocation.md @@ -54,7 +54,7 @@ The baseline test included direct, non-encrypted traffic, without telemetry, dir ### Control plane performance -The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system compoment. +The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system component. When running in a highly available production setup, the Dapr control plane consumes ~0.02 vCPU and 185 Mb. | Component | vCPU | Memory diff --git a/daprdocs/content/en/operations/security/api-token.md b/daprdocs/content/en/operations/security/api-token.md index 4435dcff463..aa30b39750e 100644 --- a/daprdocs/content/en/operations/security/api-token.md +++ b/daprdocs/content/en/operations/security/api-token.md @@ -60,7 +60,7 @@ To rotate the configured token in self-hosted, update the `DAPR_API_TOKEN` envir ### Kubernetes -To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest: +To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest: ```yaml apiVersion: v1 diff --git a/daprdocs/content/en/operations/security/app-api-token.md b/daprdocs/content/en/operations/security/app-api-token.md index 3ab926a96af..d94e325139f 100644 --- a/daprdocs/content/en/operations/security/app-api-token.md +++ b/daprdocs/content/en/operations/security/app-api-token.md @@ -61,7 +61,7 @@ To rotate the configured token in self-hosted, update the `APP_API_TOKEN` enviro ### Kubernetes -To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest: +To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest: ```yaml apiVersion: v1 diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index f0c3e1a6613..6868b622285 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -486,7 +486,7 @@ By default, system services will look for the credentials in `/var/run/dapr/cred *Note: If you signed the cert root with a different private key, restart the Dapr instances.* ## Community call video on certificate rotation -Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certicates are expiring. +Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certificates are expiring.
diff --git a/daprdocs/content/en/operations/security/oauth.md b/daprdocs/content/en/operations/security/oauth.md index 0e1213dbfcd..ab29634ceaf 100644 --- a/daprdocs/content/en/operations/security/oauth.md +++ b/daprdocs/content/en/operations/security/oauth.md @@ -16,7 +16,7 @@ The main difference between the two flows is that the `Authorization Code Grant Different authorization servers provide different application registration experiences. Here are some samples: -* [Azure AAD](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code) +* [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code) * [Facebook](https://developers.facebook.com/apps) * [Fitbit](https://dev.fitbit.com/build/reference/web-api/oauth2/) * [GitHub](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/) @@ -37,7 +37,7 @@ Authorization/Token URLs of some of the popular authorization servers: | Server | Authorization URL | Token URL | |---------|-------------------|-----------| -|Azure AAD||| +|Microsoft Entra ID||| |GitHub||| |Google|| | |Twitter||| diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index 8dd71a45723..b44ba75dc91 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -45,11 +45,17 @@ The table below shows the versions of Dapr releases that have been tested togeth | Release date | Runtime | CLI | SDKs | Dashboard | Status | Release notes | |--------------------|:--------:|:--------|---------|---------|---------|------------| -| October 11th 2023 | 1.12.0
| 1.12.0 | Java 1.10.0
Go 1.9.0
PHP 1.1.0
Python 1.11.0
.NET 1.12.0
JS 3.1.2 | 0.13.0 | Supported (current) | [v1.12.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.0) | +| November 18th 2023 | 1.12.2
| 1.12.0 | Java 1.10.0
Go 1.9.1
PHP 1.2.0
Python 1.12.0
.NET 1.12.0
JS 3.2.0 | 0.14.0 | Supported (current) | [v1.12.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.2) | +| November 16th 2023 | 1.12.1
| 1.12.0 | Java 1.10.0
Go 1.9.1
PHP 1.2.0
Python 1.12.0
.NET 1.12.0
JS 3.2.0 | 0.14.0 | Supported | [v1.12.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.1) | +| October 11th 2023 | 1.12.0
| 1.12.0 | Java 1.10.0
Go 1.9.0
PHP 1.1.0
Python 1.11.0
.NET 1.12.0
JS 3.1.2 | 0.14.0 | Supported | [v1.12.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.0) | +| November 18th 2023 | 1.11.6
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.6 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.6) | +| November 3rd 2023 | 1.11.5
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.5 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.5) | +| October 5th 2023 | 1.11.4
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.4 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.4) | | August 31st 2023 | 1.11.3
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.3 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.3) | | July 20th 2023 | 1.11.2
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.2) | | June 22nd 2023 | 1.11.1
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.1) | | June 12th 2023 | 1.11.0
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported | [v1.11.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.0) | +| November 18th 2023 | 1.10.10
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | [v1.10.10 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.10) | | July 20th 2023 | 1.10.9
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | [v1.10.9 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.9) | | June 22nd 2023 | 1.10.8
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | [v1.10.8 release notes](https://github.com/dapr/dapr/releases/tag/v1.10.8) | | May 15th 2023 | 1.10.7
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | | @@ -60,12 +66,12 @@ The table below shows the versions of Dapr releases that have been tested togeth | February 24 2023 | 1.10.2
| 1.10.0 | Java 1.8.0
Go 1.6.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 2.5.0 | 0.11.0 | Supported | | | February 20 2023 | 1.10.1
| 1.10.0 | Java 1.8.0
Go 1.6.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 2.5.0 | 0.11.0 | Supported | | | February 14 2023 | 1.10.0
| 1.10.0 | Java 1.8.0
Go 1.6.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 2.5.0 | 0.11.0 | Supported| | -| December 2nd 2022 | 1.9.5
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | -| November 17th 2022 | 1.9.4
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | -| November 4th 2022 | 1.9.3
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | -| November 1st 2022 | 1.9.2
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.1
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | -| October 26th 2022 | 1.9.1
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.1
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | -| October 13th 2022 | 1.9.0
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Supported | | +| December 2nd 2022 | 1.9.5
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | +| November 17th 2022 | 1.9.4
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | +| November 4th 2022 | 1.9.3
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | +| November 1st 2022 | 1.9.2
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.1
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | +| October 26th 2022 | 1.9.1
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.1
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | +| October 13th 2022 | 1.9.0
| 1.9.1 | Java 1.7.0
Go 1.6.0
PHP 1.1.0
Python 1.8.3
.NET 1.9.0
JS 2.4.2 | 0.11.0 | Unsupported | | | October 26th 2022 | 1.8.6
| 1.8.1 | Java 1.6.0
Go 1.5.0
PHP 1.1.0
Python 1.7.0
.NET 1.8.0
JS 2.3.0 | 0.11.0 | Unsupported | | | October 13th 2022 | 1.8.5
| 1.8.1 | Java 1.6.0
Go 1.5.0
PHP 1.1.0
Python 1.7.0
.NET 1.8.0
JS 2.3.0 | 0.11.0 | Unsupported | | | August 10th 2022 | 1.8.4
| 1.8.1 | Java 1.6.0
Go 1.5.0
PHP 1.1.0
Python 1.7.0
.NET 1.8.0
JS 2.3.0 | 0.11.0 | Unsupported | | @@ -121,9 +127,9 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h Dapr can support multiple hosting platforms for production. With the 1.0 release the two supported platforms are Kubernetes and physical machines. For Kubernetes upgrades see [Production guidelines on Kubernetes]({{< ref kubernetes-production.md >}}) -### Supported versions of dependencies +### Supported versions of dependencies -Below is a list of software that the latest version of Dapr (v{{% dapr-latest-version long="true" %}}) has been tested against. +Below is a list of software that the latest version of Dapr (v{{% dapr-latest-version long="true" %}}) has been tested against. | Dependency | Supported Version | |-----------------------|----------------------------------------------------------------------------------------------------------------------------------| diff --git a/daprdocs/content/en/operations/support/support-security-issues.md b/daprdocs/content/en/operations/support/support-security-issues.md index f11b1e75679..c33ce0b167c 100644 --- a/daprdocs/content/en/operations/support/support-security-issues.md +++ b/daprdocs/content/en/operations/support/support-security-issues.md @@ -12,4 +12,4 @@ The Dapr organization and team makes security a central focus of how we operate To report a security issue, please privately email the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE) -The Dapr maintainers will triage and respond ASAP and then patch and send an annoucement within 30 days. +The Dapr maintainers will triage and respond ASAP and then patch and send an announcement within 30 days. diff --git a/daprdocs/content/en/reference/api/configuration_api.md b/daprdocs/content/en/reference/api/configuration_api.md index 3fe4ed283ea..1d0233af57f 100644 --- a/daprdocs/content/en/reference/api/configuration_api.md +++ b/daprdocs/content/en/reference/api/configuration_api.md @@ -65,7 +65,11 @@ curl -X GET 'http://localhost:3500/v1.0/configuration/mystore?key=myConfigKey' > The above command returns the following JSON: ```json -[{"key":"myConfigKey","value":"myConfigValue"}] +{ + "myConfigKey": { + "value":"myConfigValue" + } +} ``` ## Subscribe Configuration diff --git a/daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md b/daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md index 71b154f7b45..8941c3ea3a7 100644 --- a/daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md +++ b/daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md @@ -24,7 +24,7 @@ dapr mtls renew-certificate [flags] | Name | Environment Variable | Default | Description | | -------------- | -------------------- | ----------------- | ------------------------------------------- | | `--help`, `-h` | | | help for renew-certificate -| `--kubernetes`, `-k` | | `false` | supprted platform| | +| `--kubernetes`, `-k` | | `false` | supported platform| | | `--valid-until` | | 365 days | Validity for newly created certificates | | `--restart` | | false | Restarts Dapr control plane services (Sentry service, Operator service and Placement server) | | `--timeout` | | 300 sec | The timeout for the certificate renewal process | diff --git a/daprdocs/content/en/reference/cli/dapr-stop.md b/daprdocs/content/en/reference/cli/dapr-stop.md index 0bb20213fa6..ef7acd50fb2 100644 --- a/daprdocs/content/en/reference/cli/dapr-stop.md +++ b/daprdocs/content/en/reference/cli/dapr-stop.md @@ -25,7 +25,7 @@ dapr stop [flags] | -------------------- | -------------------- | ------- | -------------------------------- | | `--app-id`, `-a` | `APP_ID` | | The application id to be stopped | | `--help`, `-h` | | | Print this help message | -| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only availale in Linux/MacOS | +| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only available in Linux/MacOS | ### Examples diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudoss.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudoss.md index 4036bb03741..0857b6dcbd9 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudoss.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudoss.md @@ -28,8 +28,6 @@ spec: value: "[access-key]" - name: bucket value: "[bucket]" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -44,13 +42,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `accessKeyID` | Y | Output | Access key ID credential. | | `accessKey` | Y | Output | Access key credential. | | `bucket` | Y | Output | Name of the storage bucket. | -| `direction` | N | Output | Direction of the binding. | `"output"` ## Binding support This component supports **output binding** with the following operations: -- `create`: [Create object](#create-object) +- `create`: [Create object](#create-object) ### Create object diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudsls.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudsls.md index b81db6d3cce..df500758ec2 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudsls.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudsls.md @@ -26,8 +26,6 @@ spec: value: "[accessKey-secret]" - name: Endpoint value: "[endpoint]" - - name: direction - value: "output" ``` ## Spec metadata fields @@ -37,13 +35,12 @@ spec: | `AccessKeyID` | Y | Output | Access key ID credential. | | `AccessKeySecret` | Y | Output | Access key credential secret | | `Endpoint` | Y | Output | Alicloud SLS endpoint. | -| `direction` | N | Output | Direction of the binding. | `"output"` ## Binding support This component supports **output binding** with the following operations: -- `create`: [Create object](#create-object) +- `create`: [Create object](#create-object) ### Request format diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md index 61daf950eb6..67aa3fc16d1 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/alicloudtablestore.md @@ -32,8 +32,6 @@ spec: value: "[table]" - name: endpoint value: "[endpoint]" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -49,13 +47,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `accessKey` | Y | Output | Access key credential. | | `instanceName` | Y | Output | Name of the instance. | | `tableName` | Y | Output | Name of the table. | -| `direction` | N | Output | Direction of the binding. | `"output"` ## Binding support This component supports **output binding** with the following operations: -- `create`: [Create object](#create-object) +- `create`: [Create object](#create-object) ### Create object diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/apns.md b/daprdocs/content/en/reference/components-reference/supported-bindings/apns.md index 3b534cc55ea..a50100d8210 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/apns.