3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
3292 commits 156 branches 125 tags 103 MiB
Commit graph

3292 commits

This branch
This branch
All branches
Author SHA1 Message Date
Denis Mishin
8a2cf3faf2
zero: add more verbose logging about background control loops (#4815) 2023-12-05 11:22:01 -05:00
dependabot[bot]
96ba5a6679
chore(deps): bump github.com/minio/minio-go/v7 from 7.0.63 to 7.0.65 (#4812) 
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.63 to 7.0.65.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.63...v7.0.65)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 09:01:05 -07:00
Denis Mishin
d2b2ad3250
zero: use production urls by default (#4814) 2023-12-04 20:01:46 -05:00
dependabot[bot]
2edd63c58a
chore(deps): bump distroless/base-debian12 from d2890b2 to 5e24c7a (#4658) 
Bumps distroless/base-debian12 from `d2890b2` to `5e24c7a`.

---
updated-dependencies:
- dependency-name: distroless/base-debian12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:51:39 -05:00
dependabot[bot]
f3ac3b5df7
chore(deps): bump golang.org/x/sync from 0.3.0 to 0.5.0 (#4748) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/sync/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:45 -05:00
dependabot[bot]
8184bad67b
chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 (#4777) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](0565240e2d...4a13e500e5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:21 -05:00
dependabot[bot]
8e6a61327c
chore(deps): bump mikefarah/yq from 4.35.2 to 4.40.3 (#4780) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.35.2 to 4.40.3.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](a198f72367...c11a53322b)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:57 -05:00
dependabot[bot]
72cde7b6b3
chore(deps): bump golang.org/x/net from 0.17.0 to 0.19.0 (#4792) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:28 -05:00
dependabot[bot]
6426d449f9
chore(deps): bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#4801) 
Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.19 to 0.0.20.
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:45:19 -05:00
dependabot[bot]
e59fd87d62
chore(deps): bump golang.org/x/time from 0.3.0 to 0.5.0 (#4796) 
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/time/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:44:51 -05:00
Caleb Doxsey
1780fefa72
core/storage: hijack connections for notification listeners (#4806) 2023-12-04 09:29:10 -07:00
Denis Mishin
4559320463
metrics: add linear probabilistic counter (#4776) 
* metrics: add linear probabilistic counter

* add pkg
 2023-12-04 08:51:41 -05:00
Kenneth Jenkins
a246466a87
metrics: explicitly set Accept header (#4774) 
If a request is made to the Pomerium metrics endpoint with an Accept
header requesting the Prometheus protobuf exposition format, some
metrics will be missing from the response.

These missing metrics are obtained by replaying the incoming request to 
an OpenCensus metrics exporter. This exporter honors the request for the
protobuf format, however Pomerium expects this response to be in the 
text format.

We can avoid this mismatch by explicitly requesting the text format from
the OpenCensus exporter, regardless of the incoming request's Accept
header.

(Note: the Pomerium metrics endpoint always responds with text format 
metrics, even if the protobuf format is requested.)
 2023-11-30 16:14:24 -08:00
Kenneth Jenkins
e49fbf58fa
update to Go 1.21.4 (#4770) 2023-11-29 19:16:12 -08:00
dependabot[bot]
c4dfafd76f
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#4677) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:32:33 -05:00
dependabot[bot]
c62ae2dfeb
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#4685) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:24:00 -05:00
dependabot[bot]
6a614c5221
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.42.1 (#4751) 
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3

Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.40.0 to 1.42.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.40.0...service/s3/v1.42.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 18:23:28 -08:00
Denis Mishin
140103d68b
zero: update pomerium/zero-sdk to support gzipped blobs (#4767) 2023-11-29 21:22:34 -05:00
Caleb Doxsey
bcddbff6e1
core/redis: remove redis (#4768) 
* core/redis: remove redis

* 20 minute max wait
 2023-11-28 13:14:36 -07:00
Denis Mishin
d610b9c25c
zero/core: set drwx------ for cache dir (#4764) 2023-11-27 10:36:25 -05:00
dependabot[bot]
89a76fe00f
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#4760) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-21 14:45:16 -08:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Kenneth Jenkins
14b13bb791
zero: use os.UserCacheDir for boostrap config path (#4744) 2023-11-17 14:44:32 -08:00
Caleb Doxsey
6810091d38
core/zero: add support for managed mode from config file (#4756) 2023-11-17 09:04:59 -07:00
Denis Mishin
eb729a53f8
ci: use built-in github release notes generator (#4754) 2023-11-16 13:36:13 -05:00
Kenneth Jenkins
59bd8b3dfa
zero/reconciler: fix restart behavior (#4753) 
Currently the RunWithRestart() loop may not exit when execFn returns an
error unrelated to its context cancellation. Add an additional check for
this case.
 2023-11-15 14:03:22 -08:00
Caleb Doxsey
3c2dc5e0a2 core/zero: fix urls (#4743) 2023-11-15 09:21:56 -08:00
Denis Mishin
86e4ad65d1 zero: derive signing key first thing (#4631) 2023-11-15 09:21:56 -08:00
Denis Mishin
0e1061d813 zero: restart config reconciliation when databroker storage is changed (#4623) 2023-11-15 09:21:56 -08:00
Denis Mishin
60ab9dafbe zero: report resource bundle reconciliation status (#4618) 
* zero: report resource bundle reconciliation status

