Joe Kralicky
d859e884c0
Add support for using the standard grpc env vars to control log severity and verbosity ( #5120 )
2024-05-31 14:06:38 -04:00
Joe Kralicky
de603f87de
Add new configurable bootstrap writers ( #2405 ) ( #5114 )
...
* Add new configurable bootstrap writers (#2405 )
This PR adds the ability to configure different backends to use for
storing modifications to the zero bootstrap config. The two currently
implemented backends allow writing changes to a file or to a Kubernetes
secret. Backend selection is determined by the scheme in a URI passed to
the flag '--config-writeback-uri'.
In a Kubernetes environment, where the bootstrap config is mounted into
the pod from a secret, this option allows Pomerium to write changes back
to the secret, as writes to the mounted secret file on disk are not
persisted.
* Use env vars for bootstrap config filepath/writeback uri
* linter pass and code cleanup
* Add new config writer options mechanism
This moves the encryption cipher parameter out of the WriteConfig()
method in the ConfigWriter interface and into a new ConfigWriterOptions
struct. Options (e.g. cipher) can be applied to an existing ConfigWriter
to allow customizing implementation-specific behavior.
* Code cleanup/lint fixes
* Move vendored k8s code into separate package, and add license header and package comment
2024-05-31 12:26:17 -04:00
Joe Kralicky
927f24e1ff
Envoy resource monitoring & overload manager configuration ( #5106 )
...
* Initial envoy cgroup resource monitor implementation
* Add cgroupv1 support; add metrics instrumentation
* Slight refactor for more efficient memory limit detection
Instead of reading memory.max/limit_in_bytes on every tick, we
read it once, then again only when it is modified.
To support this change, logic for computing the saturation was moved out
of the cgroup driver and into the resource monitor, and the driver
interface now has separate methods for reading memory usage and limit.
* Code cleanup/lint fixes
* Add platform build tags
* Add unit tests
* Fix lint issues
* Add runtime flag to allow disabling resource monitor
* Clamp saturation values to the range [0.0, 1.0]
* Switch to x/sys/unix; handle inotify IN_IGNORED events
2024-05-28 16:57:09 -04:00
Joe Kralicky
aa3b790601
Ensure k3s runs as pid 1 in docker
...
This fixes the k3s entrypoint script in the docker compose integration
tests to ensure k3s runs as pid 1. This is required when running k3s in
docker if the host is using cgroup2.
2024-05-28 15:26:32 -04:00
Denis Mishin
8269a723ec
health-checks: zero route availability improvements ( #5111 )
2024-05-17 16:47:27 -04:00
Nathan Hayfield
adb5f781a6
adds upstream error page ( #5113 )
...
* adds upstream error page
* help docs in new tab
2024-05-14 18:23:24 +02:00
Caleb Doxsey
568e99fdd4
core/envoy: exclude unauthorized access from local replies ( #5108 )
...
* core/envoy: exclude unauthorized access from local replies
* fix test
2024-05-09 11:09:38 -06:00
Caleb Doxsey
ab388211f2
core/ui: improve frontend build size ( #5109 )
...
* core/ui: improve frontend build size
* remove luxon
* add lodash
* remove console.log
* only generate sourcemap when watching
2024-05-09 07:10:00 -06:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration ( #5105 )
2024-05-07 16:45:39 -06:00
Denis Mishin
4031f4a962
health-check: building config from databroker source ( #5104 )
2024-05-06 14:47:20 -04:00
Kenneth Jenkins
b1feff5d56
envoy: preserve Go's max file limit for Envoy ( #5102 )
...
Go raises the "max open files" soft limit to match the hard limit for
itself, but has special logic to reset the original soft limit before
forking a child process. This logic does not apply if the file limit is
set explicitly. Add a pair of Getrlimit / Setrlimit calls so that we
(1) preserve the default Go limit behavior for ourselves, and
(2) keep these same limits when launching Envoy.
