pomerium/pomerium v0.16.0

on GitHub

Full Changelog

Breaking

• identity: only assign access\_type uri params to google. #2782 (@desimone)
• tls: fallback to self-signed certificate #2760 (@calebdoxsey)
• github: use GraphQL API to reduce number of API calls for directory sync #2715 (@calebdoxsey)

New

• more idp metrics #2842 (@wasaga)
• devices: add experimental icon #2836 (@calebdoxsey)
• devices: switch "default" device type to two built-in default device types #2835 (@calebdoxsey)
• dashboard: improve display of device credentials, allow deletion #2829 (@calebdoxsey)
• ppl: add support for http_path and http_method #2813 (@calebdoxsey)
• config: add internal service URLs #2801 (@calebdoxsey)
• envoy: add hash policy and routing key for hash-based load balancers #2791 (@calebdoxsey)
• authorize: support X-Pomerium-Authorization in addition to Authorization #2780 (@calebdoxsey)
• envoy: treat configuration errors as fatal #2777 (@calebdoxsey)
• envoy: add support for bind_config bootstrap options #2772 (@calebdoxsey)
• authenticate: redirect / to /.pomerium/ #2770 (@calebdoxsey)
• device: add type id and credential id to enrollment for easier referencing #2749 (@calebdoxsey)
• databroker: add additional log for config source #2718 (@calebdoxsey)
• grpc: remove peer field from logs #2712 (@calebdoxsey)
• desktop client api #2711 (@wasaga)
• telemetry: improve zipkin error logs #2710 (@calebdoxsey)
• authorize: add support for webauthn device policy enforcement #2700 (@calebdoxsey)
• webauthn: update session to support device credentials per type #2699 (@calebdoxsey)
• ppl: add support for additional data #2696 (@calebdoxsey)
• Add additional ACME CA (autocert) options #2695 (@hslatman)
• skip configuration updates to the most recent one #2690 (@wasaga)
• authenticate: add support for webauthn #2688 (@calebdoxsey)
• webauthnutil: add helpers for webauthn #2686 (@calebdoxsey)
• devices: add device protobuf types #2682 (@calebdoxsey)
• cryptutil: add SecureToken #2681 (@calebdoxsey)
• config/envoyconfig: better duplicate message #2661 (@desimone)
• pomerium-cli: add support for a custom browser command #2617 (@calebdoxsey)
• ppl: pass contextual information through policy #2612 (@calebdoxsey)
• add description to service accounts #2611 (@nhayfield)
• DOCS: Add copy button to code snippets #2597 (@alexfornuto)
• pomerium-cli: use cache dir instead of config dir #2588 (@calebdoxsey)
• cli: update tcp log output format #2586 (@travisgroth)
• directory: implement exponential backoff for refresh #2570 (@calebdoxsey)
• google: support provider URL #2567 (@calebdoxsey)
• config: remove signature_key_algorithm #2557 (@calebdoxsey)
• allow pomerium to start without certs #2555 (@wasaga)
• integration: kubernetes support #2536 (@calebdoxsey)
• integration: nginx #2532 (@calebdoxsey)
• integration: add traefik tests #2530 (@calebdoxsey)
• envoy: remove deprecated access_log_path #2523 (@calebdoxsey)
• config: remove headers #2522 (@calebdoxsey)
• integration: add multi test #2519 (@calebdoxsey)
• Remove api from GitLab defaultScope #2518 (@alexfornuto)
• integration: add single-cluster integration tests #2516 (@calebdoxsey)
• integration: remove tests #2514 (@calebdoxsey)
• github: support provider URL #2490 (@calebdoxsey)
• protoutil: add NewAny method for deterministic serialization #2462 (@calebdoxsey)
• fix go get, improve redis test #2450 (@calebdoxsey)
• all: remove unused handler code #2439 (@desimone)

Security

• identity: fix user refresh #2724 (@calebdoxsey)
• deps: update envoy to 1.19.1 #2526 (@travisgroth)

