3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
3739 commits 159 branches 125 tags 103 MiB
Commit graph

891 commits

Author SHA1 Message Date
Kenneth Jenkins
95d0baf137 connect to echo server 2025-04-10 14:22:37 -07:00
Joe Kralicky
0e56f12b83
test environment ssh config 2025-04-09 19:33:28 +00:00
Kenneth Jenkins
d5c60b3597 add a bare-bones ssh integration test 
Introduce a new SSHUpstream in the testenv package along with some
related machinery for configuring Pomerium with ssh routes. Add a basic
test case that configures one ssh upstream and attempts an ssh
connection to Pomerium itself.
 2025-04-08 16:42:43 -07:00
Joe Kralicky
8eff4a48a4
Merge remote-tracking branch 'origin/main' into experimental/ssh 2025-03-25 22:06:24 +00:00
Kenneth Jenkins
b188a168af
metrics: fix an apparent metric setup error (#5543) 
The IdentityManagerLastSessionRefreshErrorView appears to be a duplicate
of IdentityManagerLastUserRefreshErrorView. Adjust it to use the
matching identityManagerLastSessionRefreshError instead.
 2025-03-25 14:48:07 -07:00
Joe Kralicky
a96ab2fe93
move internal/telemetry/trace => pkg/telemetry/trace (#5541) 2025-03-25 10:43:04 -04:00
Denis Mishin
ab5f3ac7f3
core/envoyconfig: make adding ipv6 addresses to internal cidr list conditional on ipv6 support on the system (#5538) 2025-03-21 11:14:50 -04:00
Joe Kralicky
08623ef346
add tests/benchmarks for http1/http2 tcp tunnels and http1 websockets (#5471) 
* add tests/benchmarks for http1/http2 tcp tunnels and http1 websockets

testenv:
- add new TCP upstream
- add websocket functions to HTTP upstream
- add https support to mock idp (default on)
- add new debug flags -env.bind-address and -env.use-trace-environ to
  allow changing the default bind address, and enabling otel environment
  based trace config, respectively

* linter pass

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-03-19 18:42:19 -04:00
Caleb Doxsey
d6b02441b3
authorize: return 403 on invalid sessions (#5536) 2025-03-19 14:41:28 -06:00
Joe Kralicky
165e4f2ed9
initial ssh proxy demo 2025-03-19 20:16:18 +00:00
Joe Kralicky
8c6955dbe2
Increase some test timeouts (#5535) 
increase some test timeouts
 2025-03-19 14:52:11 -04:00
Joe Kralicky
ff26890bf4
wip 2025-03-19 18:20:13 +00:00
Denis Mishin
5ef16bcd28
metrics: reduce gc pressure (#5530) 2025-03-18 13:48:49 -04:00
Kenneth Jenkins
562101ae03
remove the legacy identity manager (#5528) 2025-03-17 11:59:02 -07:00
Denis Mishin
9cd5160468
zero/grpc: use hostname for proxied grpc calls (#5520) 2025-03-11 17:37:01 -04:00
Denis Mishin
b86c9931b1
testutil: use cmp.Diff in protobuf json assertion (#5517) 2025-03-07 20:20:27 -05:00
dependabot[bot]
ce07a1ea9d
chore(deps): bump the go group across 1 directory with 44 updates (#5511) 
* chore(deps): bump the go group across 1 directory with 44 updates

Bumps the go group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.49.0` | `1.50.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.7` | `1.36.3` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.7` | `1.29.8` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.71.1` | `1.78.0` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset) | `1.20.0` | `1.21.0` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.4` | `0.21.7` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.5.0` | `1.6.0` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.11.0` | `3.12.0` |
| [github.com/docker/docker](https://github.com/docker/docker) | `27.4.1+incompatible` | `28.0.1+incompatible` |
| [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) | `1.32.3` | `1.32.4` |
| [github.com/exaring/otelpgx](https://github.com/exaring/otelpgx) | `0.8.0` | `0.9.0` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.0` | `5.2.1` |
| [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.6.0` | `0.7.0` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware) | `2.2.0` | `2.3.0` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.11` | `1.18.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.82` | `7.0.87` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.0.0` | `1.2.0` |
| [github.com/pomerium/envoy-custom](https://github.com/pomerium/envoy-custom) | `1.32.4-0.20250114182541-6f6d2147bea6` | `1.33.0` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.48.2` | `0.50.0` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.34.0` | `0.35.0` |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.57.0` | `0.59.0` |
| [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.57.0` | `0.59.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.214.0` | `0.223.0` |



Updates `cloud.google.com/go/storage` from 1.49.0 to 1.50.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.49.0...spanner/v1.50.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.32.7 to 1.36.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.7...v1.36.3)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.7 to 1.29.8
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.7...config/v1.29.8)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.71.1 to 1.78.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.71.1...service/s3/v1.78.0)

Updates `github.com/bits-and-blooms/bitset` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases)
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.20.0...v1.21.0)

