3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 09:56:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
3735 commits 159 branches 125 tags 103 MiB
Commit graph

3735 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joe Kralicky
b674d5c19d
Fix small timeout causing test flake (#5436) 2025-01-21 14:31:34 -05:00
Joe Kralicky
396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
 2025-01-21 13:26:32 -05:00
Kenneth Jenkins
832742648d
config: add new OTLP tracing fields (#5421) 
Add new tracing options fields to the Settings proto and Options struct.

Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
 2025-01-17 14:56:42 -08:00
Kenneth Jenkins
3a2e6ce10a
config: fix JWT groups filter option (#5429) 
When applying the settings proto, update the JWT groups filter option
only if the filter set is non-empty.

This is important when deploying Pomerium via the Ingress Controller in
combination with Pomerium Enterprise. In this scenario there is a
settings proto applied from both Ingress Controller and the Enterprise
console, and we want to make sure the one from Ingress Controller does
not overwrite the filter settings from Enterprise.
 2025-01-16 08:53:06 -08:00
Caleb Doxsey
8bc86fe06f
config: add route name, description and logo (#5424) 
* config: add route name, description and logo

* remove name generation
 2025-01-14 14:55:14 -07:00
Joe Kralicky
dfd2457bb6
envoy: add internal_address_config to address deprecation warning (#5425) 2025-01-14 16:51:04 -05:00
Caleb Doxsey
5ff53ef2b1
importutil: refactor GenerateRouteNames to allow for protobuf or config routes (#5427) 
* importutil: refactor GenerateRouteNames to allow for protobuf or config routes

* test via NewPolicyFromProto
 2025-01-14 14:50:00 -07:00
Joe Kralicky
e5ede2d167
remove test code from config/options_test.go (#5423) 2025-01-14 14:00:38 -05:00
Joe Kralicky
6502d68162
config: set default tracing sample rate to 1.0 (#5422) 
The previous default sample rate of 0.0001 is very low, so traces are
unlikely to be visible after enabling them until many thousands of
requests have been sent. This could be confusing to users.
 2025-01-14 13:50:22 -05:00
Caleb Doxsey
c571769adc
config: add source ppl field (#5419) 2025-01-14 10:13:56 -07:00
Kenneth Jenkins
21b9e7890c
authorize: add filter options for JWT groups (#5417) 
Add a new option for filtering to a subset of directory groups in the
Pomerium JWT and Impersonate-Group headers. Add a JWTGroupsFilter field
to both the Options struct (for a global filter) and to the Policy
struct (for per-route filter). These will be populated only from the
config protos, and not from a config file.

If either filter is set, then for each of a user's groups, the group
name or group ID will be added to the JWT groups claim only if it is an
exact string match with one of the elements of either filter.
 2025-01-08 13:57:57 -08:00
dependabot[bot]
95d4a24271
chore(deps): bump the docker group with 2 updates (#5413) 
Bumps the docker group with 2 updates: node and golang.


Updates `node` from `5c76d05` to `0e910f4`

Updates `golang` from `3f3b9da` to `2e83858`

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: golang
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-01-06 11:41:42 -07:00
Caleb Doxsey
fb7b61a677
cleanup headers (#5408) 
* cleanup headers

* return issuer format errors

* go mod
 2025-01-06 09:52:29 -07:00
Joe Kralicky
8f36870650
testenv: embedded envoy cpu/memory profiling config (#5377) 2025-01-03 17:41:54 -05:00
Joe Kralicky
68764407b8
authorize: enable WaitForReady on databroker query requests (#5415) 
* authorize: enable WaitForReady on databroker query requests

(cherry picked from commit 1709a7b1f61d7b45c4a60d9374223d252260f576)

* go mod tidy
 2025-01-03 11:01:16 -05:00
dependabot[bot]
cad38c6b4f
chore(deps): bump the go group with 27 updates (#5412) 
* chore(deps): bump the go group with 27 updates

Bumps the go group with 27 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.47.0` | `1.49.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.6` | `1.32.7` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.6` | `1.28.7` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.70.0` | `1.71.1` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset) | `1.17.0` | `1.20.0` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.4` | `0.21.5` |
| [github.com/docker/docker](https://github.com/docker/docker) | `27.3.1+incompatible` | `27.4.1+incompatible` |
| [github.com/envoyproxy/go-control-plane](https://github.com/envoyproxy/go-control-plane) | `0.13.1` | `0.13.2` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.1.0` | `5.2.0` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware) | `2.1.0` | `2.2.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.1` | `5.7.2` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.81` | `7.0.82` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.70.0` | `1.0.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.60.1` | `0.61.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.209.0` | `0.214.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20241113202542-65e8d215514f` | `0.0.0-20241209162323-e6fa225c2576` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.68.0` | `1.69.2` |
| google.golang.org/protobuf | `1.35.2` | `1.36.1` |