Fixed

• config: allow specifying auto codec type in all-in-one mode #2846 (@calebdoxsey)
• dashboard: add confirmation dialog, fix button in firefox #2841 (@calebdoxsey)
• fix: Fixed return description error #2825 (@cfanbo)
• internal/telemetry: fix grpc server metrics #2811 (@travisgroth)
• Fix IdP client metrics #2810 (@travisgroth)
• envoyconfig: fix tls_downstream_client_ca for non-standard ports #2802 (@calebdoxsey)
• config: detect changes to the kubernetes service account token file #2767 (@calebdoxsey)
• deps: update goreleaser #2757 (@travisgroth)

Documentation

• add docs for ingress regex path #2822 (@wasaga)
• fix typo in docs #2819 (@wasaga)
• DOCS: add Grafana to Guides index #2808 (@alexfornuto)
• DOCS: Fix indentation in API doc #2798 (@alexfornuto)
• DOCS: Create Consolidated Troubleshooting Guide and Replace FAQ #2797 (@alexfornuto)
• docs: update pomerium-cli location #2790 (@travisgroth)
• Document Pomerium Policy Language #2789 (@backport-actions-token[bot])
• Copy edit to changelog entry #2786 (@alexfornuto)
• Document Pomerium Policy Language #2784 (@alexfornuto)
• Remove forward_auth_url from Enterprise #2779 (@alexfornuto)
• Docs: Update Kubernetes Dashboard Guide #2759 (@alexfornuto)
• Docs: Update Securing Kubernetes Guide #2758 (@alexfornuto)
• Docs: Add spdy annotation #2747 (@alexfornuto)
• Docs: Update JWT Verification Guide #2746 (@alexfornuto)
• Docs: Add Grafana Integration Guide #2742 (@alexfornuto)
• Docs: Update Traefik Example Headers #2732 (@alexfornuto)
• Docs: Reference gRPC API Docs #2717 (@alexfornuto)
• Minor fix in routes documentation #2714 (@Kerwood)
• Docs: Update Community Page #2713 (@cmo-pomerium)
• Update architecture.md #2701 (@cmo-pomerium)
• Update create TLS command to quote strings. #2694 (@FutureMatt)
• Docs: Correct Claim Example #2689 (@alexfornuto)
• Fix typo in docs #2683 (@nihaals)
• Fixed 'kubtctl' typo on releases page #2673 (@ChaosInTheCRD)
• add service account redirects #2664 (@alexfornuto)
• DOCS: Standardize Relative Links #2651 (@alexfornuto)
• Docs: cross-reference links between concepts and reference #2648 (@alexfornuto)
• adjust sidebarDepths and document Desktop Client releases #2645 (@backport-actions-token[bot])
• typo #2644 (@alexfornuto)
• adjust sidebarDepths and document Desktop Client releases #2643 (@alexfornuto)
• DOCS: CORS preflight in console #2642 (@alexfornuto)
• DOCS: Collapse IDP Header #2641 (@alexfornuto)
• docs: remove extra word / updated docs link #2638 (@cmo-pomerium)
• Docs: Batch Updates #2628 (@alexfornuto)
• Refresh and Update TCP documentation #2627 (@alexfornuto)
• DOC: Copy edits to Okta IdP doc. #2623 (@alexfornuto)
• Docs/batch link fixes #2621 (@alexfornuto)
• Add redirect for installation #2618 (@alexfornuto)
• Add docs team as a code owner of packages.json #2605 (@alexfornuto)
• Update CODEOWNERS #2603 (@alexfornuto)
• DOCS: Update Enterprise Reference Docs #2599 (@alexfornuto)
• Document Enterprise API #2595 (@alexfornuto)
• docs: rename updated icon image #2582 (@travisgroth)
• docs: add updated icon asset #2580 (@travisgroth)
• Document recovery token generation #2579 (@alexfornuto)
• New Topic Page: Original Request Context #2569 (@alexfornuto)
• docs: enterprise console v0.15.2 changelog #2564 (@travisgroth)
• TCP Client Doc #2561 (@alexfornuto)
• Docs: Fix merged PR #2546 (@alexfornuto)
• docs: enterprise v0.15.1 changelog #2542 (@travisgroth)
• Update Ping Identity IdP #2537 (@alexfornuto)
• update OneLogin IdP doc #2533 (@alexfornuto)
• Update GitLab IdP doc #2520 (@alexfornuto)
• update GitHub IdP doc #2503 (@alexfornuto)
• Update AWS cognito IdP doc #2498 (@alexfornuto)
• Update Azure IdP Doc #2497 (@alexfornuto)
• Auth0 Doc Refresh #2494 (@alexfornuto)
• Update IdP Overview Page #2493 (@alexfornuto)
• Update Okta IdP doc #2491 (@alexfornuto)
• adjust comment blocking #2488 (@alexfornuto)
• document binding service to 443 #2487 (@alexfornuto)
• docs: use generic email #2484 (@alexfornuto)
• Update Docker Quickstart #2482 (@alexfornuto)
• Wrap mkcert command in quotes #2481 (@alexfornuto)
• Updates to Enterprise Quickstart instructions #2480 (@alexfornuto)
• wrap header example values as inline code. #2474 (@alexfornuto)
• docs: clarify custom request header limitations #2471 (@desimone)
• Update Helm Instructions #2467 (@alexfornuto)
• docs: update enterprise helm instructions to use main repo #2463 (@travisgroth)
• Document tracing sample rate in console #2461 (@alexfornuto)
• Document moving routes #2460 (@alexfornuto)
• Enterprise Upgrade & Changelog Pages #2453 (@alexfornuto)
• docs: update codeowners #2451 (@travisgroth)
• Update binary install doc #2447 (@alexfornuto)
• docs: update branding, concepts #2445 (@desimone)
• specify expected audience in Console config #2442 (@alexfornuto)
• docs: update default version to v0.15 #2437 (@travisgroth)
• docs: update branding #2435 (@desimone)

