A proxy that authorizes and enforces a given label in a given PromQL query

Overview

prom-authzed-proxy

Container Image License Build Status Mailing List Discord Server Twitter

prom-authzed-proxy is a proxy for Prometheus that authorizes the request's Bearer Token with Authzed and enforces a label in a PromQL query.

Authzed is a database and service that stores, computes, and validates your application's permissions.

Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Basic Usage

Installation

If you're using a modern version of Go, run the following command to install:

go install github.com/authzed/prom-authzed-proxy

If you want a container of the proxy and have docker installed:

docker pull quay.io/authzed/prom-authzed-proxy:latest

Running against localhost

The following command will run the proxy that checks the permissions against authzed.com and a Prometheus running on localhost:

prom-authzed-proxy \
    --upstream-prom-addr http://localhost:9090 \
    --object-id-parameter install \
    --authzed-token tc_client_token_1234deadbeef  \
    --authzed-subject-definition-path psystem/token \
    --authzed-subject-relation ... \
    --authzed-object-definition-path psystem/prometheus \
    --authzed-permission viewer

Each request is checked to have a value as a Bearer Token that is a viewer of the value in the PromQL label install with their respective Authzed Object Types.

If the permission check fails, the proxy will return an HTTP 403.

Related Projects

  • Prometheus - industry standard time series database
  • prom-label-proxy - proxy that enforces labels in PromQL
  • kube-rbac-proxy - proxy that authorizes requests with Kubernetes cluster RBAC, sometimes used with prom-label-proxy
Issues
  • build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1

    build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1

    Bumps github.com/prometheus/client_golang from 1.11.0 to 1.12.1.

    Release notes

    Sourced from github.com/prometheus/client_golang's releases.

    1.12.1 / 2022-01-29

    • [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
      • Use simpler locking in the Go 1.17 collector #975
    • [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
    • [ENHANCEMENT] API client: make HTTP reads more efficient #976

    Full Changelog: https://github.com/prometheus/client_golang/compare/v1.12.0...v1.12.1

    1.12.0 / 2022-01-19

    • [CHANGE] example/random: Move flags and metrics into main() #935
    • [FEATURE] API client: Support wal replay status api #944
    • [FEATURE] Use the runtime/metrics package for the Go collector for 1.17+ #955
    • [ENHANCEMENT] API client: Update /api/v1/status/tsdb to include headStats #925
    • [SECURITY FIX] promhttp: Check validity of method and code label values #962 (Addressed CVE-2022-21698)

    What's Changed

    New Contributors

    Full Changelog: https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.0

    1.11.1 / 2022-02-15

    What's Changed

    ... (truncated)

    Changelog

    Sourced from github.com/prometheus/client_golang's changelog.

    1.12.1 / 2022-01-29

    • [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
      • Use simpler locking in the Go 1.17 collector #975
    • [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
    • [ENHANCEMENT] API client: make HTTP reads more efficient #976

    1.12.0 / 2022-01-19

    • [CHANGE] example/random: Move flags and metrics into main() #935
    • [FEATURE] API client: Support wal replay status api #944
    • [FEATURE] Use the runtime/metrics package for the Go collector for 1.17+ #955
    • [ENHANCEMENT] API client: Update /api/v1/status/tsdb to include headStats #925
    • [ENHANCEMENT] promhttp: Check validity of method and code label values #962
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 3
  • build(deps): bump google.golang.org/grpc from 1.40.0 to 1.44.0

    build(deps): bump google.golang.org/grpc from 1.40.0 to 1.44.0

    Bumps google.golang.org/grpc from 1.40.0 to 1.44.0.

