dependabot[bot]
7c39084278
chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 ( #5261 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 13:14:00 -07:00
Denis Mishin
ce12e51cf5
zero/api: reset token and url cache if 401 is received ( #5256 )
...
zero/api: reset token cache if 401 is received
2024-09-03 15:40:28 -04:00
dependabot[bot]
a04d1a450c
chore(deps): bump the docker group with 2 updates ( #5258 )
...
Bumps the docker group with 2 updates: node and golang.
Updates `node` from `1ae9ba8` to `a4d1de4`
Updates `golang` from `4bda342` to `31dc846`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:58:54 -06:00
dependabot[bot]
956cd281a4
chore(deps): bump the github-actions group with 6 updates ( #5259 )
...
Bumps the github-actions group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.5.0` | `6.7.0` |
| [mikefarah/yq](https://github.com/mikefarah/yq ) | `4.44.2` | `4.44.3` |
| [google-github-actions/auth](https://github.com/google-github-actions/auth ) | `2.1.3` | `2.1.5` |
| [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud ) | `2.1.0` | `2.1.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.4` | `4.4.0` |
| [actions/setup-python](https://github.com/actions/setup-python ) | `5.1.1` | `5.2.0` |
Updates `docker/build-push-action` from 6.5.0 to 6.7.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](5176d81f87...5cd11c3a4chttps://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](f15500b20a...bbdd97482fhttps://github.com/google-github-actions/auth/releases )
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md )
- [Commits](71fee32a0b...62cf5bd3e4https://github.com/google-github-actions/setup-gcloud/releases )
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md )
- [Commits](98ddc00a17...f0990588f1https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...50769540e7https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbe
2024-09-03 12:57:45 -06:00
dependabot[bot]
9c3a3387b0
chore(deps): bump busybox from 9ae97d3 to 8274294 in /.github in the docker group ( #5260 )
...
chore(deps): bump busybox in /.github in the docker group
Bumps the docker group in /.github with 1 update: busybox.
Updates `busybox` from `9ae97d3` to `8274294`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:56:52 -06:00
Joe Kralicky
d149b2d178
zero: generate error methods for response types ( #5252 )
2024-08-30 16:21:43 -04:00
nikhil-pomerium
ccd8a1d5a2
Update README.md ( #5253 )
...
Adding plug for Pomerium Zero.
2024-08-30 10:43:23 -06:00
Denis Mishin
5fd8cf60d5
zero/k8s: use deployments ( #5248 )
...
* zero/k8s: use deployments
* secret mount readonly
Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
* adjust according to comments
---------
Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
2024-08-29 15:16:32 -04:00
cmo-pomerium
ef08c32c82
Update README.md ( #5163 )
...
* Update README.md
I'm updating the ReadMe with a few links. The logo is also broken - are we hosting the logo anywhere else?
* fix urls
---------
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2024-08-29 10:05:33 -06:00
Caleb Doxsey
131f553ee2
core/ci: fix test ( #5245 )
2024-08-27 10:50:24 -06:00
Caleb Doxsey
f3620cf6e9
core/config: add databroker_storage_connection_string_file ( #5242 )
...
* core/config: add databroker_storage_connection_string_file
* add file to file list
2024-08-27 09:42:14 -06:00
Caleb Doxsey
d062f9d68d
core/logs: remove warnings ( #5235 )
...
* core/logs: remove warnings
* switch to error
2024-08-27 09:38:50 -06:00
Caleb Doxsey
556b2e0d73
core/grpc: add mock for registry service ( #5243 )
2024-08-26 11:30:17 -06:00
dependabot[bot]
75324e2d05
chore(deps): bump micromatch from 4.0.5 to 4.0.8 in /ui ( #5240 )
...
Bumps [micromatch](https://github.com/micromatch/micromatch ) from 4.0.5 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases )
- [Changelog](https://github.com/micromatch/micromatch/blob/4.0.8/CHANGELOG.md )
- [Commits](https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8 )
---
updated-dependencies:
- dependency-name: micromatch
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 07:56:02 -06:00
Caleb Doxsey
2dee1db5ff
core/ci: codeql ( #5239 )
2024-08-23 20:28:15 -06:00
Caleb Doxsey
98cea10421
Revert "core/grpc: add IterateAll method" ( #5234 )
...