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/apns.md @@ -30,8 +30,6 @@ spec: secretKeyRef: name: key: "" - - name: direction - value: "output" ``` ## Spec metadata fields @@ -41,14 +39,15 @@ spec: | `key-id` | Y | Output | The identifier for the private key from the Apple Developer Portal | `"private-key-id`" | | `team-id` | Y | Output | The identifier for the organization or author from the Apple Developer Portal | `"team-id"` | | `private-key` | Y | Output| Is a PKCS #8-formatted private key. It is intended that the private key is stored in the secret store and not exposed directly in the configuration. See [here](#private-key) for more details | `"pem file"` | -| `direction` | N | Output| The direction of the binding. | `"output"` | ### Private key + The APNS binding needs a cryptographic private key in order to generate authentication tokens for the APNS service. The private key can be generated from the Apple Developer Portal and is provided as a PKCS #8 file with the private key stored in PEM format. The private key should be stored in the Dapr secret store and not stored directly in the binding's configuration file. A sample configuration file for the APNS binding is shown below: + ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -68,7 +67,9 @@ spec: name: apns-secrets key: private-key ``` + If using Kubernetes, a sample secret configuration may look like this: + ```yaml apiVersion: v1 kind: Secret diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/blobstorage.md b/daprdocs/content/en/reference/components-reference/supported-bindings/blobstorage.md index b5ed204388e..4baea225cf1 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/blobstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/blobstorage.md @@ -33,8 +33,6 @@ spec: # value: # - name: publicAccessLevel # value: -# - name: direction -# value: "output" ``` {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). @@ -45,17 +43,16 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Binding support | Details | Example | |--------------------|:--------:|--------|---------|---------| | `accountName` | Y | Input/Output | The name of the Azure Storage account | `"myexmapleaccount"` | -| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Azure AD authentication. | `"access-key"` | +| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Microsoft Entra ID authentication. | `"access-key"` | | `containerName` | Y | Output | The name of the Blob Storage container to write to | `myexamplecontainer` | | `endpoint` | N | Input/Output | Optional custom endpoint URL. This is useful when using the [Azurite emulator](https://github.com/Azure/azurite) or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (`http://` or `https://`), the IP or FQDN, and optional port. | `"http://127.0.0.1:10000"` | `decodeBase64` | N | Output | Configuration to decode base64 file content before saving to Blob Storage. (In case of saving a file with binary content). Defaults to `false` | `true`, `false` | | `getBlobRetryCount` | N | Output | Specifies the maximum number of HTTP GET requests that will be made while reading from a RetryReader Defaults to `10` | `1`, `2` | `publicAccessLevel` | N | Output | Specifies whether data in the container may be accessed publicly and the level of access (only used if the container is created by Dapr). Defaults to `none` | `blob`, `container`, `none` -| `direction` | N | Output | The direction of the binding. | `"output"` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Blob Storage binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Blob Storage binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/cloudflare-queues.md b/daprdocs/content/en/reference/components-reference/supported-bindings/cloudflare-queues.md index b1196b54feb..2a1420b6df6 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/cloudflare-queues.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/cloudflare-queues.md @@ -46,9 +46,6 @@ spec: # URL of the Worker (required if the Worker has been pre-created outside of Dapr) - name: workerUrl value: "" - # Direction of the binding - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -64,7 +61,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `cfAccountID` | Y/N | Output | Cloudflare account ID. Required to have Dapr manage the worker. | `"456789abcdef8b5588f3d134f74ac"def` | `cfAPIToken` | Y/N | Output | API token for Cloudflare. Required to have Dapr manage the Worker. | `"secret-key"` | `workerUrl` | Y/N | Output | URL of the Worker. Required if the Worker has been pre-provisioned outside of Dapr. | `"https://mydaprqueue.mydomain.workers.dev"` -| `direction` | N | Output | Direction of the binding. | `"output"` > When you configure Dapr to create your Worker for you, you may need to set a longer value for the `initTimeout` property of the component, to allow enough time for the Worker script to be deployed. For example: `initTimeout: "120s"` diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/commercetools.md b/daprdocs/content/en/reference/components-reference/supported-bindings/commercetools.md index 94fd95d1484..90ea8edfbbc 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/commercetools.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/commercetools.md @@ -11,8 +11,6 @@ aliases: To setup commercetools GraphQL binding create a component of type `bindings.commercetools`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. - - ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -34,9 +32,8 @@ spec: value: "*****************" - name: scopes # required. value: "" - - name: direction - value: "output" ``` + {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} @@ -51,7 +48,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `clientID` | Y | Output | The commercetools client ID for the project | | | `clientSecret` | Y | Output | The commercetools client secret for the project | | | `scopes` | Y | Output | The commercetools scopes for the project | `"manage_project:project-key"` | -| `direction` | N | Output | The direction of the binding | `"output"` | For more information see [commercetools - Creating an API Client](https://docs.commercetools.com/getting-started/create-api-client#create-an-api-client) and [commercetools - Regions](https://docs.commercetools.com/api/general-concepts#regions). @@ -61,7 +57,6 @@ This component supports **output binding** with the following operations: - `create` - ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdb.md b/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdb.md index 111ecab83c0..813166f0265 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdb.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdb.md @@ -11,7 +11,6 @@ aliases: To setup Azure Cosmos DB binding create a component of type `bindings.azure.cosmosdb`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. - ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -31,8 +30,6 @@ spec: value: "Orders" - name: partitionKey value: "" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -48,13 +45,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `database` | Y | Output | The name of the Cosmos DB database | `"OrderDb"` | | `collection` | Y | Output | The name of the container inside the database. | `"Orders"` | | `partitionKey` | Y | Output | The name of the key to extract from the payload (document to be created) that is used as the partition key. This name must match the partition key specified upon creation of the Cosmos DB container. | `"OrderId"`, `"message"` | -| `direction` | N | Output | The direction of the binding. | `"output"` | For more information see [Azure Cosmos DB resource model](https://docs.microsoft.com/azure/cosmos-db/account-databases-containers-items). -### Azure Active Directory (Azure AD) authentication +### Microsoft Entra ID authentication -The Azure Cosmos DB binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Cosmos DB binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad). diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdbgremlinapi.md b/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdbgremlinapi.md index 505bc5ca6bc..47aa5b506ec 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdbgremlinapi.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/cosmosdbgremlinapi.md @@ -9,7 +9,6 @@ description: "Detailed documentation on the Azure Cosmos DB (Gremlin API) bindin To setup an Azure Cosmos DB (Gremlin API) binding create a component of type `bindings.azure.cosmosdb.gremlinapi`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. - ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -25,8 +24,6 @@ spec: value: "*****" - name: username value: "*****" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -40,7 +37,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `url` | Y | Output | The Cosmos DB url for Gremlin APIs | `"wss://******.gremlin.cosmos.azure.com:443/"` | | `masterKey` | Y | Output | The Cosmos DB account master key | `"masterKey"` | | `username` | Y | Output | The username of the Cosmos DB database | `"/dbs//colls/"` | -| `direction` | N | Output | The direction of the binding | `"output"` | For more information see [Quickstart: Azure Cosmos Graph DB using Gremlin](https://docs.microsoft.com/azure/cosmos-db/graph/create-graph-console). diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/dynamodb.md b/daprdocs/content/en/reference/components-reference/supported-bindings/dynamodb.md index 63654df5c87..348d15515c8 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/dynamodb.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/dynamodb.md @@ -32,8 +32,6 @@ spec: value: "*****************" - name: sessionToken value: "*****************" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -49,7 +47,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `accessKey` | Y | Output | The AWS Access Key to access this resource | `"key"` | | `secretKey` | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | | `sessionToken` | N | Output | The AWS session token to use | `"sessionToken"` | -| `direction` | N | Output | The direction of the binding | `"output"` | {{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using. diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/eventgrid.md b/daprdocs/content/en/reference/components-reference/supported-bindings/eventgrid.md index 6288baee4b7..9e66107b591 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/eventgrid.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/eventgrid.md @@ -90,9 +90,9 @@ This component supports **output binding** with the following operations: - `create`: publishes a message on the Event Grid topic -## Azure AD credentials +## Microsoft Entra ID credentials -The Azure Event Grid binding requires an Azure AD application and service principal for two reasons: +The Azure Event Grid binding requires an Microsoft Entra ID application and service principal for two reasons: - Creating an [event subscription](https://docs.microsoft.com/azure/event-grid/concepts#event-subscriptions) when Dapr is started (and updating it if the Dapr configuration changes) - Authenticating messages delivered by Event Hubs to your application. @@ -106,7 +106,7 @@ Requirements: - [Microsoft.Graph module for PowerShell](https://learn.microsoft.com/powershell/microsoftgraph/installation) for PowerShell installed: `Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force` -For the first purpose, you will need to [create an Azure Service Principal](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). After creating it, take note of the Azure AD application's **clientID** (a UUID), and run the following script with the Azure CLI: +For the first purpose, you will need to [create an Azure Service Principal](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). After creating it, take note of the Microsoft Entra ID application's **clientID** (a UUID), and run the following script with the Azure CLI: ```bash # Set the client ID of the app you created @@ -140,7 +140,7 @@ Connect-MgGraph -Scopes "Application.Read.All","Application.ReadWrite.All" ./setup-eventgrid-sp.ps1 $clientId ``` -> Note: if your directory does not have a Service Principal for the application "Microsoft.EventGrid", you may need to run the command `Connect-MgGraph` and sign in as an admin for the Azure AD tenant (this is related to permissions on the Azure AD directory, and not the Azure subscription). Otherwise, please ask your tenant's admin to sign in and run this PowerShell command: `New-MgServicePrincipal -AppId "4962773b-9cdb-44cf-a8bf-237846a00ab7"` (the UUID is a constant) +> Note: if your directory does not have a Service Principal for the application "Microsoft.EventGrid", you may need to run the command `Connect-MgGraph` and sign in as an admin for the Microsoft Entra ID tenant (this is related to permissions on the Microsoft Entra ID directory, and not the Azure subscription). Otherwise, please ask your tenant's admin to sign in and run this PowerShell command: `New-MgServicePrincipal -AppId "4962773b-9cdb-44cf-a8bf-237846a00ab7"` (the UUID is a constant) ### Testing locally diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/eventhubs.md b/daprdocs/content/en/reference/components-reference/supported-bindings/eventhubs.md index a4dc7701369..ee005b4dda4 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/eventhubs.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/eventhubs.md @@ -28,10 +28,10 @@ spec: - name: consumerGroup value: "myapp" # Either connectionString or eventHubNamespace is required - # Use connectionString when *not* using Azure AD + # Use connectionString when *not* using Microsoft Entra ID - name: connectionString value: "Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}" - # Use eventHubNamespace when using Azure AD + # Use eventHubNamespace when using Microsoft Entra ID - name: eventHubNamespace value: "namespace" - name: enableEntityManagement @@ -68,9 +68,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Binding support | Details | Example | |--------------------|:--------:|------------|-----|---------| -| `eventHub` | Y* | Input/Output | The name of the Event Hubs hub ("topic"). Required if using Azure AD authentication or if the connection string doesn't contain an `EntityPath` value | `mytopic` | -| `connectionString` | Y* | Input/Output | Connection string for the Event Hub or the Event Hub namespace.
