diff --git a/daprdocs/content/en/developing-applications/develop-components/middleware-components/_index.md b/daprdocs/content/en/developing-applications/develop-components/middleware-components/_index.md new file mode 100644 index 00000000000..b62e32be8d3 --- /dev/null +++ b/daprdocs/content/en/developing-applications/develop-components/middleware-components/_index.md @@ -0,0 +1,8 @@ +--- +type: docs +title: "Middleware components" +linkTitle: "Middleware components" +description: "Guidance on how to work with middleware components" +weight: 200 +--- + diff --git a/daprdocs/content/en/developing-applications/develop-components/develop-middleware.md b/daprdocs/content/en/developing-applications/develop-components/middleware-components/develop-middleware.md similarity index 77% rename from daprdocs/content/en/developing-applications/develop-components/develop-middleware.md rename to daprdocs/content/en/developing-applications/develop-components/middleware-components/develop-middleware.md index 571f29bb947..303f295cb3c 100644 --- a/daprdocs/content/en/developing-applications/develop-components/develop-middleware.md +++ b/daprdocs/content/en/developing-applications/develop-components/middleware-components/develop-middleware.md @@ -1,15 +1,12 @@ --- type: docs -title: "How to: Author middleware components" -linkTitle: "Middleware components" -weight: 200 -description: "Learn how to develop middleware components" -aliases: - - /developing-applications/middleware/middleware-overview/ - - /concepts/middleware-concept/ +title: "How to: Implement middleware components" +linkTitle: "How to: Implement middleware components" +weight: 100 +description: "Learn how to author and implement middleware components" --- -Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. In this guide, you'll learn how to create a middleware component. To learn how to configure an existing middleware component, see [Configure middleware components]({{< ref middleware.md >}}) +Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. In this guide, you'll learn how to create a middleware component. To learn how to use a middleware component, see [the guide for middleware component configurations and pipelines]({{< ref middleware.md >}}). ## Writing a custom HTTP middleware diff --git a/daprdocs/content/en/operations/components/middleware.md b/daprdocs/content/en/operations/components/middleware.md index ca85f08a848..046014df4da 100644 --- a/daprdocs/content/en/operations/components/middleware.md +++ b/daprdocs/content/en/operations/components/middleware.md @@ -1,34 +1,96 @@ --- type: docs -title: "Configure middleware components" -linkTitle: "Configure middleware" +title: "Middleware components" +linkTitle: "Middleware" weight: 2000 -description: "Customize processing pipelines by adding middleware components" +description: "Customize processing pipelines using middleware components" --- -Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. There are two places that you can use a middleware pipeline: +With Dapr, you can define custom processing middleware pipelines. In this guide, you learn about: -1. Building block APIs - HTTP middleware components are executed when invoking any Dapr HTTP APIs. -2. Service-to-Service invocation - HTTP middleware components are applied to service-to-service invocation calls. +- The two types of middleware pipelines. +- The two methods you can use to configure middleware. -## Configure API middleware pipelines +## Middleware pipelines -When launched, a Dapr sidecar constructs a middleware processing pipeline for incoming HTTP calls. By default, the pipeline consists of the [tracing]({{< ref tracing-overview.md >}}) and CORS middlewares. Additional middlewares, configured by a Dapr [Configuration]({{< ref configuration-concept.md >}}), can be added to the pipeline in the order they are defined. The pipeline applies to all Dapr API endpoints, including state, pub/sub, service invocation, bindings, secrets, configuration, distributed lock, etc. +Dapr offers two middleware pipeline types: `httpPipeline` and `appHttpPipeline`. -A request goes through all the defined middleware components before it's routed to user code, and then goes through the defined middleware, in reverse order, before it's returned to the client, as shown in the following diagram. +### `httpPipeline` + +This pipeline applies to all Dapr API endpoints, including state, pub/sub, service invocation, bindings, secrets, configuration, distributed lock, etc. In this pipeline, a request: + +1. Goes through all the defined middleware components before it's routed to user code. +1. Goes through the defined middleware, in reverse order, before it's returned to the client. Diagram showing the flow of a request and a response through the middlewares, as described in the paragraph above +### `appHttpPipeline` + +You can also use any middleware component when making service-to-service invocation calls. For example, to add token validation in a zero-trust environment, to transform a request for a