2024-05-03 17:15:59 -07:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any ( #5099 )
...
* core/lint: upgrade golangci-lint, replace interface{} with any
* regen proto
2024-05-02 14:33:52 -06:00
Denis Mishin
614048ae9c
health-checks: add route reachability ( #5093 )
...
* health-checks: add route reachability
* rm tls check bypass
2024-05-02 13:31:48 -04:00
Caleb Doxsey
a95423b310
core/identity: refactor identity manager ( #5091 )
...
* core/identity: add data store for thread-safe storage of sessions and users
* wip
* add test
* wip
* clean up context
* fix nil session error
* add stop message
* remove log
* use origin context
* use base context for manager calls
* use manager context for syncers too
* add runtime flag
* rename legacy lease
* add comment
* use NotSame
* add comment
* Update internal/identity/manager/manager.go
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
* lint
---------
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
2024-05-02 10:27:06 -06:00
Denis Mishin
e30d90206d
log/grpc: use standard logger ( #5096 )
...
* log/grpc: use standard logger
* fix levels and tests
* set default info level in main.go
* fix level check
2024-05-01 15:01:22 -04:00
dependabot[bot]
506642f88c
chore(deps): bump the github-actions group with 5 updates ( #5094 )
...
Bumps the github-actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.1.2` | `4.1.4` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.2.0` | `3.3.0` |
| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) | `5.0.0` | `5.0.1` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) | `4.0.0` | `5.1.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.1` | `4.3.3` |
Updates `actions/checkout` from 4.1.2 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...0ad4b8fadahttps://github.com/docker/setup-buildx-action/releases )
- [Commits](2b51285047...d70bba72b1https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](8756aa072e...8621497c8chttps://github.com/golangci/golangci-lint-action/releases )
- [Commits](3cfe3a4abb...9d1e0624a7https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fd
2024-05-01 12:01:57 -06:00
dependabot[bot]
5df08680ae
chore(deps): bump the go group with 29 updates ( #5097 )
...
Bumps the go group with 29 updates:
| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.10` | `1.27.11` |
| [github.com/cespare/xxhash/v2](https://github.com/cespare/xxhash ) | `2.2.0` | `2.3.0` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) | `1.3.7` | `1.3.8` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `26.0.2+incompatible` | `26.1.1+incompatible` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress ) | `1.17.7` | `1.17.8` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) | `7.0.69` | `7.0.70` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.63.0` | `0.64.1` |
| [github.com/openzipkin/zipkin-go](https://github.com/openzipkin/zipkin-go ) | `0.4.2` | `0.4.3` |
| [github.com/prometheus/client_model](https://github.com/prometheus/client_model ) | `0.6.0` | `0.6.1` |
| [github.com/prometheus/common](https://github.com/prometheus/common ) | `0.51.1` | `0.53.0` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs ) | `0.13.0` | `0.14.0` |
| [github.com/rs/cors](https://github.com/rs/cors ) | `1.10.1` | `1.11.0` |
| [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil ) | `3.24.3` | `3.24.4` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ) | `1.25.0` | `1.26.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.24.0` | `1.26.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go ) | `1.25.0` | `1.26.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.21.0` | `1.26.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.25.0` | `1.26.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) | `1.25.0` | `1.26.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.24.0` | `1.26.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go ) | `1.25.0` | `1.26.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto ) | `0.21.0` | `0.22.0` |
| [golang.org/x/net](https://github.com/golang/net ) | `0.23.0` | `0.24.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2 ) | `0.18.0` | `0.19.0` |
| [golang.org/x/sync](https://github.com/golang/sync ) | `0.6.0` | `0.7.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) | `0.170.0` | `0.177.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto ) | `0.0.0-20240311132316-a219d84964c2` | `0.0.0-20240429193739-8cf5692501f6` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go ) | `1.62.1` | `1.63.2` |
| google.golang.org/protobuf | `1.33.0` | `1.34.0` |
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.10 to 1.27.11