* Mutally exclusive with `eventHubNamespace` field.
* Required when not using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"` -| `eventHubNamespace` | Y* | Input/Output | The Event Hub Namespace name.
* Mutally exclusive with `connectionString` field.
* Required when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"` +| `eventHub` | Y* | Input/Output | The name of the Event Hubs hub ("topic"). Required if using Microsoft Entra ID authentication or if the connection string doesn't contain an `EntityPath` value | `mytopic` | +| `connectionString` | Y* | Input/Output | Connection string for the Event Hub or the Event Hub namespace.
* Mutally exclusive with `eventHubNamespace` field.
* Required when not using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"` +| `eventHubNamespace` | Y* | Input/Output | The Event Hub Namespace name.
* Mutally exclusive with `connectionString` field.
* Required when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"` | `enableEntityManagement` | N | Input/Output | Boolean value to allow management of the EventHub namespace and storage account. Default: `false` | `"true", "false"` | `resourceGroupName` | N | Input/Output | Name of the resource group the Event Hub namespace is part of. Required when entity management is enabled | `"test-rg"` | `subscriptionID` | N | Input/Output | Azure subscription ID value. Required when entity management is enabled | `"azure subscription id"` @@ -78,14 +78,14 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `messageRetentionInDays` | N | Input/Output | Number of days to retain messages for in the newly created Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"90"` | `consumerGroup` | Y | Input | The name of the [Event Hubs Consumer Group](https://docs.microsoft.com/azure/event-hubs/event-hubs-features#consumer-groups) to listen on | `"group1"` | | `storageAccountName` | Y | Input | Storage account name to use for the checkpoint store. |`"myeventhubstorage"` -| `storageAccountKey` | Y* | Input | Storage account key for the checkpoint store account.
* When using Azure AD, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"` +| `storageAccountKey` | Y* | Input | Storage account key for the checkpoint store account.
* When using Microsoft Entra ID, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"` | `storageConnectionString` | Y* | Input | Connection string for the checkpoint store, alternative to specifying `storageAccountKey` | `"DefaultEndpointsProtocol=https;AccountName=myeventhubstorage;AccountKey="` | `storageContainerName` | Y | Input | Storage container name for the storage account name. | `"myeventhubstoragecontainer"` | `direction` | N | Input/Output | The direction of the binding. | `"input"`, `"output"`, `"input, output"` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Event Hubs pub/sub component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Event Hubs pub/sub component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md index c4097a525c6..f2d14d320b3 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md @@ -47,8 +47,6 @@ spec: value: "" - name: encodeBase64 value: "" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -72,7 +70,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `client_x509_cert_url` | Y | Output | GCP credentials project x509 cert url | `https://www.googleapis.com/robot/v1/metadata/x509/.iam.gserviceaccount.com` | `decodeBase64` | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | | `encodeBase64` | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | -| `direction` | N | Output | The direction of the binding. | `"output"` ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/graghql.md b/daprdocs/content/en/reference/components-reference/supported-bindings/graghql.md index 06ed28b0ae2..ee13e035470 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/graghql.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/graghql.md @@ -27,8 +27,6 @@ spec: value: "adminkey" - name: header:Cache-Control value: "no-cache" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -42,7 +40,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `endpoint` | Y | Output | GraphQL endpoint string See [here](#url-format) for more details | `"http://localhost:4000/graphql/graphql"` | | `header:[HEADERKEY]` | N | Output | GraphQL header. Specify the header key in the `name`, and the header value in the `value`. | `"no-cache"` (see above) | | `variable:[VARIABLEKEY]` | N | Output | GraphQL query variable. Specify the variable name in the `name`, and the variable value in the `value`. | `"123"` (see below) | -| `direction` | N | Output | The direction of the binding | `"output"` | ### Endpoint and Header format diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/http.md b/daprdocs/content/en/reference/components-reference/supported-bindings/http.md index a724e30b93a..7f5f2972968 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/http.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/http.md @@ -40,8 +40,6 @@ spec: # key: "mytoken" #- name: securityTokenHeader # value: "Authorization: Bearer" # OPTIONAL
- #- name: direction - # value: "output" ``` ## Spec metadata fields @@ -56,7 +54,6 @@ spec: | `MTLSRenegotiation` | N | Output | Type of mTLS renegotiation to be used | `RenegotiateOnceAsClient` | `securityToken` | N | Output | The value of a token to be added to a HTTP request as a header. Used together with `securityTokenHeader` | | `securityTokenHeader` | N | Output | The name of the header for `securityToken` on a HTTP request | -| `direction` | N | Output |The direction of the binding | `"output"` ### How to configure mTLS-related fields in metadata diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/huawei-obs.md b/daprdocs/content/en/reference/components-reference/supported-bindings/huawei-obs.md index 5c4e063f7a8..41212384c0b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/huawei-obs.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/huawei-obs.md @@ -30,8 +30,6 @@ spec: # optional fields - name: region value: "" - - name: direction - value: "" ``` {{% alert title="Warning" color="warning" %}} @@ -47,7 +45,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `accessKey` | Y | Output | The Huawei Access Key (AK) to access this resource | `"************"` | | `secretKey` | Y | Output | The Huawei Secret Key (SK) to access this resource | `"************"` | | `region` | N | Output | The specific Huawei region of the bucket | `"cn-north-4"` | -| `direction` | N | Output | The direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/influxdb.md b/daprdocs/content/en/reference/components-reference/supported-bindings/influxdb.md index f6fa6e45d47..13d355be930 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/influxdb.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/influxdb.md @@ -29,8 +29,6 @@ spec: value: "" - name: bucket # Required value: "" - - name: direction - value: "" ``` {{% alert title="Warning" color="warning" %}} @@ -45,7 +43,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `token` | Y | Output | The authorization token for InfluxDB | `"mytoken"` | | `org` | Y | Output | The InfluxDB organization | `"myorg"` | | `bucket` | Y | Output | Bucket name to write to | `"mybucket"` | -| `direction` | N | Output | Direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md b/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md index 7029b546bd8..43f030799ce 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/kafka.md @@ -46,7 +46,7 @@ spec: - name: maxMessageBytes # Optional. value: "1024" - name: version # Optional. - value: "1.0.0" + value: "2.0.0" - name: direction value: "input, output" ``` diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/kitex.md b/daprdocs/content/en/reference/components-reference/supported-bindings/kitex.md index ec4a19c1fb6..0c674f6bf4a 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/kitex.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/kitex.md @@ -34,13 +34,12 @@ spec: value: "echo" - name: version value: "0.5.0" - - name: direction - value: "output" ``` ## Spec metadata fields The `InvokeRequest.Metadata` for `bindings.kitex` requires the client to fill in four required items when making a call: + - `hostPorts` - `destService` - `methodName` @@ -52,8 +51,6 @@ The `InvokeRequest.Metadata` for `bindings.kitex` requires the client to fill in | `destService` | Y | Output | Service name of the Kitex server (Thrift) | `"echo"` | | `methodName` | Y | Output | Method name under a specific service name of the Kitex server (Thrift) | `"echo"` | | `version` | Y | Output | Kitex version | `"0.5.0"` | -| `direction` | N | Output | Direction of the binding | `"output"` | - ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/kubemq.md b/daprdocs/content/en/reference/components-reference/supported-bindings/kubemq.md index 5cf333ea213..e5112d2b29a 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/kubemq.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/kubemq.md @@ -51,7 +51,7 @@ This component supports both **input and output** binding interfaces. {{< tabs "Self-Hosted" "Kubernetes">}} {{% codetab %}} -1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key. +1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key). 2. Wait for an email confirmation with your Key You can run a KubeMQ broker with Docker: @@ -64,7 +64,7 @@ You can then interact with the server using the client port: `localhost:50000` {{% /codetab %}} {{% codetab %}} -1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key. +1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key). 2. Wait for an email confirmation with your Key Then Run the following kubectl commands: diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/localstorage.md b/daprdocs/content/en/reference/components-reference/supported-bindings/localstorage.md index 5290a69c357..233783ff27b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/localstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/localstorage.md @@ -23,16 +23,13 @@ spec: metadata: - name: rootPath value: "" - - name: direction - value: "" ``` ## Spec metadata fields | Field | Required | Binding support | Details | Example | |--------------------|:--------:|--------|---------|---------| -| `rootPath` | Y | Input / Output | The root path anchor to which files can be read / saved | `"/temp/files"` | -| `direction` | N | Input / Output | The direction of the binding | `"output"` | +| `rootPath` | Y | Output | The root path anchor to which files can be read / saved | `"/temp/files"` | ## Binding support @@ -265,6 +262,5 @@ By default the Local Storage output binding auto generates a UUID as the file na - [Basic schema for a Dapr component]({{< ref component-schema >}}) - [Bindings building block]({{< ref bindings >}}) -- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}}) - [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}}) - [Bindings API reference]({{< ref bindings_api.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/mysql.md b/daprdocs/content/en/reference/components-reference/supported-bindings/mysql.md index 3c44b53a84c..881e8eeb405 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/mysql.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/mysql.md @@ -36,8 +36,6 @@ spec: value: "" - name: connMaxIdleTime value: "" - - name: direction - value: "" ``` {{% alert title="Warning" color="warning" %}} @@ -54,8 +52,7 @@ Note that you can not use secret just for username/password. If you use secret, | `maxIdleConns` | N | Output | The max idle connections. Integer greater than 0 | `"10"` | | `maxOpenConns` | N | Output | The max open connections. Integer greater than 0 | `"10"` | | `connMaxLifetime` | N | Output | The max connection lifetime. Duration string | `"12s"` | -| `connMaxIdleTime` | N | Output | The max connection idel time. Duration string | `"12s"` | -| `direction` | N | Output | The direction of the binding | `"output"` | +| `connMaxIdleTime` | N | Output | The max connection idle time. Duration string | `"12s"` | ### SSL connection @@ -192,6 +189,5 @@ The `close` operation can be used to explicitly close the DB connection and retu - [Basic schema for a Dapr component]({{< ref component-schema >}}) - [Bindings building block]({{< ref bindings >}}) -- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}}) - [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}}) - [Bindings API reference]({{< ref bindings_api.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/openai.md b/daprdocs/content/en/reference/components-reference/supported-bindings/openai.md index f62950c04b6..34bbeb151fc 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/openai.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/openai.md @@ -36,14 +36,14 @@ The above example uses `apiKey` as a plain string. It is recommended to use a s | Field | Required | Binding support | Details | Example | |--------------------|:--------:|--------|---------|---------| | `endpoint` | Y | Output | Azure OpenAI service endpoint URL. | `"https://myopenai.openai.azure.com"` | -| `apiKey` | Y* | Output | The access key of the Azure OpenAI service. Only required when not using Azure AD authentication. | `"1234567890abcdef"` | +| `apiKey` | Y* | Output | The access key of the Azure OpenAI service. Only required when not using Microsoft Entra ID authentication. | `"1234567890abcdef"` | | `azureTenantId` | Y* | Input | The tenant ID of the Azure OpenAI resource. Only required when `apiKey` is not provided. | `"tenentID"` | | `azureClientId` | Y* | Input | The client ID that should be used by the binding to create or update the Azure OpenAI Subscription and to authenticate incoming messages. Only required when `apiKey` is not provided.| `"clientId"` | | `azureClientSecret` | Y* | Input | The client secret that should be used by the binding to create or update the Azure OpenAI Subscription and to authenticate incoming messages. Only required when `apiKey` is not provided. | `"clientSecret"` | -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure OpenAI binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure OpenAI binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). #### Example Configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/postgresql.md b/daprdocs/content/en/reference/components-reference/supported-bindings/postgresql.md index cfaf92ad37c..235cebabaa2 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/postgresql.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/postgresql.md @@ -25,8 +25,6 @@ spec: # Connection string - name: connectionString value: "" - - name: direction - value: "" ``` {{% alert title="Warning" color="warning" %}} @@ -43,15 +41,15 @@ The following metadata options are **required** to authenticate using a PostgreS |--------|:--------:|---------|---------| | `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"` -### Authenticate using Azure AD +### Authenticate using Microsoft Entra ID -Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. +Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. | Field | Required | Details | Example | |--------|:--------:|---------|---------| -| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` | -| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | -| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` | +| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` | +| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | +| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` | | `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` | | `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` | diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/postmark.md b/daprdocs/content/en/reference/components-reference/supported-bindings/postmark.md index 03edb8db2ab..2dac3847b16 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/postmark.