Kenneth Jenkins
14c0c5abd0
oidc: add more unit tests ( #5174 )
...
Add tests for all of the oidc.Provider methods not currently covered.
Remove the GetSubject() method as it appears to be unused.
2024-07-22 14:28:39 -07:00
Kenneth Jenkins
9fe646f25a
session: do not invalidate based on ID token ( #5182 )
...
Per the OIDC spec, section 2:
> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.
A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
2024-07-19 16:29:06 -07:00
Caleb Doxsey
e5e6558de6
core/authorize: require new login when authenticate url changes ( #5165 )
2024-07-12 10:57:41 -06:00
Caleb Doxsey
fd086bd06b
core/ui: fix cycle in profile data ( #5168 )
2024-07-09 17:05:12 -06:00
dependabot[bot]
968e3358a3
chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 ( #5169 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.64.0 to 1.64.1.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.64.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 15:35:25 -07:00
Caleb Doxsey
517abbada4
core/ui: add request id to upstream error page ( #5166 )
2024-07-08 11:44:30 -06:00
dependabot[bot]
8f8c66e9fd
chore(deps): bump the go group with 21 updates ( #5162 )
...
* chore(deps): bump the go group with 21 updates
Bumps the go group with 21 updates:
| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) | `1.41.0` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.0` | `1.30.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.16` | `1.27.23` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) | `1.54.3` | `1.57.1` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic ) | `0.21.2` | `0.21.3` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) | `1.3.8` | `1.3.9` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `26.1.3+incompatible` | `27.0.3+incompatible` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) | `5.0.12` | `5.1.0` |
| [github.com/gorilla/websocket](https://github.com/gorilla/websocket ) | `1.5.1` | `1.5.3` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress ) | `1.17.8` | `1.17.9` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) | `7.0.70` | `7.0.72` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.65.0` | `0.66.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common ) | `0.53.0` | `0.55.0` |
| [github.com/spf13/viper](https://github.com/spf13/viper ) | `1.18.2` | `1.19.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto ) | `0.23.0` | `0.24.0` |
| [golang.org/x/net](https://github.com/golang/net ) | `0.25.0` | `0.26.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2 ) | `0.20.0` | `0.21.0` |
| [golang.org/x/sys](https://github.com/golang/sys ) | `0.20.0` | `0.21.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) | `0.178.0` | `0.183.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto ) | `0.0.0-20240515191416-fc5f0ca64291` | `0.0.0-20240528184218-531527333157` |
| google.golang.org/protobuf | `1.34.1` | `1.34.2` |
Updates `cloud.google.com/go/storage` from 1.41.0 to 1.42.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.41.0...spanner/v1.42.0 )
Updates `github.com/aws/aws-sdk-go-v2` from 1.27.0 to 1.30.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.27.0...v1.30.1 )
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.16 to 1.27.23
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.16...config/v1.27.23 )
Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.3 to 1.57.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.3...service/s3/v1.57.1 )
Updates `github.com/caddyserver/certmagic` from 0.21.2 to 0.21.3
- [Release notes](https://github.com/caddyserver/certmagic/releases )
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.2...v0.21.3 )
Updates `github.com/cloudflare/circl` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9 )
Updates `github.com/docker/docker` from 26.1.3+incompatible to 27.0.3+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v27.0.3 )
Updates `github.com/go-chi/chi/v5` from 5.0.12 to 5.1.0
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.0.12...v5.1.0 )
Updates `github.com/gorilla/websocket` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/gorilla/websocket/releases )
- [Commits](https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3 )
Updates `github.com/klauspost/compress` from 1.17.8 to 1.17.9
- [Release notes](https://github.com/klauspost/compress/releases )
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml )
- [Commits](https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9 )
Updates `github.com/minio/minio-go/v7` from 7.0.70 to 7.0.72
- [Release notes](https://github.com/minio/minio-go/releases )
- [Commits](https://github.com/minio/minio-go/compare/v7.0.70...v7.0.72 )
Updates `github.com/open-policy-agent/opa` from 0.65.0 to 0.66.0
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.65.0...v0.66.0 )
Updates `github.com/prometheus/common` from 0.53.0 to 0.55.0
- [Release notes](https://github.com/prometheus/common/releases )
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md )
- [Commits](https://github.com/prometheus/common/compare/v0.53.0...v0.55.0 )
Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0 )
Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0 )
Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0 )
Updates `golang.org/x/oauth2` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0 )
Updates `golang.org/x/sys` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0 )
Updates `google.golang.org/api` from 0.178.0 to 0.183.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.183.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240515191416-fc5f0ca64291 to 0.0.0-20240528184218-531527333157
- [Commits](https://github.com/googleapis/go-genproto/commits )
Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/cloudflare/circl
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/gorilla/websocket
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/klauspost/compress
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix test
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2024-07-05 13:26:47 -06:00
dependabot[bot]
e5e0b10301
chore(deps): bump the docker group with 2 updates ( #5159 )
...
