Merge pull request #3976 from hhunter-ms/upmerge_01-26c

Upmerge 1.12 --> 1.13

.devcontainer/devcontainer.json

@@ -0,0 +1,36 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+	"name": "Ubuntu",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/base:jammy",
+	"features": {
+		"ghcr.io/devcontainers/features/go:1": {
+			"version": "latest"
+		},
+		"ghcr.io/devcontainers/features/hugo:1": {
+			"extended": true,
+			"version": "latest"
+		},
+		"ghcr.io/devcontainers/features/node:1": {
+			"nodeGypDependencies": true,
+			"version": "lts",
+			"nvmVersion": "latest"
+		}
+	},
+	"customizations": {
+		"vscode": {
+		  "extensions": [
+			"streetsidesoftware.code-spell-checker",
+			"tamasfe.even-better-toml",
+			"davidanson.vscode-markdownlint",
+        	"budparr.language-hugo-vscode"
+			],
+		  "settings": {	
+			"git.alwaysSignOff": true
+		  }
+		}
+	  },
+	  "forwardPorts": [1313],
+	  "postAttachCommand": "bash scripts/init-container.sh"
+}

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto eol=lf
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf

README.md

@@ -29,21 +29,44 @@ The Dapr docs are built using [Hugo](https://gohugo.io/) with the [Docsy](https:
 
 The [daprdocs](./daprdocs) directory contains the hugo project, markdown files, and theme configurations.
 
-## Pre-requisites
+## Setup with a devcontainer
 
-- [Hugo extended version](https://gohugo.io/getting-started/installing)
-- [Node.js](https://nodejs.org/en/)
+This repository comes with a [devcontainer](/.devcontainer/devcontainer.json) configuration that automatically installs all the required dependencies and VSCode extensions to build and run the docs.
+
+This devcontainer can be used to develop locally with VSCode or via GitHub Codespaces completely in the browser. Other IDEs that support [devcontainers](https://containers.dev/) can be used but won't have the extensions preconfigured and will likely have different performance characteristics.
+
+### Pre-requisites
 
-## Environment setup
+- [Docker Desktop](https://www.docker.com/products/docker-desktop)
+- [VSCode](https://code.visualstudio.com/download)
 
-1. Ensure pre-requisites are installed
-2. Clone this repository
+### Environment setup
+
+1. [Fork](https://github.com/dapr/docs/fork) and clone this repository.
+
+1. Open the forked repository in VS Code
 
 ```sh
-git clone https://github.com/dapr/docs.git
+code .
 ```
 
-3. Change to daprdocs directory:
+1. When prompted, click "Reopen in Container" to open the repository in the devcontainer.
+
+Continue with the [Run local server](#run-local-server) steps.
+
+## Setup without a devcontainer
+
+### Pre-requisites
+
+- [Hugo extended version](https://gohugo.io/getting-started/installing)
+- [Node.js](https://nodejs.org/en/)
+
+### Environment setup
+
+1. Ensure pre-requisites are installed.
+1. [Fork](https://github.com/dapr/docs/fork) and clone this repository.
+
+1. Change to daprdocs directory:
 
 ```sh
 cd ./daprdocs
@@ -63,7 +86,7 @@ npm install
 
 ## Run local server
 
-1. Make sure you're still in the `daprdocs` directory
+1. Make sure you're in the `daprdocs` directory
 2. Run
 
 ```sh
@@ -72,14 +95,13 @@ hugo server
 
 3. Navigate to `http://localhost:1313/`
 
-
 ## Update docs
 
-1. Fork repo into your account
-1. Create new branch
-1. Commit and push changes to forked branch
-1. Submit pull request from downstream branch to the upstream branch for the correct version you are targeting
-1. Staging site will automatically get created and linked to PR to review and test
+1. Ensure you are in your forked repo
+2. Create new branch
+3. Commit and push changes to forked branch
+4. Submit pull request from downstream branch to the upstream branch for the correct version you are targeting
+5. Staging site will automatically get created and linked to PR to review and test
 