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/postmark.md @@ -30,8 +30,6 @@ spec: value: "dave@dapr.io" # optional - name: subject value: "Hello!" # optional - - name: direction - value: "output" # optional ``` {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). @@ -48,7 +46,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `emailCc` | N | Output | If set this specifies the 'cc' email address of the email message | `"me@example.com"` | | `emailBcc` | N | Output | If set this specifies the 'bcc' email address of the email message | `"me@example.com"` | | `subject` | N | Output | If set this specifies the subject of the email message | `"me@example.com"` | -| `direction` | N | Output | The direction of the binding | `"output"` | You can specify any of the optional metadata properties on the output binding request too (e.g. `emailFrom`, `emailTo`, `subject`, etc.) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md b/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md index 4b966a75e03..e147d101c27 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/redis.md @@ -11,7 +11,6 @@ aliases: To setup Redis binding create a component of type `bindings.redis`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. - ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -27,8 +26,6 @@ spec: value: "**************" - name: enableTLS value: "" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -61,7 +58,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `minIdleConns` | N | Output | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"` | `idleCheckFrequency` | N | Output | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"` | `idleTimeout` | N | Output | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"` -| `direction` | N | Output | Direction of the binding. | `"output"` ## Binding support @@ -226,6 +222,5 @@ The Dapr CLI automatically deploys a local redis instance in self hosted mode as - [Basic schema for a Dapr component]({{< ref component-schema >}}) - [Bindings building block]({{< ref bindings >}}) -- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}}) - [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}}) - [Bindings API reference]({{< ref bindings_api.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md index 1c01459c3ba..7e7b93a8ecd 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md @@ -44,8 +44,6 @@ spec: value: "" - name: insecureSSL value: "" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -67,7 +65,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `encodeBase64` | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `"true"` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `"false"` | `"true"`, `"false"` | | `disableSSL` | N | Output | Allows to connect to non `https://` endpoints. Defaults to `"false"` | `"true"`, `"false"` | | `insecureSSL` | N | Output | When connecting to `https://` endpoints, accepts invalid or self-signed certificates. Defaults to `"false"` | `"true"`, `"false"` | -| `direction` | N | Output | The direction of the binding | `"output"` | {{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using. diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/sendgrid.md b/daprdocs/content/en/reference/components-reference/supported-bindings/sendgrid.md index 64014018725..3c18f0fe395 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/sendgrid.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/sendgrid.md @@ -41,8 +41,6 @@ spec: value: '{"customer":{"name":"John Smith"}}' # optional - name: apiKey value: "YOUR_API_KEY" # required, this is your SendGrid key - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -61,7 +59,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `emailCc` | N | Output | If set this specifies the 'cc' email address of the email message. Only a single email address is allowed. Optional field, see [below](#example-request-payload) | `"me@example.com"` | | `emailBcc` | N | Output | If set this specifies the 'bcc' email address of the email message. Only a single email address is allowed. Optional field, see [below](#example-request-payload) | `"me@example.com"` | | `subject` | N | Output | If set this specifies the subject of the email message. Optional field, see [below](#example-request-payload) | `"subject of the email"` | -| `direction` | N | Output | The direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md b/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md index e2c74a4ba4b..c836626edd6 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md @@ -67,10 +67,10 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Binding support | Details | Example | |--------------------|:--------:|-----------------|----------|---------| -| `connectionString` | Y | Input/Output | The Service Bus connection string. Required unless using Azure AD authentication. | `"Endpoint=sb://************"` | +| `connectionString` | Y | Input/Output | The Service Bus connection string. Required unless using Microsoft Entra ID authentication. | `"Endpoint=sb://************"` | | `queueName` | Y | Input/Output | The Service Bus queue name. Queue names are case-insensitive and will always be forced to lowercase. | `"queuename"` | | `timeoutInSec` | N | Input/Output | Timeout for all invocations to the Azure Service Bus endpoint, in seconds. *Note that this option impacts network calls and it's unrelated to the TTL applies to messages*. Default: `"60"` | `"60"` | -| `namespaceName`| N | Input/Output | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` | +| `namespaceName`| N | Input/Output | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` | | `disableEntityManagement` | N | Input/Output | When set to true, queues and subscriptions do not get created automatically. Default: `"false"` | `"true"`, `"false"` | `lockDurationInSec` | N | Input/Output | Defines the length in seconds that a message will be locked for before expiring. Used during subscription creation only. Default set by server. | `"30"` | `autoDeleteOnIdleInSec` | N | Input/Output | Time in seconds to wait before auto deleting idle subscriptions. Used during subscription creation only. Default: `"0"` (disabled) | `"3600"` @@ -90,9 +90,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `publishInitialRetryIntervalInMs` | N | Output | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `"500"` | `"500"` | `direction` | N | Input/Output | The direction of the binding | `"input"`, `"output"`, `"input, output"` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Service Bus Queues binding component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Service Bus Queues binding component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). #### Example Configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md index 7f63892fb41..696dd01b820 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/ses.md @@ -40,8 +40,6 @@ spec: value: "bcc@example.com" - name: subject value: "subject" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -61,7 +59,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `emailCc` | N | Output | If set, this specifies the email address to CC in. See [also](#example-request) | `"me@example.com"` | | `emailBcc` | N | Output | If set, this specifies email address to BCC in. See [also](#example-request) | `"me@example.com"` | | `subject` | N | Output | If set, this specifies the subject of the email message. See [also](#example-request) | `"subject of mail"` | -| `direction` | N | Output | The direction of the binding | `"output"` | {{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using. diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/signalr.md b/daprdocs/content/en/reference/components-reference/supported-bindings/signalr.md index 2da23916d5d..ea29d744a0d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/signalr.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/signalr.md @@ -25,8 +25,6 @@ spec: value: "Endpoint=https://.service.signalr.net;AccessKey=;Version=1.0;" - name: hub # Optional value: "" - - name: direction - value: "" ``` {{% alert title="Warning" color="warning" %}} @@ -39,15 +37,14 @@ The above example uses secrets as plain strings. It is recommended to use a secr |--------------------|:--------:|------------|-----|---------| | `connectionString` | Y | Output | The Azure SignalR connection string | `"Endpoint=https://.service.signalr.net;AccessKey=;Version=1.0;"` | | `hub` | N | Output | Defines the hub in which the message will be send. The hub can be dynamically defined as a metadata value when publishing to an output binding (key is "hub") | `"myhub"` | -| `endpoint` | N | Output | Endpoint of Azure SignalR; required if not included in the `connectionString` or if using Azure AD | `"https://.service.signalr.net"` +| `endpoint` | N | Output | Endpoint of Azure SignalR; required if not included in the `connectionString` or if using Microsoft Entra ID | `"https://.service.signalr.net"` | `accessKey` | N | Output | Access key | `"your-access-key"` -| `direction` | N | Output | The direction of the binding | `"output"` -### Azure Active Directory (Azure AD) authentication +### Microsoft Entra ID authentication -The Azure SignalR binding component supports authentication using all Azure Active Directory mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Azure AD authentication mechanism. +The Azure SignalR binding component supports authentication using all Microsoft Entra ID mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Microsoft Entra ID authentication mechanism. -You have two options to authenticate this component with Azure AD: +You have two options to authenticate this component with Microsoft Entra ID: - Pass individual metadata keys: - `endpoint` for the endpoint @@ -55,7 +52,7 @@ You have two options to authenticate this component with Azure AD: - Pass a connection string with `AuthType=aad` specified: - System-assigned managed identity: `Endpoint=https://.service.signalr.net;AuthType=aad;Version=1.0;` - User-assigned managed identity: `Endpoint=https://.service.signalr.net;AuthType=aad;ClientId=;Version=1.0;` - - Azure AD application: `Endpoint=https://.service.signalr.net;AuthType=aad;ClientId=;ClientSecret=;TenantId=;Version=1.0;` + - Microsoft Entra ID application: `Endpoint=https://.service.signalr.net;AuthType=aad;ClientId=;ClientSecret=;TenantId=;Version=1.0;` Note that you cannot use a connection string if your application's ClientSecret contains a `;` character. ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/smtp.md b/daprdocs/content/en/reference/components-reference/supported-bindings/smtp.md index 67af19ba455..54879886c6d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/smtp.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/smtp.md @@ -43,8 +43,6 @@ spec: value: "subject" - name: priority value: "[value 1-5]" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -66,7 +64,6 @@ The example configuration shown above, contain a username and password as plain- | `emailBcc` | N | Output | If set, this specifies email address to BCC in. See [also](#example-request) | `"me@example.com"` | | `subject` | N | Output | If set, this specifies the subject of the email message. See [also](#example-request) | `"subject of mail"` | | `priority` | N | Output | If set, this specifies the priority (X-Priority) of the email message, from 1 (lowest) to 5 (highest) (default value: 3). See [also](#example-request) | `"1"` | -| `direction` | N | Output | The direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/sns.md b/daprdocs/content/en/reference/components-reference/supported-bindings/sns.md index dd6d704fbd2..6e2500aa6d4 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/sns.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/sns.md @@ -32,8 +32,6 @@ spec: value: "*****************" - name: sessionToken value: "*****************" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} @@ -49,7 +47,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `accessKey` | Y | Output | The AWS Access Key to access this resource | `"key"` | | `secretKey` | Y | Output | The AWS Secret Access Key to access this resource | `"secretAccessKey"` | | `sessionToken` | N | Output | The AWS session token to use | `"sessionToken"` | -| `direction` | N | Output | The direction of the binding | `"output"` | {{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using. diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md b/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md index e29e29932b7..6562364a38b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/storagequeues.md @@ -52,7 +52,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Binding support | Details | Example | |--------------------|:--------:|------------|-----|---------| | `accountName` | Y | Input/Output | The name of the Azure Storage account | `"account1"` | -| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Azure AD authentication. | `"access-key"` | +| `accountKey` | Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Microsoft Entra ID authentication. | `"access-key"` | | `queueName` | Y | Input/Output | The name of the Azure Storage queue | `"myqueue"` | | `pollingInterval` | N | Output | Set the interval to poll Azure Storage Queues for new messages, as a Go duration value. Default: `"10s"` | `"30s"` | | `ttlInSeconds` | N | Output | Parameter to set the default message time to live. If this parameter is omitted, messages will expire after 10 minutes. See [also](#specifying-a-ttl-per-message) | `"60"` | @@ -62,9 +62,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `visibilityTimeout` | N | Input | Allows setting a custom queue visibility timeout to avoid immediate retrying of recently failed messages. Defaults to 30 seconds. | `"100s"` | | `direction` | N | Input/Output | Direction of the binding. | `"input"`, `"output"`, `"input, output"` | -### Azure Active Directory (Azure AD) authentication +### Microsoft Entra ID authentication -The Azure Storage Queue binding component supports authentication using all Azure Active Directory mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Azure AD authentication mechanism. +The Azure Storage Queue binding component supports authentication using all Microsoft Entra ID mechanisms. See the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}) to learn more about the relevant component metadata fields based on your choice of Microsoft Entra ID authentication mechanism. ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/twilio.md b/daprdocs/content/en/reference/components-reference/supported-bindings/twilio.md index de30015c945..96c552e82ab 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/twilio.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/twilio.md @@ -11,8 +11,6 @@ aliases: To setup Twilio SMS binding create a component of type `bindings.twilio.sms`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}}) on how to create and apply a binding configuration. - - ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -30,8 +28,6 @@ spec: value: "*****************" - name: authToken # required. value: "*****************" - - name: direction - value: "output" ``` {{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). @@ -45,7 +41,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `fromNumber` | Y | Output | The sender phone number | `"222-222-2222"` | | `accountSid` | Y | Output | The Twilio account SID | `"account sid"` | | `authToken` | Y | Output | The Twilio auth token | `"auth token"` | -| `direction` | N | Output | The direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md b/daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md index 4f1fd1bb63d..c2fb5468be5 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md @@ -71,18 +71,15 @@ spec: type: bindings.wasm version: v1 metadata: - - name: url - value: "file://uppercase.wasm" - - name: direction - value: "output" + - name: url + value: "file://uppercase.wasm" ``` ## Spec metadata fields | Field | Details | Required | Example | |-------|----------------------------------------------------------------|----------|----------------| -| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` | -| `direction` | The direction of the binding | false | `"output"` | +| `url` | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-command.md b/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-command.md index 6ea57ee1dff..780bfaebefe 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-command.