* use latest zero-sdk
 2023-11-15 09:21:56 -08:00
Denis Mishin
e64e682853 zero: rm extra call on start (#4474) 2023-11-15 09:21:56 -08:00
Denis Mishin
e0236d3737 zero: managed mode controller (#4459) 2023-11-15 09:21:56 -08:00
Denis Mishin
ea8762d706 zero: resource bundle reconciler (#4445) 2023-11-15 09:21:56 -08:00
Denis Mishin
c0b1309e90 zero: bootstrap config (#4444) 2023-11-15 09:21:56 -08:00
Denis Mishin
5ddfc74645 add retry package (#4458) 2023-11-15 09:21:56 -08:00
Kenneth Jenkins
0d29401192
integration: add tool for renewing test certs (#4742) 
Add a utility for updating the integration test certificates. It takes
three file paths: the existing certificate, the CA certificate, and the
CA key. It will update the NotBefore and NotAfter timestamps and the
certificate signature, overwriting the existing certificate.

Example usage:

  cd integration/tpl/files
  go run renew-cert.go trusted.pem ca.pem ca-key.pem
 2023-11-13 08:57:02 -08:00
Caleb Doxsey
cfc339548f
core/config: disable strict-transport-security header with staging autocert (#4741) 2023-11-13 09:21:44 -07:00
Kenneth Jenkins
3ad72db2fb
integration: renew test certs (#4738) 
Several of the integration test certificates expired today. Update these 
so that they are valid for another 10 years. Also update several other
certificates that were due to expire tomorrow.
 2023-11-10 12:44:03 -08:00
Caleb Doxsey
d7ed62c350
core/storage: fix nil data unmarshal (#4734) 2023-11-10 13:16:22 -07:00
Denis Mishin
15ca641b9c
databroker: changeset: prevent nil data in the deleted records (#4736) 2023-11-10 13:04:22 -07:00
Caleb Doxsey
6de9f12ac1
core/session: fix flaky test (#4730) 2023-11-09 12:36:08 -07:00
Caleb Doxsey
d21cdb3678
core/envoy: fix remove cookie lua script (#4641) 
* core/envoy: fix remove cookie lua script

* fix matching prefix

* fix test data
 2023-11-09 10:49:56 -07:00
Denis Mishin
bf1cd0aa18
authorize: build evaluators cache in parallel (#4722) 
* authorize: build evaluators cache in parallel

* session: add unit tests for gRPC wrapper methods (#4713)

* core/config: add support for maps in environments (#4717)

* reconciler: allow custom comparison function (#4726)

* add loopvar alias

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2023-11-09 11:49:34 -05:00
Denis Mishin
cc6592b6fd
reconciler: allow custom comparison function (#4726) 2023-11-08 20:11:49 -05:00
Caleb Doxsey
ab7b66691d
core/config: add support for maps in environments (#4717) 2023-11-08 16:27:08 -07:00
Kenneth Jenkins
0238a39f23
session: add unit tests for gRPC wrapper methods (#4713) 2023-11-08 15:22:47 -08:00
Caleb Doxsey
62a9299e02
core/config: remove support for base64 encoded certificates (#4718) 
* core/config: update file watcher source to handle base64 encoded certificates

* fix data race

* core/config: only allow files in certificates

* remove test

* re-add test
 2023-11-08 13:08:24 -07:00
Caleb Doxsey
3bdbd56222
core/config: add pass_identity_headers option (#4720) 
* core/config: add pass_identity_headers option

* add to proto

* remove deprecated field
 2023-11-08 13:07:37 -07:00
Caleb Doxsey
77f9893fe5
core/config: remove unnecessary authenticate route (#4719) 2023-11-08 09:12:44 -07:00
Kenneth Jenkins
ffca3b36a9
authorize: reuse policy evaluators where possible (#4710) 
Add a parameter to evaluator.New() for the previous Evaluator (if any).
If the evaluatorConfig is the same, reuse any PolicyEvaluators for
policies that have not changed from the previous Evaluator.

Use the route IDs along with the policy checksums to determine whether a
given policy has changed. Similarly, add a new cacheKey() method to the
evaluatorConfig to compute a checksum used for determine whether the
evaluatorConfig has changed. (Store this checksum on the Evaluator.)
 2023-11-06 13:57:59 -08:00