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.10...config/v1.27.11 )
Updates `github.com/cespare/xxhash/v2` from 2.2.0 to 2.3.0
- [Commits](https://github.com/cespare/xxhash/compare/v2.2.0...v2.3.0 )
Updates `github.com/cloudflare/circl` from 1.3.7 to 1.3.8
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.7...v1.3.8 )
Updates `github.com/docker/docker` from 26.0.2+incompatible to 26.1.1+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.0.2...v26.1.1 )
Updates `github.com/klauspost/compress` from 1.17.7 to 1.17.8
- [Release notes](https://github.com/klauspost/compress/releases )
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml )
- [Commits](https://github.com/klauspost/compress/compare/v1.17.7...v1.17.8 )
Updates `github.com/minio/minio-go/v7` from 7.0.69 to 7.0.70
- [Release notes](https://github.com/minio/minio-go/releases )
- [Commits](https://github.com/minio/minio-go/compare/v7.0.69...v7.0.70 )
Updates `github.com/open-policy-agent/opa` from 0.63.0 to 0.64.1
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.63.0...v0.64.1 )
Updates `github.com/openzipkin/zipkin-go` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/openzipkin/zipkin-go/releases )
- [Commits](https://github.com/openzipkin/zipkin-go/compare/v0.4.2...v0.4.3 )
Updates `github.com/prometheus/client_model` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/prometheus/client_model/releases )
- [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1 )
Updates `github.com/prometheus/common` from 0.51.1 to 0.53.0
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.51.1...v0.53.0 )
Updates `github.com/prometheus/procfs` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/prometheus/procfs/releases )
- [Commits](https://github.com/prometheus/procfs/compare/v0.13.0...v0.14.0 )
Updates `github.com/rs/cors` from 1.10.1 to 1.11.0
- [Commits](https://github.com/rs/cors/compare/v1.10.1...v1.11.0 )
Updates `github.com/shirou/gopsutil/v3` from 3.24.3 to 3.24.4
- [Release notes](https://github.com/shirou/gopsutil/releases )
- [Commits](https://github.com/shirou/gopsutil/compare/v3.24.3...v3.24.4 )
Updates `go.opentelemetry.io/otel` from 1.25.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.24.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.25.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.21.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/metric` from 1.25.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/sdk` from 1.25.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/sdk/metric` from 1.24.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
Updates `go.opentelemetry.io/otel/trace` from 1.25.0 to 1.26.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 )
Updates `golang.org/x/crypto` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0 )
Updates `golang.org/x/net` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.24.0 )
Updates `golang.org/x/oauth2` from 0.18.0 to 0.19.0
- [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0 )
Updates `golang.org/x/sync` from 0.6.0 to 0.7.0
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0 )
Updates `google.golang.org/api` from 0.170.0 to 0.177.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.170.0...v0.177.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240311132316-a219d84964c2 to 0.0.0-20240429193739-8cf5692501f6
- [Commits](https://github.com/googleapis/go-genproto/commits )
Updates `google.golang.org/grpc` from 1.62.1 to 1.63.2
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.63.2 )
Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.0
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/cespare/xxhash/v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/cloudflare/circl
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/klauspost/compress
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/openzipkin/zipkin-go
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/prometheus/client_model
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/prometheus/procfs
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/rs/cors
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/shirou/gopsutil/v3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01 12:01:37 -06:00
dependabot[bot]
efb0418994
chore(deps): bump the docker group with 3 updates ( #5098 )
...
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.
Updates `node` from `bf0ef06` to `3864be2`
Updates `golang` from `3c7ad81` to `d0902ba`
Updates `distroless/base-debian12` from `e0cc8fa` to `c7852ef`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01 11:57:58 -06:00
dependabot[bot]
d20cc8c57a
chore(deps): bump the docker group in /.github with 3 updates ( #5095 )
...
