3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-15 09:12:43 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 165 branches 127 tags 106 MiB
Commit graph

439 commits

Author SHA1 Message Date
Denis Mishin
6e766233c7
zero/health-checks: fix early checks sometimes missing (#5229) 
* zero/health-checks: fix early checks sometimes missing

* rm closure

* fix test
 2024-08-20 22:13:45 -04:00
Caleb Doxsey
3961098681
core/grpc: add IterateAll method (#5227) 
* core/grpc: add IterateAll method

* Update pkg/grpc/databroker/generic.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2024-08-20 09:34:26 -06:00
Caleb Doxsey
2925447d35
zero/api: switch to github.com/oapi-codegen/oapi-codegen (#5226) 2024-08-19 12:00:48 -06:00
Joe Kralicky
332932b7a8
Replace usages of x/exp/maps + bump golang.org/x/exp (#5221) 
Bump golang.org/x/exp; replace usages of x/exp/maps with stdlib equivalents
 2024-08-15 17:49:24 -04:00
Caleb Doxsey
0cfb1025db
core/proto: update protoc dependencies (#5218) 
* core/proto: update protoc dependencies

* cleanup

* disable unimplemented forward compatibility check

* fix mock

* add generate make command

* add .0
 2024-08-15 11:12:05 -06:00
Denis Mishin
3483447c37
ci: do not include timestamp into buildmeta (#5215) 2024-08-15 10:57:10 -04:00
Denis Mishin
e2251b2d57
databroker/leaser: set timeout on ReleaseLease (#5208) 2024-08-06 14:47:59 -04:00
Kenneth Jenkins
418ee79e1a
authenticate: rework session ID token handling (#5178) 
Currently, the Session proto id_token field is populated with Pomerium
session data during initial login, but with IdP ID token data after an
IdP session refresh.

Instead, store only IdP ID token data in this field.

Update the existing SetRawIDToken method to populate the structured data
fields based on the contents of the raw ID token. Remove the other code
that sets these fields (in the authenticateflow package and in
manager.sessionUnmarshaler).

Add a test for the identity manager, exercising the combined effect of
session claims unmarshaling and SetRawIDToken(), to verify that the
combined behavior is preserved unchanged.
 2024-07-29 12:43:50 -07:00
Kenneth Jenkins
b0606d9283
envoy: upgrade to v1.31.0 (#5183) 2024-07-23 10:06:03 -07:00
Kenneth Jenkins
14c0c5abd0
oidc: add more unit tests (#5174) 
Add tests for all of the oidc.Provider methods not currently covered.
Remove the GetSubject() method as it appears to be unused.
 2024-07-22 14:28:39 -07:00
Kenneth Jenkins
9fe646f25a
session: do not invalidate based on ID token (#5182) 
Per the OIDC spec, section 2:

> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.

A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
 2024-07-19 16:29:06 -07:00
Caleb Doxsey
e5e6558de6
core/authorize: require new login when authenticate url changes (#5165) 2024-07-12 10:57:41 -06:00
dependabot[bot]
8f8c66e9fd
chore(deps): bump the go group with 21 updates (#5162) 
* chore(deps): bump the go group with 21 updates

Bumps the go group with 21 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.41.0` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.27.0` | `1.30.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.16` | `1.27.23` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.54.3` | `1.57.1` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.2` | `0.21.3` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.8` | `1.3.9` |
| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.3+incompatible` | `27.0.3+incompatible` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.12` | `5.1.0` |
| [github.com/gorilla/websocket](https://github.com/gorilla/websocket) | `1.5.1` | `1.5.3` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.8` | `1.17.9` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.70` | `7.0.72` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.65.0` | `0.66.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.53.0` | `0.55.0` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.18.2` | `1.19.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.23.0` | `0.24.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.25.0` | `0.26.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.20.0` | `0.21.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.20.0` | `0.21.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.178.0` | `0.183.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20240515191416-fc5f0ca64291` | `0.0.0-20240528184218-531527333157` |
| google.golang.org/protobuf | `1.34.1` | `1.34.2` |


Updates `cloud.google.com/go/storage` from 1.41.0 to 1.42.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.41.0...spanner/v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.27.0 to 1.30.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.27.0...v1.30.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.16 to 1.27.23
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.16...config/v1.27.23)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.3 to 1.57.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.3...service/s3/v1.57.1)

Updates `github.com/caddyserver/certmagic` from 0.21.2 to 0.21.3
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.2...v0.21.3)

Updates `github.com/cloudflare/circl` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9)

Updates `github.com/docker/docker` from 26.1.3+incompatible to 27.0.3+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v27.0.3)

Updates `github.com/go-chi/chi/v5` from 5.0.12 to 5.1.0
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.12...v5.1.0)

Updates `github.com/gorilla/websocket` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3)

Updates `github.com/klauspost/compress` from 1.17.8 to 1.17.9
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9)

Updates `github.com/minio/minio-go/v7` from 7.0.70 to 7.0.72
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.70...v7.0.72)

Updates `github.com/open-policy-agent/opa` from 0.65.0 to 0.66.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.65.0...v0.66.0)

