Note: This is a release candidate and should not be used for production deployments. Please see up to date documentation at https://master.docs.pomerium.io/
Changes
- authorize,proxy: allow traefik forward auth without uri query @cuonglm GH-1103
- grpc: use relative paths in codegen @desimone GH-1106
- authorize: add evaluator store @calebdoxsey GH-1105
- internal/frontend/assets/html: make timestamp human readable @cuonglm GH-1107
- config: add support for policies stored in the databroker @calebdoxsey GH-1099
- config: allow setting directory sync interval and timeout @cuonglm GH-1098
- ci: Add cloudrun build @travisgroth GH-1097
- internal/directory: improve google user groups list @cuonglm GH-1092
- options refactor @calebdoxsey GH-1088
- internal/directory: use both id and name for group @cuonglm GH-1086
- internal/directory/google: return both group e-mail and id @travisgroth GH-1083
- pkg/storage: add package docs @cuonglm GH-1078
- Add storage backend interface @cuonglm GH-1072
- authorize: clear session state if session was deleted in databroker @cuonglm GH-1053
- authorize: include "kid" in JWT header @cuonglm GH-1049
- audit: add protobuf definitions @calebdoxsey GH-1047
- internal/controlplane: set envoy prefix rewrite if present @cuonglm GH-1034
- pkg: add grpcutil package @calebdoxsey GH-1032
- cryptutil: move to pkg dir, add token generator @calebdoxsey GH-1029
New
- #1054 - Change config key parsing to attempt Base64 decoding first. @dmitrif GH-1055
- pomerium-cli k8s exec-credential @calebdoxsey GH-1073
- implement google cloud serverless authentication @calebdoxsey GH-1080
- kubernetes apiserver integration @calebdoxsey GH-1063
- use custom binary for arm64 linux release @calebdoxsey GH-1065
Fixed
- authorize: Force redirect scheme to https @travisgroth GH-1075
- proxy: fix wrong forward auth request @cuonglm GH-1030
- deployment: fix pomerium-cli release @desimone GH-1104
- cache: fix data race in NotifyJoin @cuonglm GH-1028
- authorize/evaluator/opa/policy: fix allow rules with impersonate @cuonglm GH-1094
- fix deep copy of config @calebdoxsey GH-1089
- proxy: fix invalid session after logout in forward auth mode @cuonglm GH-1062
- pkg/grpc: fix wrong audit protoc gen file @cuonglm GH-1048
- proxy: fix redirect url with traefik forward auth @cuonglm GH-1037
- authenticate: fix wrong SignIn telemetry name @cuonglm GH-1038
- ci: Prevent dirty git state @travisgroth GH-1117
Documentation
- docs: Cloud Run / GCP Serverless @travisgroth GH-1101
- docs: Move examples repo into main repo @travisgroth GH-1102
- kubernetes docs @calebdoxsey GH-1087
- docs/recipes: add local oidc example @cuonglm GH-1045
- docs/configuration: add doc for trailing slash limitation in "To" field @cuonglm GH-1040
- docs/docs: add changelog for #1055 @cuonglm GH-1084
Dependency
- chore(deps): update google.golang.org/genproto commit hash to 11fb19a @renovate GH-1109
- chore(deps): update module spf13/cobra to v1 @renovate GH-1111
- chore(deps): update module open-policy-agent/opa to v0.22.0 @renovate GH-1110
- chore(deps): update github.com/skratchdot/open-golang commit hash to eef8423 @renovate GH-1108
- chore(deps): update module google.golang.org/api to v0.29.0 @renovate GH-1060
- chore(deps): update module envoyproxy/go-control-plane to v0.9.6 @renovate GH-1059
- chore(deps): update golang.org/x/net commit hash to ab34263 @renovate GH-1057
- chore(deps): update google.golang.org/genproto commit hash to 8698661 @renovate GH-1058
- chore(deps): update golang.org/x/crypto commit hash to 948cd5f @renovate GH-1056
- chore(deps): update module open-policy-agent/opa to v0.21.1 @renovate GH-1061
- chore(deps): update google.golang.org/genproto commit hash to 8e8330b @renovate GH-1039
- chore(deps): update module google.golang.org/protobuf to v1.25.0 @renovate GH-1021