Merge branch 'master' into feat/interact-with-kubernetes-dapr-apps

Author: mukundansundar

.github/workflows/dapr_cli.yaml

@@ -62,7 +62,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Run golangci-lint
         if: matrix.target_arch == 'amd64' && matrix.target_os == 'linux'
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3.1.0
         with:
           version: ${{ env.GOLANG_CI_LINT_VER }}
           only-new-issues: true

.github/workflows/kind_e2e.yaml

@@ -46,9 +46,9 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GOVER: 1.17
-      DAPR_RUNTIME_VERSION: 1.7.0-rc.1
-      DAPR_DASHBOARD_VERSION: 0.10.0-rc.1
-      DAPR_TGZ: dapr-1.7.0-rc.1.tgz
+      DAPR_RUNTIME_VERSION: 1.7.0
+      DAPR_DASHBOARD_VERSION: 0.10.0
+      DAPR_TGZ: dapr-1.7.0.tgz
     strategy:
       fail-fast: false # Keep running if one leg fails.
       matrix:

.github/workflows/self_hosted_e2e.yaml

@@ -36,9 +36,9 @@ jobs:
       GOARCH: ${{ matrix.target_arch }}
       GOPROXY: https://proxy.golang.org
       ARCHIVE_OUTDIR: dist/archives
-      DAPR_RUNTIME_VERSION: "1.7.0-rc.1"
-      DAPR_DASHBOARD_VERSION: 0.10.0-rc.1
-      DAPR_TGZ: dapr-1.7.0-rc.1.tgz
+      DAPR_RUNTIME_VERSION: "1.7.0"
+      DAPR_DASHBOARD_VERSION: 0.10.0
+      DAPR_TGZ: dapr-1.7.0.tgz
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]

README.md

@@ -120,10 +120,10 @@ You can install or upgrade to a specific version of the Dapr runtime using `dapr
 
 ```bash
 # Install v1.0.0 runtime
-$ dapr init --runtime-version 1.0.0
+dapr init --runtime-version 1.0.0
 
 # Check the versions of CLI and runtime
-$ dapr --version
+dapr --version
 CLI version: v1.0.0
 Runtime version: v1.0.0
 ```
@@ -134,7 +134,35 @@ You can install Dapr runtime by pulling docker images from a given private regis
 
 ```bash
 # Example of pulling images from a private registry.
-$ dapr init --image-registry example.io/<username>
+dapr init --image-registry example.io/<username>
+```
+
+#### Install in airgap environment
+
+You can install Dapr runtime in airgap (offline) environment using a pre-downloaded [installer bundle](https://github.com/dapr/installer-bundle/releases). You need to download the archived bundle for your OS beforehand (e.g., daprbundle_linux_amd64.tar.gz,) and unpack it. Thereafter use the local Dapr CLI binary in the bundle with `--from-dir` flag in the init command to point to the extracted bundle location to initialize Dapr.
+
+Move to the bundle directory and run the following command:
+
+```bash
+# Initializing dapr in airgap environment
+./dapr init --from-dir .
+```
+
+> For windows, use `.\dapr.exe` to point to the local Dapr CLI binary.
+
+> If you are not running the above command from the bundle directory, provide the full path to bundle directory as input. For example, assuming the bundle directory path is $HOME/daprbundle, run `$HOME/daprbundle/dapr init --from-dir $HOME/daprbundle` to have the same behavior.
+
+> Note: Dapr Installer bundle just contains the placement container apart from the binaries and so `zipkin` and `redis` are not enabled by default. You can pull the images locally either from network or private registry and run as follows:
+
+```bash
+docker run --name "dapr_zipkin" --restart always -d -p 9411:9411 openzipkin/zipkin
+docker run --name "dapr_redis" --restart always -d -p 6379:6379 redis
+```
+
+Alternatively to the above, you can also have slim installation as well to install dapr without running any Docker containers in airgap mode.   
+
+```bash
+./dapr init --slim --from-dir .
 ```
 
 #### Install to a specific Docker network
@@ -143,10 +171,10 @@ You can install the Dapr runtime to a specific Docker network in order to isolat
 
 ```bash
 # Create Docker network
-$ docker network create dapr-network
+docker network create dapr-network
 
 # Install Dapr to the network
-$ dapr init --network dapr-network
+dapr init --network dapr-network
 ```
 
