Skip to content

Commit

Permalink
Upmerge 10/17 (dapr#4392)
Browse files Browse the repository at this point in the history 
* initial freshness, start with overview

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* continue freshness pass

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* continue freshness

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* finish freshness pass

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* typo

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* add note about default app-max-concurrency

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* add to args and annotations doc

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Update config.toml

Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* fix 1.15 link

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* fix release

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* other versions

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Add AWS IAM authentication fields in PostgreSQL components (dapr#4311)

* Add AWS IAM authentication fields in PostgreSQL components

Signed-off-by: Anton Troshin <anton@diagrid.io>

* change wording

Signed-off-by: Anton Troshin <anton@diagrid.io>

---------

Signed-off-by: Anton Troshin <anton@diagrid.io>
Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* Adds clientCert and clientKey fields to spec Redis metadata fields (dapr#4312)

* Adds clientCert and clientKey fields to spec Redis metadata fields

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* remove

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* removes empty line

Signed-off-by: Elena Kolevska <elena@kolevska.com>

---------

Signed-off-by: Elena Kolevska <elena@kolevska.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>

* Fix: Scheduler Actor Reminders Wording (dapr#4320)

* update phrasing to be scheduler actor reminders bc the jobs api has nothing to do with it really

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* Update daprdocs/content/en/operations/support/support-preview-features.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Cassie Coyle <cassie.i.coyle@gmail.com>

---------

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
Signed-off-by: Cassie Coyle <cassie.i.coyle@gmail.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>

* add storageClass example for s3 metadata (dapr#4308)

* add storageClass example to docs

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* add field to table

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* update data indentation for example curl

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* Update daprdocs/content/en/reference/components-reference/supported-bindings/s3.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Cassie Coyle <cassie.i.coyle@gmail.com>

* tweaks

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* add to template example

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* add doc link for storage class

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* Update daprdocs/content/en/reference/components-reference/supported-bindings/s3.md

Signed-off-by: Mark Fussell <markfussell@gmail.com>

* Update daprdocs/content/en/reference/components-reference/supported-bindings/s3.md

Signed-off-by: Mark Fussell <markfussell@gmail.com>

* Update daprdocs/content/en/reference/components-reference/supported-bindings/s3.md

Signed-off-by: Mark Fussell <markfussell@gmail.com>

---------

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
Signed-off-by: Cassie Coyle <cassie.i.coyle@gmail.com>
Signed-off-by: Mark Fussell <markfussell@gmail.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>

* Add Prometheus auto service discovery instructions to
prometheus.md

- Updated prometheus.md with instructions for setting up Prometheus auto service discovery for Dapr and sidecar targets.

* Add Prometheus auto service discovery instructions to
prometheus.md

- Updated prometheus.md with instructions for setting up Prometheus auto service discovery for Dapr and sidecar targets.

Signed-off-by: Maulin Desai <mdesai@bosleo.com>

* clarify/correct quickstarts

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* clarify docs (dapr#4324)

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Format service discovery instructions

Updated the navigation instructions to use bold text for "Status" and "Service Discovery" for better visual clarity.

Signed-off-by: Maulin Desai <mdesai@bosleo.com>

* add note about implicit retries (dapr#4325)

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Add Jobs API to Dapr slidedeck

Signed-off-by: Marc Duiker <marcduiker@users.noreply.github.com>

* Update daprdocs/content/en/operations/configuration/configuration-overview.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* Update daprdocs/content/en/operations/configuration/configuration-overview.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* Update daprdocs/content/en/operations/configuration/configuration-overview.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* Update daprdocs/content/en/operations/configuration/configuration-overview.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* Update daprdocs/content/en/operations/configuration/configuration-overview.md

Co-authored-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* last update per mark review

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* docs: init scheduler in the docker compose example

Signed-off-by: Mike Nguyen <hey@mike.ee>

* update per mark, pt 2

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* fixed yaml syntax for v2alpha1 example (dapr#4335)

Signed-off-by: Adrian Hristov <adrian@intelligentgrowthsolutions.com>

* Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v3...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* add notes about namespacing

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* update latest version (dapr#4341)

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Add Kafka escapeHeaders documentation (dapr#4332)

* Add Kafka escapeHeaders documentation

Signed-off-by: Anton Troshin <anton@diagrid.io>

* update the escapeHeaders setting docs

Signed-off-by: Anton Troshin <anton@diagrid.io>

* review fixes

Signed-off-by: Anton Troshin <anton@diagrid.io>

---------

Signed-off-by: Anton Troshin <anton@diagrid.io>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* Update roadmap.md (dapr#4340)

