3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-30 16:38:11 +02:00
Code Issues Projects Releases Packages Wiki Activity
3433 commits 172 branches 127 tags 108 MiB
Commit graph

3433 commits

This branch
This branch
All branches
Author SHA1 Message Date
Denis Mishin
2db2bd09a1
connect: add gRPC keep-alive (#4961) 2024-02-13 18:26:14 -05:00
Caleb Doxsey
c6d1f17100
core/ui: fix page title (#4957) 
* core/ui: fix page title

* cache template
 2024-02-12 14:05:18 -07:00
Caleb Doxsey
76862c2fe8
core: use context.WithoutCancel (#4959) 2024-02-09 13:55:06 -07:00
Kenneth Jenkins
6b245d2a24
ci: switch to regular runners (#4958) 
Switch to regular GitHub Actions runners in the 'Docker Release
Branches' workflow, matching how the 'Docker Main' workflow is
configured.
 2024-02-09 08:51:01 -08:00
dependabot[bot]
84448eb9e0
chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 25.0.2+incompatible (#4942) 
* chore(deps): bump github.com/docker/docker

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix deps

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2024-02-08 12:27:25 -07:00
Kenneth Jenkins
f9808a73ba
integration: unauthorized response Content-Type (#4956) 
Modify the request 'Accept' header to behave more like a web browser,
and add an assertion to verify that Pomerium serves an HTML response for
the unauthorized error page.
 2024-02-06 08:53:58 -08:00
Denis Mishin
7edd538be7
zero/bootstrap: reset back to inmem databroker if connection string is empty (#4955) 2024-02-05 20:15:33 -05:00
Caleb Doxsey
9d0e727e4d
core/zero: upgrade oapi-codegen (#4953) 2024-02-05 11:44:21 -07:00
dependabot[bot]
6f6535e8d6
chore(deps): bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 (#4926) 
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.36.0...spanner/v1.37.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2024-02-01 18:17:19 -05:00
Caleb Doxsey
55eb2fa3dc
core/authorize: result denied improvements (#4952) 
* core/authorize: result denied improvements

* add authenticate robots.txt

* fix tests
 2024-02-01 16:16:33 -07:00
dependabot[bot]
61a9bd7c6b
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.2 to 1.0.4 (#4945) 
chore(deps): bump github.com/envoyproxy/protoc-gen-validate

Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 1.0.2 to 1.0.4.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.2...v1.0.4)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 15:05:17 -08:00
dependabot[bot]
d5d0af1d45
chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.1 to 0.12.0 (#4935) 
chore(deps): bump github.com/envoyproxy/go-control-plane

Bumps [github.com/envoyproxy/go-control-plane](https://github.com/envoyproxy/go-control-plane) from 0.11.1 to 0.12.0.
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](https://github.com/envoyproxy/go-control-plane/compare/v0.11.1...v0.12.0)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/go-control-plane
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 17:15:54 -05:00
dependabot[bot]
114b1fda81
chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.2 (#4944) 
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.1 to 5.5.2.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.1...v5.5.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 17:13:52 -05:00
dependabot[bot]
1679090a39
chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.2 to 1.26.6 (#4932) 
chore(deps): bump github.com/aws/aws-sdk-go-v2/config

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.26.2 to 1.26.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.2...config/v1.26.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:21:37 -07:00
dependabot[bot]
a0057ad9a0
chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#4937) 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.60.0 to 0.61.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.60.0...v0.61.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:12:14 -07:00
dependabot[bot]
51fdfb06ab
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.7 to 1.48.1 (#4939) 
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3

Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.47.7 to 1.48.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.47.7...service/s3/v1.48.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:12:01 -07:00
dependabot[bot]
9fa378a15e
chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#4930) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.24.0 to 1.24.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.24.0...v1.24.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:11:46 -07:00
dependabot[bot]
d93bd32f0d
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#4933) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:11:25 -07:00
dependabot[bot]
289293a50f
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.23.12 to 3.24.1 (#4928) 
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.23.12 to 3.24.1.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.23.12...v3.24.1)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:11:10 -07:00
dependabot[bot]
c82272faa9
chore(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.21.0 to 1.22.0 (#4946) 
chore(deps): bump go.opentelemetry.io/otel/sdk/metric

Bumps [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:10:55 -07:00
dependabot[bot]
454361d714
chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc from 0.44.0 to 0.45.0 (#4947) 
chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) from 0.44.0 to 0.45.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/bridge/opencensus/v0.44.0...bridge/opencensus/v0.45.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:10:40 -07:00
dependabot[bot]
abf15a8f9d
chore(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 (#4949) 
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:10:24 -07:00
dependabot[bot]
321429db14
chore(deps): bump busybox from ba76950 to 6d9ac92 in /.github (#4950) 
Bumps busybox from `ba76950` to `6d9ac92`.