 > Note: When installed to a specific Docker network, you will need to add the `--placement-host-address` arguments to `dapr run` commands run in any containers within that network.
@@ -190,8 +218,12 @@ The init command will install Dapr to a Kubernetes cluster. For more advanced us
 *Note: The default namespace is dapr-system. The installation will appear under the name `dapr` for Helm*
 
 ```bash
-$ dapr init -k
+dapr init -k
+```
 
+Output should look like as follows:
+
+```
 ⌛  Making the jump to hyperspace...
 ℹ️  Note: To install Dapr using Helm, see here:  https://docs.dapr.io/getting-started/install-dapr/#install-with-helm-advanced
 
@@ -575,27 +607,26 @@ dapr completion
 In order to enable Unix domain socket to connect Dapr API server, use the `--unix-domain-socket` flag:
 
 ```
-$ dapr run --app-id nodeapp --unix-domain-socket node app.js
+dapr run --app-id nodeapp --unix-domain-socket node app.js
 ```
 
 Dapr will automatically create a Unix domain socket to connect Dapr API server.
 
 If you want to invoke your app, also use this flag:
 
 ```
-$ dapr invoke --app-id nodeapp --unix-domain-socket --method mymethod
+dapr invoke --app-id nodeapp --unix-domain-socket --method mymethod
 ```
 
 ### Set API log level
 
-In order to set the Dapr runtime API calls log verbosity level, use the `api-log-level` flag:
+In order to set the Dapr runtime to log API calls with `INFO` log verbosity, use the `enable-api-logging` flag:
 