* Update roadmap.md

Signed-off-by: Yaron Schneider <schneider.yaron@live.com>

* Update roadmap.md

Signed-off-by: Yaron Schneider <schneider.yaron@live.com>

---------

Signed-off-by: Yaron Schneider <schneider.yaron@live.com>

* conductor update (dapr#4344)

* fix job api http reference (dapr#4343)

Signed-off-by: yaron2 <schneider.yaron@live.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>

* update alias (dapr#4347)

* Updated workflow to reflect deprecation of Workflow methods on client (dapr#4336)

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>
Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* rm escape (dapr#4348)

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* clarify per josh comment

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Fixed cron schedule table

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* Tweaked the endpoint description and example to reflect that the protocol may or may not be necessary based on the provider used.

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* Updated to reflect the need for the protocol on the zipkin endpoint though it's not necessary on the otel endpoint.

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* update latest version to 1.14.2 (dapr#4352)

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>

* Update Job HTTP request API (dapr#4349)

According to dapr/dapr#8083

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* Helm: Revert Scheduler storage quota size to `1Gi` (dapr#4354)

In v1.14.3, the storage quota size for the Scheduler volume was
increased from `1Gi` to `16Gi`. This is because users where encountering
disk exhaustion fatal errors on the Scheduler under normal usage.
Because the volume size request field is protected from updates, Dapr
version upgrades to v1.14.3 failed without manual intervention.

Reverts the Scheduler storage quota size back to `1Gi`, and adds
warnings that the volume size may need to be increased for production
deployments.

See: dapr/dapr#8107

Signed-off-by: joshvanl <me@joshvanl.dev>

* Reflecting valid value of 0-6, not 0-7 in jobs schedule

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* Clarifiied need for the actorStateStore property in docs, regardless of whether the actor actually stores any state.

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* Reworded slightly

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>

* Update workflow-patterns.md

Make monitor code samples consistent between python/go and all other examples.

* Python and Go are using seconds
* Everything else is in minutes.

Signed-off-by: Vasily Chekalkin <bacek@bacek.com>

* update latest and recalled versions (dapr#4360)

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>

* Update setup-azure-servicebus-topics.md

Signed-off-by: Andrew Riddlestone <andrew.riddlestone@gmail.com>

* Update howto-invoke-non-dapr-endpoints.md (dapr#4369)

Update service invocation steps according to diagram

Signed-off-by: Michael Klich <inirudebwoy@users.noreply.github.com>

* Update daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md

Signed-off-by: Mark Fussell <markfussell@gmail.com>

* Workflow limitations change (dapr#4367)

* workflow limitations change

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Update daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md

Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>
Signed-off-by: Mark Fussell <markfussell@gmail.com>

* Update daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-overview.md

Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>
Signed-off-by: Mark Fussell <markfussell@gmail.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>
Signed-off-by: Mark Fussell <markfussell@gmail.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>
Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

* rm decoding (dapr#4373)

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* fix misleading wording (dapr#4379)

Signed-off-by: yaron2 <schneider.yaron@live.com>

* [Jobs API] Describe Triggered Job Handling Assumptions (dapr#4376)

* add specific logic for what assumptions are made for triggered jobs for http, grpc, sdks

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* rm space

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* add a note about this applying to all programming languages to avoid confusion

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* Update howto-schedule-and-handle-triggered-jobs.md

Signed-off-by: Yaron Schneider <schneider.yaron@live.com>

---------

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
Signed-off-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* add roadmap to main page (dapr#4386)

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Update support (dapr#4387)

* Fixed typo (dapr#4389)