specific app endpoint, or to apply OAuth policies. + +Service-to-service invocation middleware components apply to all **outgoing** calls from a Dapr sidecar to the receiving application (service), as shown in the diagram below. + +Diagram showing the flow of a service invocation request. Requests from the callee Dapr sidecar to the callee application go through the app middleware pipeline as described in the paragraph above. + +## Configure middleware + +Dapr offers two ways for you to configure middleware: + +- **Recommended:** Using the middleware component, just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref configuration-schema.md >}}). + +### Using middleware components + +> Configuring middleware pipelines using the middleware component **is the recommended method**. + +In your middleware component, you can set the pipeline type and priority metadata options, both of which are required for the component to be enabled in a pipeline. + +Use `pipelineType` to set either `httpPipeline` or `appHttpPipeline` as the pipeline type. + +The `priority` metadata option sets the order in which middleware components should be arranged and executed. Components with lower priorities are executed first, and priorities don't necessarily need to be sequential. + +The following example defines a custom pipeline that uses a [RouterChecker middleware]({{< ref middleware-routerchecker.md >}}). In this case, all requests are authorized to follow the regex rule `^[A-Za-z0-9/._-]+$` before they are forwarded to user code. The `priority` field determines the order in which requests are executed once all handler components are collected. + +```yml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: routerchecker1 +spec: + type: middleware.http.routerchecker + version: v1 + metadata: + - name: rule + value: "^[A-Za-z0-9/._-]+$" + - name: pipelineType + value: appHttpPipeline + - name: priority + value: 1 +``` + +### Using middleware components with configuration + +Setting middleware pipelines using [a Dapr configuration file]({{< ref configuration-schema.md >}}) is **no longer recommended**. + +#### API middleware pipelines + +When launched, a Dapr sidecar constructs a middleware processing pipeline for incoming HTTP calls. By default, the pipeline consists of the [tracing]({{< ref tracing-overview.md >}}) and CORS middlewares. Additional middlewares, configured by a Dapr [Configuration]({{< ref configuration-concept.md >}}), can be added to the pipeline in the order they are defined. + HTTP middleware components are executed when invoking Dapr HTTP APIs using the `httpPipeline` configuration. The following configuration example defines a custom pipeline that uses an [OAuth 2.0 middleware]({{< ref middleware-oauth2.md >}}) and an [uppercase middleware component]({{< ref middleware-uppercase.md >}}). In this case, all requests are authorized through the OAuth 2.0 protocol, and transformed to uppercase text, before they are forwarded to user code. +{{% alert title="Note" color="primary" %}} +Make sure to set different priority for different middleware components, otherwise Dapr might set it randomly. +{{% /alert %}} + ```yaml apiVersion: dapr.io/v1alpha1 kind: Configuration -metadata: name: pipeline namespace: default +metadata: + name: routerchecker1 spec: httpPipeline: handlers: @@ -38,19 +100,17 @@ spec: type: middleware.http.uppercase ``` -As with other components, middleware components can be found in the [supported Middleware reference]({{< ref supported-middleware >}}) and in the [`dapr/components-contrib` repo](https://github.com/dapr/components-contrib/tree/master/middleware/http). - -{{< button page="supported-middleware" text="See all middleware components">}} +As with other components, supported middleware components can be found in the [supported Middleware reference guide]({{< ref supported-middleware >}}) and in the [`dapr/components-contrib` repo](https://github.com/dapr/components-contrib/tree/master/middleware/http). -## Configure app middleware pipelines +#### App middleware pipelines -You can also use any middleware component when making service-to-service invocation calls. For example, to add token validation in a zero-trust environment, to transform a request for a specific app endpoint, or to apply OAuth policies. - -Service-to-service invocation middleware components apply to all **outgoing** calls from a Dapr sidecar to the receiving application (service), as shown in the diagram below. +Any middleware component that can be used as HTTP middleware can also be applied to service-to-service invocation calls as a middleware component using the `appHttpPipeline` configuration. -Diagram showing the flow of a service invocation request. Requests from the callee Dapr sidecar to the callee application go through the app middleware pipeline as described in the paragraph above. +The example below adds the `uppercase` middleware component for all outgoing calls from the Dapr sidecar (target of service invocation) to the application that this