Bumps the docker group in /.github with 3 updates: busybox, distroless/base and distroless/base-debian12.
Updates `busybox` from `c3839dd` to `6776a33`
Updates `distroless/base` from `2808521` to `d8d01e2`
Updates `distroless/base-debian12` from `28a7f1f` to `d8d01e2`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01 10:29:41 -06:00
Caleb Doxsey
8b3a79152b
core/kubernetes: fix impersonate group header ( #5090 )
...
* core/kubernetes: fix impersonate group header
* formatting
2024-04-26 15:26:41 -06:00
Caleb Doxsey
99a5dbd65b
core/identity: add enabler ( #5084 )
...
* core/identity: add disabler
* enable by default
* add name
* rename to enabler, use mutex instead of goroutine
* rename method, add comments
2024-04-26 15:05:22 -06:00
Kenneth Jenkins
a518435c17
chore(deps): update UI dependencies ( #5088 )
...
Run `yarn upgrade-interactive` to update UI dependencies:
dependencies
name range from to
@babel/core ^7.0.0 7.17.0 ❯ 7.24.4
@emotion/react ^11.7.1 11.7.1 ❯ 11.11.4
@emotion/styled ^11.11.0 11.11.0 ❯ 11.11.5
@fontsource/dm-mono ^5.0.14 5.0.14 ❯ 5.0.20
@fontsource/dm-sans ^5.0.13 5.0.13 ❯ 5.0.21
@mui/icons-material ^5.14.9 5.14.9 ❯ 5.15.15
@mui/material ^5.4.0 5.4.0 ❯ 5.15.15
markdown-to-jsx ^7.2.1 7.2.1 ❯ 7.4.7
devDependencies
name range from to
@types/luxon ^2.0.9 2.0.9 ❯ 2.4.0
@types/node ^17.0.14 17.0.14 ❯ 17.0.45
@types/react ^17.0.34 17.0.38 ❯ 17.0.80
@types/react-dom ^17.0.11 17.0.11 ❯ 17.0.25
@typescript-eslint/eslint-plugin ^5.10.2 5.10.2 ❯ 5.62.0
@typescript-eslint/parser ^5.59.11 5.59.11 ❯ 5.62.0
eslint-config-prettier ^8.3.0 8.3.0 ❯ 8.10.0
eslint-plugin-react ^7.28.0 7.28.0 ❯ 7.34.1
prettier ^2.4.1 2.5.1 ❯ 2.8.8
ts-node ^10.9.1 10.9.1 ❯ 10.9.2
typescript ^5.1.3 5.1.3 ❯ 5.4.5
2024-04-26 12:32:18 -07:00
Kenneth Jenkins
a3149363a6
envoyconfig: address strconv.Atoi warnings ( #5076 )
...
Replace Atoi() calls with ParseUint(), and update the buildAddress()
defaultPort parameter to be a uint32. (A uint16 would arguably make more
sense for a port number, but uint32 matches the Envoy proto field.)
Delete a ParseAddress() method that appears to be unused.
2024-04-26 09:38:41 -07:00
Denis Mishin
df67fb7086
connect: add health check ( #5086 )
2024-04-26 11:56:36 -04:00
Caleb Doxsey
5373e25ac4
core/config: add support for stripping the port for matching routes ( #5085 )
...
* core/config: add support for stripping the port for matching routes
* fix test
* rename option, improve port detection
* add more test cases
2024-04-26 08:24:46 -06:00
Kenneth Jenkins
498c3aa108
config: add support for TCP proxy chaining ( #5053 )
...
Add a distinction between TCP routes depending on whether the To URL(s)
have the scheme tcp://. For routes with a TCP upstream, configure Envoy
to terminate CONNECT requests and open a TCP tunnel to the upstream
service (this is the current behavior). For routes without a TCP
upstream, configure Envoy to proxy CONNECT requests to the upstream.