    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.44.0

    New Features

    • balancer: add RLS load balancing policy (#5046)
    • xds: add RLS Cluster Specifier Plugin (#5004)
    • insecure: remove experimental notice (#5069)

    Bug Fixes

    • internal/balancergroup: eliminate race in exitIdle (#5012)
    • authz: fix regex expression match (#5035)

    Documentation

    • grpc: minor improvement on WithInsecure() document (#5068)
    • attributes: document that some value types (e.g. maps) must implement Equal (#5109)
    • dialoptions.go: Fix WithBlock godoc (#5073)
    • grpclog.DepthLoggerV2: Correct comment: formats like fmt.Println (#5038)

    Release 1.43.0

    API Changes

    Behavior Changes

    • status: support wrapped errors in FromContextError (#4977)
    • config: remove the environment variable to disable retry support (#4922)

    New Features

    • balancer: new field Authority in BuildOptions for server name to use in the authentication handshake with a remote load balancer (#4969)

    Bug Fixes

    • xds/resolver: fix possible ClientConn leak upon resolver initialization failure (#4900)
    • client: fix nil panic in rare race conditions with the pick first LB policy (#4971)
    • xds: improve RPC error messages when xDS connection errors occur (#5032, #5054)
    • transport: do not create stream object in the face of illegal stream IDs (#4873)

    Documentation

    • client: clarify errors to indicate whether compressed or uncompressed messages exceeded size limits (#4918)

    Release 1.42.0

    Behavior Changes

    • grpc: Dial("unix://relative-path") no longer works (#4817)
      • use "unix://absolute-path" or "unix:relative-path" instead in accordance with our documentation
    • xds/csds: use new field GenericXdsConfig instead of PerXdsConfig (#4898)

    ... (truncated)

    Commits
    • b4c5e24 Change version to 1.44.1-dev (#5121)
    • da8e0b8 Change version to 1.44.0 (#5120)
    • 77b478d xds/federation: e2e tests (#5103)
    • 907a202 attributes: document that some value types (e.g. maps) must implement Equal...
    • 2fb1ac8 test: fix potential goroutine leak in TestUpdateAddresses_RetryFromFirstAddr ...
    • afded72 xds/federation: update xdsclient to support multi authority (#5042)
    • b069440 credentials/google: use grpctest.Tester for tests in this package (#5098)
    • fbaf7c5 authz: update representation of allow authenticated in SDK (#5052)
    • 344b93a testdata: use SHA256 as signing algorithm in testdata certs (#5074)
    • 4d58dd9 dialoptions.go: Fix WithBlock godoc (#5073)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 3
  • build(deps): bump github.com/jzelinskie/cobrautil from 0.0.2 to 0.0.7

    build(deps): bump github.com/jzelinskie/cobrautil from 0.0.2 to 0.0.7

    Bumps github.com/jzelinskie/cobrautil from 0.0.2 to 0.0.7.

    Commits
    • aabfbb3 Merge pull request #1 from ecordell/unixsockets
    • fc8ed0f configure network type via grpc flags
    • 94a276f fix enabled flag
    • 56962f7 add tls prefix to key/cert paths
    • 6086603 add enabled defaults and listen for grpc
    • 2d3ced5 add configurable logging, flagPrefixes
    • 2497cc6 add MustGetStringSliceExpanded
    • 05384ab add IsBuiltinCommand
    • 7164715 add grpc, otel, metrics helpers
    • d92cd01 add flags for opentelemetry
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 3
  • build(deps): bump github.com/jzelinskie/cobrautil from 0.0.7 to 0.0.8

    build(deps): bump github.com/jzelinskie/cobrautil from 0.0.7 to 0.0.8

    Bumps github.com/jzelinskie/cobrautil from 0.0.7 to 0.0.8.

    Release notes

    Sourced from github.com/jzelinskie/cobrautil's releases.

    v0.0.8

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jzelinskie/cobrautil/compare/v0.0.7...v0.0.8

    Commits
    • 1bd0f89 Merge pull request #4 from cjs/optional-endpoint
    • 22acbd3 update function to get enpoint flag
    • e4781fe expand on endpoint comment
    • c4a5fd9 add comment about headers to flag, update appending endpoints
    • b759719 add flag to customize tracer, with fallback to w3c
    • 563630c make endpoint optional and use defaults if note set
    • e15c138 create prefix joining utility func
    • e1d4fcd otel: fix prefix applied to jaeger endpoints
    • 203b454 Merge pull request #3 from cjs/hack-otlp
    • f44ebf2 Address review comments
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump github.com/authzed/authzed-go from 0.2.0 to 0.4.1

    build(deps): bump github.com/authzed/authzed-go from 0.2.0 to 0.4.1

    Bumps github.com/authzed/authzed-go from 0.2.0 to 0.4.1.