Updates `github.com/prometheus/common` from 0.53.0 to 0.55.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.53.0...v0.55.0)

Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0)

Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0)

Updates `golang.org/x/oauth2` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0)

Updates `google.golang.org/api` from 0.178.0 to 0.183.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.183.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240515191416-fc5f0ca64291 to 0.0.0-20240528184218-531527333157
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2024-07-05 13:26:47 -06:00
Kenneth Jenkins
6ee9e5238c
envoy: upgrade to v1.30.3 (#5152) 2024-06-26 17:20:42 -07:00
Caleb Doxsey
d9c6afc168
core/envoy: add mode to download only the current binary (#5149) 2024-06-25 14:35:55 -06:00
Denis Mishin
a7dd30ad29
zero/telemetry: add hostname and version (#5146) 2024-06-24 21:33:37 -04:00
Caleb Doxsey
7eca911292
core/envoy: add command to download envoy binaries (#5133) 
* core/envoy: add command to download envoy binaries

* use internal log

* remove original get-envoy script
 2024-06-18 20:00:55 -06:00
Denis Mishin
8d206e0087
zero/telemetry: collect limited core metrics (#5142) 2024-06-18 19:15:11 -04:00
Denis Mishin
114f730dba
zero: refactor telemetry and controller (#5135) 
* zero: refactor controller

* refactor zero telemetry and controller

* wire with connect handler

* cr
 2024-06-12 21:59:25 -04:00
Denis Mishin
e12532ba52
zero/connect: add telemetry request command (#5131) 
* zero/connect: add telemetry request command

* rm relabeling
 2024-06-10 22:54:02 -04:00
dependabot[bot]
3fcce1d9ef
chore(deps): bump the go group with 27 updates (#5122) 
* chore(deps): bump the go group with 27 updates

Bumps the go group with 27 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.40.0` | `1.41.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.26.1` | `1.27.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.11` | `1.27.16` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.53.1` | `1.54.3` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.20.0` | `0.21.2` |
| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.1+incompatible` | `26.1.3+incompatible` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.6.0` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.64.1` | `0.65.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.19.0` | `1.19.1` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.14.0` | `0.15.1` |
| [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.32.0` | `1.33.0` |
| [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) | `3.24.4` | `3.24.5` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.22.0` | `0.23.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.24.0` | `0.25.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.19.0` | `0.20.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.177.0` | `0.178.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20240429193739-8cf5692501f6` | `0.0.0-20240515191416-fc5f0ca64291` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.63.2` | `1.64.0` |
| google.golang.org/protobuf | `1.34.0` | `1.34.1` |


Updates `cloud.google.com/go/storage` from 1.40.0 to 1.41.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.40.0...spanner/v1.41.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.26.1 to 1.27.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.26.1...v1.27.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.11 to 1.27.16
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.11...config/v1.27.16)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.53.1 to 1.54.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/s3/v1.54.3)

Updates `github.com/caddyserver/certmagic` from 0.20.0 to 0.21.2
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.2)

Updates `github.com/docker/docker` from 26.1.1+incompatible to 26.1.3+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.1...v26.1.3)

Updates `github.com/jackc/pgx/v5` from 5.5.5 to 5.6.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.5...v5.6.0)

Updates `github.com/open-policy-agent/opa` from 0.64.1 to 0.65.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.64.1...v0.65.0)

Updates `github.com/prometheus/client_golang` from 1.19.0 to 1.19.1
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)

Updates `github.com/prometheus/procfs` from 0.14.0 to 0.15.1
- [Release notes](https://github.com/prometheus/procfs/releases)
- [Commits](https://github.com/prometheus/procfs/compare/v0.14.0...v0.15.1)

Updates `github.com/rs/zerolog` from 1.32.0 to 1.33.0
- [Commits](https://github.com/rs/zerolog/compare/v1.32.0...v1.33.0)

Updates `github.com/shirou/gopsutil/v3` from 3.24.4 to 3.24.5
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.24.4...v3.24.5)

Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/metric` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `go.opentelemetry.io/otel/trace` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

Updates `golang.org/x/crypto` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0)

Updates `golang.org/x/oauth2` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0)

Updates `google.golang.org/api` from 0.177.0 to 0.178.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.178.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240429193739-8cf5692501f6 to 0.0.0-20240515191416-fc5f0ca64291
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.63.2 to 1.64.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0)

Updates `google.golang.org/protobuf` from 1.34.0 to 1.34.1

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/prometheus/procfs
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/rs/zerolog
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* change acme pkg

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2024-06-03 14:35:29 -04:00
Joe Kralicky
927f24e1ff
Envoy resource monitoring & overload manager configuration (#5106) 
* Initial envoy cgroup resource monitor implementation

* Add cgroupv1 support; add metrics instrumentation

* Slight refactor for more efficient memory limit detection

Instead of reading memory.max/limit_in_bytes on every tick, we
read it once, then again only when it is modified.

To support this change, logic for computing the saturation was moved out
of the cgroup driver and into the resource monitor, and the driver
interface now has separate methods for reading memory usage and limit.