---
updated-dependencies:
- dependency-name: busybox
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:10:07 -07:00
dependabot[bot]
dd6de571dd
chore(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (#4940) 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.4 to 1.17.5.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.4...v1.17.5)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:09:34 -07:00
dependabot[bot]
acd1b765e1
chore(deps): bump google-github-actions/auth from 2.0.0 to 2.1.0 (#4925) 
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](67e9c72af6...5a50e58116)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:09:14 -07:00
dependabot[bot]
58fc38aada
chore(deps): bump google-github-actions/setup-gcloud from 2.0.1 to 2.1.0 (#4924) 
Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md)
- [Commits](5a5f7b85fc...98ddc00a17)

---
updated-dependencies:
- dependency-name: google-github-actions/setup-gcloud
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:08:58 -07:00
dependabot[bot]
e567ab7d9f
chore(deps): bump docker/metadata-action from 5.4.0 to 5.5.1 (#4923) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.4.0 to 5.5.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](9dc751fe24...8e5442c4ef)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:08:38 -07:00
dependabot[bot]
d33ef93886
chore(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 (#4922) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](c7d193f32e...26f96dfa69)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:08:19 -07:00
dependabot[bot]
360771676f
chore(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#4948) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.61.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.60.1...v1.61.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 10:22:35 -07:00
dependabot[bot]
152edd8378
chore(deps): bump google.golang.org/api from 0.154.0 to 0.161.0 (#4938) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.154.0 to 0.161.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.154.0...v0.161.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:56:52 -05:00
dependabot[bot]
5849a2e7bb
chore(deps): bump golang from 1.21.5-bookworm to 1.21.6-bookworm (#4920) 
Bumps golang from 1.21.5-bookworm to 1.21.6-bookworm.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 09:18:49 -07:00
dependabot[bot]
c6b7a92bc9
chore(deps): bump node from 8d0f16f to fd01154 (#4921) 
Bumps node from `8d0f16f` to `fd01154`.

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 09:18:12 -07:00
dependabot[bot]
d38874c7f7
chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#4919) 
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.5 to 1.1.12.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.12)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-31 15:52:50 -08:00
Kenneth Jenkins
e83b14bcd5
config: remove deprecated client_ca option (#4918) 
The client_ca and client_ca_file settings were deprecated in v0.23.
Remove these options and add a link to the corresponding explanation on
the Upgrading docs page.
 2024-01-30 14:12:23 -08:00
Caleb Doxsey
6a833b365a
core/ppl: add groups criterion (#4916) 
* core/ppl: add groups criterion

* remove dead code

* add additional test
 2024-01-30 09:40:15 -07:00
Denis Mishin
3ca2f2462d
zero/reconciler: remove unused changeset code (#4915) 2024-01-24 19:21:34 -05:00
Kenneth Jenkins
acbad4fb96
policy: add client cert SAN match criteria (#4913) 
Expand the Certificate Matcher to support matching on DNS, email, or URI
Subject Alternative Names, using the existing String Matcher conditions.
 2024-01-24 16:05:22 -08:00
Caleb Doxsey
2a9e76eb7c
core/envoy: clean up temporary directory on start (#4914) 2024-01-24 15:53:44 -07:00
Caleb Doxsey
4301da3648
core/telemetry: move requestid to pkg directory (#4911) 2024-01-19 13:18:16 -07:00
Caleb Doxsey
803baeb9e1
core/authorize: return non-html errors on denied (#4904) 2024-01-18 10:07:03 -07:00
Caleb Doxsey
24b04bed35
core/opa: update for rego 1.0 (#4895) 
* core/opa: update headers rego script

* core/opa: update ppl

* further updates
 2024-01-16 09:43:35 -07:00
Caleb Doxsey
5e0079c649
core/databroker: disable identity manager user refresh when hosted authenticate is used (#4905) 2024-01-12 13:30:03 -07:00
Caleb Doxsey
1080a33443
core/zero: update oapi-codegen (#4898) 2024-01-12 13:28:33 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Caleb Doxsey
d5b4910951
core/ci: check docker base images (#4906) 
* check docker base images

* test bad image

* debugging

* fix missing gcr image

* restore hash

* fix docker tag

* improved check

* fix variable

* fix check
 2024-01-12 12:25:28 -07:00
Kenneth Jenkins
c7c2087483
envoy: enable TCP keepalive for internal clusters (#4902) 
In split service mode, and during periods of inactivity, the gRPC
connections to the databroker may fall idle. Some network firewalls may
eventually time out an idle TCP connection and even start dropping
subsequent packets once connection traffic resumes. Combined with Linux
default TCP retransmission settings, this could cause a broken
connection to persist for over 15 minutes.

In an attempt to avoid this scenario, enable TCP keepalive for outbound
gRPC connections, matching the Go standard library default settings for
time & interval: 15 seconds for both. (The probe count does not appear
to be set, so it will remain at the OS default.)

Add a test case exercising the BuildClusters() method with the default
configuration options, comparing the results with a reference "golden"
file in the testdata directory. Also add an '-update' flag to make it
easier to update the reference golden when needed:

  go test ./config/envoyconfig -update
 2024-01-11 09:12:45 -08:00
Kenneth Jenkins
6efef022af
authenticate: rework CORS headers log entry (#4900) 
Currently most requests to the authenticate service will result in a log
entry with the message "authenticate: origin blocked". This may be
confusing, as the request is not in fact blocked; instead, what happens
is that no special CORS headers are added to the response.

Let's reverse the logging behavior, and instead log a message only for
those requests with a valid signature, where we do add CORS headers to
the response.

Add a unit test case exercising the CORS middleware.
 2024-01-10 10:39:25 -08:00
Denis Mishin
e6ed4d537f
changelog for v0.25 (#4896) 2024-01-09 16:30:24 -05:00
Denis Mishin
c84a251c93
zero/k8s: deployment manifests (#4763) 
* zero/k8s: deployment manifests

* convert to statefulset so that it has persistent volume claim

* use standard ports to avoid config customization for k8s

* add XDG_DATA_HOME mapping
 2024-01-08 12:08:14 -05:00
dependabot[bot]
ca71b3ae60
chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#4901) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-08 10:03:48 -07:00