This new mode can allow an upstream proxy server to terminate a CONNECT
request and open its own TCP tunnel to the final destination server.
(Note that this will typically require setting the preserve_host_header
option as well.)
Note that this requires Envoy 1.30 or later.
2024-04-24 16:35:18 -07:00
Kenneth Jenkins
05e077fe04
envoy: migrate deprecated overload setting ( #5082 )
...
Migrate from overload.global_downstream_max_connections to the suggested
envoy.resource_monitors.global_downstream_max_connections replacement.
2024-04-22 18:53:24 -07:00
Kenneth Jenkins
cc0a989cc0
envoy: upgrade to v1.30.1 ( #5080 )
2024-04-22 12:05:37 -07:00
Denis Mishin
08eb255bbf
health-check: add storage health check ( #5074 )
2024-04-19 13:10:33 -04:00
Denis Mishin
2da4801d3a
zero: add user-agent to requests ( #5078 )
2024-04-19 11:33:43 -04:00
dependabot[bot]
86c82c0374
chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 ( #5077 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 10:45:03 -04:00
dependabot[bot]
ca0d6c8c39
chore(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.2+incompatible ( #5075 )
...
chore(deps): bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.0.0+incompatible to 26.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.0.0...v26.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-18 15:05:17 -07:00
Caleb Doxsey
494dc4accc
core/envoy: format envoy local replies ( #5067 )
2024-04-18 09:22:15 -06:00
Caleb Doxsey
fab2181be4
core/mock: switch to uber mock ( #5073 )
...
* core/mock: switch to uber mock
* merge main
2024-04-16 12:23:00 -06:00
Denis Mishin
deb6f67094
healthcheck: only report transitions ( #5068 )
2024-04-16 13:15:18 -04:00
Kenneth Jenkins
1aa062b37b
update README: link to Contributing page ( #5072 )
...
Remove the inline integration test instructions in favor of a link to
the Contributing page on the documentation site. Remove some unused link
definitions and update the godoc.org link to use pkg.go.dev instead.
2024-04-15 14:03:38 -07:00
Caleb Doxsey
f03b1cd9ff
core/envoy: only enable port reuse on linux ( #5066 )
...
* core/envoy: only enable port reuse on linux
* fix alert
2024-04-11 16:19:20 -06:00
Caleb Doxsey
ed378af744
core/zero: lower log level ( #5065 )
2024-04-11 15:31:25 -06:00
Denis Mishin
dc7820ea3e
zero/healthchecks: add checks for ability to save bootstrap parameter and bundle status reporting ( #5064 )
2024-04-11 10:47:52 -04:00
Kenneth Jenkins
25aceea626
go.mod: update to a valid go version ( #5061 )
2024-04-10 14:10:58 -07:00
Kenneth Jenkins
cc0d855843
update dev Dockerfiles to use Go 1.22.2 ( #5063 )
2024-04-10 13:32:05 -07:00
Caleb Doxsey
322e11e60d
core/config: disable gRPC ingress when address is the empty string ( #5058 )
...
* core/config: disable gRPC ingress when address is the empty string
* add test
* typo
2024-04-10 13:53:08 -06:00
Caleb Doxsey
5f800300a4
core/authenticate: redirect to /.pomerium/signed_out when no signout redirect url is defined ( #5060 )
2024-04-10 13:39:07 -06:00
Denis Mishin
991fca496c
healthcheck: add common package, zero reporter and first xds check ( #5059 )
2024-04-10 15:21:39 -04:00
dependabot[bot]
5af244f0e5
chore(deps): bump @babel/traverse from 7.16.10 to 7.23.2 in /ui ( #5055 )
...
