pomerium · wasaga · Feb 14, 2025 · Feb 12, 2025 · Feb 12, 2025 · Feb 14, 2025
@@ -0,0 +1,29 @@
+name: pre-commit
+
+on:
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: [ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Setup Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
+        with:
+          go-version: 1.23.x
+          cache: false
+
+      - name: Setup Python
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38
+        with:
+          python-version: "3.12"
+          cache: pip          
+
+      - name: Setup Pre-Commit
+        run: python -m pip install pre-commit
+
+      - name: Run Pre-Commit
+        run: pre-commit run --show-diff-on-failure --color=always
@@ -0,0 +1,20 @@
+repos:
+  - repo: local
+    hooks:
+      - id: docs
+        name: docs
+        language: system
+        entry: make docs
+        types: ["go"]
+      - id: go-mod-tidy
+        name: go-mod-tidy
+        language: system
+        entry: bash -c 'go mod tidy'
+        files: go\.mod|go\.sum$
+      - id: lint
+        name: lint
+        language: system
+        entry: make
+        args: ["lint"]
+        types: ["go"]
+        pass_filenames: false
@@ -15,6 +15,15 @@ List all policies
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Optional
+
+- `limit` (Number) List limit.
+- `namespace_id` (String) Namespace to list policies in.
+- `offset` (Number) List offset.
+- `order_by` (String) List order by.
+- `query` (String) Query for policies.
+- `total_count` (Number) Total number of policies.
+
 ### Read-Only
 
 - `policies` (Attributes List) (see [below for nested schema](#nestedatt--policies))
@@ -24,7 +33,12 @@ List all policies
 
 Read-Only:
 
+- `description` (String) Description of the policy.
+- `enforced` (Boolean) Whether the policy is enforced within the namespace hierarchy.
+- `explanation` (String) Explanation of the policy.
 - `id` (String) Unique identifier for the policy.
 - `name` (String) Name of the policy.
 - `namespace_id` (String) ID of the namespace the policy belongs to.
 - `ppl` (String) Policy Policy Language (PPL) string.
+- `rego` (List of String) Rego policies.
+- `remediation` (String) Remediation of the policy.
@@ -21,6 +21,11 @@ Policy for Pomerium.
 
 ### Read-Only
 
+- `description` (String) Description of the policy.
+- `enforced` (Boolean) Whether the policy is enforced within the namespace hierarchy.
+- `explanation` (String) Explanation of the policy.
 - `name` (String) Name of the policy.
 - `namespace_id` (String) ID of the namespace the policy belongs to.
 - `ppl` (String) Policy Policy Language (PPL) string.
+- `rego` (List of String) Rego policies.
+- `remediation` (String) Remediation of the policy.
@@ -19,10 +19,80 @@ Route data source
 
 - `id` (String) Unique identifier for the route.
 
+### Optional
+
+- `jwt_groups_filter` (Attributes) JWT Groups Filter (see [below for nested schema](#nestedatt--jwt_groups_filter))
+
 ### Read-Only
 
