Claude Code Plugins

Community-maintained marketplace

Feedback

Dapr Validator

@majiayu000/claude-skill-registry
2
0

Validate Dapr component configs, sidecar annotations, and mTLS settings. Use when: (1) Creating Dapr Component manifests, (2) Adding Dapr annotations to deployments, (3) Configuring pub/sub, state stores, or bindings, (4) Before deploying Dapr-enabled applications, (5) Generating new Dapr components. Validates secrets management (secretKeyRef), scopes, mTLS, sidecar resource limits, and namespace configuration.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name: Dapr Validator description: Validate Dapr component configs, sidecar annotations, and mTLS settings. Use when: (1) Creating Dapr Component manifests, (2) Adding Dapr annotations to deployments, (3) Configuring pub/sub, state stores, or bindings, (4) Before deploying Dapr-enabled applications, (5) Generating new Dapr components. Validates secrets management (secretKeyRef), scopes, mTLS, sidecar resource limits, and namespace configuration.

Overview

This skill validates Dapr configurations for security, correctness, and best practices. It ensures all Dapr components and sidecar annotations follow standards before deployment.

Quick Start

Validate Existing Components

# Validate a Dapr component file
python scripts/validate_component.py <component-file.yaml>

# Validate deployment Dapr annotations
python scripts/validate_deployment.py <deployment-file.yaml>

Generate New Components

# Generate from templates
python scripts/generate_component.py --type statestore-postgres --name mystore --namespace todo-app

# Available templates in assets/:
# - statestore-postgres, statestore-redis
# - pubsub-kafka, pubsub-redis
# - configuration (mTLS)

Validation Rule Codes

Code Category Description
DAPR-001 Component Missing namespace
DAPR-002 Component Using 'default' namespace
DAPR-003 Security Inline credentials (not using secretKeyRef)
DAPR-004 Component Missing or empty scopes
DAPR-005 Configuration mTLS not enabled
DAPR-006 Deployment Missing dapr.io/app-id annotation
DAPR-007 Deployment Missing sidecar resource limits
DAPR-008 Component Invalid component type
DAPR-009 Deployment app-id doesn't match component scopes
DAPR-010 Deployment Missing dapr.io/app-port annotation

Component Structure

Every Dapr component MUST have:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: <lowercase-hyphenated>
  namespace: <explicit-namespace>    # Never "default"
spec:
  type: <component-type>
  version: v1
  metadata:
    - name: <key>
      secretKeyRef:                  # For sensitive values
        name: <secret-name>
        key: <secret-key>
scopes:                              # REQUIRED
  - <app-id-1>

Validation Rules

Secrets Management

# ✅ CORRECT
metadata:
  - name: connectionString
    secretKeyRef:
      name: postgres-secrets
      key: connection-string

# ❌ WRONG - Never inline secrets
metadata:
  - name: connectionString
    value: "postgresql://user:password@host/db"

Scopes (Required)

# ✅ CORRECT - Scoped to specific apps
scopes:
  - todo-backend
  - todo-mcp-server

# ❌ WRONG - Empty or missing scopes

mTLS Configuration

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: dapr-config
spec:
  mtls:
    enabled: true    # MANDATORY

Deployment Annotations

Every Dapr-enabled deployment MUST have:

annotations:
  dapr.io/enabled: "true"
  dapr.io/app-id: "<unique-app-id>"
  dapr.io/app-port: "<container-port>"
  dapr.io/app-protocol: "http"
  dapr.io/sidecar-cpu-request: "100m"
  dapr.io/sidecar-memory-request: "128Mi"
  dapr.io/sidecar-cpu-limit: "300m"
  dapr.io/sidecar-memory-limit: "256Mi"

Component Examples

PostgreSQL State Store

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: statestore
  namespace: todo
spec:
  type: state.postgresql
  version: v1
  metadata:
    - name: connectionString
      secretKeyRef:
        name: postgres-secrets
        key: connection-string
scopes:
  - todo-backend

Kafka Pub/Sub

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: pubsub
  namespace: todo
spec:
  type: pubsub.kafka
  version: v1
  metadata:
    - name: brokers
      value: "kafka:9092"
    - name: authType
      value: "password"
    - name: saslUsername
      secretKeyRef:
        name: kafka-secrets
        key: username
    - name: saslPassword
      secretKeyRef:
        name: kafka-secrets
        key: password
scopes:
  - todo-backend

Validation Output

## Dapr Validation Report

### Component: statestore
✅ Structure valid
✅ Namespace explicit
✅ Secrets use secretKeyRef
✅ Scopes defined
❌ ERROR: Empty scopes

### Deployment: todo-backend
✅ Dapr enabled
✅ App-id matches scopes
⚠️ WARNING: No sidecar limits

### Status: PASSED / BLOCKED

Common Mistakes

Mistake Fix
Inline secrets Use secretKeyRef
Missing scopes Add explicit app-ids
Wrong app-id Match annotation to scopes
No sidecar limits Add resource annotations
Missing namespace Use explicit namespace

Checklist

Components:
[ ] apiVersion: dapr.io/v1alpha1
[ ] Explicit namespace
[ ] secretKeyRef for credentials
[ ] Scopes defined

Deployments:
[ ] dapr.io/enabled: "true"
[ ] dapr.io/app-id set
[ ] dapr.io/app-port correct
[ ] Sidecar resource limits

Configuration:
[ ] mTLS enabled

CLI Commands

dapr status -k
dapr components -k -n todo
kubectl describe component statestore -n todo