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-command.md @@ -28,8 +28,6 @@ spec: value: "true" - name: caCertificatePath value: "/path/to/ca-cert" - - name: direction - value: "output" ``` ## Spec metadata fields @@ -40,7 +38,6 @@ spec: | `gatewayKeepAlive` | N | Output | Sets how often keep alive messages should be sent to the gateway. Defaults to 45 seconds | `"45s"` | | `usePlainTextConnection` | N | Output | Whether to use a plain text connection or not | `"true"`, `"false"` | | `caCertificatePath` | N | Output | The path to the CA cert | `"/path/to/ca-cert"` | -| `direction` | N | Output | The direction of the binding | `"output"` | ## Binding support diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-jobworker.md b/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-jobworker.md index b84188090c4..7b2fba07d7f 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-jobworker.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/zeebe-jobworker.md @@ -47,10 +47,10 @@ spec: - name: fetchVariables value: "productId, productName, productKey" - name: autocomplete - value: "true" + value: "true" - name: retryBackOff - value: "30s" - - name: direction + value: "30s" + - name: direction value: "input" ``` diff --git a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md index 6ba16586462..c9f26f2a26c 100644 --- a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md @@ -52,8 +52,8 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Details | Example | |----------------------------|:--------:|---------|---------| -| connectionString | Y* | Connection String for the Azure App Configuration instance. No Default. Can be `secretKeyRef` to use a secret reference. *Mutally exclusive with host field. *Not to be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used | `Endpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000` -| host | N* | Endpoint for the Azure App Configuration instance. No Default. *Mutally exclusive with connectionString field. *To be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used | `https://dapr.azconfig.io` +| connectionString | Y* | Connection String for the Azure App Configuration instance. No Default. Can be `secretKeyRef` to use a secret reference. *Mutally exclusive with host field. *Not to be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/azure-authentication/authenticating-azure/) is used | `Endpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000` +| host | N* | Endpoint for the Azure App Configuration instance. No Default. *Mutally exclusive with connectionString field. *To be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/azure-authentication/authenticating-azure/) is used | `https://dapr.azconfig.io` | maxRetries | N | Maximum number of retries before giving up. Defaults to `3` | `5`, `10` | retryDelay | N | RetryDelay specifies the initial amount of delay to use before retrying an operation. The delay increases exponentially with each retry up to the maximum specified by MaxRetryDelay. Defaults to `4` seconds; `"-1"` disables delay between retries. | `4s` | maxRetryDelay | N | MaxRetryDelay specifies the maximum delay allowed before retrying an operation. Typically the value is greater than or equal to the value specified in RetryDelay. Defaults to `120` seconds; `"-1"` disables the limit | `120s` @@ -65,11 +65,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr Access an App Configuration instance using its connection string, which is available in the Azure portal. Since connection strings contain credential information, you should treat them as secrets and [use a secret store]({{< ref component-secrets.md >}}). -## Authenticating with Azure AD +## Authenticating with Microsoft Entra ID -The Azure App Configuration configuration store component also supports authentication with Azure AD. Before you enable this component: +The Azure App Configuration configuration store component also supports authentication with Microsoft Entra ID. Before you enable this component: - Read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. -- Create an Azure AD application (also called Service Principal). +- Create an Microsoft Entra ID application (also called Service Principal). - Alternatively, create a managed identity for your application platform. ## Set up Azure App Configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/postgresql-configuration-store.md b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/postgresql-configuration-store.md index 15fa476ae00..a846b6a2344 100644 --- a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/postgresql-configuration-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/postgresql-configuration-store.md @@ -67,15 +67,15 @@ The following metadata options are **required** to authenticate using a PostgreS |--------|:--------:|---------|---------| | `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"` -### Authenticate using Azure AD +### Authenticate using Microsoft Entra ID -Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. +Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. | Field | Required | Details | Example | |--------|:--------:|---------|---------| -| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` | -| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | -| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` | +| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` | +| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | +| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` | | `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` | | `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` | @@ -112,7 +112,7 @@ Authenticating with Azure AD is supported with Azure Database for PostgreSQL. Al 3. Create a TRIGGER on configuration table. An example function to create a TRIGGER is as follows: ```sh - CREATE OR REPLACE FUNCTION configuration_event() RETURNS TRIGGER AS $$ + CREATE OR REPLACE FUNCTION notify_event() RETURNS TRIGGER AS $$ DECLARE data json; notification json; diff --git a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md index d4649c19502..205cc98ad70 100644 --- a/daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md @@ -10,6 +10,7 @@ aliases: ## Component format To setup Redis configuration store create a component of type `configuration.redis`. See [this guide]({{< ref "howto-manage-configuration.md#configure-a-dapr-configuration-store" >}}) on how to create and apply a configuration store configuration. + ```yaml apiVersion: dapr.io/v1alpha1 kind: Component diff --git a/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md b/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md index 6ec9ba6a456..18f650a07b5 100644 --- a/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md +++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md @@ -32,12 +32,12 @@ spec: The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}). {{% /alert %}} -## Authenticating with Azure AD +## Authenticating with Microsoft Entra ID -The Azure Key Vault cryptography component supports authentication with Azure AD only. Before you enable this component: +The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component: 1. Read the [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) document. -1. Create an [Azure AD application]({{< ref "howto-aad.md" >}}) (also called a Service Principal). +1. Create an [Microsoft Entra ID application]({{< ref "howto-aad.md" >}}) (also called a Service Principal). 1. Alternatively, create a [managed identity]({{< ref "howto-mi.md" >}}) for your application platform. ## Spec metadata fields diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md index a075548854f..d47c769a93b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md @@ -42,7 +42,7 @@ spec: Common values for `issuer` include: - Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application -- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID +- Microsoft Entra ID: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID - Google: `https://accounts.google.com` - Salesforce (Force.com): `https://login.salesforce.com` diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md index 62bf7692277..a4e6a47bbde 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md @@ -31,7 +31,7 @@ spec: value: 403 # `readBody` controls whether the middleware reads the entire request body in-memory and make it - # availble for policy decisions. + # available for policy decisions. - name: readBody value: "false" diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md index d83bda22fb2..e1167ad0299 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md @@ -51,7 +51,7 @@ How to compile this is described later. | Field | Details | Required | Example | |-------|----------------------------------------------------------------|----------|----------------| | url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` | -| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `enviroment=production`,`{"environment":"production"}` | +| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `environment=production`,`{"environment":"production"}` | ## Dapr configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md index 431a7bc5406..05ff835208e 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md @@ -46,7 +46,7 @@ spec: - name: consumeRetryInterval # Optional. value: 200ms - name: version # Optional. - value: 0.10.2.0 + value: 2.0.0 - name: disableTls # Optional. Disable TLS. This is not safe for production!! You should read the `Mutual TLS` section for how to use TLS. value: "true" ``` diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-aws-snssqs.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-aws-snssqs.md index 61b68290196..aa9e65e3723 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-aws-snssqs.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-aws-snssqs.md @@ -9,15 +9,16 @@ aliases: ## Component format -To set up AWS SNS/SQS pub/sub, create a component of type `pubsub.aws.snssqs`. +To set up AWS SNS/SQS pub/sub, create a component of type `pubsub.aws.snssqs`. By default, the AWS SNS/SQS component: + - Generates the SNS topics - Provisions the SQS queues - Configures a subscription of the queues to the topics {{% alert title="Note" color="primary" %}} -If you only have a publisher and no subscriber, only the SNS topics are created. +If you only have a publisher and no subscriber, only the SNS topics are created. However, if you have a subscriber, SNS, SQS, and the dynamic or static subscription thereof are generated. {{% /alert %}} @@ -83,7 +84,7 @@ The above example uses secrets as plain strings. It is recommended to use [a sec | secretKey | Y | Secret for the AWS user/role. If using an `AssumeRole` access, you will also need to provide a `sessionToken` |`"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"` | region | Y | The AWS region where the SNS/SQS assets are located or be created in. See [this page](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/?p=ugi&l=na) for valid regions. Ensure that SNS and SQS are available in that region | `"us-east-1"` | consumerID | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. See the [pub/sub broker component file]({{< ref setup-pubsub.md >}}) to learn how ConsumerID is automatically generated. | `"channel1"` -| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unncessary when running against production AWS | `"http://localhost:4566"` +| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unnecessary when running against production AWS | `"http://localhost:4566"` | sessionToken | N | AWS session token to use. A session token is only required if you are using temporary security credentials | `"TOKEN"` | messageReceiveLimit | N | Number of times a message is received, after processing of that message fails, that once reached, results in removing of that message from the queue. If `sqsDeadLettersQueueName` is specified, `messageReceiveLimit` is the number of times a message is received, after processing of that message fails, that once reached, results in moving of the message to the SQS dead-letters queue. Default: `10` | `10` | sqsDeadLettersQueueName | N | Name of the dead letters queue for this application | `"myapp-dlq"` @@ -133,6 +134,22 @@ When configuring the PubSub component with SQS dead-letter queues, the metadata When running the Dapr sidecar (`daprd`) with your application on EKS (AWS Kubernetes) node/pod already attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec. {{% /alert %}} +#### SNS/SQS Contention with Dapr + +Fundamentally, SNS aggregates messages from multiple publisher topics into a single SQS queue by creating SQS subscriptions to those topics. As a subscriber, the SNS/SQS pub/sub component consumes messages from that sole SQS queue. + +However, like any SQS consumer, the component cannot selectively retrieve the messages published to the SNS topics to which it is specifically subscribed. This can result in the component receiving messages originating from topics without associated handlers. Typically, this occurs during: + +- **Component initialization:** If infrastructure subscriptions are ready before component subscription handlers, or +- **Shutdown:** If component handlers are removed before infrastructure subscriptions. + +Since this issue affects any SQS consumer of multiple SNS topics, the component cannot prevent consuming messages from topics lacking handlers. When this happens, the component logs an error indicating such messages were erroneously retrieved. + +In these situations, the unhandled messages would reappear in SQS with their [receive count](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html#sqs-receive-count) decremented after each pull. Thus, there is a risk that an unhandled message could exceed its `messageReceiveLimit` and be lost. + +{{% alert title="Important" color="warning" %}} +Consider potential contention scenarios when using SNS/SQS with Dapr, and configure `messageReceiveLimit` appropriately. It is highly recommended to use SQS dead-letter queues by setting `sqsDeadLettersQueueName` to prevent losing messages. +{{% /alert %}} ## Create an SNS/SQS instance diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md index 40d63bdfe75..215d93bf44e 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md @@ -23,10 +23,10 @@ spec: version: v1 metadata: # Either connectionString or eventHubNamespace is required - # Use connectionString when *not* using Azure AD + # Use connectionString when *not* using Microsoft Entra ID - name: connectionString value: "Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}" - # Use eventHubNamespace when using Azure AD + # Use eventHubNamespace when using Microsoft Entra ID - name: eventHubNamespace value: "namespace" - name: consumerID # Optional. If not supplied, the runtime will create one. @@ -62,11 +62,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| `connectionString` | Y* | Connection string for the Event Hub or the Event Hub namespace.