* Code cleanup/lint fixes

* Add platform build tags

* Add unit tests

* Fix lint issues

* Add runtime flag to allow disabling resource monitor

* Clamp saturation values to the range [0.0, 1.0]

* Switch to x/sys/unix; handle inotify IN_IGNORED events
 2024-05-28 16:57:09 -04:00
Denis Mishin
8269a723ec
health-checks: zero route availability improvements (#5111) 2024-05-17 16:47:27 -04:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
Denis Mishin
4031f4a962
health-check: building config from databroker source (#5104) 2024-05-06 14:47:20 -04:00
Kenneth Jenkins
b1feff5d56
envoy: preserve Go's max file limit for Envoy (#5102) 
Go raises the "max open files" soft limit to match the hard limit for
itself, but has special logic to reset the original soft limit before
forking a child process. This logic does not apply if the file limit is
set explicitly. Add a pair of Getrlimit / Setrlimit calls so that we
(1) preserve the default Go limit behavior for ourselves, and
(2) keep these same limits when launching Envoy.
 2024-05-03 17:15:59 -07:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 
* core/lint: upgrade golangci-lint, replace interface{} with any

* regen proto
 2024-05-02 14:33:52 -06:00
Denis Mishin
614048ae9c
health-checks: add route reachability (#5093) 
* health-checks: add route reachability

* rm tls check bypass
 2024-05-02 13:31:48 -04:00
Kenneth Jenkins
a3149363a6
envoyconfig: address strconv.Atoi warnings (#5076) 
Replace Atoi() calls with ParseUint(), and update the buildAddress()
defaultPort parameter to be a uint32. (A uint16 would arguably make more
sense for a port number, but uint32 matches the Envoy proto field.)

Delete a ParseAddress() method that appears to be unused.
 2024-04-26 09:38:41 -07:00
Denis Mishin
df67fb7086
connect: add health check (#5086) 2024-04-26 11:56:36 -04:00
Denis Mishin
08eb255bbf
health-check: add storage health check (#5074) 2024-04-19 13:10:33 -04:00
Denis Mishin
2da4801d3a
zero: add user-agent to requests (#5078) 2024-04-19 11:33:43 -04:00
Caleb Doxsey
fab2181be4
core/mock: switch to uber mock (#5073) 
* core/mock: switch to uber mock

* merge main
 2024-04-16 12:23:00 -06:00
Denis Mishin
deb6f67094
healthcheck: only report transitions (#5068) 2024-04-16 13:15:18 -04:00
Denis Mishin
dc7820ea3e
zero/healthchecks: add checks for ability to save bootstrap parameter and bundle status reporting (#5064) 2024-04-11 10:47:52 -04:00
Denis Mishin
991fca496c
healthcheck: add common package, zero reporter and first xds check (#5059) 2024-04-10 15:21:39 -04:00
Denis Mishin
e7b3d3b6e9
config: add runtime flags (#5050) 2024-04-04 17:51:04 -04:00
Caleb Doxsey
4ac06d3bbd
core/logging: less verbose logs (#5040) 2024-03-29 15:26:20 -06:00
Denis Mishin
181d5b171d
cluster api: add shared secret to the cluster bootstrap params (#5030) 2024-03-18 16:30:39 -04:00
Caleb Doxsey
513d8bf615
core/config: implement direct response (#4960) 
* implement direct response

* proto

* fix tests

* update
 2024-02-15 14:33:56 -07:00
Caleb Doxsey
76862c2fe8
core: use context.WithoutCancel (#4959) 2024-02-09 13:55:06 -07:00
Caleb Doxsey
9d0e727e4d
core/zero: upgrade oapi-codegen (#4953) 2024-02-05 11:44:21 -07:00
Caleb Doxsey
6a833b365a
core/ppl: add groups criterion (#4916) 
* core/ppl: add groups criterion

* remove dead code

* add additional test
 2024-01-30 09:40:15 -07:00
Kenneth Jenkins
acbad4fb96
policy: add client cert SAN match criteria (#4913) 
Expand the Certificate Matcher to support matching on DNS, email, or URI
Subject Alternative Names, using the existing String Matcher conditions.
 2024-01-24 16:05:22 -08:00
Caleb Doxsey
2a9e76eb7c
core/envoy: clean up temporary directory on start (#4914) 2024-01-24 15:53:44 -07:00
Caleb Doxsey
4301da3648
core/telemetry: move requestid to pkg directory (#4911) 2024-01-19 13:18:16 -07:00
Caleb Doxsey
24b04bed35
core/opa: update for rego 1.0 (#4895) 
* core/opa: update headers rego script

* core/opa: update ppl

* further updates
 2024-01-16 09:43:35 -07:00
Caleb Doxsey
1080a33443
core/zero: update oapi-codegen (#4898) 2024-01-12 13:28:33 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
dependabot[bot]
ded6dcefbd
chore(deps): bump golang from a6b787c to 1415bb0 (#4883) 
* chore(deps): bump golang from `a6b787c` to `1415bb0`

Bumps golang from `a6b787c` to `1415bb0`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix flaky test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2024-01-02 11:05:37 -07:00