Bumps the docker group with 2 updates: node and golang.
Updates `node` from `ab71b9d` to `b849bc4`
Updates `golang` from 1.22.3-bookworm to 1.22.4-bookworm
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 16:09:39 -06:00
dependabot[bot]
df3afdc04d
chore(deps): bump the github-actions group with 4 updates ( #5160 )
...
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [docker/build-push-action](https://github.com/docker/build-push-action ), [mikefarah/yq](https://github.com/mikefarah/yq ) and [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/docker/build-push-action/releases )
- [Commits](2cdde995de...15560696dehttps://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](557dcb87b8...f15500b20ahttps://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5.1.0...v6.0.0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: mikefarah/yq
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 11:53:11 -06:00
dependabot[bot]
2c741ce371
chore(deps): bump busybox from 5eef5ed to 9ae97d3 in /.github in the docker group ( #5161 )
...
chore(deps): bump busybox in /.github in the docker group
Bumps the docker group in /.github with 1 update: busybox.
Updates `busybox` from `5eef5ed` to `9ae97d3`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 11:52:49 -06:00
Caleb Doxsey
d55cb097cc
core/ui: add user info link ( #5158 )
...
* core/ui: add user info link
* open in new window
* fix header test
2024-06-28 14:07:24 -06:00
Kenneth Jenkins
f5f5e5fddc
controlplane: avoid calling Close on nil listener ( #5156 )
...
Tweak the cleanup logic in controlplane.NewServer() to avoid a nil panic
if the DebugListener fails to start.
2024-06-27 08:48:43 -07:00
Kenneth Jenkins
42a975ce44
zero: set fixed start time for active users test ( #5154 )
2024-06-26 17:29:36 -07:00
Kenneth Jenkins
6ee9e5238c
envoy: upgrade to v1.30.3 ( #5152 )
2024-06-26 17:20:42 -07:00
Caleb Doxsey
9ebf42ad53
core/autocert: fix filter chain, handshake ( #5150 )
...
* core/autocert: fix filter chain, handshake
* only enable http challenges on port 80
2024-06-26 11:17:35 -06:00
Caleb Doxsey
d9c6afc168
core/envoy: add mode to download only the current binary ( #5149 )
2024-06-25 14:35:55 -06:00
Caleb Doxsey
815353ab67
core/userinfo: remove excess userinfo data ( #5137 )
2024-06-25 21:12:53 +02:00
Caleb Doxsey
bf1d228131
core/authorize: use uuid for jti, current time for iat and exp ( #5147 )
...
* core/authorize: use uuid for jti, current time for iat and exp
* exclude the jtis
* Update authorize/evaluator/headers_evaluator_test.go
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
---------
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
2024-06-25 11:31:00 -06:00
Denis Mishin
a7dd30ad29
zero/telemetry: add hostname and version ( #5146 )
2024-06-24 21:33:37 -04:00
Caleb Doxsey
7eca911292
core/envoy: add command to download envoy binaries ( #5133 )
...
* core/envoy: add command to download envoy binaries
* use internal log
* remove original get-envoy script
2024-06-18 20:00:55 -06:00
Denis Mishin
8d206e0087
zero/telemetry: collect limited core metrics ( #5142 )
2024-06-18 19:15:11 -04:00
dependabot[bot]
71cda4628d
chore(deps): bump braces from 3.0.2 to 3.0.3 in /ui ( #5139 )
...