Updates `cloud.google.com/go/storage` from 1.47.0 to 1.49.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.47.0...spanner/v1.49.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.32.6 to 1.32.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.7)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.6 to 1.28.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.7)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.70.0 to 1.71.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.70.0...service/s3/v1.71.1)

Updates `github.com/bits-and-blooms/bitset` from 1.17.0 to 1.20.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases)
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.17.0...v1.20.0)

Updates `github.com/caddyserver/certmagic` from 0.21.4 to 0.21.5
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.4...v0.21.5)

Updates `github.com/docker/docker` from 27.3.1+incompatible to 27.4.1+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.3.1...v27.4.1)

Updates `github.com/envoyproxy/go-control-plane` from 0.13.1 to 0.13.2
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](https://github.com/envoyproxy/go-control-plane/compare/v0.13.1...v0.13.2)

Updates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.1.0...v5.2.0)

Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.1.0...v2.2.0)

Updates `github.com/jackc/pgx/v5` from 5.7.1 to 5.7.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.7.1...v5.7.2)

Updates `github.com/minio/minio-go/v7` from 7.0.81 to 7.0.82
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.81...v7.0.82)

Updates `github.com/open-policy-agent/opa` from 0.70.0 to 1.0.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.70.0...v1.0.0)

Updates `github.com/prometheus/common` from 0.60.1 to 0.61.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.60.1...v0.61.0)

Updates `go.opentelemetry.io/otel` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/metric` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/trace` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0)

Updates `google.golang.org/api` from 0.209.0 to 0.214.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.209.0...v0.214.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241113202542-65e8d215514f to 0.0.0-20241209162323-e6fa225c2576
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.68.0 to 1.69.2
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.68.0...v1.69.2)

Updates `google.golang.org/protobuf` from 1.35.2 to 1.36.1

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* keep github.com/caddyserver/certmagic@v0.21.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-01-02 13:16:23 -05:00
dependabot[bot]
2e778bdd37
chore(deps): bump busybox from db142d4 to 2919d01 in /.github in the docker group (#5414) 
chore(deps): bump busybox in /.github in the docker group

Bumps the docker group in /.github with 1 update: busybox.


Updates `busybox` from `db142d4` to `2919d01`

---
updated-dependencies:
- dependency-name: busybox
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-02 13:13:35 -05:00
Caleb Doxsey
b3d2ef95e7
fix redirect server proxy protocol (#5405) 2024-12-23 05:37:11 -07:00
Kenneth Jenkins
7d15a5efe1
chore(deps): bump golang.org/x/net from 0.31.0 to 0.33.0 (#5404) 2024-12-19 12:42:56 -08:00
Kenneth Jenkins
04585af9ef
config: generate fallback cert only as last resort (#5250) 
Currently Pomerium will always generate a wildcard certificate for use 
as a fallback certificate.

If any other certificate is configured, this fallback certificate will 
not normally be presented, except in the case of a TLS connection where 
the client does not include the Server Name Indication (SNI) extension.
All modern browsers support SNI, so in practice this certificate should
never be presented to end users.

However, some network scanning tools will probe connections by IP 
addresses (without SNI), and so this fallback certificate may be
presented. The presence of this certificate may be flagged as a problem
in some automated vulnerability scans.

Let's avoid generating this fallback certificate if Pomerium has any 
other certificate configured (unless specifically requested by the Auto
TLS option). This should prevent false positive reports from these
particular vulnerability scans.
 2024-12-19 09:46:59 -08:00
Caleb Doxsey
4a5b737763
config: fix lost branding settings when there are multiple configuration sources (#5401) 2024-12-19 08:47:28 -07:00
Caleb Doxsey
85ef08b3a0
authorize: handle gRPC requests (#5400) 2024-12-19 08:46:53 -07:00
Kenneth Jenkins
84da474816
config: minor cleanup in GenerateCatchAllCertificate (#5397) 
GenerateCatchAllCertificate() appears to return the same result whether
or not DeriveInternalDomainCert is nil. Let's remove this conditional.
 2024-12-18 13:21:48 -08:00
Kenneth Jenkins
247cd175fe
metrics: restore global registry in unit tests (#5399) 
Currently there appears to be a test order dependency between a couple
of the info_test.go test cases and the Test_PrometheusHandler test. This
can be exposed by running:

