3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
3710 commits 156 branches 125 tags 103 MiB
Commit graph

3710 commits

This branch
This branch
All branches
Author SHA1 Message Date
Caleb Doxsey
c5716a6045
remove debug log message for directories (#5560) 2025-04-02 10:17:42 -06:00
dependabot[bot]
9161cac1eb
chore(deps): bump the docker group with 3 updates (#5558) 
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.


Updates `node` from `f6b9c31` to `c7fd844`

Updates `golang` from `d7d795d` to `fa1a01d`

Updates `distroless/base-debian12` from `3a59a8d` to `02be006`

---
updated-dependencies:
- dependency-name: node
  dependency-version: lts-bookworm
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: golang
  dependency-version: 1.24-bookworm
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: distroless/base-debian12
  dependency-version: debug
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 16:56:57 -06:00
Caleb Doxsey
e984d07a55
return errors according to accept header (#5551) 2025-04-01 08:36:00 -06:00
Kenneth Jenkins
ce46562a48
ci: build docker images for experimental/* branches (#5552) 2025-03-28 13:06:18 -07:00
Caleb Doxsey
1a199eb9f5
authenticate: remove /.pomerium/callback handler (#5553) 2025-03-28 13:04:25 -06:00
Denis Mishin
bed6770e16
ci: set goreleaser Node version to 22 (#5547) 2025-03-26 13:38:52 -04:00
Caleb Doxsey
38ca6d52b9
only support loading idp tokens via bearer tokens (#5545) 2025-03-26 09:47:40 -06:00
Kenneth Jenkins
b188a168af
metrics: fix an apparent metric setup error (#5543) 
The IdentityManagerLastSessionRefreshErrorView appears to be a duplicate
of IdentityManagerLastUserRefreshErrorView. Adjust it to use the
matching identityManagerLastSessionRefreshError instead.
 2025-03-25 14:48:07 -07:00
Caleb Doxsey
e7675a5b2a
databroker: preserve data type when deleting changeset (#5540) 
* databroker: preserve data type when deleting changeset

* use cs.now
 2025-03-25 10:11:36 -06:00
Joe Kralicky
a96ab2fe93
move internal/telemetry/trace => pkg/telemetry/trace (#5541) 2025-03-25 10:43:04 -04:00
Denis Mishin
ab5f3ac7f3
core/envoyconfig: make adding ipv6 addresses to internal cidr list conditional on ipv6 support on the system (#5538) 2025-03-21 11:14:50 -04:00
Caleb Doxsey
bc263e3ee5
proxy: use querier cache for user info (#5532) 2025-03-20 09:50:22 -06:00
Joe Kralicky
08623ef346
add tests/benchmarks for http1/http2 tcp tunnels and http1 websockets (#5471) 
* add tests/benchmarks for http1/http2 tcp tunnels and http1 websockets

testenv:
- add new TCP upstream
- add websocket functions to HTTP upstream
- add https support to mock idp (default on)
- add new debug flags -env.bind-address and -env.use-trace-environ to
  allow changing the default bind address, and enabling otel environment
  based trace config, respectively

* linter pass

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-03-19 18:42:19 -04:00
Caleb Doxsey
d6b02441b3
authorize: return 403 on invalid sessions (#5536) 2025-03-19 14:41:28 -06:00
dependabot[bot]
2795cc68aa
chore(deps): bump @babel/helpers from 7.24.4 to 7.26.10 in /ui (#5523) 
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.24.4 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers)

---
updated-dependencies:
- dependency-name: "@babel/helpers"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-19 13:26:33 -06:00
Joe Kralicky
8c6955dbe2
Increase some test timeouts (#5535) 
increase some test timeouts
 2025-03-19 14:52:11 -04:00
Caleb Doxsey
4c9398e95b
config: fix layered bearer_token_format and idp_access_token_allowed_audiences (#5533) 2025-03-19 10:04:48 -06:00
Denis Mishin
5ef16bcd28
metrics: reduce gc pressure (#5530) 2025-03-18 13:48:49 -04:00
Kenneth Jenkins
562101ae03
remove the legacy identity manager (#5528) 2025-03-17 11:59:02 -07:00
dependabot[bot]
bdfc17d1ce
chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 (#5526) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-14 13:43:44 -06:00
Denis Mishin
c4a5502f49
websockets: disable http2 connect (#5516) 2025-03-13 09:46:08 -04:00
Kenneth Jenkins
e1eca4e97c
config: fix jwt_issuer_format conversion (#5524) 
Remove the previous conversion logic in NewPolicyFromProto() for the 
jwt_issuer_format field. This would prevent the new "unset" state from
working correctly. Add a unit test to verify that all three values
(unset, "hostOnly" and "uri") will successfully round trip to the proto
format and back again.