Bumps [braces](https://github.com/micromatch/braces ) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3 )
---
updated-dependencies:
- dependency-name: braces
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 11:07:01 -06:00
Kenneth Jenkins
34ae403811
envoy: upgrade to v1.30.2 ( #5140 )
2024-06-17 13:20:16 -07:00
Denis Mishin
c1dec06afa
zero/telemetry: internal envoy stats scraper and metrics producer ( #5136 )
2024-06-16 20:41:05 -04:00
Joe Kralicky
c3534df885
Add runtime flag to allow disabling config hot-reload ( #5079 ) ( #5112 )
...
* Add runtime flag to allow disabling config hot-reload (#5079 )
* Add unit tests
* Log at info level instead of warning
2024-06-12 23:20:30 -04:00
Denis Mishin
114f730dba
zero: refactor telemetry and controller ( #5135 )
...
* zero: refactor controller
* refactor zero telemetry and controller
* wire with connect handler
* cr
2024-06-12 21:59:25 -04:00
Denis Mishin
cc636be707
zero: refactor controller ( #5134 )
2024-06-12 16:31:42 -04:00
Denis Mishin
e12532ba52
zero/connect: add telemetry request command ( #5131 )
...
* zero/connect: add telemetry request command
* rm relabeling
2024-06-10 22:54:02 -04:00
Denis Mishin
2b1dcf7355
telemetry: add prometheus streaming converter to OTLP ( #5132 )
2024-06-10 15:39:09 -04:00
Caleb Doxsey
990517a89e
core/ui: user info dashboard improvements ( #5128 )
2024-06-05 14:57:55 -06:00
Caleb Doxsey
4eda7479ce
core/ui: add policy id ( #5127 )
...
add policy id
2024-06-04 17:16:26 -06:00
Kenneth Jenkins
503966a577
update the pomerium/webauthn dependency ( #5125 )
2024-06-04 13:46:23 -07:00
dependabot[bot]
3fcce1d9ef
chore(deps): bump the go group with 27 updates ( #5122 )
...
* chore(deps): bump the go group with 27 updates
Bumps the go group with 27 updates:
| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) | `1.40.0` | `1.41.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) | `1.26.1` | `1.27.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.11` | `1.27.16` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) | `1.53.1` | `1.54.3` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic ) | `0.20.0` | `0.21.2` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `26.1.1+incompatible` | `26.1.3+incompatible` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx ) | `5.5.5` | `5.6.0` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.64.1` | `0.65.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) | `1.19.0` | `1.19.1` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs ) | `0.14.0` | `0.15.1` |
| [github.com/rs/zerolog](https://github.com/rs/zerolog ) | `1.32.0` | `1.33.0` |
| [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil ) | `3.24.4` | `3.24.5` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go ) | `1.26.0` | `1.27.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto ) | `0.22.0` | `0.23.0` |
| [golang.org/x/net](https://github.com/golang/net ) | `0.24.0` | `0.25.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2 ) | `0.19.0` | `0.20.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) | `0.177.0` | `0.178.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto ) | `0.0.0-20240429193739-8cf5692501f6` | `0.0.0-20240515191416-fc5f0ca64291` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go ) | `1.63.2` | `1.64.0` |
| google.golang.org/protobuf | `1.34.0` | `1.34.1` |
Updates `cloud.google.com/go/storage` from 1.40.0 to 1.41.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.40.0...spanner/v1.41.0 )
Updates `github.com/aws/aws-sdk-go-v2` from 1.26.1 to 1.27.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.26.1...v1.27.0 )
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.11 to 1.27.16
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.11...config/v1.27.16 )
Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.53.1 to 1.54.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/s3/v1.54.3 )
Updates `github.com/caddyserver/certmagic` from 0.20.0 to 0.21.2
- [Release notes](https://github.com/caddyserver/certmagic/releases )
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.2 )
Updates `github.com/docker/docker` from 26.1.1+incompatible to 26.1.3+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.1...v26.1.3 )
Updates `github.com/jackc/pgx/v5` from 5.5.5 to 5.6.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jackc/pgx/compare/v5.5.5...v5.6.0 )
Updates `github.com/open-policy-agent/opa` from 0.64.1 to 0.65.0
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.64.1...v0.65.0 )
Updates `github.com/prometheus/client_golang` from 1.19.0 to 1.19.1
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1 )
Updates `github.com/prometheus/procfs` from 0.14.0 to 0.15.1
- [Release notes](https://github.com/prometheus/procfs/releases )
- [Commits](https://github.com/prometheus/procfs/compare/v0.14.0...v0.15.1 )