 ```bash
-dapr run --app-id nodeapp --app-port 3000 node app.js --api-log-level info
+dapr run --app-id nodeapp --app-port 3000 node app.js enable-api-logging
 ```
 
-This sets the Dapr API log level to `info`.
-The default is `debug`.
+The default is `false`.
 
 For more details, please run the command and check the examples to apply to your shell.
 

cmd/init.go

@@ -16,6 +16,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -52,7 +53,8 @@ var InitCmd = &cobra.Command{
 # Initialize Dapr in self-hosted mode
 dapr init
 
-#Initialize Dapr in self-hosted mode with a provided docker image registry. Image looked up as <registry-url>/<image>
+# Initialize Dapr in self-hosted mode with a provided docker image registry. Image looked up as <registry-url>/<image>.
+# Check docs or README for more information on the format of the image path that is required. 
 dapr init --image-registry <registry-url>
 
 # Initialize Dapr in Kubernetes
@@ -103,10 +105,15 @@ dapr init --from-dir <path-to-directory>
 				dockerNetwork = viper.GetString("network")
 				imageRegistryURL = viper.GetString("image-registry")
 			}
-			if fromDir != "" {
-				print.WarningStatusEvent(os.Stdout, "Local bundle installation using from-dir flag is currently a preview feature.")
+			// If both --image-registry and --from-dir flags are given, error out saying only one can be given.
+			if len(strings.TrimSpace(imageRegistryURL)) != 0 && len(strings.TrimSpace(fromDir)) != 0 {
+				print.FailureStatusEvent(os.Stderr, "both --image-registry and --from-dir flags cannot be given at the same time")
+				os.Exit(1)
+			}
+			if len(strings.TrimSpace(fromDir)) != 0 {
+				print.WarningStatusEvent(os.Stdout, "Local bundle installation using --from-dir flag is currently a preview feature and is subject to change. It is only available from CLI version 1.7 onwards.")
 			}
-			if imageRegistryURL != "" {
+			if len(strings.TrimSpace(imageRegistryURL)) != 0 {
 				print.WarningStatusEvent(os.Stdout, "Flag --image-registry is a preview feature and is subject to change. It is only available from CLI version 1.7 onwards.")
 			}
 			err := standalone.Init(runtimeVersion, dashboardVersion, dockerNetwork, slimMode, imageRegistryURL, fromDir)
@@ -142,9 +149,9 @@ func init() {
 	InitCmd.Flags().BoolVarP(&enableMTLS, "enable-mtls", "", true, "Enable mTLS in your cluster")
 	InitCmd.Flags().BoolVarP(&enableHA, "enable-ha", "", false, "Enable high availability (HA) mode")
 	InitCmd.Flags().String("network", "", "The Docker network on which to deploy the Dapr runtime")
-	InitCmd.Flags().StringVarP(&fromDir, "from-dir", "", "", "Use Dapr artifacts from local directory instead of from network to init")
+	InitCmd.Flags().StringVarP(&fromDir, "from-dir", "", "", "Use Dapr artifacts from local directory for self-hosted installation")
 	InitCmd.Flags().BoolP("help", "h", false, "Print this help message")
 	InitCmd.Flags().StringArrayVar(&values, "set", []string{}, "set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)")
-	InitCmd.Flags().String("image-registry", "", "Custom/Private docker image repository url")
+	InitCmd.Flags().String("image-registry", "", "Custom/Private docker image repository URL")
 	RootCmd.AddCommand(InitCmd)
 }

cmd/renew_certificate.go

@@ -16,6 +16,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -47,17 +48,29 @@ dapr mtls renew-certificate -k --valid-until <no of days> --restart
 dapr mtls renew-certificate -k --private-key myprivatekey.key --valid-until <no of days>
 
 # Rotates certificate of your kubernetes cluster with provided ca.cert, issuer.crt and issuer.key file path
-dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.crt> --restart
+dapr mtls renew-certificate -k --ca-root-certificate <root.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem> --restart
 
 # See more at: https://docs.dapr.io/getting-started/
 `,
 
 		Run: func(cmd *cobra.Command, args []string) {
+			var err error
+			pkFlag := cmd.Flags().Lookup("private-key").Changed
+			rootcertFlag := cmd.Flags().Lookup("ca-root-certificate").Changed
+			issuerKeyFlag := cmd.Flags().Lookup("issuer-private-key").Changed
+			issuerCertFlag := cmd.Flags().Lookup("issuer-public-certificate").Changed
+
 			if kubernetesMode {
 				print.PendingStatusEvent(os.Stdout, "Starting certificate rotation")
-				if caRootCertificateFile != "" && issuerPrivateKeyFile != "" && issuerPublicCertificateFile != "" {
+				if rootcertFlag || issuerKeyFlag || issuerCertFlag {
+					flagArgsEmpty := checkReqFlagArgsEmpty(caRootCertificateFile, issuerPrivateKeyFile, issuerPublicCertificateFile)
+					if flagArgsEmpty {
+						err = fmt.Errorf("all required flags for this certificate rotation path, %q, %q and %q are not present",
+							"ca-root-certificate", "issuer-private-key", "issuer-public-certificate")