configuration is applied to. -Any middleware component that can be used as HTTP middleware can also be applied to service-to-service invocation calls as a middleware component using the `appHttpPipeline` configuration. The example below adds the `uppercase` middleware component for all outgoing calls from the Dapr sidecar (target of service invocation) to the application that this configuration is applied to. +{{% alert title="Note" color="primary" %}} +Make sure to set different priority for different middleware components, otherwise Dapr might set it randomly. +{{% /alert %}} ```yaml apiVersion: dapr.io/v1alpha1 @@ -68,6 +128,4 @@ spec: ## Related links - [Learn how to author middleware components]({{< ref develop-middleware.md >}}) -- [Component schema]({{< ref component-schema.md >}}) -- [Configuration overview]({{< ref configuration-overview.md >}}) - [API middleware sample](https://github.com/dapr/samples/tree/master/middleware-oauth-google) diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md index d47c769a93b..61d92cefae5 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md @@ -25,18 +25,24 @@ spec: value: "" - name: issuer value: "" + - name: pipelineType + value: "httpPipeline" # Optional values + - name: priority + value: "1" - name: jwksURL value: "" ``` ## Spec metadata fields -| Field | Required | Details | Example | -|-------|:--------:|---------|---------| +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| | `audience` | Y | The audience expected in the tokens. Usually, this corresponds to the client ID of your application that is created as part of a credential hosted by a OpenID Connect platform. | | `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"` +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` | `jwksURL` | N | Address of the JWKS (JWK Set containing the public keys for verifying tokens). If empty, will try to fetch the URL set in the OpenID Configuration document `/.well-known/openid-configuration`. | `"https://accounts.google.com/.well-known/openid-configuration"` Common values for `issuer` include: @@ -46,21 +52,14 @@ Common values for `issuer` include: - Google: `https://accounts.google.com` - Salesforce (Force.com): `https://login.salesforce.com` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: bearer-token - type: middleware.http.bearer -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). + +See [how to apply middleware pipeline configurations]({{< ref "middleware.md" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md index 90e0a3fa1d8..8ed03fe2e14 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md @@ -36,6 +36,10 @@ spec: value: "authorization" - name: forceHTTPS value: "false" + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "2" ``` {{% alert title="Warning" color="warning" %}} @@ -44,32 +48,25 @@ The above example uses secrets as plain strings. It is recommended to use a secr ## Spec metadata fields -| Field | Details | Example | -|-------|---------|---------| -| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform -| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform -| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` -| authURL | The endpoint of the OAuth2 authorization server | `"https://accounts.google.com/o/oauth2/v2/auth"` -| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` -| redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | `"https://myapp.com"` -| authHeaderName | The authorization header name to forward to your application | `"authorization"` -| forceHTTPS | If true, enforces the use of TLS/SSL | `"true"`,`"false"` | +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `clientId` | | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform +| `clientSecret` | | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform +| `scopes` | | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` +| `authURL` | | The endpoint of the OAuth2 authorization server | `"https://accounts.google.com/o/oauth2/v2/auth"` +| `tokenURL` | | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` +| `redirectURL` | | The URL of your web application that the authorization server should redirect to once the user has authenticated | `"https://myapp.com"` +| `authHeaderName` | | The authorization header name to forward to your application | `"authorization"` +| `forceHTTPS` | | If true, enforces the use of TLS/SSL | `"true"`,`"false"` | +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"`, `"2"` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: oauth2 - type: middleware.http.oauth2 -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md index ceba912ef68..6799d14160d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md @@ -30,6 +30,10 @@ spec: value: "https://accounts.google.com/o/oauth2/token" - name: headerName value: "authorization" + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "1" ``` {{% alert title="Warning" color="warning" %}} @@ -38,15 +42,18 @@ The above example uses secrets as plain strings. It is recommended to use a secr ## Spec metadata fields -| Field | Details | Example | -|------------|---------|---------| -| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform -| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform -| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` -| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` -| headerName | The authorization header name to forward to your application | `"authorization"` -| endpointParamsQuery | Specifies additional parameters for requests to the token endpoint | `true` -| authStyle | Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below | `0` +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `clientId` | | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform +| `clientSecret` | | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform +| `scopes` | | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` +| `tokenURL` | | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` +| `headerName` | | The authorization header name to forward to your application | `"authorization"` +| `endpointParamsQuery` | | Specifies additional parameters for requests to the token endpoint | `true` +| `authStyle` | | Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below | `0` +| `pipelineType` | N | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | Y | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` + ### Possible values for `authStyle` @@ -56,21 +63,12 @@ The above example uses secrets as plain strings. It is recommended to use a secr | `2` | Sends the "client_id" and "client_secret" using HTTP Basic Authorization. This is an optional style described in the [OAuth2 RFC 6749 section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1). | | `0` | Means to auto-detect which authentication style the provider wants by trying both ways and caching the successful way for the future. | -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in a [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: oauth2clientcredentials - type: middleware.http.oauth2clientcredentials -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links - [Middleware]({{< ref middleware.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md index a4e6a47bbde..de9899d75f6 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md @@ -69,34 +69,33 @@ spec: [_, jwt] := split(auth_header, " ") [_, payload, _] := io.jwt.decode(jwt) } + + # Pipeline settings for middleware components + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "3" ``` You can prototype and experiment with policies using the [official OPA playground](https://play.openpolicyagent.org). For example, [you can find the example policy above here](https://play.openpolicyagent.org/p/oRIDSo6OwE). ## Spec metadata fields -| Field | Details | Example | -|--------|---------|---------| -| `rego` | The Rego policy language | See above | -| `defaultStatus` | The status code to return for denied responses | `"https://accounts.google.com"`, `"https://login.salesforce.com"` -| `readBody` | If set to `true` (the default value), the body of each request is read fully in-memory and can be used to make policy decisions. If your policy doesn't depend on inspecting the request body, consider disabling this (setting to `false`) for significant performance improvements. | `"false"` -| `includedHeaders` | A comma-separated set of case-insensitive headers to include in the request input. Request headers are not passed to the policy by default. Include to receive incoming request headers in the input | `"x-my-custom-header, x-jwt-header"` +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `rego` | | The Rego policy language | See above | +| `defaultStatus` | | The status code to return for denied responses | `"https://accounts.google.com"`, `"https://login.salesforce.com"` +| `readBody` | | If set to `true` (the default value), the body of each request is read fully in-memory and can be used to make policy decisions. If your policy doesn't depend on inspecting the request body, consider disabling this (setting to `false`) for significant performance improvements. | `"false"` +| `includedHeaders` | | A comma-separated set of case-insensitive headers to include in the request input. Request headers are not passed to the policy by default. Include to receive incoming request headers in the input | `"x-my-custom-header, x-jwt-header"` +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"`, `"2"`, `"3"` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: my-policy - type: middleware.http.opa -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Input diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md index 59dc11dfb77..7adb7416618 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md @@ -24,13 +24,19 @@ spec: metadata: - name: maxRequestsPerSecond value: 10 + - name: pipelineType + value: httpPipeline + - name: priority + value: 1 ``` ## Spec metadata fields -| Field | Details | Example | -|-------|---------|---------| -| `maxRequestsPerSecond` | The maximum requests per second by remote IP.