* Mutally exclusive with `eventHubNamespace` field.
* Required when not using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"` -| `eventHubNamespace` | Y* | The Event Hub Namespace name.
* Mutally exclusive with `connectionString` field.
* Required when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"` +| `connectionString` | Y* | Connection string for the Event Hub or the Event Hub namespace.
* Mutally exclusive with `eventHubNamespace` field.
* Required when not using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={EventHub}"` or `"Endpoint=sb://{EventHubNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key}"` +| `eventHubNamespace` | Y* | The Event Hub Namespace name.
* Mutally exclusive with `connectionString` field.
* Required when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) | `"namespace"` | `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. | `"channel1"` | `storageAccountName` | Y | Storage account name to use for the checkpoint store. |`"myeventhubstorage"` -| `storageAccountKey` | Y* | Storage account key for the checkpoint store account.
* When using Azure AD, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"` +| `storageAccountKey` | Y* | Storage account key for the checkpoint store account.
* When using Microsoft Entra ID, it's possible to omit this if the service principal has access to the storage account too. | `"112233445566778899"` | `storageConnectionString` | Y* | Connection string for the checkpoint store, alternative to specifying `storageAccountKey` | `"DefaultEndpointsProtocol=https;AccountName=myeventhubstorage;AccountKey="` | `storageContainerName` | Y | Storage container name for the storage account name. | `"myeventhubstoragecontainer"` | `enableEntityManagement` | N | Boolean value to allow management of the EventHub namespace and storage account. Default: `false` | `"true", "false"` @@ -75,9 +75,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `partitionCount` | N | Number of partitions for the new Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"2"` | `messageRetentionInDays` | N | Number of days to retain messages for in the newly created Event Hub namespace. Used only when entity management is enabled. Default: `"1"` | `"90"` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Event Hubs pub/sub component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Event Hubs pub/sub component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). #### Example Configuration @@ -110,7 +110,7 @@ spec: value: "1" - name: messageRetentionInDays # Checkpoint store attributes - # In this case, we're using Azure AD to access the storage account too + # In this case, we're using Microsoft Entra ID to access the storage account too - name: storageAccountName value: "myeventhubstorage" - name: storageContainerName @@ -191,7 +191,7 @@ When entity management is enabled in the metadata, as long as the application ha The Evet Hub name is the `topic` field in the incoming request to publish or subscribe to, while the consumer group name is the name of the Dapr app which subscribes to a given Event Hub. For example, a Dapr app running on Kubernetes with name `dapr.io/app-id: "myapp"` requires an Event Hubs consumer group named `myapp`. -Entity management is only possible when using [Azure AD Authentication]({{< ref "authenticating-azure.md" >}}) and not using a connection string. +Entity management is only possible when using [Microsoft Entra ID Authentication]({{< ref "authenticating-azure.md" >}}) and not using a connection string. > Dapr passes the name of the consumer group to the Event Hub, so this is not supplied in the metadata. diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md index e98df4814f3..57e3b92868d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md @@ -25,7 +25,7 @@ spec: type: pubsub.azure.servicebus.queues version: v1 metadata: - # Required when not using Azure AD Authentication + # Required when not using Microsoft Entra ID Authentication - name: connectionString value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}" # - name: consumerID # Optional @@ -70,9 +70,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Azure AD authentication. | See example above +| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Microsoft Entra ID authentication. | See example above | `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. | `"channel1"` -| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` | +| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` | | `timeoutInSec` | N | Timeout for sending messages and for management operations. Default: `60` |`30` | `handlerTimeoutInSec`| N | Timeout for invoking the app's handler. Default: `60` | `30` | `lockRenewalInSec` | N | Defines the frequency at which buffered message locks will be renewed. Default: `20`. | `20` @@ -89,9 +89,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `publishMaxRetries` | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5` | `publishInitialRetryIntervalInMs` | N | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `500` | `500` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Service Bus Queues pubsub component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Service Bus Queues pubsub component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). #### Example Configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md index 7d9ab5b1672..157f960da3e 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md @@ -26,7 +26,7 @@ spec: type: pubsub.azure.servicebus.topics version: v1 metadata: - # Required when not using Azure AD Authentication + # Required when not using Microsoft Entra ID Authentication - name: connectionString value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}" # - name: consumerID # Optional: defaults to the app's own ID @@ -73,8 +73,8 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Azure AD authentication. | See example above -| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Azure AD authentication. | `"namespace.servicebus.windows.net"` | +| `connectionString` | Y | Shared access policy connection string for the Service Bus. Required unless using Microsoft Entra ID authentication. | See example above +| `namespaceName`| N | Parameter to set the address of the Service Bus namespace, as a fully-qualified domain name. Required if using Microsoft Entra ID authentication. | `"namespace.servicebus.windows.net"` | | `consumerID` | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. (`appID`) value. | | `timeoutInSec` | N | Timeout for sending messages and for management operations. Default: `60` |`30` | `handlerTimeoutInSec`| N | Timeout for invoking the app's handler. Default: `60` | `30` @@ -92,9 +92,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `publishMaxRetries` | N | The max number of retries for when Azure Service Bus responds with "too busy" in order to throttle messages. Defaults: `5` | `5` | `publishInitialRetryIntervalInMs` | N | Time in milliseconds for the initial exponential backoff when Azure Service Bus throttle messages. Defaults: `500` | `500` -### Azure Active Directory (AAD) authentication +### Microsoft Entra ID authentication -The Azure Service Bus Topics pubsub component supports authentication using all Azure Active Directory mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Service Bus Topics pubsub component supports authentication using all Microsoft Entra ID mechanisms, including Managed Identities. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). #### Example Configuration diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-kubemq.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-kubemq.md index 28080ac150c..d6c22d5b552 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-kubemq.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-kubemq.md @@ -45,7 +45,7 @@ spec: {{< tabs "Self-Hosted" "Kubernetes">}} {{% codetab %}} -1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key. +1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key). 2. Wait for an email confirmation with your Key You can run a KubeMQ broker with Docker: @@ -58,7 +58,7 @@ You can then interact with the server using the client port: `localhost:50000` {{% /codetab %}} {{% codetab %}} -1. Obtain KubeMQ Key by visiting [https://account.kubemq.io/login/register](https://account.kubemq.io/login/register) and register for a key. +1. [Obtain KubeMQ Key](https://docs.kubemq.io/getting-started/quick-start#obtain-kubemq-license-key). 2. Wait for an email confirmation with your Key Then Run the following kubectl commands: diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md index 3a2f9d21972..6f997f2b32a 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-nats-streaming.md @@ -10,9 +10,9 @@ aliases: ## ⚠️ Deprecation notice {{% alert title="Warning" color="warning" %}} -This component is **deprecated** because the [NATS Streaming Server](hhttps://nats-io.gitbook.io/legacy-nats-docs/nats-streaming-server-aka-stan/developing-with-stan) was deprecated in June 2023 and no longer receives updates. Users are encouraged to switch to using [JetStream]({{< ref setup-jetstream >}} as an alternative. +This component is **deprecated** because the [NATS Streaming Server](https://nats-io.gitbook.io/legacy-nats-docs/nats-streaming-server-aka-stan/developing-with-stan) was deprecated in June 2023 and no longer receives updates. Users are encouraged to switch to using [JetStream]({{< ref setup-jetstream >}}) as an alternative. -This component will be **removed in the Dapr v1.13 release. +This component will be **removed in the Dapr v1.13 release**. {{% /alert %}} ## Component format diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 57286c1b3bd..b5860fe9941 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -36,11 +36,11 @@ spec: value : "[pfx_certificate_file_fully_qualified_local_path]" ``` -## Authenticating with Azure AD +## Authenticating with Microsoft Entra ID -The Azure Key Vault secret store component supports authentication with Azure AD only. Before you enable this component: +The Azure Key Vault secret store component supports authentication with Microsoft Entra ID only. Before you enable this component: 1. Read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. -1. Create an Azure AD application (also called Service Principal). +1. Create an Microsoft Entra ID application (also called Service Principal). 1. Alternatively, create a managed identity for your application platform. ## Spec metadata fields @@ -70,7 +70,7 @@ Query Parameter | Description - [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) - [jq](https://stedolan.github.io/jq/download/) - You are using bash or zsh shell -- You've created an Azure AD application (Service Principal) per the instructions in [Authenticating to Azure]({{< ref authenticating-azure.md >}}). You will need the following values: +- You've created an Microsoft Entra ID application (Service Principal) per the instructions in [Authenticating to Azure]({{< ref authenticating-azure.md >}}). You will need the following values: | Value | Description | | ----- | ----------- | @@ -113,7 +113,7 @@ Query Parameter | Description --location "${LOCATION}" ``` -1. Using RBAC, assign a role to the Azure AD application so it can access the Key Vault. +1. Using RBAC, assign a role to the Microsoft Entra ID application so it can access the Key Vault. In this case, assign the "Key Vault Secrets User" role, which has the "Get secrets" permission over Azure Key Vault. ```sh @@ -133,7 +133,7 @@ Other less restrictive roles, like "Key Vault Secrets Officer" and "Key Vault Ad #### Using a client secret -To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory. Use the following template, filling in [the Azure AD application you created]({{< ref authenticating-azure.md >}}): +To use a **client secret**, create a file called `azurekeyvault.yaml` in the components directory. Use the following template, filling in [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}): ```yaml apiVersion: dapr.io/v1alpha1 @@ -156,7 +156,7 @@ spec: #### Using a certificate -If you want to use a **certificate** saved on the local disk instead, use the following template. Fill in the details of [the Azure AD application you created]({{< ref authenticating-azure.md >}}): +If you want to use a **certificate** saved on the local disk instead, use the following template. Fill in the details of [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}): ```yaml apiVersion: dapr.io/v1alpha1 @@ -179,7 +179,7 @@ spec: {{% /codetab %}} {{% codetab %}} -In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. Before you start, you need the details of [the Azure AD application you created]({{< ref authenticating-azure.md >}}). +In Kubernetes, you store the client secret or the certificate into the Kubernetes Secret Store and then refer to those in the YAML file. Before you start, you need the details of [the Microsoft Entra ID application you created]({{< ref authenticating-azure.md >}}). #### Using a client secret @@ -298,11 +298,11 @@ In Kubernetes, you store the client secret or the certificate into the Kubernete kubectl apply -f azurekeyvault.yaml ``` 1. Create and assign a managed identity at the pod-level via either: - - [Azure AD workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) (preferred method) - - [Azure AD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#create-a-pod-identity) + - [Microsoft Entra ID workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) (preferred method) + - [Microsoft Entra ID pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#create-a-pod-identity) - **Important**: While both Azure AD pod identity and workload identity are in preview, currently Azure AD Workload Identity is planned for general availability (stable state). + **Important**: While both Microsoft Entra ID pod identity and workload identity are in preview, currently Microsoft Entra ID Workload Identity is planned for general availability (stable state). 