+						logErrorAndExit(err)
+					}
 					print.InfoStatusEvent(os.Stdout, "Using provided certificates")
-					err := kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
+					err = kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
 						RootCertificateFilePath:   caRootCertificateFile,
 						IssuerCertificateFilePath: issuerPublicCertificateFile,
 						IssuerPrivateKeyFilePath:  issuerPrivateKeyFile,
@@ -66,9 +79,14 @@ dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-k
 					if err != nil {
 						logErrorAndExit(err)
 					}
-				} else if privateKey != "" {
+				} else if pkFlag {
+					flagArgsEmpty := checkReqFlagArgsEmpty(privateKey)
+					if flagArgsEmpty {
+						err = fmt.Errorf("%q flag has incorrect value", "privateKey")
+						logErrorAndExit(err)
+					}
 					print.InfoStatusEvent(os.Stdout, "Using password file to generate root certificate")
-					err := kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
+					err = kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
 						RootPrivateKeyFilePath: privateKey,
 						ValidUntil:             time.Hour * time.Duration(validUntil*24),
 						Timeout:                timeout,
@@ -78,7 +96,7 @@ dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-k
 					}
 				} else {
 					print.InfoStatusEvent(os.Stdout, "generating fresh certificates")
-					err := kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
+					err = kubernetes.RenewCertificate(kubernetes.RenewCertificateParams{
 						ValidUntil: time.Hour * time.Duration(validUntil*24),
 						Timeout:    timeout,
 					})
@@ -118,8 +136,17 @@ dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-k
 	return command
 }
 
+func checkReqFlagArgsEmpty(params ...string) bool {
+	for _, val := range params {
+		if len(strings.TrimSpace(val)) == 0 {
+			return true
+		}
+	}
+	return false
+}
+
 func logErrorAndExit(err error) {
-	err = fmt.Errorf("certificate rotation failed %w", err)
+	err = fmt.Errorf("certificate rotation failed: %w", err)
 	print.FailureStatusEvent(os.Stderr, err.Error())
 	os.Exit(1)
 }

cmd/run.go

@@ -47,7 +47,7 @@ var (
 	metricsPort        int
 	maxRequestBodySize int
 	unixDomainSocket   string
-	apiLogLevel        string
+	enableAPILogging   bool
 )
 
 const (
@@ -116,7 +116,7 @@ dapr run --app-id myapp --app-port 3000 --app-protocol grpc -- go run main.go
 			MetricsPort:        metricsPort,
 			MaxRequestBodySize: maxRequestBodySize,
 			UnixDomainSocket:   unixDomainSocket,
-			APILogLevel:        apiLogLevel,
+			EnableAPILogging:   enableAPILogging,
 		})
 		if err != nil {
 			print.FailureStatusEvent(os.Stderr, err.Error())
@@ -365,7 +365,7 @@ func init() {
 	RunCmd.Flags().BoolP("help", "h", false, "Print this help message")
 	RunCmd.Flags().IntVarP(&maxRequestBodySize, "dapr-http-max-request-size", "", -1, "Max size of request body in MB")
 	RunCmd.Flags().StringVarP(&unixDomainSocket, "unix-domain-socket", "u", "", "Path to a unix domain socket dir. If specified, Dapr API servers will use Unix Domain Sockets")
-	RunCmd.Flags().StringVarP(&apiLogLevel, "api-log-level", "", "debug", "The api calls log verbosity. Valid values are: debug, info, off")
+	RunCmd.Flags().BoolVar(&enableAPILogging, "enable-api-logging", false, "Log API calls at INFO verbosity. Valid values are: true or false")
 
 	RootCmd.AddCommand(RunCmd)
 }

go.mod

@@ -5,7 +5,7 @@ go 1.17
 require (
 	github.com/Pallinder/sillyname-go v0.0.0-20130730142914-97aeae9e6ba1
 	github.com/briandowns/spinner v1.6.1
-	github.com/dapr/dapr v1.7.0-rc.1
+	github.com/dapr/dapr v1.7.0
 	github.com/dapr/go-sdk v1.0.0
 	github.com/docker/docker v20.10.12+incompatible
 	github.com/fatih/color v1.13.0

go.sum

@@ -345,8 +345,8 @@ github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
-github.com/dapr/dapr v1.7.0-rc.1 h1:NEXZXuMHQZsd0I3Pi5bTJQdK1anDt0TRHLA1JzQnR78=
-github.com/dapr/dapr v1.7.0-rc.1/go.mod h1:YbacMSteh7nGRP777IJDuCn5sgJxL9cRVdiWEirBXbM=
+github.com/dapr/dapr v1.7.0 h1:6D92cycMjrzxOSASfXDMfn1t3dGaDysA28ONogaOE4s=
+github.com/dapr/dapr v1.7.0/go.mod h1:MIXtm4c4Vv1Z7GScHOgctDcjZ28W2jGYxXvr28+LGpM=
 github.com/dapr/go-sdk v1.0.0 h1:3nOmFzsPaHzzgINQQD9AFofVX6LV8QYJtpogaBfwkUg=
 github.com/dapr/go-sdk v1.0.0/go.mod h1:zyhsocIKv4pqQ2VtvWvf2CK1UhP7Z2OAOXgEpVxMgIs=
 github.com/dapr/kit v0.0.2-0.20210614175626-b9074b64d233 h1:M0dWIG8kUxEFU57IqTWeqptNqlBsfosFgsA5Ov7rJ8g=

pkg/kubernetes/mtls.go

@@ -165,7 +165,10 @@ func Expiry() (*time.Time, error) {
 		return nil, err
 	}
 
-	caCrt := secret.Data["ca.crt"]
+	caCrt, ok := secret.Data["ca.crt"]
+	if !ok {
+		return nil, errors.New("root certificate not loaded yet, please try again in few minutes")
+	}
 	block, _ := pem.Decode(caCrt)
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {