3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
3245 commits 156 branches 125 tags 103 MiB
Commit graph

3245 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kenneth Jenkins
3b2bdd059a
authenticate: getUserInfoData() cleanup (#4818) 
The Authenticate.getUserInfoData() method has an error return value, but
always returns nil for this value. Let's remove this return value from
the method signature.
 2023-12-05 14:48:56 -08:00
Kenneth Jenkins
8068890e57
integration: re-generate test configurations (#4816) 
An unused Redis TCP route was removed from the integration test
configuration template in commit bcddbff. Re-generate the test
configurations to incorporate this template change.
 2023-12-05 12:49:03 -08:00
Kenneth Jenkins
3c4b03f1d2
authenticate: remove extra UpdateUserInfo() call (#4813) 
The buildIdentityProfile() method is called only from
Authenticate.getOAuthCallback(), which has previously called
Authenticator.Authenticate(). It looks like all implementations of the
Authenticator interface already call UpdateUserInfo(), so we shouldn't
need to call UpdateUserInfo() a second time from buildIdentityProfile().

This should simplify the code a little and provide a slight performance
improvement (by avoiding one network request).
 2023-12-05 09:22:35 -08:00
Denis Mishin
8a2cf3faf2
zero: add more verbose logging about background control loops (#4815) 2023-12-05 11:22:01 -05:00
dependabot[bot]
96ba5a6679
chore(deps): bump github.com/minio/minio-go/v7 from 7.0.63 to 7.0.65 (#4812) 
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.63 to 7.0.65.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.63...v7.0.65)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 09:01:05 -07:00
Denis Mishin
d2b2ad3250
zero: use production urls by default (#4814) 2023-12-04 20:01:46 -05:00
dependabot[bot]
2edd63c58a
chore(deps): bump distroless/base-debian12 from d2890b2 to 5e24c7a (#4658) 
Bumps distroless/base-debian12 from `d2890b2` to `5e24c7a`.

---
updated-dependencies:
- dependency-name: distroless/base-debian12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:51:39 -05:00
dependabot[bot]
f3ac3b5df7
chore(deps): bump golang.org/x/sync from 0.3.0 to 0.5.0 (#4748) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/sync/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:45 -05:00
dependabot[bot]
8184bad67b
chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 (#4777) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](0565240e2d...4a13e500e5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:21 -05:00
dependabot[bot]
8e6a61327c
chore(deps): bump mikefarah/yq from 4.35.2 to 4.40.3 (#4780) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.35.2 to 4.40.3.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](a198f72367...c11a53322b)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:57 -05:00
dependabot[bot]
72cde7b6b3
chore(deps): bump golang.org/x/net from 0.17.0 to 0.19.0 (#4792) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:28 -05:00
dependabot[bot]
6426d449f9
chore(deps): bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#4801) 
Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.19 to 0.0.20.
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:45:19 -05:00
dependabot[bot]
e59fd87d62
chore(deps): bump golang.org/x/time from 0.3.0 to 0.5.0 (#4796) 
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/time/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:44:51 -05:00
Caleb Doxsey
1780fefa72
core/storage: hijack connections for notification listeners (#4806) 2023-12-04 09:29:10 -07:00
Denis Mishin
4559320463
metrics: add linear probabilistic counter (#4776) 
* metrics: add linear probabilistic counter

* add pkg
 2023-12-04 08:51:41 -05:00
Kenneth Jenkins
a246466a87
metrics: explicitly set Accept header (#4774) 
If a request is made to the Pomerium metrics endpoint with an Accept
header requesting the Prometheus protobuf exposition format, some
metrics will be missing from the response.

These missing metrics are obtained by replaying the incoming request to 
an OpenCensus metrics exporter. This exporter honors the request for the
protobuf format, however Pomerium expects this response to be in the 
text format.

We can avoid this mismatch by explicitly requesting the text format from
the OpenCensus exporter, regardless of the incoming request's Accept
header.

(Note: the Pomerium metrics endpoint always responds with text format 
metrics, even if the protobuf format is requested.)
 2023-11-30 16:14:24 -08:00
Kenneth Jenkins
e49fbf58fa
update to Go 1.21.4 (#4770) 2023-11-29 19:16:12 -08:00
dependabot[bot]
c4dfafd76f
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#4677) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:32:33 -05:00
dependabot[bot]
c62ae2dfeb
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#4685) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:24:00 -05:00
dependabot[bot]
6a614c5221
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.42.1 (#4751) 
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3

Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.40.0 to 1.42.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.40.0...service/s3/v1.42.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 18:23:28 -08:00
Denis Mishin
140103d68b
zero: update pomerium/zero-sdk to support gzipped blobs (#4767) 2023-11-29 21:22:34 -05:00
Caleb Doxsey
bcddbff6e1
core/redis: remove redis (#4768) 
* core/redis: remove redis