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse ) from 7.16.10 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse )
---
updated-dependencies:
- dependency-name: "@babel/traverse"
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-05 14:26:26 -06:00
Denis Mishin
fbddb43d7f
envoy: upgrade to v1.29.3 ( #5056 )
2024-04-05 15:32:49 -04:00
Kenneth Jenkins
e9b6298cb5
chore(deps): bump @trivago/prettier-plugin-sort-imports from 2.0.4 to 4.3.0 ( #5054 )
...
This should resolve a security vulnerability alert on the transitive
dependency @babel/traverse.
2024-04-05 12:21:41 -07:00
Denis Mishin
e7b3d3b6e9
config: add runtime flags ( #5050 )
2024-04-04 17:51:04 -04:00
dependabot[bot]
be9bfd9c3f
chore(deps): bump the go group with 15 updates ( #5048 )
...
* chore(deps): bump the go group with 15 updates
Bumps the go group with 15 updates:
| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) | `1.39.0` | `1.40.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) | `1.25.3` | `1.26.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.27.7` | `1.27.10` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) | `1.51.4` | `1.53.1` |
| [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff ) | `4.2.1` | `4.3.0` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc ) | `3.9.0` | `3.10.0` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `25.0.5+incompatible` | `26.0.0+incompatible` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware ) | `2.0.1` | `2.1.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx ) | `5.5.4` | `5.5.5` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) | `7.0.68` | `7.0.69` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.62.1` | `0.63.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common ) | `0.50.0` | `0.51.1` |
| [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil ) | `3.24.2` | `3.24.3` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) | `0.169.0` | `0.170.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto ) | `0.0.0-20240304161311-37d4d3c04a78` | `0.0.0-20240311132316-a219d84964c2` |
Updates `cloud.google.com/go/storage` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.39.0...spanner/v1.40.0 )
Updates `github.com/aws/aws-sdk-go-v2` from 1.25.3 to 1.26.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.25.3...v1.26.1 )
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.7 to 1.27.10
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.7...config/v1.27.10 )
Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.51.4 to 1.53.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.51.4...service/s3/v1.53.1 )
Updates `github.com/cenkalti/backoff/v4` from 4.2.1 to 4.3.0
- [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0 )
Updates `github.com/coreos/go-oidc/v3` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/coreos/go-oidc/releases )
- [Commits](https://github.com/coreos/go-oidc/compare/v3.9.0...v3.10.0 )
Updates `github.com/docker/docker` from 25.0.5+incompatible to 26.0.0+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.5...v26.0.0 )
Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.0.1 to 2.1.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases )
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.0.1...v2.1.0 )
Updates `github.com/jackc/pgx/v5` from 5.5.4 to 5.5.5
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jackc/pgx/compare/v5.5.4...v5.5.5 )
Updates `github.com/minio/minio-go/v7` from 7.0.68 to 7.0.69
- [Release notes](https://github.com/minio/minio-go/releases )
- [Commits](https://github.com/minio/minio-go/compare/v7.0.68...v7.0.69 )
Updates `github.com/open-policy-agent/opa` from 0.62.1 to 0.63.0
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.62.1...v0.63.0 )
Updates `github.com/prometheus/common` from 0.50.0 to 0.51.1
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.50.0...v0.51.1 )
Updates `github.com/shirou/gopsutil/v3` from 3.24.2 to 3.24.3
- [Release notes](https://github.com/shirou/gopsutil/releases )
- [Commits](https://github.com/shirou/gopsutil/compare/v3.24.2...v3.24.3 )
Updates `google.golang.org/api` from 0.169.0 to 0.170.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.169.0...v0.170.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240304161311-37d4d3c04a78 to 0.0.0-20240311132316-a219d84964c2
- [Commits](https://github.com/googleapis/go-genproto/commits )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/cenkalti/backoff/v4
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/coreos/go-oidc/v3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/shirou/gopsutil/v3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix list call
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2024-04-01 15:53:46 -06:00
Caleb Doxsey
84b44ae2e6
core/authorize: add support for rego print statements ( #5049 )
2024-04-01 14:17:14 -06:00