The component looks at the `X-Forwarded-For` and `X-Real-IP` headers to determine the caller's IP. | `10` +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `maxRequestsPerSecond` | | The maximum requests per second by remote IP.
The component looks at the `X-Forwarded-For` and `X-Real-IP` headers to determine the caller's IP. | `10` +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` Once the limit is reached, the requests will fail with HTTP Status code *429: Too Many Requests*. @@ -40,21 +46,12 @@ The rate limit is enforced independently in each Dapr sidecar, and not cluster-w Alternatively, the [max concurrency setting]({{< ref control-concurrency.md >}}) can be used to rate-limit applications and applies to all traffic, regardless of remote IP, protocol, or path. -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: ratelimit - type: middleware.http.ratelimit -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routeralias.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routeralias.md index 62d3083cf8d..9b3fccb248d 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routeralias.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routeralias.md @@ -29,31 +29,28 @@ spec: "/hello/activity/{id}/info": "/v1.0/invoke/srv.default/method/hello/activity/info", "/hello/activity/{id}/user": "/v1.0/invoke/srv.default/method/hello/activity/user" } + - name: pipelineType + value: httpPipeline + - name: priority + value: 1 ``` In the example above, an incoming HTTP request for `/mall/activity/info?id=123` is transformed into `/v1.0/invoke/srv.default/method/mall/activity/info?id=123`. # Spec metadata fields -| Field | Details | Example | -|-------|---------|---------| -| `routes` | String containing a JSON-encoded or YAML-encoded dictionary. Each key in the dictionary is the incoming path, and the value is the path it's converted to. | See example above | +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `routes` | | String containing a JSON-encoded or YAML-encoded dictionary. Each key in the dictionary is the incoming path, and the value is the path it's converted to. | See example above | +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: routeralias - type: middleware.http.routeralias -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md index 47c275e65ad..036857d3a1c 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-routerchecker.md @@ -24,6 +24,10 @@ spec: metadata: - name: rule value: "^[A-Za-z0-9/._-]+$" + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "1" ``` In this example, the above definition would result in the following PASS/FAIL cases: @@ -44,25 +48,18 @@ FAIL /v1.0/invoke/demo.default/method/"$(curl ## Spec metadata fields -| Field | Details | Example | -|-------|---------|---------| -| rule | the regexp expression to be used by the HTTP request RouterChecker | `^[A-Za-z0-9/._-]+$`| +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `rule` | | The regexp expression to be used by the HTTP request RouterChecker | `^[A-Za-z0-9/._-]+$`| +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: routerchecker - type: middleware.http.routerchecker -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md index e93fd9c7381..923328e69cb 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md @@ -38,19 +38,25 @@ spec: "controlBehavior": 0 } ] + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "1" ``` ## Spec metadata fields -| Field | Details | Example | -|-------|---------|---------| -| appName | the name of current running service | `nodeapp` -| logDir | the log directory path | `/var/tmp/sentinel` -| flowRules | json array of sentinel flow control rules | [flow control rule](https://github.com/alibaba/sentinel-golang/blob/master/core/flow/rule.go) -| circuitBreakerRules | json array of sentinel circuit breaker rules | [circuit breaker rule](https://github.com/alibaba/sentinel-golang/blob/master/core/circuitbreaker/rule.go) -| hotSpotParamRules | json array of sentinel hotspot parameter flow control rules | [hotspot rule](https://github.com/alibaba/sentinel-golang/blob/master/core/hotspot/rule.go) -| isolationRules | json array of sentinel isolation rules | [isolation rule](https://github.com/alibaba/sentinel-golang/blob/master/core/isolation/rule.go) -| systemRules | json array of sentinel system rules | [system rule](https://github.com/alibaba/sentinel-golang/blob/master/core/system/rule.go) +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `appName` | | The