* Update daprdocs/config.toml

Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

---------

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>
Signed-off-by: Anton Troshin <anton@diagrid.io>
Signed-off-by: Elena Kolevska <elena@kolevska.com>
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
Signed-off-by: Cassie Coyle <cassie.i.coyle@gmail.com>
Signed-off-by: Mark Fussell <markfussell@gmail.com>
Signed-off-by: Maulin Desai <mdesai@bosleo.com>
Signed-off-by: Marc Duiker <marcduiker@users.noreply.github.com>
Signed-off-by: Mike Nguyen <hey@mike.ee>
Signed-off-by: Adrian Hristov <adrian@intelligentgrowthsolutions.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Yaron Schneider <schneider.yaron@live.com>
Signed-off-by: yaron2 <schneider.yaron@live.com>
Signed-off-by: Whit Waldo <whit.waldo@innovian.net>
Signed-off-by: joshvanl <me@joshvanl.dev>
Signed-off-by: Vasily Chekalkin <bacek@bacek.com>
Signed-off-by: Andrew Riddlestone <andrew.riddlestone@gmail.com>
Signed-off-by: Michael Klich <inirudebwoy@users.noreply.github.com>
Co-authored-by: Anton Troshin <anton@diagrid.io>
Co-authored-by: Elena Kolevska <elena-kolevska@users.noreply.github.com>
Co-authored-by: Mark Fussell <markfussell@gmail.com>
Co-authored-by: Cassie Coyle <cassie.i.coyle@gmail.com>
Co-authored-by: Maulin Desai <mdesai@bosleo.com>
Co-authored-by: Marc Duiker <marcduiker@users.noreply.github.com>
Co-authored-by: Mike Nguyen <hey@mike.ee>
Co-authored-by: Adrian Hristov <adrianhr91@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Whit Waldo <whit.waldo@innovian.net>
Co-authored-by: Cassie Coyle <cassie@diagrid.io>
Co-authored-by: Josh van Leeuwen <me@joshvanl.dev>
Co-authored-by: Vasily Chekalkin <bacek@bacek.com>
Co-authored-by: Andrew Riddlestone <andrew.riddlestone@gmail.com>
Co-authored-by: Michael Klich <inirudebwoy@users.noreply.github.com>
  • Loading branch information
@hhunter-ms @antontroshin
@elena-kolevska @msfussell @cicoyle @marcduiker @mikeee @adrianhr91 @dependabot @yaron2 @WhitWaldo @JoshVanL @bacek @ariddlestone @inirudebwoy
17 people committed Feb 13, 2025
1 parent 840026c commit 5bdb69f
Show file tree
Hide file tree
Showing 7 changed files with 70 additions and 47 deletions.
23 changes: 6 additions & 17 deletions daprdocs/content/en/operations/configuration/configuration-overview.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,29 +3,18 @@ type: docs
title: "Dapr configuration"
linkTitle: "Overview"
weight: 100
description: "Overview of Dapr configuration"
description: "Information on Dapr configuration and how to set options for your application"
---

Dapr configurations are settings and policies that enable you to change both the behavior of individual Dapr applications, or the global behavior of the Dapr control plane system services.
## Sidecar configuration

[for more information, read the configuration concept.]({{< ref configuration-concept.md >}})
### Setup sidecar configuration

## Application configuration
#### Self-hosted sidecar

In self hosted mode the Dapr configuration is a configuration file, for example `config.yaml`. By default, the Dapr sidecar looks in the default Dapr folder for the runtime configuration eg: `$HOME/.dapr/config.yaml` in Linux/MacOS and `%USERPROFILE%\.dapr\config.yaml` in Windows.
In self hosted mode the Dapr configuration is a configuration file, for example `config.yaml`. By default the Dapr sidecar looks in the default Dapr folder for the runtime configuration eg: `$HOME/.dapr/config.yaml` in Linux/MacOS and `%USERPROFILE%\.dapr\config.yaml` in Windows.

You can set up application configuration either in self-hosted or Kubernetes mode.

{{< tabs "Self-hosted" Kubernetes >}}

<!-- Self hosted -->
{{% codetab %}}

In self hosted mode, the Dapr configuration is a [configuration file]({{< ref configuration-schema.md >}}) - for example, `config.yaml`. By default, the Dapr sidecar looks in the default Dapr folder for the runtime configuration:
- Linux/MacOs: `$HOME/.dapr/config.yaml`
- Windows: `%USERPROFILE%\.dapr\config.yaml`

An application can also apply a configuration by using a `--config` flag to the file path with `dapr run` CLI command.
A Dapr sidecar can also apply a configuration by using a `--config` flag to the file path with `dapr run` CLI command.

{{% /codetab %}}

Expand Down
6 changes: 3 additions & 3 deletions daprdocs/content/en/operations/configuration/control-concurrency.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@ description: "Learn how to control how many requests and events can invoke your

Typically, in distributed computing, you may only want to allow for a given number of requests to execute concurrently. Using Dapr's `app-max-concurrency`, you can control how many requests and events can invoke your application simultaneously.