Updates `github.com/caddyserver/certmagic` from 0.21.4 to 0.21.7
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.4...v0.21.7)

Updates `github.com/cloudflare/circl` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0)

Updates `github.com/coreos/go-oidc/v3` from 3.11.0 to 3.12.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0)

Updates `github.com/docker/docker` from 27.4.1+incompatible to 28.0.1+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.4.1...v28.0.1)

Updates `github.com/envoyproxy/go-control-plane/envoy` from 1.32.3 to 1.32.4
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](https://github.com/envoyproxy/go-control-plane/compare/envoy/v1.32.3...envoy/v1.32.4)

Updates `github.com/envoyproxy/protoc-gen-validate` from 1.1.0 to 1.2.1
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.1.0...v1.2.1)

Updates `github.com/exaring/otelpgx` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/exaring/otelpgx/releases)
- [Commits](https://github.com/exaring/otelpgx/compare/v0.8.0...v0.9.0)

Updates `github.com/go-chi/chi/v5` from 5.2.0 to 5.2.1
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1)

Updates `github.com/google/go-cmp` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0)

Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.2.0...v2.3.0)

Updates `github.com/klauspost/compress` from 1.17.11 to 1.18.0
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0)

Updates `github.com/minio/minio-go/v7` from 7.0.82 to 7.0.87
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.82...v7.0.87)

Updates `github.com/open-policy-agent/opa` from 1.0.0 to 1.2.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.0.0...v1.2.0)

Updates `github.com/pomerium/envoy-custom` from 1.32.4-0.20250114182541-6f6d2147bea6 to 1.33.0
- [Release notes](https://github.com/pomerium/envoy-custom/releases)
- [Commits](https://github.com/pomerium/envoy-custom/commits/v1.33.0)

Updates `github.com/prometheus/client_golang` from 1.20.5 to 1.21.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.5...v1.21.0)

Updates `github.com/prometheus/common` from 0.61.0 to 0.62.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.61.0...v0.62.0)

Updates `github.com/quic-go/quic-go` from 0.48.2 to 0.50.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.48.2...v0.50.0)

Updates `github.com/spf13/cobra` from 1.8.1 to 1.9.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)

Updates `github.com/testcontainers/testcontainers-go` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.34.0...v0.35.0)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.57.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.57.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.58.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.58.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.57.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.57.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/proto/otlp` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-proto-go/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-proto-go/compare/v1.4.0...v1.5.0)

Updates `golang.org/x/crypto` from 0.32.0 to 0.33.0
- [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.33.0)

Updates `golang.org/x/net` from 0.33.0 to 0.35.0
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.35.0)

Updates `golang.org/x/sync` from 0.10.0 to 0.11.0
- [Commits](https://github.com/golang/sync/compare/v0.10.0...v0.11.0)

Updates `golang.org/x/sys` from 0.29.0 to 0.30.0
- [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0)

Updates `golang.org/x/time` from 0.8.0 to 0.10.0
- [Commits](https://github.com/golang/time/compare/v0.8.0...v0.10.0)

Updates `google.golang.org/api` from 0.214.0 to 0.223.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.214.0...v0.223.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241209162323-e6fa225c2576 to 0.0.0-20250219182151-9fdb1cabc7b2
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.69.2 to 1.70.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.69.2...v1.70.0)

Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.5

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/exaring/otelpgx
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/pomerium/envoy-custom
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/propagators/autoprop
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/proto/otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix go.mod

* bump acmez

* bump docker build

* bump docker build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-03-05 12:31:24 -05:00
Caleb Doxsey
932db70d96
remove noisy logs (#5501) 2025-02-26 10:31:12 -07:00
Caleb Doxsey
1f30dead31
fileutil: reimplement file watcher (#5498) 
* remove context, add close

* update tests

* cleanup

* fileutil: reimplement file watcher

* remove test, simplify tree set code, fix data race
 2025-02-26 09:21:06 -07:00
Caleb Doxsey
fbd1f34110
fileutil: add directory helpers, atomic file writing (#5477) 2025-02-19 07:56:38 -07:00
Caleb Doxsey
b9fd926618
authorize: support authenticating with idp tokens (#5484) 
* identity: add support for verifying access and identity tokens

* allow overriding with policy option

* authenticate: add verify endpoints

* wip

* implement session creation

* add verify test

* implement idp token login

* fix tests

* add pr permission

* make session ids route-specific

* rename method

* add test

* add access token test

* test for newUserFromIDPClaims

* more tests

* make the session id per-idp

* use type for

* add test

* remove nil checks
 2025-02-18 13:02:06 -07:00
Joe Kralicky
d588135b3a
very bad demo code 2025-02-18 01:33:15 +00:00
Joe Kralicky
3043e98fab
Fix trace client update (#5480) 2025-02-12 19:47:17 -05:00
Joe Kralicky
56ce79e662
Prototype device authorization flow (core) 2025-02-11 21:07:22 +00:00
Joe Kralicky
c8323ba744
tracing: handle empty protocol (#5474) 2025-02-06 13:19:50 -05:00
Caleb Doxsey
dc9a6bdb81
replace xxhash with xxh3 (#5457) 
* update config file paths hash