  go test -count 2 ./internal/telemetry/metrics

The test cases in info_test.go overwrite the global 'registry' variable,
which seems to prevent Test_PrometheusHandler from being able to export
the internal Go metrics. Add a helper method to restore the original
registry after these test cases.
 2024-12-18 13:21:06 -08:00
Kenneth Jenkins
69cb6f53de
metrics: make sure to flush buffered writer (#5398) 
The writeMetricsMux() method instantiates a buffered writer but does not
call Flush() after it is done writing. As a result the metrics output
may be incomplete.
 2024-12-18 12:50:12 -08:00
Caleb Doxsey
3d53f26d18
ci: run all benchmarks (#5371) 
* ci: run all benchmarks

* more options

* Update .github/workflows/benchmark.yaml

Co-authored-by: Joe Kralicky <joekralicky@gmail.com>

---------

Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
 2024-12-13 12:13:30 -07:00
Joe Kralicky
ecd2855dcc
add options to adjust databroker lease ttl, and retry initial interval (#5391) 2024-12-13 14:01:43 -05:00
Joe Kralicky
f876e2f31d
registry: fix reporter client context on config change (#5392) 2024-12-13 14:01:34 -05:00
dependabot[bot]
d383c13b48
chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 (#5396) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-12 09:17:59 -08:00
Kenneth Jenkins
683c5a2eac
authorize: change handling of empty groups claim (#5394) 
Make sure to serialize the JWT "groups" claim as an empty list rather
than a JSON null. This matches the behavior of Pomerium v0.27.2 and
earlier, and should provide better compatibility with some third-party
libraries.
 2024-12-11 12:55:04 -08:00
Caleb Doxsey
71bcb4f28e
UDP support (#5390) 2024-12-11 13:07:31 -07:00
dependabot[bot]
e3b66294a0
chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /ui (#5373) 
Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6.
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ross Smith <gaurdro@gaurdro.net>
 2024-12-05 10:07:16 -07:00
Caleb Doxsey
f426403bcb
envoy: enable extended connect (#5387) 
* envoy: enable extended connect

* add explicit connect

* update config
 2024-12-04 14:54:27 -07:00
Denis Mishin
699679bc57
core/metrics: improve memory usage (#5364) 2024-12-03 11:17:34 -05:00
dependabot[bot]
1a448708fa
chore(deps): bump the go group across 1 directory with 26 updates (#5385) 
* chore(deps): bump the go group across 1 directory with 26 updates

Bumps the go group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.46.0` | `1.47.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.3` | `1.32.6` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.28.6` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.66.2` | `1.70.0` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset) | `1.14.3` | `1.17.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.80` | `7.0.81` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.9.0` | `1.10.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.28.0` | `0.29.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.30.0` | `0.31.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.23.0` | `0.24.0` |
| [golang.org/x/time](https://github.com/golang/time) | `0.7.0` | `0.8.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.203.0` | `0.209.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.67.1` | `1.68.0` |



Updates `cloud.google.com/go/storage` from 1.46.0 to 1.47.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.46.0...spanner/v1.47.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.32.3 to 1.32.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.3...v1.32.6)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.1 to 1.28.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.1...config/v1.28.6)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.66.2 to 1.70.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.66.2...service/s3/v1.70.0)

Updates `github.com/bits-and-blooms/bitset` from 1.14.3 to 1.17.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases)
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.14.3...v1.17.0)

Updates `github.com/minio/minio-go/v7` from 7.0.80 to 7.0.81
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.80...v7.0.81)

Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0)

Updates `go.opentelemetry.io/otel` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/metric` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `go.opentelemetry.io/otel/trace` from 1.31.0 to 1.32.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0)

Updates `golang.org/x/crypto` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/net` from 0.30.0 to 0.31.0
- [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0)

Updates `golang.org/x/oauth2` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/oauth2/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/sync` from 0.8.0 to 0.9.0
- [Commits](https://github.com/golang/sync/compare/v0.8.0...v0.9.0)

Updates `golang.org/x/sys` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/time` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/time/compare/v0.7.0...v0.8.0)