Also add a test case for the Options.ApplySettings() method to verify 
that an unset jwt_issuer_format will not overwrite the existing value
(if any) in the settings.
 2025-03-12 16:13:16 -07:00
Denis Mishin
9cd5160468
zero/grpc: use hostname for proxied grpc calls (#5520) 2025-03-11 17:37:01 -04:00
Kenneth Jenkins
ad183873f4
add global jwt_issuer_format option (#5508) 
Add a corresponding global setting for the existing route-level
jwt_issuer_format option. The route-level option will take precedence
when set to a non-empty string.
 2025-03-11 14:11:50 -07:00
Denis Mishin
b86c9931b1
testutil: use cmp.Diff in protobuf json assertion (#5517) 2025-03-07 20:20:27 -05:00
dependabot[bot]
a55c144ca1
chore(deps): bump the docker group with 2 updates (#5509) 
Bumps the docker group with 2 updates: node and golang.


Updates `node` from `ae2f3d4` to `f6b9c31`

Updates `golang` from 1.23-bookworm to 1.24-bookworm

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
  dependency-group: docker
- dependency-name: golang
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 12:36:39 -05:00
dependabot[bot]
ce07a1ea9d
chore(deps): bump the go group across 1 directory with 44 updates (#5511) 
* chore(deps): bump the go group across 1 directory with 44 updates

Bumps the go group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.49.0` | `1.50.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.7` | `1.36.3` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.7` | `1.29.8` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.71.1` | `1.78.0` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset) | `1.20.0` | `1.21.0` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.4` | `0.21.7` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.5.0` | `1.6.0` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.11.0` | `3.12.0` |
| [github.com/docker/docker](https://github.com/docker/docker) | `27.4.1+incompatible` | `28.0.1+incompatible` |
| [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) | `1.32.3` | `1.32.4` |
| [github.com/exaring/otelpgx](https://github.com/exaring/otelpgx) | `0.8.0` | `0.9.0` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.0` | `5.2.1` |
| [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.6.0` | `0.7.0` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware) | `2.2.0` | `2.3.0` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.11` | `1.18.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.82` | `7.0.87` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.0.0` | `1.2.0` |
| [github.com/pomerium/envoy-custom](https://github.com/pomerium/envoy-custom) | `1.32.4-0.20250114182541-6f6d2147bea6` | `1.33.0` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.48.2` | `0.50.0` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.34.0` | `0.35.0` |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.57.0` | `0.59.0` |
| [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.57.0` | `0.59.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.34.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.214.0` | `0.223.0` |



Updates `cloud.google.com/go/storage` from 1.49.0 to 1.50.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.49.0...spanner/v1.50.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.32.7 to 1.36.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.7...v1.36.3)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.7 to 1.29.8
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.7...config/v1.29.8)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.71.1 to 1.78.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.71.1...service/s3/v1.78.0)

Updates `github.com/bits-and-blooms/bitset` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases)
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.20.0...v1.21.0)

Updates `github.com/caddyserver/certmagic` from 0.21.4 to 0.21.7
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.4...v0.21.7)

Updates `github.com/cloudflare/circl` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0)

Updates `github.com/coreos/go-oidc/v3` from 3.11.0 to 3.12.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0)

Updates `github.com/docker/docker` from 27.4.1+incompatible to 28.0.1+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.4.1...v28.0.1)

Updates `github.com/envoyproxy/go-control-plane/envoy` from 1.32.3 to 1.32.4
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](https://github.com/envoyproxy/go-control-plane/compare/envoy/v1.32.3...envoy/v1.32.4)