* update filemgr

* use xxh3 for hashutil.Hash

* update hashutil digest, fix trace buffer test

* update comments

* update namegen, go mod tidy
 2025-01-31 08:44:08 -07:00
Joe Kralicky
5e94b2f8f1
Refactor trace config to match supported otel options (#5447) 
* Refactor trace config to match supported otel options

* use duration instead of int64 for otel timeouts

* change 'trace client updated' log level to debug
 2025-01-30 11:59:19 -05:00
Joe Kralicky
b5f58997bd
storage/postgres: pgx client tracing (#5438) 
* fix testcontainers docker client using the global tracer provider

* storage/postgres: pgx client tracing

* skip postgres test on macos
 2025-01-28 17:10:09 -05:00
Kenneth Jenkins
b0f89fc688
authorize: log JWT groups filtering (#5432) 
Add a new Authorize Log Fields option for logging the number of groups
removed during JWT groups filtering. This will be enabled by default.

Additionally, when the log level is Debug (or more verbose), store and
log the IDs of any groups removed during JWT groups filtering.
 2025-01-27 12:11:52 -08:00
Joe Kralicky
c307ca806a
fix testcontainers docker client using the global tracer provider (#5440) 2025-01-24 14:55:21 -05:00
Joe Kralicky
6ea51149f9
tracing: adjust envoy otel trace batching settings to match go sdk (#5446) 2025-01-24 14:51:07 -05:00
Caleb Doxsey
6e1fabec0b
authorize: cache warming (#5439) 
* authorize: cache warming

* add Authorize to test?

* remove tracing querier

* only update connection when it changes
 2025-01-22 09:27:22 -07:00
Joe Kralicky
b674d5c19d
Fix small timeout causing test flake (#5436) 2025-01-21 14:31:34 -05:00
Joe Kralicky
396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
 2025-01-21 13:26:32 -05:00
Joe Kralicky
8f36870650
testenv: embedded envoy cpu/memory profiling config (#5377) 2025-01-03 17:41:54 -05:00
Caleb Doxsey
b3d2ef95e7
fix redirect server proxy protocol (#5405) 2024-12-23 05:37:11 -07:00
Kenneth Jenkins
247cd175fe
metrics: restore global registry in unit tests (#5399) 
Currently there appears to be a test order dependency between a couple
of the info_test.go test cases and the Test_PrometheusHandler test. This
can be exposed by running:

  go test -count 2 ./internal/telemetry/metrics

The test cases in info_test.go overwrite the global 'registry' variable,
which seems to prevent Test_PrometheusHandler from being able to export
the internal Go metrics. Add a helper method to restore the original
registry after these test cases.
 2024-12-18 13:21:06 -08:00
Kenneth Jenkins
69cb6f53de
metrics: make sure to flush buffered writer (#5398) 
The writeMetricsMux() method instantiates a buffered writer but does not
call Flush() after it is done writing. As a result the metrics output
may be incomplete.
 2024-12-18 12:50:12 -08:00
Joe Kralicky
ecd2855dcc
add options to adjust databroker lease ttl, and retry initial interval (#5391) 2024-12-13 14:01:43 -05:00
Joe Kralicky
f876e2f31d
registry: fix reporter client context on config change (#5392) 2024-12-13 14:01:34 -05:00
Caleb Doxsey
71bcb4f28e
UDP support (#5390) 2024-12-11 13:07:31 -07:00
Denis Mishin
699679bc57
core/metrics: improve memory usage (#5364) 2024-12-03 11:17:34 -05:00
Joe Kralicky
39e789529e
testenv: avoid dns lookups for *.localhost.pomerium.io (#5372) 
* testenv: avoid dns lookups for localhost.pomerium.io

* linter pass
 2024-12-02 12:29:15 -05:00
Caleb Doxsey
3a8bdde211
authorize: remove wait for ready (#5376) 2024-11-22 10:17:00 -07:00
Joe Kralicky
3e51b4f905
testenv: configure metrics address (#5368) 2024-11-07 15:42:08 -05:00
Joe Kralicky
135e737d7c
testenv: add Pause() method (#5367) 2024-11-07 15:41:59 -05:00
Joe Kralicky
177f789e63
change Policy.Matches to accept a URL pointer (#5360) 2024-11-07 14:55:44 -05:00
Joe Kralicky
9cd5fe4e25
testenv: Add utility to pause/resume profiling (#5361) 2024-11-07 14:55:33 -05:00
Joe Kralicky
ebd9eea30e
Optimize Policy RouteID (#5359) 2024-11-06 12:31:52 -05:00
Joe Kralicky
526e2a58d6
New integration test fixtures (#5233) 
* Initial test environment implementation

* linter pass

* wip: update request latency test

* bugfixes

* Fix logic race in envoy process monitor when canceling context

* skip tests using test environment on non-linux
 2024-11-05 14:31:40 -05:00