Dependency

• chore(deps): bump google.golang.org/api from 0.62.0 to 0.63.0 #2834 (@dependabot[bot])
• chore(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 #2833 (@dependabot[bot])
• chore(deps): bump github.com/spf13/viper from 1.10.0 to 1.10.1 #2832 (@dependabot[bot])
• chore(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 #2831 (@dependabot[bot])
• chore(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible #2817 (@dependabot[bot])
• chore(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.0 #2816 (@dependabot[bot])
• dev build support for darwin-arm64 from envoy tip #2815 (@wasaga)
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 #2807 (@dependabot[bot])
• chore(deps): bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 #2806 (@dependabot[bot])
• chore(deps): bump google.golang.org/api from 0.60.0 to 0.61.0 #2805 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.34.2 to 0.35.0 #2804 (@dependabot[bot])
• chore(deps): bump mikefarah/yq from 4.15.1 to 4.16.1 #2803 (@dependabot[bot])
• chore(deps): bump github.com/ory/dockertest/v3 from 3.8.0 to 3.8.1 #2785 (@dependabot[bot])
• chore(deps): bump mikefarah/yq from 4.14.2 to 4.15.1 #2783 (@dependabot[bot])
• chore(deps): bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible #2776 (@dependabot[bot])
• chore(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3 #2775 (@dependabot[bot])
• chore(deps): bump mikefarah/yq from 4.6.3 to 4.14.2 #2774 (@dependabot[bot])
• chore(deps): bump github.com/caddyserver/certmagic from 0.15.1 to 0.15.2 #2769 (@dependabot[bot])
• chore(deps): bump github.com/cenkalti/backoff/v4 from 4.1.1 to 4.1.2 #2768 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.34.1 to 0.34.2 #2765 (@dependabot[bot])
• chore(deps): bump github.com/mholt/acmez from 1.0.0 to 1.0.1 #2764 (@dependabot[bot])
• chore(deps): bump gopkg.in/auth0.v5 from 5.21.0 to 5.21.1 #2763 (@dependabot[bot])
• chore(deps): bump github.com/golangci/golangci-lint from 1.42.1 to 1.43.0 #2756 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.34.0 to 0.34.1 #2755 (@dependabot[bot])
• chore(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0 #2754 (@dependabot[bot])
• chore(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0 #2753 (@dependabot[bot])
• chore(deps): bump gopkg.in/auth0.v5 from 5.20.0 to 5.21.0 #2752 (@dependabot[bot])
• dependencies: vendor base58, remove shortuuid #2739 (@calebdoxsey)
• chore(deps): bump google.golang.org/api from 0.58.0 to 0.60.0 #2737 (@dependabot[bot])
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 #2736 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 #2735 (@dependabot[bot])
• chore(deps): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 #2734 (@dependabot[bot])
• chore(deps): bump github.com/prometheus/common from 0.31.1 to 0.32.1 #2706 (@dependabot[bot])
• chore(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible #2705 (@dependabot[bot])
• chore(deps): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 #2704 (@dependabot[bot])
• chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 #2703 (@dependabot[bot])
• chore(deps): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 #2685 (@dependabot[bot])
• chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 #2672 (@dependabot[bot])
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 #2671 (@dependabot[bot])
• chore(deps): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible #2670 (@dependabot[bot])
• chore(deps): bump google.golang.org/api from 0.57.0 to 0.58.0 #2660 (@dependabot[bot])
• chore(deps): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 #2659 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 #2658 (@dependabot[bot])