    Release notes

    Sourced from github.com/authzed/authzed-go's releases.

    v0.4.1

    What's Changed

    Full Changelog: https://github.com/authzed/authzed-go/compare/v0.4.0...v0.4.1

    v0.4.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/authzed/authzed-go/compare/v0.3.0...v0.4.0

    v0.3.0

    What's Changed

    Full Changelog: https://github.com/authzed/authzed-go/compare/v0.2.0...v0.3.0

    Commits
    • 8e491c4 Merge pull request #49 from ecordell/3char2
    • 9375b7c 3 character minimum for wildcard and watch api
    • b81e0e0 Merge pull request #48 from ecordell/3char
    • 84cc178 update validation to allow 3 char object types and relations
    • aa4c5e5 Merge pull request #46 from samkim/bump-protos
    • a36f722 Merge pull request #47 from josephschorr/wildcard-relation
    • 3dedc2a Add nil check on root message to each handwritten validation
    • 6f78067 Ensure wildcard subject object IDs are not used with non-empty relations
    • 6949e02 Bump protos
    • 4126c5f Merge pull request #44 from josephschorr/update-api-validate
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump google.golang.org/grpc from 1.40.0 to 1.43.0

    build(deps): bump google.golang.org/grpc from 1.40.0 to 1.43.0

    Bumps google.golang.org/grpc from 1.40.0 to 1.43.0.

    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.43.0

    API Changes

    Behavior Changes

    • status: support wrapped errors in FromContextError (#4977)
    • config: remove the environment variable to disable retry support (#4922)

    New Features

    • balancer: new field Authority in BuildOptions for server name to use in the authentication handshake with a remote load balancer (#4969)

    Bug Fixes

    • xds/resolver: fix possible ClientConn leak upon resolver initialization failure (#4900)
    • client: fix nil panic in rare race conditions with the pick first LB policy (#4971)
    • xds: improve RPC error messages when xDS connection errors occur (#5032, #5054)
    • transport: do not create stream object in the face of illegal stream IDs (#4873)

    Documentation

    • client: clarify errors to indicate whether compressed or uncompressed messages exceeded size limits (#4918)

    Release 1.42.0

    Behavior Changes

    • grpc: Dial("unix://relative-path") no longer works (#4817)
      • use "unix://absolute-path" or "unix:relative-path" instead in accordance with our documentation
    • xds/csds: use new field GenericXdsConfig instead of PerXdsConfig (#4898)

    New Features

    • grpc: support grpc.WithAuthority when secure credentials are used (#4817)
    • creds/google: add NewDefaultCredentialsWithOptions() to support custom per-RPC creds (#4767, #4830)
    • authz: create file watcher interceptor for gRPC SDK API (#4760)
    • attributes: add Equal method (#4855)
    • resolver: add AddressMap and State.BalancerAttributes (#4855)
    • resolver: Add URL field to Target to store parsed dial target (#4817)
    • grpclb: add a target_name field to lb config to specify target when used as a child policy (#4847)
    • grpclog: support formatting log output as JSON (#4854)

    Bug Fixes

    • server: add missing conn.Close if the connection dies before reading the HTTP/2 preface (#4837)
    • grpclb: recover if addresses are received after an empty server list was received previously (#4879)
    • authz: support empty principals and fix rbac authenticated matcher (#4883)
    • xds/rds: NACK the RDS response if it contains unknown cluster specifier (#4788)
    • xds/priority: do not switch to low priority when high priority is in Idle (e.g. ringhash) (#4889)