Updates `github.com/rs/zerolog` from 1.32.0 to 1.33.0
- [Commits](https://github.com/rs/zerolog/compare/v1.32.0...v1.33.0 )
Updates `github.com/shirou/gopsutil/v3` from 3.24.4 to 3.24.5
- [Release notes](https://github.com/shirou/gopsutil/releases )
- [Commits](https://github.com/shirou/gopsutil/compare/v3.24.4...v3.24.5 )
Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/metric` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/sdk/metric` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `go.opentelemetry.io/otel/trace` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
Updates `golang.org/x/crypto` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0 )
Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0 )
Updates `golang.org/x/oauth2` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0 )
Updates `google.golang.org/api` from 0.177.0 to 0.178.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.178.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240429193739-8cf5692501f6 to 0.0.0-20240515191416-fc5f0ca64291
- [Commits](https://github.com/googleapis/go-genproto/commits )
Updates `google.golang.org/grpc` from 1.63.2 to 1.64.0
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0 )
Updates `google.golang.org/protobuf` from 1.34.0 to 1.34.1
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/prometheus/procfs
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/rs/zerolog
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/shirou/gopsutil/v3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
* change acme pkg
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2024-06-03 14:35:29 -04:00
dependabot[bot]
ffe7cf7654
chore(deps): bump the docker group with 3 updates ( #5123 )
...
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.
Updates `node` from `3864be2` to `ab71b9d`
Updates `golang` from 1.22.2-bookworm to 1.22.3-bookworm
Updates `distroless/base-debian12` from `c7852ef` to `fe3521b`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 08:04:20 -07:00
dependabot[bot]
e1fba7d190
chore(deps): bump the github-actions group with 9 updates ( #5121 )
...
Bumps the github-actions group with 9 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.1.4` | `4.1.6` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.0.0` | `5.0.1` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.1.0` | `3.2.0` |
| [mikefarah/yq](https://github.com/mikefarah/yq ) | `4.43.1` | `4.44.1` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) | `5.1.0` | `6.0.1` |
| [azure/docker-login](https://github.com/azure/docker-login ) | `1.0.1` | `2` |
| [google-github-actions/auth](https://github.com/google-github-actions/auth ) | `2.1.2` | `2.1.3` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) | `5.0.0` | `5.1.0` |
| [coverallsapp/github-action](https://github.com/coverallsapp/github-action ) | `2.2.3` | `2.3.0` |
Updates `actions/checkout` from 4.1.4 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...a5ac7e51b4https://github.com/actions/setup-go/releases )
- [Commits](0c52d547c9...cdcb360436https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7https://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](c35ec752e3...557dcb87b8https://github.com/golangci/golangci-lint-action/releases )
- [Commits](9d1e0624a7...a4f60bb28dhttps://github.com/azure/docker-login/releases )
- [Commits](83efeb7777...15c4aadf09https://github.com/google-github-actions/auth/releases )
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md )
- [Commits](55bd3a7c6e...71fee32a0bhttps://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0 )
Updates `coverallsapp/github-action` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/coverallsapp/github-action/releases )
- [Commits](3dfc556739...643bc377ff
2024-06-03 08:03:47 -07:00
dependabot[bot]
df718db8ac
chore(deps): bump the docker group in /.github with 3 updates ( #5124 )
...
Bumps the docker group in /.github with 3 updates: busybox, distroless/base and distroless/base-debian12.
Updates `busybox` from `6776a33` to `5eef5ed`
Updates `distroless/base` from `d8d01e2` to `786007f`
Updates `distroless/base-debian12` from `d8d01e2` to `786007f`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 08:01:09 -07:00
Joe Kralicky
d859e884c0
Add support for using the standard grpc env vars to control log severity and verbosity ( #5120 )
2024-05-31 14:06:38 -04:00
Joe Kralicky
de603f87de
Add new configurable bootstrap writers ( #2405 ) ( #5114 )
...
* Add new configurable bootstrap writers (#2405 )
This PR adds the ability to configure different backends to use for
storing modifications to the zero bootstrap config. The two currently
implemented backends allow writing changes to a file or to a Kubernetes
secret. Backend selection is determined by the scheme in a URI passed to
the flag '--config-writeback-uri'.