 ## Code of Conduct
 

daprdocs/content/en/contributing/codespaces.md

@@ -30,6 +30,7 @@ If you haven't already forked the repo, creating the Codespace will also create
 - [dapr/dapr](https://github.com/dapr/dapr)
 - [dapr/components-contrib](https://github.com/dapr/components-contrib)
 - [dapr/cli](https://github.com/dapr/cli)
+- [dapr/docs](https://github.com/dapr/docs)
 - [dapr/python-sdk](https://github.com/dapr/python-sdk)
 
 ## Developing Dapr Components in a Codespace

daprdocs/content/en/contributing/docs-contrib/contributing-docs.md

@@ -8,6 +8,8 @@ description: Get started with contributing to the Dapr docs
 
 In this guide, you'll learn how to contribute to the [Dapr docs repository](https://github.com/dapr/docs). Since Dapr docs are published to [docs.dapr.io](https://docs.dapr.io), you must make sure your contributions compile and publish correctly.
 
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/uPYuXcaEs-c" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 ## Prerequisites
 
 Before contributing to the Dapr docs: 

daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md

@@ -85,4 +85,5 @@ Watch this [demo video of the Cryptography API from the Dapr Community Call #83]
 
 ## Related links
 - [Cryptography overview]({{< ref cryptography-overview.md >}})
-- [Cryptography component specs]({{< ref supported-cryptography >}})
+- [Cryptography component specs]({{< ref supported-cryptography >}})
+- [Cryptography API reference doc]({{< ref cryptography_api >}})

daprdocs/content/en/developing-applications/building-blocks/state-management/howto-state-query-api.md

@@ -28,9 +28,14 @@ The `filter` specifies the query conditions in the form of a tree, where each no
 
 The following operations are supported:
 
-| Operator |  Operands   | Description  |
-|----------|-------------|--------------|
-| `EQ`     | key:value   | key == value |
+| Operator |  Operands   | Description                                                  |
+|----------|-------------|--------------------------------------------------------------|
+| `EQ`     | key:value   | key == value                                                 |
+| `NEQ`    | key:value   | key != value                                                 |
+| `GT`     | key:value   | key > value                                                  |
+| `GTE`    | key:value   | key >= value                                                 |
+| `LT`     | key:value   | key < value                                                  |
+| `LTE`    | key:value   | key <= value                                                 |
 | `IN`     | key:[]value | key == value[0] OR key == value[1] OR ... OR key == value[n] |
 | `AND`    | []operation |  operation[0] AND operation[1] AND ... AND operation[n] |
 | `OR`     | []operation |  operation[0] OR operation[1] OR ... OR operation[n] |

daprdocs/content/en/developing-applications/local-development/multi-app-dapr-run/multi-app-template.md

@@ -162,9 +162,9 @@ apps:
 
 The following rules apply for all the paths present in the template file:
  - If the path is absolute, it is used as is.
- - All relative paths under command section should be provided relative to the template file path.
+ - All relative paths under common section should be provided relative to the template file path.
  - `appDirPath` under apps section should be provided relative to the template file path.
- - All relative paths under app section should be provided relative to the `appDirPath`.
+ - All other relative paths under apps section should be provided relative to the `appDirPath`.
 
 {{% /codetab %}}
 

daprdocs/content/en/getting-started/quickstarts/pubsub-quickstart.md

@@ -878,7 +878,7 @@ with DaprClient() as client:
 
 ### Step 5: View the Pub/sub outputs
 
-Notice, as specified in the code above, the publisher pushes a random number to the Dapr sidecar while the subscriber receives it.
+The publisher sends orders to the Dapr sidecar while the subscriber receives them.
 
 Publisher output:
 

daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-kind.md

@@ -113,6 +113,43 @@ If you are using Docker Desktop, verify that you have [the recommended settings]
 
 1. Navigate to `http://localhost:9999` to validate a successful setup.
 
+## Install metrics-server on the Kind Kubernetes Cluster
+
+1. Get metrics-server manifests
+
+   ```bash
+   wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+   ```
+
+1. Add insecure TLS parameter to the components.yaml file
+
+   ```yaml
+   metadata:
+      labels:
+        k8s-app: metrics-server
+    spec:
+      containers:
+      - args:
+        - --cert-dir=/tmp
+        - --secure-port=4443
+        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+        - --kubelet-use-node-status-port
+        - --kubelet-insecure-tls   <==== Add this
+        - --metric-resolution=15s
+        image: k8s.gcr.io/metrics-server/metrics-server:v0.6.2
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+   ```
+
+1. Apply modified manifest
+
+   ```bash
+   kubectl apply -f components.yaml
+   ```
+
 ## Related links
 - [Try out a Dapr quickstart]({{< ref quickstarts.md >}})
 - Learn how to [deploy Dapr on your cluster]({{< ref kubernetes-deploy.md >}})

daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md

@@ -251,7 +251,7 @@ To use Mariner-based images for Dapr, you need to add `-mariner` to your Docker
 In the Dapr CLI, you can switch to using Mariner-based images with the `--image-variant` flag.
 
 ```sh
-dapr init --image-variant mariner
+dapr init -k --image-variant mariner
 ```
 
 {{% /codetab %}}

daprdocs/content/en/operations/support/support-release-policy.md

@@ -45,6 +45,8 @@ The table below shows the versions of Dapr releases that have been tested togeth
 
 | Release date | Runtime     | CLI  | SDKs  | Dashboard  | Status | Release notes |
 |--------------------|:--------:|:--------|---------|---------|---------|------------|
+| January 17th 2024 | 1.12.4</br>  | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported (current) | [v1.12.4 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.4) |
+| January 2nd 2024 | 1.12.3</br>  | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported (current) | [v1.12.3 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.3) |
 | November 18th 2023 | 1.12.2</br>  | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported (current) | [v1.12.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.2) |
 | November 16th 2023 | 1.12.1</br>  | 1.12.0 | Java 1.10.0 </br>Go 1.9.1 </br>PHP 1.2.0 </br>Python 1.12.0 </br>.NET 1.12.0 </br>JS 3.2.0 | 0.14.0 | Supported | [v1.12.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.1) |
 | October 11th 2023 | 1.12.0</br>  | 1.12.0 | Java 1.10.0 </br>Go 1.9.0 </br>PHP 1.1.0 </br>Python 1.11.0 </br>.NET 1.12.0 </br>JS 3.1.2 | 0.14.0 | Supported | [v1.12.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.12.0) |
@@ -120,7 +122,8 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h
 | 1.9.0                    |                   N/A |                    1.9.6 |
 | 1.10.0                   |                   N/A |                   1.10.8 |
 | 1.11.0                   |                   N/A |                   1.11.4 |
-| 1.12.0                   |                   N/A |                   1.12.0 |
+| 1.12.0                   |                   N/A |                   1.12.4 |
+
 