Updates `github.com/envoyproxy/protoc-gen-validate` from 1.1.0 to 1.2.1
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.1.0...v1.2.1)

Updates `github.com/exaring/otelpgx` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/exaring/otelpgx/releases)
- [Commits](https://github.com/exaring/otelpgx/compare/v0.8.0...v0.9.0)

Updates `github.com/go-chi/chi/v5` from 5.2.0 to 5.2.1
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1)

Updates `github.com/google/go-cmp` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0)

Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.2.0...v2.3.0)

Updates `github.com/klauspost/compress` from 1.17.11 to 1.18.0
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0)

Updates `github.com/minio/minio-go/v7` from 7.0.82 to 7.0.87
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.82...v7.0.87)

Updates `github.com/open-policy-agent/opa` from 1.0.0 to 1.2.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.0.0...v1.2.0)

Updates `github.com/pomerium/envoy-custom` from 1.32.4-0.20250114182541-6f6d2147bea6 to 1.33.0
- [Release notes](https://github.com/pomerium/envoy-custom/releases)
- [Commits](https://github.com/pomerium/envoy-custom/commits/v1.33.0)

Updates `github.com/prometheus/client_golang` from 1.20.5 to 1.21.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.5...v1.21.0)

Updates `github.com/prometheus/common` from 0.61.0 to 0.62.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.61.0...v0.62.0)

Updates `github.com/quic-go/quic-go` from 0.48.2 to 0.50.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.48.2...v0.50.0)

Updates `github.com/spf13/cobra` from 1.8.1 to 1.9.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)

Updates `github.com/testcontainers/testcontainers-go` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.34.0...v0.35.0)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.57.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.57.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.58.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.58.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.57.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.57.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.34.0)

Updates `go.opentelemetry.io/proto/otlp` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-proto-go/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-proto-go/compare/v1.4.0...v1.5.0)

Updates `golang.org/x/crypto` from 0.32.0 to 0.33.0
- [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.33.0)

Updates `golang.org/x/net` from 0.33.0 to 0.35.0
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.35.0)

Updates `golang.org/x/sync` from 0.10.0 to 0.11.0
- [Commits](https://github.com/golang/sync/compare/v0.10.0...v0.11.0)

Updates `golang.org/x/sys` from 0.29.0 to 0.30.0
- [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0)

Updates `golang.org/x/time` from 0.8.0 to 0.10.0
- [Commits](https://github.com/golang/time/compare/v0.8.0...v0.10.0)

Updates `google.golang.org/api` from 0.214.0 to 0.223.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.214.0...v0.223.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241209162323-e6fa225c2576 to 0.0.0-20250219182151-9fdb1cabc7b2
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.69.2 to 1.70.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.69.2...v1.70.0)

Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.5

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/exaring/otelpgx
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/pomerium/envoy-custom
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/propagators/autoprop
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/proto/otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix go.mod

* bump acmez

* bump docker build

* bump docker build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2025-03-05 12:31:24 -05:00
dependabot[bot]
4009fa2ea5
chore(deps): bump the github-actions group with 7 updates (#5510) 
* chore(deps): bump the github-actions group with 7 updates

Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.3.0` | `3.6.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.8.0` | `3.10.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.13.0` | `6.15.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `5.6.1` | `5.7.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.2.0` | `6.5.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.1.0` | `6.2.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` |


Updates `docker/setup-qemu-action` from 3.3.0 to 3.6.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](53851d1459...29109295f8)

Updates `docker/setup-buildx-action` from 3.8.0 to 3.10.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](6524bf65af...b5ca514318)

Updates `docker/build-push-action` from 6.13.0 to 6.15.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](ca877d9245...471d1dc4e0)

Updates `docker/metadata-action` from 5.6.1 to 5.7.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](369eb591f4...902fa8ec7d)

Updates `golangci/golangci-lint-action` from 6.2.0 to 6.5.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](ec5d18412c...2226d7cb06)

Updates `goreleaser/goreleaser-action` from 6.1.0 to 6.2.1
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v6.1.0...v6.2.1)

Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65c4c4a1dd...4cec3d8aa0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove run/deadline

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2025-03-03 14:10:07 -07:00
dependabot[bot]
d17e08696f
chore(deps): bump busybox from a5d0ce4 to 498a000 in /.github in the docker group (#5512) 
chore(deps): bump busybox in /.github in the docker group

Bumps the docker group in /.github with 1 update: busybox.