    Documentation

    • grpc: stabilize WithDefaultServiceConfig and improve godoc (#4888)
    • status: clarify FromError docstring (#4880)

    ... (truncated)

    Commits
    • 14c1138 Change version to 1.43.0 (#5039)
    • ae29ac3 xds/client: send NewStream errors to the watchers (#5032)
    • 296afc2 transport: better error message when per-RPC creds fail (#5033)
    • e15d978 xds/client: send connection errors to all watchers (#5054)
    • 46e883a Backport "xds/c2p: replace C2P resolver env var with experimental scheme suff...
    • 3786ae1 xds/resolver: Add support for cluster specifier plugins (#4987)
    • 512e894 rls: support extra_keys and constant_keys (#4995)
    • f3bbd12 xds/bootstrap_config: add a string function to server config (#5031)
    • 46935b9 fix possible nil before casting (#5017)
    • c2bccd0 xds/kokoro: install go 1.17, and retry go build (#5015)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.1

    build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.1

    Bumps github.com/rs/zerolog from 1.25.0 to 1.26.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump github.com/rs/cors from 1.8.0 to 1.8.2

    build(deps): bump github.com/rs/cors from 1.8.0 to 1.8.2

    Bumps github.com/rs/cors from 1.8.0 to 1.8.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0

    build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0

    Bumps github.com/rs/zerolog from 1.25.0 to 1.26.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 2
  • build(deps): bump golang from 1.17.1-alpine3.13 to 1.17.3-alpine3.13

    build(deps): bump golang from 1.17.1-alpine3.13 to 1.17.3-alpine3.13

    Bumps golang from 1.17.1-alpine3.13 to 1.17.3-alpine3.13.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies area/tooling 
    opened by dependabot[bot] 2
  • build(deps): bump alpine from 3.14.2 to 3.15.0

    build(deps): bump alpine from 3.14.2 to 3.15.0

    Bumps alpine from 3.14.2 to 3.15.0.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies area/tooling 
    opened by dependabot[bot] 2
  • build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0

    build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0

    Bumps google.golang.org/grpc from 1.45.0 to 1.46.0.

    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.46.0

    New Features

    • server: Support setting TCP_USER_TIMEOUT on grpc.Server connections using keepalive.ServerParameters.Time (#5219)
    • client: perform graceful switching of LB policies in the ClientConn by default (#5285)
    • all: improve logging by including channelz identifier in log messages (#5192)

    API Changes

    • grpc: delete WithBalancerName() API, deprecated over 4 years ago in #1697 (#5232)
    • balancer: change BuildOptions.ChannelzParentID to an opaque identifier instead of int (#5192)
      • Note: the balancer package is labeled as EXPERIMENTAL, and we don't believe users were using this field.

    Behavior Changes

    • client: change connectivity state to TransientFailure in pick_first LB policy when all addresses are removed (#5274)
      • This is a minor change that brings grpc-go's behavior in line with the intended behavior and how C and Java behave.
    • metadata: add client-side validation of HTTP-invalid metadata before attempting to send (#4886)

    Bug Fixes

    • metadata: make a copy of the value slices in FromContext() functions so that modifications won't be made to the original copy (#5267)
    • client: handle invalid service configs by applying the default, if applicable (#5238)
    • xds: the xds client will now apply a 1 second backoff before recreating ADS or LRS streams (#5280)