1. After creating a workload identity, give it `read` permissions: - [On your desired KeyVault instance](https://docs.microsoft.com/azure/key-vault/general/assign-access-policy?tabs=azure-cli#assign-the-access-policy) @@ -319,11 +319,11 @@ In Kubernetes, you store the client secret or the certificate into the Kubernete aadpodidbinding: $POD_IDENTITY_NAME ``` -#### Using Azure managed identity directly vs. via Azure AD workload identity +#### Using Azure managed identity directly vs. via Microsoft Entra ID workload identity When using **managed identity directly**, you can have multiple identities associated with an app, requiring `azureClientId` to specify which identity should be used. -However, when using **managed identity via Azure AD workload identity**, `azureClientId` is not necessary and has no effect. The Azure identity to be used is inferred from the service account tied to an Azure identity via the Azure federated identity. +However, when using **managed identity via Microsoft Entra ID workload identity**, `azureClientId` is not necessary and has no effect. The Azure identity to be used is inferred from the service account tied to an Azure identity via the Azure federated identity. {{% /codetab %}} diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/envvar-secret-store.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/envvar-secret-store.md index b4e67318946..9ef8198aac0 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/envvar-secret-store.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/envvar-secret-store.md @@ -41,7 +41,7 @@ spec: For security reasons, this component cannot be used to access these environment variables: - `APP_API_TOKEN` -- Any variable whose name begines with the `DAPR_` prefix +- Any variable whose name begins with the `DAPR_` prefix ## Related Links - [Secrets building block]({{< ref secrets >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md index f4922097cb4..61846c3beff 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-blobstorage.md @@ -37,7 +37,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| | `accountName` | Y | The storage account name | `"mystorageaccount"`. -| `accountKey` | Y (unless using Azure AD) | Primary or secondary storage key | `"key"` +| `accountKey` | Y (unless using Microsoft Entra ID) | Primary or secondary storage key | `"key"` | `containerName` | Y | The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist | `"container"` | `azureEnvironment` | N | Optional name for the Azure environment if using a different Azure cloud | `"AZUREPUBLICCLOUD"` (default value), `"AZURECHINACLOUD"`, `"AZUREUSGOVERNMENTCLOUD"`, `"AZUREGERMANCLOUD"` | `endpoint` | N | Optional custom endpoint URL. This is useful when using the [Azurite emulator](https://github.com/Azure/azurite) or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (`http://` or `https://`), the IP or FQDN, and optional port. | `"http://127.0.0.1:10000"` @@ -60,9 +60,9 @@ In order to setup Azure Blob Storage as a state store, you will need the followi - **accountKey**: Primary or secondary storage account key. - **containerName**: The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist. -### Authenticating with Azure AD +### Authenticating with Microsoft Entra ID -This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is recommended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. +This component supports authentication with Microsoft Entra ID as an alternative to use account keys. Whenever possible, it is recommended that you use Microsoft Entra ID for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure. > The following scripts are optimized for a bash or zsh shell and require the following apps installed: > @@ -71,7 +71,7 @@ This component supports authentication with Azure AD as an alternative to use ac > > You must also be authenticated with Azure in your Azure CLI. -1. To get started with using Azure AD for authenticating the Blob Storage state store component, make sure you've created an Azure AD application and a Service Principal as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. +1. To get started with using Microsoft Entra ID for authenticating the Blob Storage state store component, make sure you've created an Microsoft Entra ID application and a Service Principal as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. Once done, set a variable with the ID of the Service Principal that you created: ```sh @@ -96,7 +96,7 @@ This component supports authentication with Azure AD as an alternative to use ac --scope "${RG_ID}/providers/Microsoft.Storage/storageAccounts/${STORAGE_ACCOUNT_NAME}" ``` -When authenticating your component using Azure AD, the `accountKey` field is not required. Instead, please specify the required credentials in the component's metadata (if any) according to the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. +When authenticating your component using Microsoft Entra ID, the `accountKey` field is not required. Instead, please specify the required credentials in the component's metadata (if any) according to the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document. For example: diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-cosmosdb.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-cosmosdb.md index a1f4f59b935..0d636a452d3 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-cosmosdb.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-cosmosdb.md @@ -46,14 +46,14 @@ If you wish to use Cosmos DB as an actor store, append the following to the yam | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| | url | Y | The Cosmos DB url | `"https://******.documents.azure.com:443/"`. -| masterKey | Y* | The key to authenticate to the Cosmos DB account. Only required when not using Azure AD authentication. | `"key"` +| masterKey | Y* | The key to authenticate to the Cosmos DB account. Only required when not using Microsoft Entra ID authentication. | `"key"` | database | Y | The name of the database | `"db"` | collection | Y | The name of the collection (container) | `"collection"` | actorStateStore | N | Consider this state store for actors. Defaults to `"false"` | `"true"`, `"false"` -### Azure Active Directory (Azure AD) authentication +### Microsoft Entra ID authentication -The Azure Cosmos DB state store component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Azure AD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Cosmos DB state store component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad). @@ -66,7 +66,7 @@ You can read additional information for setting up Cosmos DB with Azure AD aut In order to setup Cosmos DB as a state store, you need the following properties: - **URL**: the Cosmos DB url. for example: `https://******.documents.azure.com:443/` -- **Master Key**: The key to authenticate to the Cosmos DB account. Skip this if using Azure AD authentication. +- **Master Key**: The key to authenticate to the Cosmos DB account. Skip this if using Microsoft Entra ID authentication. - **Database**: The name of the database - **Collection**: The name of the collection (or container) @@ -136,9 +136,9 @@ curl -X POST http://localhost:3500/v1.0/state/ \ For **actor** state operations, the partition key is generated by Dapr using the `appId`, the actor type, and the actor id, such that data for the same actor always ends up under the same partition (you do not need to specify it). This is because actor state operations must use transactions, and in Cosmos DB the items in a transaction must be on the same partition. -## Setting up Cosmos DB for authenticating with Azure AD +## Setting up Cosmos DB for authenticating with Microsoft Entra ID -When using the Dapr Cosmos DB state store and authenticating with Azure AD, you need to perform a few additional steps to set up your environment. +When using the Dapr Cosmos DB state store and authenticating with Microsoft Entra ID, you need to perform a few additional steps to set up your environment. Prerequisites: @@ -147,7 +147,7 @@ Prerequisites: - [jq](https://stedolan.github.io/jq/download/) - The scripts below are optimized for a bash or zsh shell -### Granting your Azure AD application access to Cosmos DB +### Granting your Microsoft Entra ID application access to Cosmos DB > You can find more information on the [official documentation](https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac), including instructions to assign more granular permissions. diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-tablestorage.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-tablestorage.md index 64fa12c828c..5d8e8cfe672 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-tablestorage.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-azure-tablestorage.md @@ -45,11 +45,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `serviceURL` | N | The full storage service endpoint URL. Useful for Azure environments other than public cloud. | `"https://mystorageaccount.table.core.windows.net/"` | `skipCreateTable` | N | Skips the check for and, if necessary, creation of the specified storage table. This is useful when using active directory authentication with minimal privileges. Defaults to `false`. | `"true"` -### Azure Active Directory (Azure AD) authentication +### Microsoft Entra ID authentication -The Azure Cosmos DB state store component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Azure AD authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). +The Azure Cosmos DB state store component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{< ref authenticating-azure.md >}}). -You can read additional information for setting up Cosmos DB with Azure AD authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad). +You can read additional information for setting up Cosmos DB with Microsoft Entra ID authentication in the [section below](#setting-up-cosmos-db-for-authenticating-with-azure-ad). ## Option 1: Setup Azure Table Storage @@ -59,7 +59,7 @@ If you wish to create a table for Dapr to use, you can do so beforehand. However In order to setup Azure Table Storage as a state store, you will need the following properties: - **AccountName**: The storage account name. For example: **mystorageaccount**. -- **AccountKey**: Primary or secondary storage key. Skip this if using Azure AD authentication. +- **AccountKey**: Primary or secondary storage key. Skip this if using Microsoft Entra ID authentication. - **TableName**: The name of the table to be used for Dapr state. The table will be created for you if it doesn't exist, unless the `skipCreateTable` option is enabled. - **cosmosDbMode**: Set this to `false` to connect to Azure Tables. @@ -71,7 +71,7 @@ If you wish to create a table for Dapr to use, you can do so beforehand. However In order to setup Azure Cosmos DB Table API as a state store, you will need the following properties: - **AccountName**: The Cosmos DB account name. For example: **mycosmosaccount**. -- **AccountKey**: The Cosmos DB master key. Skip this if using Azure AD authentication. +- **AccountKey**: The Cosmos DB master key. Skip this if using Microsoft Entra ID authentication. - **TableName**: The name of the table to be used for Dapr state. The table will be created for you if it doesn't exist, unless the `skipCreateTable` option is enabled. - **cosmosDbMode**: Set this to `true` to connect to Azure Tables. diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-memcached.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-memcached.md index fab220a6618..2d00042c199 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-memcached.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-memcached.md @@ -25,7 +25,7 @@ spec: - name: maxIdleConnections value: # Optional. default: "2" - name: timeout - value: # Optional. default: "1000ms" + value: # Optional. default: "1000" ``` {{% alert title="Warning" color="warning" %}} @@ -38,7 +38,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr |--------------------|:--------:|---------|---------| | hosts | Y | Comma delimited endpoints | `"memcached.default.svc.cluster.local:11211"` | maxIdleConnections | N | The max number of idle connections. Defaults to `"2"` | `"3"` -| timeout | N | The timeout for the calls. Defaults to `"1000ms"` | `"1000ms"` +| timeout | N | The timeout for the calls in milliseconds. Defaults to `"1000"` | `"1000"` ## Setup Memcached diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-postgresql.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-postgresql.md index 0d5c682422e..5035d8fae03 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-postgresql.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-postgresql.md @@ -61,15 +61,15 @@ The following metadata options are **required** to authenticate using a PostgreS |--------|:--------:|---------|---------| | `connectionString` | Y | The connection string for the PostgreSQL database. See the PostgreSQL [documentation on database connections](https://www.postgresql.org/docs/current/libpq-connect.html) for information on how to define a connection string. | `"host=localhost user=postgres password=example port=5432 connect_timeout=10 database=my_db"` -### Authenticate using Azure AD +### Authenticate using Microsoft Entra ID -Authenticating with Azure AD is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. +Authenticating with Microsoft Entra ID is supported with Azure Database for PostgreSQL. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. | Field | Required | Details | Example | |--------|:--------:|---------|---------| -| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` | -| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | -| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-…"` | +| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` | +| `connectionString` | Y | The connection string for the PostgreSQL database.