Revert "core/grpc: add IterateAll method (#5227 )"
This reverts commit 3961098681
2024-08-23 10:35:46 -06:00
Denis Mishin
99d7a73cef
zero/bundle-download: update metadata ( #5212 )
...
* zero/download: refresh metadata
* fix cmp
2024-08-22 16:18:17 -04:00
Denis Mishin
0503b41108
zero/connect: add re-run health checks command ( #5219 )
...
* zero/connect: add run health checks and shutdown commands
* fix proto
* trigger re-run on command
* add handler
* rename runPeriodicHealthChecksLeased
2024-08-22 16:17:53 -04:00
Denis Mishin
6e766233c7
zero/health-checks: fix early checks sometimes missing ( #5229 )
...
* zero/health-checks: fix early checks sometimes missing
* rm closure
* fix test
2024-08-20 22:13:45 -04:00
Denis Mishin
6591e3f539
ci: allow to override VERSION in Makefile via env ( #5230 )
2024-08-20 16:22:25 -04:00
Joe Kralicky
56ba07e53e
Optimize policy iterators ( #5184 )
...
* Optimize policy iterators (go1.23)
This modifies (*Options).GetAllPolicies() to use a go 1.23 iterator
instead of copying all policies on every call, which can be extremely
expensive. All existing usages of this function were updated as
necessary.
Additionally, a new (*Options).NumPolicies() method was added which
quickly computes the number of policies that would be given by
GetAllPolicies(), since there were several usages where only the
number of policies was needed.
* Fix race condition when assigning default envoy opts to a policy
2024-08-20 12:35:10 -04:00
Caleb Doxsey
3961098681
core/grpc: add IterateAll method ( #5227 )
...
* core/grpc: add IterateAll method
* Update pkg/grpc/databroker/generic.go
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
---------
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2024-08-20 09:34:26 -06:00
Caleb Doxsey
2925447d35
zero/api: switch to github.com/oapi-codegen/oapi-codegen ( #5226 )
2024-08-19 12:00:48 -06:00
Denis Mishin
15dc77e19d
connect/client: ignore unknown message types ( #5223 )
2024-08-16 16:33:06 -04:00
Joe Kralicky
45cf7a3969
Update golangci-lint version in lint workflow ( #5222 )
2024-08-15 17:49:39 -04:00
Joe Kralicky
332932b7a8
Replace usages of x/exp/maps + bump golang.org/x/exp ( #5221 )
...
Bump golang.org/x/exp; replace usages of x/exp/maps with stdlib equivalents
2024-08-15 17:49:24 -04:00
dependabot[bot]
c8d0c87c17
chore(deps): bump the docker group in /.github with 2 updates ( #5202 )
...
* chore(deps): bump the docker group in /.github with 2 updates
Bumps the docker group in /.github with 2 updates: distroless/base and distroless/base-debian12.
Updates `distroless/base` from `786007f` to `1aae189`
Updates `distroless/base-debian12` from `786007f` to `1aae189`
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
* use docker compose instead of docker-compose
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2024-08-15 12:16:21 -07:00
Caleb Doxsey
0cfb1025db
core/proto: update protoc dependencies ( #5218 )
...
* core/proto: update protoc dependencies
* cleanup
* disable unimplemented forward compatibility check
* fix mock
* add generate make command
* add .0
2024-08-15 11:12:05 -06:00
Denis Mishin
3483447c37
ci: do not include timestamp into buildmeta ( #5215 )
2024-08-15 10:57:10 -04:00
Joe Kralicky
1f2f20d792
Temporarily disable gci linter ( #5217 )
2024-08-14 16:30:08 -04:00
Joe Kralicky
8001077706
Update to Go 1.23 ( #5216 )
...
* Update to Go 1.23
* Update golangci-lint-action
* Fix new errors from updated linter
* Bump golangci-lint to v1.60.1
2024-08-14 14:12:01 -04:00
Joe Kralicky
e3e7de741c
envoy: support http2 prior knowledge for insecure upstream targets ( #5205 )
...
This allows using the scheme 'h2c' to indicate http2 prior knowledge for
insecure upstream servers. This can be used to perform TLS termination for
GRPC servers configured with insecure credentials.