name of current running service | `nodeapp` +| `logDir` | | The log directory path | `/var/tmp/sentinel` +| `flowRules` | | JSON array of sentinel flow control rules | [flow control rule](https://github.com/alibaba/sentinel-golang/blob/master/core/flow/rule.go) +| `circuitBreakerRules` | | JSON array of sentinel circuit breaker rules | [circuit breaker rule](https://github.com/alibaba/sentinel-golang/blob/master/core/circuitbreaker/rule.go) +| `hotSpotParamRules` | | JSON array of sentinel hotspot parameter flow control rules | [hotspot rule](https://github.com/alibaba/sentinel-golang/blob/master/core/hotspot/rule.go) +| `isolationRules` | | JSON array of sentinel isolation rules | [isolation rule](https://github.com/alibaba/sentinel-golang/blob/master/core/isolation/rule.go) +| `systemRules` | | JSON array of sentinel system rules | [system rule](https://github.com/alibaba/sentinel-golang/blob/master/core/system/rule.go) +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*. @@ -62,21 +68,12 @@ POST/GET/PUT/DELETE:Dapr HTTP API Request Path All concrete HTTP API information can be found from [Dapr API Reference]{{< ref "api" >}}. In the above sample config, the `resource` field is set to **POST:/v1.0/invoke/nodeapp/method/neworder**. -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: daprConfig -spec: - httpPipeline: - handlers: - - name: sentinel - type: middleware.http.sentinel -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md index a2b38433e27..1726485e7f5 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md @@ -21,25 +21,25 @@ metadata: spec: type: middleware.http.uppercase version: v1 + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "1" ``` -This component has no `metadata` to configure. +## Spec metadata fields -## Dapr configuration +| Field | Required? | Details | Example | +|-------|-----------|---------|---------| +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +## Configure -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: uppercase - type: middleware.http.uppercase -``` +You can configure middleware using the following methods: + +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). ## Related links diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md index e1167ad0299..444d8352829 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md @@ -41,6 +41,10 @@ spec: value: "file://router.wasm" - guestConfig value: {"environment":"production"} + - name: pipelineType + value: "httpPipeline" + - name: priority + value: "1" ``` ## Spec metadata fields @@ -48,31 +52,23 @@ spec: Minimally, a user must specify a Wasm binary implements the [http-handler](https://http-wasm.io/http-handler/). How to compile this is described later. -| Field | Details | Required | Example | -|-------|----------------------------------------------------------------|----------|----------------| -| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` | -| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `environment=production`,`{"environment":"production"}` | +| Field | Required? | Details | Required | Example | +|-------|-----------|----------------------------------------------------------------|----------|----------------| +| `url` | | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` | +| `guestConfig` | | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `environment=production`,`{"environment":"production"}` | +| `pipelineType` | Y | For configuring middleware pipelines. One of the two types of middleware pipeline so you can configure your middleware for either sidecar-to-sidecar communication (`appHttpPipeline`) or sidecar-to-app communication (`httpPipeline`). | `"httpPipeline"`, `"appHttpPipeline"` +| `priority` | N | For configuring middleware pipeline ordering. The order in which [middleware components]({{< ref middleware.md >}}) are executed. Integer from -MaxInt32 to +MaxInt32. | `"1"` -## Dapr configuration +## Configure -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). -See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). +You can configure middleware using the following methods: -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: wasm - type: middleware.http.wasm -``` +- **Recommended:** Using [the middleware component]({{< ref "middleware.md#using-middleware-components" >}}), just like any other [component]({{< ref