This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Microsoft Entra ID identity; this is often the name of the corresponding principal (e.g. the name of the Microsoft Entra ID application). This connection string should not contain any password. | `"host=mydb.postgres.database.azure.com user=myapplication port=5432 database=my_db sslmode=require"` | +| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-…"` | | `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-…"` | | `azureClientSecret` | N | Client secret (application password) | `"Ecy3X…"` | diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md index 3237b109284..834a43ebfbd 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md @@ -11,6 +11,10 @@ aliases: To setup Redis state store create a component of type `state.redis`. See [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to create and apply a state store configuration. +{{% alert title="Limitations" color="warning" %}} +Before using Redis and the Transactions API, make sure you're familiar with [Redis limitations regarding transactions](https://redis.io/docs/interact/transactions/#what-about-rollbacks). +{{% /alert %}} + ```yaml apiVersion: dapr.io/v1alpha1 kind: Component diff --git a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md index e4f48d547b6..96d79ac9d64 100644 --- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md +++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-sqlserver.md @@ -28,7 +28,7 @@ spec: value: | Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;Password=myPassword; - # Authenticate with Azure AD (Azure SQL only) + # Authenticate with Microsoft Entra ID (Azure SQL only) # "useAzureAD" be set to "true" - name: useAzureAD value: true @@ -75,15 +75,15 @@ The following metadata options are **required** to authenticate using SQL Server |--------|:--------:|---------|---------| | `connectionString` | Y | The connection string used to connect.
If the connection string contains the database, it must already exist. Otherwise, if the database is omitted, a default database named "Dapr" is created. | `"Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;Password=myPassword;"` | -### Authenticate using Azure AD +### Authenticate using Microsoft Entra ID -Authenticating with Azure AD is supported with Azure SQL only. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. +Authenticating with Microsoft Entra ID is supported with Azure SQL only. All authentication methods supported by Dapr can be used, including client credentials ("service principal") and Managed Identity. | Field | Required | Details | Example | |--------|:--------:|---------|---------| -| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Azure AD. | `"true"` | +| `useAzureAD` | Y | Must be set to `true` to enable the component to retrieve access tokens from Microsoft Entra ID. | `"true"` | | `connectionString` | Y | The connection string or URL of the Azure SQL database, **without credentials**.
If the connection string contains the database, it must already exist. Otherwise, if the database is omitted, a default database named "Dapr" is created. | `"sqlserver://myServerName.database.windows.net:1433?database=myDataBase"` | -| `azureTenantId` | N | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | +| `azureTenantId` | N | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` | | `azureClientId` | N | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` | | `azureClientSecret` | N | Client secret (application password) | `"Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"` | diff --git a/daprdocs/content/en/reference/environment/_index.md b/daprdocs/content/en/reference/environment/_index.md index 9ae9b7b22f1..e2ce895ea82 100644 --- a/daprdocs/content/en/reference/environment/_index.md +++ b/daprdocs/content/en/reference/environment/_index.md @@ -27,4 +27,5 @@ The following table lists the environment variables used by the Dapr runtime, CL | OTEL_EXPORTER_OTLP_PROTOCOL | OpenTelemetry Tracing | The OTLP protocol to use Transport protocol. (`grpc`, `http/protobuf`, `http/json`) | | DAPR_COMPONENTS_SOCKETS_FOLDER | Dapr runtime and the .NET, Go, and Java pluggable component SDKs | The location or path where Dapr looks for Pluggable Components Unix Domain Socket files. If unset this location defaults to `/tmp/dapr-components-sockets` | | DAPR_COMPONENTS_SOCKETS_EXTENSION | .NET and Java pluggable component SDKs | A per-SDK configuration that indicates the default file extension applied to socket files created by the SDKs. Not a Dapr-enforced behavior. | -| DAPR_PLACEMENT_METADATA_ENABLED | Dapr placement | Enable an endpoint for the Placement service that exposes placement table information on actor usage. Set to `true` to enable in self-hosted mode. [Learn more about the Placement API]({{< ref placement_api.md >}}) | \ No newline at end of file +| DAPR_PLACEMENT_METADATA_ENABLED | Dapr placement | Enable an endpoint for the Placement service that exposes placement table information on actor usage. Set to `true` to enable in self-hosted mode. [Learn more about the Placement API]({{< ref placement_api.md >}}) | +| DAPR_HOST_IP | Dapr sidecar | The host's chosen IP address. If not specified, will loop over the network interfaces and select the first non-loopback address it finds.| diff --git a/daprdocs/content/en/reference/resource-specs/component-schema.md b/daprdocs/content/en/reference/resource-specs/component-schema.md index 0face5b9a62..349ff4923a3 100644 --- a/daprdocs/content/en/reference/resource-specs/component-schema.md +++ b/daprdocs/content/en/reference/resource-specs/component-schema.md @@ -13,6 +13,8 @@ Dapr defines and registers components using a [resource specifications](https:// ```yaml apiVersion: dapr.io/v1alpha1 kind: Component +auth: + secretstore: [SECRET-STORE-NAME] metadata: name: [COMPONENT-NAME] namespace: [COMPONENT-NAMESPACE] @@ -24,6 +26,9 @@ spec: metadata: - name: [METADATA-NAME] value: [METADATA-VALUE] +scopes: + - [APPID] + - [APPID] ``` ## Spec fields @@ -32,6 +37,8 @@ spec: |--------------------|:--------:|---------|---------| | apiVersion | Y | The version of the Dapr (and Kubernetes if applicable) API you are calling | `dapr.io/v1alpha1` | kind | Y | The type of resource. For components is must always be `Component` | `Component` +| auth | N | The name of a secret store where `secretKeyRef` in the metadata lookup the name of secrets used in the component | See [How-to: Reference secrets in components]({{< ref component-secrets >}}) +| scopes | N | The applications the component is limited to, specified by their app IDs | `order-processor`, `checkout` | **metadata** | - | **Information about the component registration** | | metadata.name | Y | The name of the component | `prod-statestore` | metadata.namespace | N | The namespace for the component for hosting environments with namespaces | `myapp-namespace` @@ -41,6 +48,7 @@ spec: | spec.initTimeout | N | The timeout duration for the initialization of the component. Default is 5s | `5m`, `1h`, `20s` | spec.ignoreErrors | N | Tells the Dapr sidecar to continue initialization if the component fails to load. Default is false | `false` | **spec.metadata** | - | **A key/value pair of component specific configuration. See your component definition for fields**| +| spec.metadata.name | Y | The name of the component-specific property and its value | `- name: secretsFile`
`value: secrets.json` ### Templated metadata values diff --git a/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md b/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md index 6517d4795d8..a85a253151c 100644 --- a/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md +++ b/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md @@ -18,7 +18,6 @@ kind: HTTPEndpoint metadata: name: spec: - version: v1alpha1 baseUrl: # Required. Use "http://" or "https://" prefix. headers: # Optional - name: @@ -56,4 +55,4 @@ auth: # Optional ## Related links -[Learn how to invoke non-Dapr endpoints.]({{< ref howto-invoke-non-dapr-endpoints.md >}}) \ No newline at end of file +[Learn how to invoke non-Dapr endpoints.]({{< ref howto-invoke-non-dapr-endpoints.md >}}) diff --git a/daprdocs/static/docs/open-telemetry-collector/collector-config-otel.yaml b/daprdocs/static/docs/open-telemetry-collector/collector-config-otel.yaml new file mode 100644 index 00000000000..298cfd9fc0e --- /dev/null +++ b/daprdocs/static/docs/open-telemetry-collector/collector-config-otel.yaml @@ -0,0 +1,13 @@ +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing + namespace: default # Your app namespace +spec: + tracing: + samplingRate: "1" + stdout: true + otel: + endpointAddress: "otel-collector.default.svc.cluster.local:4317" + isSecure: false + protocol: grpc diff --git a/daprdocs/static/docs/open-telemetry-collector/open-telemetry-collector-jaeger.yaml b/daprdocs/static/docs/open-telemetry-collector/open-telemetry-collector-jaeger.yaml new file mode 100644 index 00000000000..d8c0fe2934e --- /dev/null +++ b/daprdocs/static/docs/open-telemetry-collector/open-telemetry-collector-jaeger.yaml @@ -0,0 +1,111 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: otel-collector-conf + labels: + app: opentelemetry + component: otel-collector-conf +data: + otel-collector-config: | + receivers: + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + extensions: + health_check: + pprof: + endpoint: :1888 + zpages: + endpoint: :55679 + exporters: + logging: + loglevel: debug + # Depending on where you want to export your trace, use the + # correct OpenTelemetry trace exporter here. + # + # Refer to + # https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter + # and + # https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter + # for full lists of trace exporters that you can use, and how to + # configure them. + otlp/jaeger: + endpoint: "jaeger-collector.observability.svc.cluster.local:4317" + tls: + insecure: true + service: + extensions: [pprof, zpages, health_check] + pipelines: + traces: + receivers: [otlp] + # List your exporter here. + exporters: [otlp/jaeger,logging] +--- +apiVersion: v1 +kind: Service +metadata: + name: otel-collector + labels: + app: opencesus + component: otel-collector +spec: + ports: + - name: otel # Default endpoint for OTEL receiver. + port: 4317 + protocol: TCP + targetPort: 4317 + selector: + component: otel-collector +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: otel-collector + labels: + app: opentelemetry + component: otel-collector +spec: + replicas: 1 # scale out based on your usage + selector: + matchLabels: + app: opentelemetry + template: + metadata: + labels: + app: opentelemetry + component: otel-collector + spec: + containers: + - name: otel-collector + image: otel/opentelemetry-collector-contrib-dev:latest + command: + - "/otelcontribcol" + - "--config=/conf/otel-collector-config.yaml" + resources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 200m + memory: 400Mi + ports: + - containerPort: 4317 # Default endpoint for OTEL receiver. + volumeMounts: + - name: otel-collector-config-vol + mountPath: /conf + livenessProbe: + httpGet: + path: / + port: 13133 + readinessProbe: + httpGet: + path: / + port: 13133 + volumes: + - configMap: + name: otel-collector-conf + items: + - key: otel-collector-config + path: otel-collector-config.yaml + name: otel-collector-config-vol diff --git a/daprdocs/static/presentations/Dapr-Diagrams.pptx.zip b/daprdocs/static/presentations/Dapr-Diagrams.pptx.zip index 6c49403c113..778e1704862 100644 Binary files a/daprdocs/static/presentations/Dapr-Diagrams.pptx.zip and b/daprdocs/static/presentations/Dapr-Diagrams.pptx.zip differ diff --git a/translations/docs-zh b/translations/docs-zh index 794330f6cab..7938567259e 160000 --- a/translations/docs-zh +++ b/translations/docs-zh @@ -1 +1 @@ -Subproject commit 794330f6cab2db8e09053bb7bf19233eb3237538 +Subproject commit 7938567259e1dcaba7bb3fbfca88ed9db92cefaa