As an example, this allows the following route configuration:
routes:
- from: https://grpc.localhost.pomerium.io
to: h2c://localhost:9090
2024-08-13 13:40:44 -04:00
Joe Kralicky
554e77bc7c
envoy: log mtls failures ( #5210 )
...
envoy: log mtls failures
This implements limited listener-based access logging for downstream
transport failures, only enabled when downstream_mtls.enforcement is
set to 'reject_connection'. Client certificate details and the error
message will be logged.
Additionally, the new key 'client-certificate' can be set in the
access_log_fields list in the configuration, which will add peer
certificate properties (issuer, subject, SANs) to the existing
per-request http logs.
---------
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
2024-08-09 14:05:10 -04:00
Denis Mishin
c196921e87
Fix SECURITY.md treated as symlink ( #5211 )
2024-08-07 17:20:18 -04:00
Denis Mishin
09f1585b01
zero/cmd: make it more evident what caused shutdown ( #5209 )
2024-08-06 15:10:58 -04:00
Denis Mishin
e2251b2d57
databroker/leaser: set timeout on ReleaseLease ( #5208 )
2024-08-06 14:47:59 -04:00
dependabot[bot]
28a20dd153
chore(deps): bump the go group across 1 directory with 26 updates ( #5207 )
...
Bumps the go group with 14 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) | `1.42.0` | `1.43.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) | `1.30.1` | `1.30.3` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.23` | `1.27.27` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) | `1.57.1` | `1.58.3` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc ) | `3.10.0` | `3.11.0` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `27.1.0+incompatible` | `27.1.1+incompatible` |
| [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate ) | `1.0.4` | `1.1.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) | `7.0.72` | `7.0.74` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.66.0` | `0.67.1` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go ) | `1.27.0` | `1.28.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.27.0` | `1.28.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2 ) | `0.21.0` | `0.22.0` |
| [golang.org/x/sync](https://github.com/golang/sync ) | `0.7.0` | `0.8.0` |
| [golang.org/x/time](https://github.com/golang/time ) | `0.5.0` | `0.6.0` |
Updates `cloud.google.com/go/storage` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.42.0...spanner/v1.43.0 )
Updates `github.com/aws/aws-sdk-go-v2` from 1.30.1 to 1.30.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.30.1...v1.30.3 )
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.23 to 1.27.27
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.23...config/v1.27.27 )
Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.57.1 to 1.58.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.57.1...service/s3/v1.58.3 )
Updates `github.com/coreos/go-oidc/v3` from 3.10.0 to 3.11.0
- [Release notes](https://github.com/coreos/go-oidc/releases )
- [Commits](https://github.com/coreos/go-oidc/compare/v3.10.0...v3.11.0 )
Updates `github.com/docker/docker` from 27.1.0+incompatible to 27.1.1+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.0...v27.1.1 )
Updates `github.com/envoyproxy/protoc-gen-validate` from 1.0.4 to 1.1.0
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases )
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.4...v1.1.0 )
Updates `github.com/minio/minio-go/v7` from 7.0.72 to 7.0.74
- [Release notes](https://github.com/minio/minio-go/releases )
- [Commits](https://github.com/minio/minio-go/compare/v7.0.72...v7.0.74 )
Updates `github.com/open-policy-agent/opa` from 0.66.0 to 0.67.1
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.66.0...v0.67.1 )
Updates `go.opentelemetry.io/otel` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/metric` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/sdk` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/sdk/metric` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `go.opentelemetry.io/otel/trace` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0 )
Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.25.0 )
Updates `golang.org/x/net` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0 )
Updates `golang.org/x/oauth2` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0 )
Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0 )
Updates `golang.org/x/sys` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0 )
Updates `golang.org/x/time` from 0.5.0 to 0.6.0
- [Commits](https://github.com/golang/time/compare/v0.5.0...v0.6.0 )
Updates `google.golang.org/api` from 0.183.0 to 0.187.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.183.0...v0.187.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240528184218-531527333157 to 0.0.0-20240701130421-f6361c86f094
- [Commits](https://github.com/googleapis/go-genproto/commits )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/coreos/go-oidc/v3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/envoyproxy/protoc-gen-validate
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/time
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-05 16:11:47 -07:00
Kenneth Jenkins
41f1e61911
ci: switch to docker compose v2 ( #5206 )
2024-08-05 15:50:38 -07:00
Joe Kralicky
fdefcf9a16
config: allow overriding port numbers using environment variables ( #5194 )
2024-08-01 14:55:52 -04:00
dependabot[bot]
a4446a7ff1
chore(deps): bump the github-actions group with 9 updates ( #5200 )
...