    Dependencies

    Commits
    • e8d06c5 Change version to 1.46.0 (#5296)
    • efbd542 gcp/observability: correctly test this module in presubmit tests (#5300) (#5307)
    • 4467a29 gcp/observability: implement logging via binarylog (#5196)
    • 18fdf54 cmd/protoc-gen-go-grpc: allow hooks to modify client structs and service hand...
    • 337b815 interop: build client without timeout; add logs to help debug failures (#5294)
    • e583b19 xds: Add RLS in xDS e2e test (#5281)
    • 0066bf6 grpc: perform graceful switching of LB policies in the ClientConn by defaul...
    • 3cccf6a xdsclient: always backoff between new streams even after successful stream (#...
    • 4e78093 xds: ignore routes with unsupported cluster specifiers (#5269)
    • 99aae34 cluster manager: Add Graceful Switch functionality to Cluster Manager (#5265)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 0
  • build(deps): bump github.com/jzelinskie/cobrautil from 0.0.10 to 0.0.12

    build(deps): bump github.com/jzelinskie/cobrautil from 0.0.10 to 0.0.12

    Bumps github.com/jzelinskie/cobrautil from 0.0.10 to 0.0.12.

    Release notes

    Sourced from github.com/jzelinskie/cobrautil's releases.

    v0.0.12

    No release notes provided.

    v0.0.11

    What's Changed

    Full Changelog: https://github.com/jzelinskie/cobrautil/compare/v0.0.10...v0.0.11

    Commits
    • e0dedbe Merge pull request #11 from jzelinskie/gitversion
    • 0eaafb6 version: use buildinfo vcs revision
    • 33f7632 Merge pull request #10 from jzelinskie/allowempty
    • 7489441 allow for empty env vars
    • ec5ba7d Merge pull request #9 from cjs/fix-error-check
    • a6cae92 fix inverted error check
    • f164bfe .github: init workflows
    • 1025940 Merge pull request #8 from cjs/use-envars-otel-resource
    • 1aa4975 nit: cleanup blank line
    • b9a185a propagate err from resource creation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies 
    opened by dependabot[bot] 0
  • build(deps): bump alpine from 3.15.0 to 3.15.4

    build(deps): bump alpine from 3.15.0 to 3.15.4

    Bumps alpine from 3.15.0 to 3.15.4.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    area/dependencies area/tooling 
    opened by dependabot[bot] 0
Releases(v0.2.0)
  • v0.2.0(Feb 22, 2022)

    Release Highlights

    • Updated to use the v1 API
    • Complete renames of CLI flags to use v1 terminology and subsystem-prefixes
    • Many dependency updates

    What's Changed

    • update deps, adopt v1 api by @jzelinskie in https://github.com/authzed/prom-authzed-proxy/pull/30
    • dependabot cla by @ecordell in https://github.com/authzed/prom-authzed-proxy/pull/35

    New Contributors

    • @ecordell made their first contribution in https://github.com/authzed/prom-authzed-proxy/pull/35

    Full Changelog: https://github.com/authzed/prom-authzed-proxy/compare/v0.1.1...v0.2.0

    Source code(tar.gz)
    Source code(zip)
  • v0.1.1(Jan 10, 2022)

    What's Changed

    • build(deps): bump alpine from 3.14.1 to 3.14.2 by @dependabot in https://github.com/authzed/prom-authzed-proxy/pull/8
    • build(deps): bump golang from 1.16-alpine3.13 to 1.17.1-alpine3.13 by @dependabot in https://github.com/authzed/prom-authzed-proxy/pull/11
    • build(deps): bump github.com/authzed/authzed-go from 0.1.0 to 0.2.0 by @dependabot in https://github.com/authzed/prom-authzed-proxy/pull/14
    • build(deps): bump github.com/rs/zerolog from 1.23.0 to 1.25.0 by @dependabot in https://github.com/authzed/prom-authzed-proxy/pull/13
    • .github: add CLA workflow by @jzelinskie in https://github.com/authzed/prom-authzed-proxy/pull/15
    • build(deps): bump github.com/prometheus-community/prom-label-proxy from 0.3.0 to 0.4.0 by @dependabot in https://github.com/authzed/prom-authzed-proxy/pull/19
    • Fix lint in workflow by @samkim in https://github.com/authzed/prom-authzed-proxy/pull/29

    New Contributors

    • @samkim made their first contribution in https://github.com/authzed/prom-authzed-proxy/pull/29

    Full Changelog: https://github.com/authzed/prom-authzed-proxy/compare/v0.1.0...v0.1.1