In a Kubernetes environment, where the bootstrap config is mounted into
the pod from a secret, this option allows Pomerium to write changes back
to the secret, as writes to the mounted secret file on disk are not
persisted.
* Use env vars for bootstrap config filepath/writeback uri
* linter pass and code cleanup
* Add new config writer options mechanism
This moves the encryption cipher parameter out of the WriteConfig()
method in the ConfigWriter interface and into a new ConfigWriterOptions
struct. Options (e.g. cipher) can be applied to an existing ConfigWriter
to allow customizing implementation-specific behavior.
* Code cleanup/lint fixes
* Move vendored k8s code into separate package, and add license header and package comment
2024-05-31 12:26:17 -04:00
Joe Kralicky
927f24e1ff
Envoy resource monitoring & overload manager configuration ( #5106 )
...
* Initial envoy cgroup resource monitor implementation
* Add cgroupv1 support; add metrics instrumentation
* Slight refactor for more efficient memory limit detection
Instead of reading memory.max/limit_in_bytes on every tick, we
read it once, then again only when it is modified.
To support this change, logic for computing the saturation was moved out
of the cgroup driver and into the resource monitor, and the driver
interface now has separate methods for reading memory usage and limit.
* Code cleanup/lint fixes
* Add platform build tags
* Add unit tests
* Fix lint issues
* Add runtime flag to allow disabling resource monitor
* Clamp saturation values to the range [0.0, 1.0]
* Switch to x/sys/unix; handle inotify IN_IGNORED events
2024-05-28 16:57:09 -04:00
Joe Kralicky
aa3b790601
Ensure k3s runs as pid 1 in docker
...
This fixes the k3s entrypoint script in the docker compose integration
tests to ensure k3s runs as pid 1. This is required when running k3s in
docker if the host is using cgroup2.
2024-05-28 15:26:32 -04:00
Denis Mishin
8269a723ec
health-checks: zero route availability improvements ( #5111 )
2024-05-17 16:47:27 -04:00
Nathan Hayfield
adb5f781a6
adds upstream error page ( #5113 )
...
* adds upstream error page
* help docs in new tab
2024-05-14 18:23:24 +02:00
Caleb Doxsey
568e99fdd4
core/envoy: exclude unauthorized access from local replies ( #5108 )
...
* core/envoy: exclude unauthorized access from local replies
* fix test
2024-05-09 11:09:38 -06:00
Caleb Doxsey
ab388211f2
core/ui: improve frontend build size ( #5109 )
...
* core/ui: improve frontend build size
* remove luxon
* add lodash
* remove console.log
* only generate sourcemap when watching
2024-05-09 07:10:00 -06:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration ( #5105 )
2024-05-07 16:45:39 -06:00
Denis Mishin
4031f4a962
health-check: building config from databroker source ( #5104 )
2024-05-06 14:47:20 -04:00
Kenneth Jenkins
b1feff5d56
envoy: preserve Go's max file limit for Envoy ( #5102 )
...
Go raises the "max open files" soft limit to match the hard limit for
itself, but has special logic to reset the original soft limit before
forking a child process. This logic does not apply if the file limit is
set explicitly. Add a pair of Getrlimit / Setrlimit calls so that we
(1) preserve the default Go limit behavior for ourselves, and
(2) keep these same limits when launching Envoy.
2024-05-03 17:15:59 -07:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any ( #5099 )
...
* core/lint: upgrade golangci-lint, replace interface{} with any
* regen proto
2024-05-02 14:33:52 -06:00
Denis Mishin
614048ae9c
health-checks: add route reachability ( #5093 )
...
* health-checks: add route reachability
* rm tls check bypass
2024-05-02 13:31:48 -04:00
Caleb Doxsey
a95423b310
core/identity: refactor identity manager ( #5091 )
...
* core/identity: add data store for thread-safe storage of sessions and users
* wip
* add test
* wip
* clean up context
* fix nil session error
* add stop message
* remove log
* use origin context
* use base context for manager calls
* use manager context for syncers too
* add runtime flag
* rename legacy lease
* add comment
* use NotSame
* add comment
* Update internal/identity/manager/manager.go
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
* lint
---------
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
2024-05-02 10:27:06 -06:00