* 20 minute max wait
 2023-11-28 13:14:36 -07:00
Denis Mishin
d610b9c25c
zero/core: set drwx------ for cache dir (#4764) 2023-11-27 10:36:25 -05:00
dependabot[bot]
89a76fe00f
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#4760) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-21 14:45:16 -08:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Kenneth Jenkins
14b13bb791
zero: use os.UserCacheDir for boostrap config path (#4744) 2023-11-17 14:44:32 -08:00
Caleb Doxsey
6810091d38
core/zero: add support for managed mode from config file (#4756) 2023-11-17 09:04:59 -07:00
Denis Mishin
eb729a53f8
ci: use built-in github release notes generator (#4754) 2023-11-16 13:36:13 -05:00
Kenneth Jenkins
59bd8b3dfa
zero/reconciler: fix restart behavior (#4753) 
Currently the RunWithRestart() loop may not exit when execFn returns an
error unrelated to its context cancellation. Add an additional check for
this case.
 2023-11-15 14:03:22 -08:00
Caleb Doxsey
3c2dc5e0a2 core/zero: fix urls (#4743) 2023-11-15 09:21:56 -08:00
Denis Mishin
86e4ad65d1 zero: derive signing key first thing (#4631) 2023-11-15 09:21:56 -08:00
Denis Mishin
0e1061d813 zero: restart config reconciliation when databroker storage is changed (#4623) 2023-11-15 09:21:56 -08:00
Denis Mishin
60ab9dafbe zero: report resource bundle reconciliation status (#4618) 
* zero: report resource bundle reconciliation status

* use latest zero-sdk
 2023-11-15 09:21:56 -08:00
Denis Mishin
e64e682853 zero: rm extra call on start (#4474) 2023-11-15 09:21:56 -08:00
Denis Mishin
e0236d3737 zero: managed mode controller (#4459) 2023-11-15 09:21:56 -08:00
Denis Mishin
ea8762d706 zero: resource bundle reconciler (#4445) 2023-11-15 09:21:56 -08:00
Denis Mishin
c0b1309e90 zero: bootstrap config (#4444) 2023-11-15 09:21:56 -08:00
Denis Mishin
5ddfc74645 add retry package (#4458) 2023-11-15 09:21:56 -08:00
Kenneth Jenkins
0d29401192
integration: add tool for renewing test certs (#4742) 
Add a utility for updating the integration test certificates. It takes
three file paths: the existing certificate, the CA certificate, and the
CA key. It will update the NotBefore and NotAfter timestamps and the
certificate signature, overwriting the existing certificate.

Example usage:

  cd integration/tpl/files
  go run renew-cert.go trusted.pem ca.pem ca-key.pem
 2023-11-13 08:57:02 -08:00
Caleb Doxsey
cfc339548f
core/config: disable strict-transport-security header with staging autocert (#4741) 2023-11-13 09:21:44 -07:00
Kenneth Jenkins
3ad72db2fb
integration: renew test certs (#4738) 
Several of the integration test certificates expired today. Update these 
so that they are valid for another 10 years. Also update several other
certificates that were due to expire tomorrow.
 2023-11-10 12:44:03 -08:00
Caleb Doxsey
d7ed62c350
core/storage: fix nil data unmarshal (#4734) 2023-11-10 13:16:22 -07:00
Denis Mishin
15ca641b9c
databroker: changeset: prevent nil data in the deleted records (#4736) 2023-11-10 13:04:22 -07:00
Caleb Doxsey
6de9f12ac1
core/session: fix flaky test (#4730) 2023-11-09 12:36:08 -07:00
Caleb Doxsey
d21cdb3678
core/envoy: fix remove cookie lua script (#4641) 
* core/envoy: fix remove cookie lua script

* fix matching prefix

* fix test data
 2023-11-09 10:49:56 -07:00
Denis Mishin
bf1cd0aa18
authorize: build evaluators cache in parallel (#4722) 
* authorize: build evaluators cache in parallel

* session: add unit tests for gRPC wrapper methods (#4713)

* core/config: add support for maps in environments (#4717)

* reconciler: allow custom comparison function (#4726)

* add loopvar alias

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2023-11-09 11:49:34 -05:00
Denis Mishin
cc6592b6fd
reconciler: allow custom comparison function (#4726) 2023-11-08 20:11:49 -05:00
Caleb Doxsey
ab7b66691d
core/config: add support for maps in environments (#4717) 2023-11-08 16:27:08 -07:00
Kenneth Jenkins
0238a39f23
session: add unit tests for gRPC wrapper methods (#4713) 2023-11-08 15:22:47 -08:00
Caleb Doxsey
62a9299e02
core/config: remove support for base64 encoded certificates (#4718) 
* core/config: update file watcher source to handle base64 encoded certificates

* fix data race

* core/config: only allow files in certificates

* remove test

* re-add test
 2023-11-08 13:08:24 -07:00