Bumps the github-actions group with 9 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.0.1` | `5.0.2` |
| [actions/setup-node](https://github.com/actions/setup-node ) | `4.0.2` | `4.0.3` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) | `3.0.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.3.0` | `3.6.1` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.2.0` | `3.3.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.2.0` | `6.5.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) | `6.0.1` | `6.1.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.3` | `4.3.4` |
| [actions/setup-python](https://github.com/actions/setup-python ) | `5.1.0` | `5.1.1` |
Updates `actions/setup-go` from 5.0.1 to 5.0.2
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](cdcb360436...0a12ed9d6ahttps://github.com/actions/setup-node/releases )
- [Commits](60edb5dd54...1e60f620b9https://github.com/docker/setup-qemu-action/releases )
- [Commits](68827325e0...49b3bc8e6bhttps://github.com/docker/setup-buildx-action/releases )
- [Commits](d70bba72b1...988b5a0280https://github.com/docker/login-action/releases )
- [Commits](0d4c9c5ea7...9780b0c442https://github.com/docker/build-push-action/releases )
- [Commits](15560696de...5176d81f87https://github.com/golangci/golangci-lint-action/releases )
- [Commits](a4f60bb28d...aaa42aa062https://github.com/actions/upload-artifact/releases )
- [Commits](65462800fd...0b2256b8c0https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b
2024-08-01 10:26:27 -06:00
dependabot[bot]
a74ea3d6bc
chore(deps): bump the docker group with 3 updates ( #5201 )
...
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.
Updates `node` from `b849bc4` to `1ae9ba8`
Updates `golang` from 1.22.4-bookworm to 1.22.5-bookworm
Updates `distroless/base-debian12` from `fe3521b` to `af772ed`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 10:26:09 -06:00
Denis Mishin
0cffedbae4
ci: fix url typo in goreleaser ( #5198 )
2024-07-31 21:54:39 -04:00
dependabot[bot]
46a4822c18
chore(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.0+incompatible ( #5193 )
...
chore(deps): bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.0.3...v27.1.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-30 07:34:13 -07:00
Kenneth Jenkins
418ee79e1a
authenticate: rework session ID token handling ( #5178 )
...
Currently, the Session proto id_token field is populated with Pomerium
session data during initial login, but with IdP ID token data after an
IdP session refresh.
Instead, store only IdP ID token data in this field.
Update the existing SetRawIDToken method to populate the structured data
fields based on the contents of the raw ID token. Remove the other code
that sets these fields (in the authenticateflow package and in
manager.sessionUnmarshaler).
Add a test for the identity manager, exercising the combined effect of
session claims unmarshaling and SetRawIDToken(), to verify that the
combined behavior is preserved unchanged.
2024-07-29 12:43:50 -07:00
Kenneth Jenkins
dbedfc586f
add mTLS UserPrincipalName SAN match ( #5177 )
...
Add a new 'user_principal_name' type to the downstream mTLS
match_subject_alt_names option. This corresponds to the 'OtherName' type
with type-id 1.3.6.1.4.1.311.20.2.3 and a UTF8String value.
Add support for UserPrincipalName SAN matching to the policy evaluator.
2024-07-26 10:23:19 -07:00
Kenneth Jenkins
b0606d9283
envoy: upgrade to v1.31.0 ( #5183 )
2024-07-23 10:06:03 -07:00
Kenneth Jenkins
14c0c5abd0
oidc: add more unit tests ( #5174 )
...
Add tests for all of the oidc.Provider methods not currently covered.
Remove the GetSubject() method as it appears to be unused.
2024-07-22 14:28:39 -07:00
Kenneth Jenkins
9fe646f25a
session: do not invalidate based on ID token ( #5182 )
...
Per the OIDC spec, section 2:
> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.
A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
2024-07-19 16:29:06 -07:00
Caleb Doxsey
e5e6558de6
core/authorize: require new login when authenticate url changes ( #5165 )
2024-07-12 10:57:41 -06:00
Caleb Doxsey
fd086bd06b
core/ui: fix cycle in profile data ( #5168 )
2024-07-09 17:05:12 -06:00