components-concept.md >}}), with a YAML file placed into the application resources folder. +- Using a [configuration file]({{< ref "middleware.md#using-middleware-components-with-configuration" >}}). -*Note*: WebAssembly middleware uses more resources than native middleware. This -result in a resource constraint faster than the same logic in native code. -Production usage should [Control max concurrency]({{< ref control-concurrency.md >}}). +{{% alert title="Note" color="primary" %}} +WebAssembly middleware uses more resources than native middleware. This result in a resource constraint faster than the same logic in native code. Production usage should [Control max concurrency]({{< ref control-concurrency.md >}}). +{{% /alert %}} ### Generating Wasm diff --git a/daprdocs/data/components/middleware/http.yaml b/daprdocs/data/components/middleware/http.yaml index fdbeaa6a345..17e6b1f7ee7 100644 --- a/daprdocs/data/components/middleware/http.yaml +++ b/daprdocs/data/components/middleware/http.yaml @@ -8,45 +8,53 @@ link: /reference/components-reference/supported-middleware/middleware-oauth2 state: Alpha version: v1 + since: "0.10" description: Enables the [OAuth2 Authorization Grant flow](https://tools.ietf.org/html/rfc6749#section-4.1) on a Web API - component: OAuth2 Client Credentials Grant flow link: /reference/components-reference/supported-middleware/middleware-oauth2clientcredentials state: Alpha version: v1 + since: "0.10" description: Enables the [OAuth2 Client Credentials Grant flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API - component: OpenID Connect link: /reference/components-reference/supported-middleware/middleware-bearer state: Stable - since: "1.11" version: v1 + since: "0.04" description: Verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API - component: Rego/OPA Policies link: /reference/components-reference/supported-middleware/middleware-opa state: Alpha version: v1 + since: "0.10" description: Applies [Rego/OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests - component: Sentinel link: /reference/components-reference/supported-middleware/middleware-sentinel state: Alpha version: v1 + since: "1.11" description: Use Sentinel middleware to guarantee the reliability and resiliency of your application - component: RouterChecker link: /reference/components-reference/supported-middleware/middleware-routerchecker state: Alpha version: v1 + since: "1.6" description: Use RouterChecker middleware to block invalid http request routing - component: Router Alias link: /reference/components-reference/supported-middleware/middleware-routeralias state: Alpha version: v1 + since: "1.10" description: Use Router Alias to map arbitrary HTTP routes to valid Dapr API endpoints - component: Uppercase link: /reference/components-reference/supported-middleware/middleware-uppercase state: Stable version: v1 + since: "" description: Converts the body of the request to uppercase letters (demo) - component: Wasm link: /reference/components-reference/supported-middleware/middleware-wasm state: Alpha version: v1 + since: "1.8" description: Use Wasm middleware in your HTTP pipeline diff --git a/daprdocs/layouts/partials/components/middleware.html b/daprdocs/layouts/partials/components/middleware.html index 32a1486f265..09662b73306 100644 --- a/daprdocs/layouts/partials/components/middleware.html +++ b/daprdocs/layouts/partials/components/middleware.html @@ -10,6 +10,7 @@

{{ $group }}

Description Status Component version + Since runtime version {{ range sort $components "component" }} @@ -18,6 +19,7 @@

{{ $group }}

{{ .description | markdownify}} {{ .state }} {{ .version }} + {{ .since }} {{ end }} diff --git a/daprdocs/static/images/app-middleware.png b/daprdocs/static/images/app-middleware.png index 7e155570b96..f730b40bea4 100644 Binary files a/daprdocs/static/images/app-middleware.png and b/daprdocs/static/images/app-middleware.png differ diff --git a/daprdocs/static/images/concepts-components.png b/daprdocs/static/images/concepts-components.png index fd80064a6ff..17f2849bc09 100644 Binary files a/daprdocs/static/images/concepts-components.png and b/daprdocs/static/images/concepts-components.png differ diff --git a/daprdocs/static/images/middleware.png b/daprdocs/static/images/middleware.png index 1642493ad21..5c5c212d1d2 100644 Binary files a/daprdocs/static/images/middleware.png and b/daprdocs/static/images/middleware.png differ