Updates `busybox` from `a5d0ce4` to `498a000`

---
updated-dependencies:
- dependency-name: busybox
  dependency-type: direct:production
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-03 13:52:10 -07:00
Nathan Hayfield
ef48f8a0cc
handle long names in the cards for route portal - ENG-2026 (#5514) 
handle long names in the cards for route portal
 2025-03-03 21:07:25 +01:00
Caleb Doxsey
6be4efd48b
remove benchmark ci (#5513) 2025-03-03 11:49:55 -07:00
Caleb Doxsey
fb06cd3c73
proxy: add short timeout for logo discovery (#5506) 2025-02-28 09:59:03 -07:00
dependabot[bot]
624c8f0cea
chore(deps-dev): bump esbuild from 0.21.1 to 0.25.0 in /ui (#5478) 
* chore(deps-dev): bump esbuild from 0.21.1 to 0.25.0 in /ui

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.21.1 to 0.25.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.1...v0.25.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade node

* use 22

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2025-02-27 13:39:44 -07:00
Caleb Doxsey
c280119498
policy: support emails from directory user (#5504) 2025-02-27 13:39:28 -07:00
dependabot[bot]
a70593c424
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 (#5496) 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.2 to 4.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.5)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-27 09:56:39 -07:00
dependabot[bot]
2393a5b79c
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#5505) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-27 09:17:24 -07:00
Caleb Doxsey
cb5ee48323
config: preserve existing user when creating sessions from idp token (#5502) 
* config: preserve existing user when creating sessions from idp token

* fix
 2025-02-27 09:05:31 -07:00
Caleb Doxsey
932db70d96
remove noisy logs (#5501) 2025-02-26 10:31:12 -07:00
Caleb Doxsey
1f30dead31
fileutil: reimplement file watcher (#5498) 
* remove context, add close

* update tests

* cleanup

* fileutil: reimplement file watcher

* remove test, simplify tree set code, fix data race
 2025-02-26 09:21:06 -07:00
Joe Kralicky
1b2618170d
get-envoy: allow downloading a specific os/arch (#5499) 2025-02-25 17:12:34 -05:00
Caleb Doxsey
a9e26b155d
identity: disable session refresh for idp token sessions, fix query cache invalidation (#5495) 2025-02-24 15:33:23 -07:00
Kenneth Jenkins
ff127e61f9
upgrade x/oauth2 from v0.24.0 to v0.27.0 (#5493) 2025-02-24 10:36:25 -08:00
Caleb Doxsey
7896ccda5c
support loading idp token sessions in the proxy service (#5488) 2025-02-24 11:09:51 -07:00
Caleb Doxsey
5960a6df96
add ppl string operators (#5490) 2025-02-24 08:25:14 -07:00
Caleb Doxsey
f15400493d
singleflight incoming idp token session creation (#5491) 2025-02-24 08:24:57 -07:00
Caleb Doxsey
4b95eda51e
netutil: improve port allocation (#5485) 2025-02-19 09:45:21 -07:00
Caleb Doxsey
fbd1f34110
fileutil: add directory helpers, atomic file writing (#5477) 2025-02-19 07:56:38 -07:00
Caleb Doxsey
b9fd926618
authorize: support authenticating with idp tokens (#5484) 
* identity: add support for verifying access and identity tokens

* allow overriding with policy option

* authenticate: add verify endpoints

* wip

* implement session creation

* add verify test

* implement idp token login

* fix tests

* add pr permission

* make session ids route-specific

* rename method

* add test

* add access token test

* test for newUserFromIDPClaims

* more tests

* make the session id per-idp

* use type for

* add test

* remove nil checks
 2025-02-18 13:02:06 -07:00
Caleb Doxsey
6e22b7a19a
proxy: fix connect command in routes portal (#5475) 2025-02-13 11:44:18 -07:00
Joe Kralicky
3043e98fab
Fix trace client update (#5480) 2025-02-12 19:47:17 -05:00