    Source code(tar.gz)
    Source code(zip)
  • v0.1.0(Aug 25, 2021)

Owner
authzed
A managed permissions database for everyone
authzed
Dbt-postgres-proxy - Proxy server which intercepts and compiles dbt queries on the fly

dbt-postgres-proxy A reverse proxy for postgres which compiles queries in flight

Alexander Butler 4 Mar 4, 2022
Christopher Wilcox 4 Mar 29, 2022
Query browser cookies for golang

browser cookie query Only supported temporarily macOS,theoretically,it supports all chromium browsers valid browser : Edge Chrome Installation exec go

dmls 1 Dec 12, 2021
Simple tool to download files or web-pages with proxy-support and hardened crypto-algorithms

VBDownloader (with proxy-support behind firewall) Simple tool to download files or web-pages with proxy-support and hardened crypto-algorithms. This t

landsh.de 0 Dec 28, 2021
Local proxy for authenticating requests to Cloud Run

Cloud Run Proxy is a small proxy to assist in authenticating as an end-user to Google Cloud Run. It leverages Cloud Run's existing Clo

Seth Vargo 72 Apr 19, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

OAuth2 Proxy 5.2k May 15, 2022
The mep-agent module provides proxy services for 3rd applications to MEP.

Mep-Agent Introduction Mep-Agent is a middleware that provides proxy services for third-party apps. It can help apps, which do not implement the ETSI

EdgeGallery 21 Mar 9, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain

OAuth2 Proxy 5.2k May 17, 2022
An authentication proxy for Google Cloud managed databases

db-auth-gateway An authentication proxy for Google Cloud managed databases. Based on the ideas of cloudsql-proxy but intended to be run as a standalon

null 24 Apr 6, 2022
A very simple HTTP reverse proxy that checks that requests contain a valid secret as a bearer token

bearproxy -- Authorization enforcing HTTP reverse proxy Bearproxy is a very simple HTTP reverse proxy that checks that requests contain a valid secret

Tv 1 Nov 11, 2021
A simple passwordless proxy authentication middleware using email.

email proxy auth A simple passwordless proxy authentication middleware that uses only email as the authentication provider. Motivation I wanted to res

Miroslav Šedivý 4 Jan 31, 2022
A standalone reverse-proxy to enforce Webauthn authentication

A standalone reverse-proxy to enforce Webauthn authentication. It can be inserted in front of sensitive services or even chained with other proxies (e

Quiq Labs 63 May 8, 2022
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to

Sanad Haj Yahya 366 May 14, 2022
simple-jwt-provider - Simple and lightweight provider which exhibits JWTs, supports login, password-reset (via mail) and user management.

Simple and lightweight JWT-Provider written in go (golang). It exhibits JWT for the in postgres persisted user, which can be managed via api. Also, a password-reset flow via mail verification is available. User specific custom-claims also available for jwt-generation and mail rendering.

Max 24 Apr 25, 2022
Package gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

sessions gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends. The key features are: Simple API: us

Gorilla Web Toolkit 2.3k May 17, 2022
Package gorilla/securecookie encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.

securecookie securecookie encodes and decodes authenticated and optionally encrypted cookie values. Secure cookies can't be forged, because their valu

Gorilla Web Toolkit 571 May 18, 2022
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, Kubernetes API, MySQL and PostgreSQL wire protocols.

Teleport 11.8k May 22, 2022
🍪CookieMonster is a command-line tool and API for decoding and modifying vulnerable session cookies from several different frameworks.

?? CookieMonster CookieMonster is a command-line tool and API for decoding and modifying vulnerable session cookies from several different frameworks.

Ian Carroll 425 May 21, 2022
A simple and lightweight library for creating, formatting, manipulating, signing, and validating JSON Web Tokens in Go.

GoJWT - JSON Web Tokens in Go GoJWT is a simple and lightweight library for creating, formatting, manipulating, signing and validating Json Web Tokens

Toby 5 Feb 7, 2022