 
 ## Upgrade on Hosting platforms

daprdocs/content/en/reference/api/cryptography_api.md

@@ -0,0 +1,131 @@
+---
+type: docs
+title: "Cryptography API reference"
+linkTitle: "Cryptography API"
+description: "Detailed documentation on the cryptography API"
+weight: 1300
+---
+
+Dapr provides cross-platform and cross-language support for encryption and decryption support via the 
+cryptography building block. Besides the [language specific SDKs]({{<ref sdks>}}), a developer can invoke these capabilities using
+the HTTP API endpoints below.
+
+> The HTTP APIs are intended for development and testing only. For production scenarios, the use of the SDKs is strongly
+> recommended as they implement the gRPC APIs providing higher performance and capability than the HTTP APIs.
+
+## Encrypt Payload
+
+This endpoint lets you encrypt a value provided as a byte array using a specified key and crypto component.
+
+### HTTP Request
+
+```
+PUT http://localhost:<daprPort>/v1.0/crypto/<crypto-store-name>/encrypt
+```
+
+#### URL Parameters
+ | Parameter         | Description                                                 |
+|-------------------|-------------------------------------------------------------|
+| daprPort          | The Dapr port                                               |
+| crypto-store-name | The name of the crypto store to get the encryption key from |
+
+> Note, all URL parameters are case-sensitive.
+
+#### Headers
+Additional encryption parameters are configured by setting headers with the appropriate
+values. The following table details the required and optional headers to set with every
+encryption request.
+
+| Header Key                    | Description                                                                                                                                                                                         | Allowed Values                                                                    | Required                                                 |
+|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|----------------------------------------------------------|
+| dapr-key-name                 | The name of the key to use for the encryption operation                                                                                                                                             |                                                                                   | Yes                                                      |
+| dapr-key-wrap-algorithm       | The key wrap algorithm to use                                                                                                                                                                       | `A256KW`, `A128CBC`, `A192CBC`, `RSA-OAEP-256`                                    | Yes                                                      |
+| dapr-omit-decryption-key-name | If true, omits the decryption key name from header `dapr-decryption-key-name` from the output. If false, includes the specified decryption key name specified in header `dapr-decryption-key-name`. | The following values will be accepted as true: `y`, `yes`, `true`, `t`, `on`, `1` | No                                                       |
+| dapr-decryption-key-name      | If `dapr-omit-decryption-key-name` is true, this contains the name of the intended decryption key to include in the output.                                                                         |                                                                                   | Required only if `dapr-omit-decryption-key-name` is true |
+| dapr-data-encryption-cipher   | The cipher to use for the encryption operation                                                                                                                                                      | `aes-gcm` or `chacha20-poly1305`                                                  | No                                                       |
+
+### HTTP Response
+
+#### Response Body
+The response to an encryption request will have its content type header set to `application/octet-stream` as it
+returns an array of bytes with the encrypted payload.
+
+#### Response Codes
+| Code | Description                                                             |
+|------|-------------------------------------------------------------------------|
+| 200  | OK                                                                      |
+| 400  | Crypto provider not found                                               |
+| 500  | Request formatted correctly, error in dapr code or underlying component |
+
+### Examples
+```shell
+curl http://localhost:3500/v1.0/crypto/myAzureKeyVault/encrypt \
+    -X PUT \
+    -H "dapr-key-name: myCryptoKey" \
+    -H "dapr-key-wrap-algorithm: aes-gcm" \ 
+    -H "Content-Type: application/octet-string" \ 
+    --data-binary "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64"
+```
+
+> The above command sends an array of UTF-8 encoded bytes representing "hello world" and would return
+> a stream of 8-bit values in the response similar to the following containing the encrypted payload:
+
+```bash
+gAAAAABhZfZ0Ywz4dQX8y9J0Zl5v7w6Z7xq4jV3cW9o2l4pQ0YD1LdR0Zk7zIYi4n2Ll7t6f0Z4X7r8x9o6a8GyL0X1m9Q0Z0A==
+```
+
+## Decrypt Payload
+
+This endpoint lets you decrypt a value provided as a byte array using a specified key and crypto component.
+
+#### HTTP Request
+
+```
+PUT curl http://localhost:3500/v1.0/crypto/<crypto-store-name>/decrypt
+```
+
+#### URL Parameters
+
+| Parameter         | Description                                                 |
+|-------------------|-------------------------------------------------------------|
+| daprPort          | The Dapr port                                               |
+| crypto-store-name | The name of the crypto store to get the decryption key from |
+
+> Note all parameters are case-sensitive.
+
+#### Headers
+Additional decryption parameters are configured by setting headers with the appropriate values. The following table
+details the required and optional headers to set with every decryption request.
+
+| Header Key    | Description                                              | Required |
+|---------------|----------------------------------------------------------|----------|
+| dapr-key-name | The name of the key to use for the decryption operation. | Yes      |
+
+### HTTP Response
+
+#### Response Body
+The response to a decryption request will have its content type header to set `application/octet-stream` as it 
+returns an array of bytes representing the decrypted payload.
+
+#### Response Codes
+| Code | Description                                                             |
+|------|-------------------------------------------------------------------------|
+| 200  | OK                                                                      |
+| 400  | Crypto provider not found                                               |
+| 500  | Request formatted correctly, error in dapr code or underlying component |
+
+### Examples
+```bash
+curl http://localhost:3500/v1.0/crypto/myAzureKeyVault/decrypt \
+    -X PUT
+    -H "dapr-key-name: myCryptoKey"\
+    -H "Content-Type: application/octet-stream" \
+    --data-binary "gAAAAABhZfZ0Ywz4dQX8y9J0Zl5v7w6Z7xq4jV3cW9o2l4pQ0YD1LdR0Zk7zIYi4n2Ll7t6f0Z4X7r8x9o6a8GyL0X1m9Q0Z0A=="
+```
+
+> The above command sends a base-64 encoded string of the encrypted message payload and would return a response with
+> the content type header set to `application/octet-stream` returning the response body `hello world`.
+
+```bash
+hello world
+```