Default `app-max-concurreny` is set to `-1`, meaning no concurrency limit is enforced.
Default `app-max-concurreny` is set to `-1`, meaning no concurrency.

## Different approaches

While this guide focuses on `app-max-concurrency`, you can also limit request rate per second using the **`middleware.http.ratelimit`** middleware. However, it's important to understand the difference between the two approaches:

- `middleware.http.ratelimit`: Time bound and limits the number of requests per second
- `app-max-concurrency`: Specifies the max number of concurrent requests (and events) at any point of time.
- `app-max-concurrency`: Specifies the number of concurrent requests (and events) at any point of time.

See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}) for more information about that approach.

Expand Down Expand Up @@ -46,7 +46,7 @@ To set concurrency limits with the Dapr CLI for running on your local dev machin
dapr run --app-max-concurrency 1 --app-port 5000 python ./app.py
```

The above example effectively turns your app into a sequential processing service.
The above example effectively turns your app into a single concurrent service.

{{% /codetab %}}

Expand Down
6 changes: 3 additions & 3 deletions daprdocs/content/en/operations/configuration/increase-request-size.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ weight: 6000
description: "Configure http requests that are bigger than 4 MB"
---

By default, Dapr has a limit for the request body size which is set to 4 MB, however you can change this by defining `dapr.io/http-max-request-size` annotation or `--dapr-http-max-request-size` flag.


By default, Dapr has a limit for the request body size, set to 4MB. You can change this by defining:
- The `dapr.io/http-max-request-size` annotation, or
- The `--dapr-http-max-request-size` flag.

{{< tabs Self-hosted Kubernetes >}}

Expand Down
17 changes: 7 additions & 10 deletions daprdocs/content/en/operations/configuration/install-certificates.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@ Both certificate authority (CA) certificates and leaf certificates are supported

You can make the following configurations when the sidecar is running as a container.

When the sidecar is running as a container:
1. Certificates must be available to the sidecar container. This can be configured using volume mounts.
2. The environment variable `SSL_CERT_DIR` must be set in the sidecar container, pointing to the directory containing the certificates.
3. For Windows containers, the container needs to run with administrator privileges to be able to install the certificates.
1. Configure certificates to be available to the sidecar container using volume mounts.
1. Point the environment variable `SSL_CERT_DIR` in the sidecar container to the directory containing the certificates.

> **Note:** For Windows containers, make sure the container is running with administrator privileges so it can install the certificates.
The following example uses Docker Compose to install certificates (present locally in the `./certificates` directory) in the sidecar container:

```yaml
version: '3'
Expand Down Expand Up @@ -51,8 +53,6 @@ services:
{{% codetab %}}

On Kubernetes:
1. Certificates must be available to the sidecar container using a volume mount.
2. The environment variable `SSL_CERT_DIR` must be set in the sidecar container, pointing to the directory containing the certificates.

1. Configure certificates to be available to the sidecar container using a volume mount.
1. Point the environment variable `SSL_CERT_DIR` in the sidecar container to the directory containing the certificates.
Expand Down Expand Up @@ -103,10 +103,7 @@ After following these steps, all the certificates in the directory pointed by `S
- **On Linux containers:** All the certificate extensions supported by OpenSSL are supported. [Learn more.](https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html)
- **On Windows container:** All the certificate extensions supported by `certoc.exe` are supported. [See certoc.exe present in Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore).

1. On Linux containers, all the certificate extensions supported by OpenSSL are supported. For more information, see https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html
2. On Windows container, all the certificate extensions supported by certoc.exe are supported. For more information, see certoc.exe present in [Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore)

## Example
## Demo

Watch the demo on using installing SSL certificates and securely using the HTTP binding in community call 64:

Expand Down
12 changes: 8 additions & 4 deletions daprdocs/content/en/operations/configuration/invoke-allowlist.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,14 @@ spec:

### Scenario 3:

With this configuration, the only scenarios below are allowed access and all other method requests from all other apps, including other methods on app1 or app2, are denied
* trustDomain = public, namespace = default, appID = app1, operation = op1, http verb = POST/PUT
* trustDomain = "myDomain", namespace = "ns1", appID = app2, operation = op2 and application protocol is GRPC
, only HTTP verbs POST/PUT on method op1 from appId = app1 are allowed and all other method requests from all other apps, including other methods on app1, are denied
Deny access to all apps except when a specific verb for HTTP and operation for GRPC is matched

With this configuration, only the scenarios below are allowed access. All other method requests from all other apps, including other methods on `app1` or `app2`, are denied.