Updates `google.golang.org/api` from 0.203.0 to 0.209.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.203.0...v0.209.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241015192408-796eee8c2d53 to 0.0.0-20241113202542-65e8d215514f
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.67.1 to 1.68.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.67.1...v1.68.0)

Updates `google.golang.org/protobuf` from 1.35.1 to 1.35.2

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* update not same call

* fix test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2024-12-02 15:24:28 -07:00
dependabot[bot]
4e2a8aaf9a
chore(deps): bump github.com/quic-go/quic-go from 0.48.1 to 0.48.2 (#5384) 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.48.1 to 0.48.2.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.48.1...v0.48.2)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 11:50:44 -07:00
Joe Kralicky
39e789529e
testenv: avoid dns lookups for *.localhost.pomerium.io (#5372) 
* testenv: avoid dns lookups for localhost.pomerium.io

* linter pass
 2024-12-02 12:29:15 -05:00
dependabot[bot]
55e13f9608
chore(deps): bump the docker group with 3 updates (#5380) 
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.


Updates `node` from `de4c8be` to `5c76d05`

Updates `golang` from `2341ddf` to `3f3b9da`

Updates `distroless/base-debian12` from `29160be` to `a6b4081`

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: golang
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: distroless/base-debian12
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 09:00:33 -07:00
dependabot[bot]
2fbb1c746e
chore(deps): bump the docker group in /.github with 3 updates (#5382) 
Bumps the docker group in /.github with 3 updates: busybox, distroless/base and distroless/base-debian12.


Updates `busybox` from `768e5c6` to `db142d4`

Updates `distroless/base` from `8fe31fb` to `e9d0321`

Updates `distroless/base-debian12` from `8fe31fb` to `e9d0321`

---
updated-dependencies:
- dependency-name: busybox
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: distroless/base
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: distroless/base-debian12
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 09:00:14 -07:00
dependabot[bot]
209e1f785c
chore(deps): bump the github-actions group with 4 updates (#5383) 
Bumps the github-actions group with 4 updates: [docker/build-push-action](https://github.com/docker/build-push-action), [mikefarah/yq](https://github.com/mikefarah/yq), [docker/metadata-action](https://github.com/docker/metadata-action) and [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action).


Updates `docker/build-push-action` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](4f58ea7922...48aba3b46d)

Updates `mikefarah/yq` from 4.44.3 to 4.44.5
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](bbdd97482f...bc5b54cb1d)

Updates `docker/metadata-action` from 5.5.1 to 5.6.1
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](8e5442c4ef...369eb591f4)

Updates `goreleaser/goreleaser-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 08:59:55 -07:00
Denis Mishin
2bb70258c3
authorize/log: remove audit logging (#5369) 2024-11-22 14:32:52 -05:00
Caleb Doxsey
3a8bdde211
authorize: remove wait for ready (#5376) 2024-11-22 10:17:00 -07:00
Caleb Doxsey
5d69b925be
HTTP/3 Support (#5349) 
* wip

* http3 support

* add integration test

* move some quic code

* fix codec type

* casing

* add alt-svc header

* add quic unit test
 2024-11-19 08:48:30 -07:00
Caleb Doxsey
20a9be891f
envoyconfig: cleanup (#5350) 
* envoyconfig: cleanup

* remove listener access log for mtls for insecure server which can't use mtls

* use new functions

* rename method

* refactor common code
 2024-11-18 09:50:23 -07:00
Joe Kralicky
3e51b4f905
testenv: configure metrics address (#5368) 2024-11-07 15:42:08 -05:00
Joe Kralicky
135e737d7c
testenv: add Pause() method (#5367) 2024-11-07 15:41:59 -05:00
Caleb Doxsey
37017e2a5b
authorize: rewrite header evaluator to use go instead of rego (#5362) 
* authorize: rewrite header evaluator to use go instead of rego

* cache signed jwt

* re-add missing trace

* address comments
 2024-11-07 13:07:16 -07:00
Joe Kralicky
177f789e63
change Policy.Matches to accept a URL pointer (#5360) 2024-11-07 14:55:44 -05:00
Joe Kralicky
9cd5fe4e25
testenv: Add utility to pause/resume profiling (#5361) 2024-11-07 14:55:33 -05:00
Caleb Doxsey
ef12fda55c
authorize: additional header evaluator tests (#5363) 
* authorize: additional header evaluator tests

* add groups to jwt test
 2024-11-07 09:22:35 -07:00