• chore(deps): bump github.com/prometheus/common from 0.31.0 to 0.31.1 #2656 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 #2633 (@dependabot[bot])
• chore(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 #2632 (@dependabot[bot])
• chore(deps): bump github.com/prometheus/common from 0.30.0 to 0.31.0 #2631 (@dependabot[bot])
• chore(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 #2630 (@dependabot[bot])
• chore(deps): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 #2629 (@dependabot[bot])
• chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 #2616 (@dependabot[bot])
• chore(deps): bump google.golang.org/api from 0.56.0 to 0.57.0 #2615 (@dependabot[bot])
• chore(deps): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 #2614 (@dependabot[bot])
• bump protoc-validate #2606 (@wasaga)
• chore(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 #2592 (@dependabot[bot])
• chore(deps): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 #2591 (@dependabot[bot])
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 #2577 (@dependabot[bot])
• chore(deps): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 #2576 (@dependabot[bot])
• chore(deps): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 #2575 (@dependabot[bot])
• chore(deps): bump google.golang.org/api from 0.54.0 to 0.56.0 #2574 (@dependabot[bot])
• chore(deps): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 #2573 (@dependabot[bot])
• chore(deps): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 #2554 (@dependabot[bot])
• chore(deps): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 #2553 (@dependabot[bot])
• chore(deps): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 #2552 (@dependabot[bot])
• chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible #2551 (@dependabot[bot])
• chore(deps): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 #2550 (@dependabot[bot])
• chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 #2549 (@dependabot[bot])
• chore(deps): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 #2548 (@dependabot[bot])
• chore(deps): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 #2512 (@dependabot[bot])
• chore(deps): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 #2511 (@dependabot[bot])
• chore(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 #2510 (@dependabot[bot])
• ci: use go 1.17.x #2492 (@desimone)
• chore(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 #2478 (@dependabot[bot])
• chore(deps): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 #2477 (@dependabot[bot])
• chore(deps): bump google.golang.org/api from 0.52.0 to 0.54.0 #2476 (@dependabot[bot])
• chore(deps): bump go.uber.org/zap from 1.18.1 to 1.19.0 #2475 (@dependabot[bot])
• ci: support darwn/arm64 aka m1 for cli #2473 (@desimone)
• chore(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 #2457 (@dependabot[bot])
• chore(deps): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 #2456 (@dependabot[bot])
• chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2455 (@dependabot[bot])
• Hadolint #2363 (@stephengroat)

Deployment

• deployment: migrate pomerium-cli automation to new repo #2771 (@travisgroth)
• deployment: remove DST_Root_CA_X3 from docker images #2677 (@travisgroth)
• deployment: update goreleaser syntax #2524 (@travisgroth)

Changed

• move NewGRPCClientConn to public package #2826 (@wasaga)
• rm cli code #2824 (@wasaga)
• ci: remove hadolint #2726 (@travisgroth)
• ci: ignore multiple run commands #2566 (@travisgroth)
• redirect logo to the marketing site #2441 (@alexfornuto)
• ci: use github app for backport credentials #2369 (@travisgroth)