- `trustDomain` = `public`, `namespace` = `default`, `appID` = `app1`, `operation` = `op1`, `httpVerb` = `POST`/`PUT`
- `trustDomain` = `"myDomain"`, `namespace` = `"ns1"`, `appID` = `app2`, `operation` = `op2` and application protocol is GRPC

Only the `httpVerb` `POST`/`PUT` on method `op1` from `appId` = `app1` are allowe. All other method requests from all other apps, including other methods on `app1`, are denied.

```yaml
apiVersion: dapr.io/v1alpha1
Expand Down
20 changes: 10 additions & 10 deletions daprdocs/content/en/operations/configuration/secret-scope.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,16 +45,16 @@ When an `allowedSecrets` list is present with at least one element, only those s

## Permission priority

The `allowedSecrets` and `deniedSecrets` list values take priority over the `defaultAccess`.

| | Scenarios | `defaultAccess` | `allowedSecrets` | `deniedSecrets` | `permission`
|--| ----- | ------- | -----------| ----------| ------------
| 1 | Only default access | `deny`/`allow` | empty | empty | `deny`/`allow`
| 2 | Default deny with allowed list | `deny` | [`"s1"`] | empty | only `"s1"` can be accessed
| 3 | Default allow with denied list | `allow` | empty | [`"s1"`] | only `"s1"` cannot be accessed
| 4 | Default allow with allowed list | `allow` | [`"s1"`] | empty | only `"s1"` can be accessed
| 5 | Default deny with denied list | `deny` | empty | [`"s1"`] | `deny`
| 6 | Default deny/allow with both lists | `deny`/`allow` | [`"s1"`] | [`"s2"`] | only `"s1"` can be accessed
The `allowedSecrets` and `deniedSecrets` list values take priorty over the `defaultAccess`.

| Scenarios | defaultAccess | allowedSecrets | deniedSecrets | permission
|----- | ------- | -----------| ----------| ------------
| 1 - Only default access | deny/allow | empty | empty | deny/allow
| 2 - Default deny with allowed list | deny | ["s1"] | empty | only "s1" can be accessed
| 3 - Default allow with denied list | allow | empty | ["s1"] | only "s1" cannot be accessed
| 4 - Default allow with allowed list | allow | ["s1"] | empty | only "s1" can be accessed
| 5 - Default deny with denied list | deny | empty | ["s1"] | deny
| 6 - Default deny/allow with both lists | deny/allow | ["s1"] | ["s2"] | only "s1" can be accessed

## Examples

Expand Down
33 changes: 33 additions & 0 deletions ...ontent/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,39 @@ spec:
value: "true"
```

## Receiving message headers with special characters

The consumer application may be required to receive message headers that include special characters, which may cause HTTP protocol validation errors.
HTTP header values must follow specifications, making some characters not allowed. [Learn more about the protocols](https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2).
In this case, you can enable `escapeHeaders` configuration setting, which uses URL escaping to encode header values on the consumer side.

{{% alert title="Note" color="primary" %}}
When using this setting, the received message headers are URL escaped, and you need to URL "un-escape" it to get the original value.
{{% /alert %}}

Set `escapeHeaders` to `true` to URL escape.

```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: kafka-pubsub-escape-headers
spec:
type: pubsub.kafka
version: v1
metadata:
- name: brokers # Required. Kafka broker connection setting
value: "dapr-kafka.myapp.svc.cluster.local:9092"
- name: consumerGroup # Optional. Used for input bindings.
value: "group1"
- name: clientID # Optional. Used as client tracing ID by Kafka brokers.
value: "my-dapr-app-id"
- name: authType # Required.
value: "none"
- name: escapeHeaders
value: "true"
```

## Avro Schema Registry serialization/deserialization
You can configure pub/sub to publish or consume data encoded using [Avro binary serialization](https://avro.apache.org/docs/), leveraging an [Apache Schema Registry](https://developer.confluent.io/courses/apache-kafka/schema-registry/) (for example, [Confluent Schema Registry](https://developer.confluent.io/courses/apache-kafka/schema-registry/), [Apicurio](https://www.apicur.io/registry/)).

Expand Down

0 comments on commit 5bdb69f

Please sign in to comment.