+- `allow_spdy` (Boolean) Allow SPDY.
+- `allow_websockets` (Boolean) Allow websockets.
+- `description` (String) Description of the route.
+- `enable_google_cloud_serverless_authentication` (Boolean) Enable Google Cloud serverless authentication.
 - `from` (String) From URL.
+- `host_path_regex_rewrite_pattern` (String) Host path regex rewrite pattern.
+- `host_path_regex_rewrite_substitution` (String) Host path regex rewrite substitution.
+- `host_rewrite` (String) Host rewrite.
+- `host_rewrite_header` (String) Host rewrite header.
+- `idle_timeout` (String) Idle timeout.
+- `idp_client_id` (String) IDP client ID.
+- `idp_client_secret` (String) IDP client secret.
+- `jwt_issuer_format` (Object) JWT issuer format configuration. (see [below for nested schema](#nestedatt--jwt_issuer_format))
+- `kubernetes_service_account_token` (String) Kubernetes service account token.
+- `kubernetes_service_account_token_file` (String) Path to the Kubernetes service account token file.
+- `logo_url` (String) URL to the logo image.
 - `name` (String) Name of the route.
 - `namespace_id` (String) ID of the namespace the route belongs to.
-- `policies` (List of String) List of policy IDs associated with the route.
-- `to` (List of String) To URLs.
+- `pass_identity_headers` (Boolean) Pass identity headers.
+- `path` (String) Path.
+- `policies` (Set of String) List of policy IDs associated with the route.
+- `prefix` (String) Prefix.
+- `prefix_rewrite` (String) Prefix rewrite.
+- `preserve_host_header` (Boolean) Preserve host header.
+- `regex` (String) Regex.
+- `regex_priority_order` (Number) Regex priority order.
+- `regex_rewrite_pattern` (String) Regex rewrite pattern.
+- `regex_rewrite_substitution` (String) Regex rewrite substitution.
+- `remove_request_headers` (Set of String) Remove request headers.
+- `rewrite_response_headers` (Attributes Set) Response header rewrite rules. (see [below for nested schema](#nestedatt--rewrite_response_headers))
+- `set_request_headers` (Map of String) Set request headers.
+- `set_response_headers` (Map of String) Set response headers.
+- `show_error_details` (Boolean) Show error details.
+- `stat_name` (String) Name of the stat.
+- `timeout` (String) Timeout.
+- `tls_client_key_pair_id` (String) Client key pair ID for TLS client authentication.
+- `tls_custom_ca_key_pair_id` (String) Custom CA key pair ID for TLS verification.
+- `tls_downstream_server_name` (String) TLS downstream server name.
+- `tls_skip_verify` (Boolean) TLS skip verify.
+- `tls_upstream_allow_renegotiation` (Boolean) TLS upstream allow renegotiation.
+- `tls_upstream_server_name` (String) TLS upstream server name.
+- `to` (Set of String) To URLs.
+
+<a id="nestedatt--jwt_groups_filter"></a>
+### Nested Schema for `jwt_groups_filter`
+
+Optional:
+
+- `groups` (Set of String) Group IDs to include
+- `infer_from_ppl` (Boolean)
+
+
+<a id="nestedatt--jwt_issuer_format"></a>
+### Nested Schema for `jwt_issuer_format`
+
+Read-Only:
+
+- `format` (String)
+
+
+<a id="nestedatt--rewrite_response_headers"></a>
+### Nested Schema for `rewrite_response_headers`
+
+Required:
+
+- `header` (String) Header name to rewrite
+- `value` (String) New value for the header
+
+Optional:
+
+- `prefix` (String) Prefix matcher for the header
@@ -15,18 +15,97 @@ List all routes
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Optional
+
+- `limit` (Number) List limit.
+- `namespace_id` (String) Namespace to list routes in.
+- `offset` (Number) List offset.
+- `order_by` (String) List order by.
+- `query` (String) Query for routes.
+- `total_count` (Number) Total number of routes.
+
 ### Read-Only
 
 - `routes` (Attributes List) (see [below for nested schema](#nestedatt--routes))
 
 <a id="nestedatt--routes"></a>
 ### Nested Schema for `routes`
 
+Optional:
+
+- `jwt_groups_filter` (Attributes) JWT Groups Filter (see [below for nested schema](#nestedatt--routes--jwt_groups_filter))
+
 Read-Only:
 
+- `allow_spdy` (Boolean) Allow SPDY.
+- `allow_websockets` (Boolean) Allow websockets.
+- `description` (String) Description of the route.
+- `enable_google_cloud_serverless_authentication` (Boolean) Enable Google Cloud serverless authentication.
 - `from` (String) From URL.
+- `host_path_regex_rewrite_pattern` (String) Host path regex rewrite pattern.
+- `host_path_regex_rewrite_substitution` (String) Host path regex rewrite substitution.
+- `host_rewrite` (String) Host rewrite.
+- `host_rewrite_header` (String) Host rewrite header.
 - `id` (String) Unique identifier for the route.
+- `idle_timeout` (String) Idle timeout.
+- `idp_client_id` (String) IDP client ID.
+- `idp_client_secret` (String) IDP client secret.
+- `jwt_issuer_format` (Object) JWT issuer format configuration. (see [below for nested schema](#nestedatt--routes--jwt_issuer_format))
+- `kubernetes_service_account_token` (String) Kubernetes service account token.
+- `kubernetes_service_account_token_file` (String) Path to the Kubernetes service account token file.
+- `logo_url` (String) URL to the logo image.
 - `name` (String) Name of the route.
 - `namespace_id` (String) ID of the namespace the route belongs to.
-- `policies` (List of String) List of policy IDs associated with the route.
-- `to` (List of String) To URLs.
+- `pass_identity_headers` (Boolean) Pass identity headers.
+- `path` (String) Path.
+- `policies` (Set of String) List of policy IDs associated with the route.
+- `prefix` (String) Prefix.
+- `prefix_rewrite` (String) Prefix rewrite.
+- `preserve_host_header` (Boolean) Preserve host header.
+- `regex` (String) Regex.
+- `regex_priority_order` (Number) Regex priority order.
+- `regex_rewrite_pattern` (String) Regex rewrite pattern.
+- `regex_rewrite_substitution` (String) Regex rewrite substitution.
+- `remove_request_headers` (Set of String) Remove request headers.
+- `rewrite_response_headers` (Attributes Set) Response header rewrite rules. (see [below for nested schema](#nestedatt--routes--rewrite_response_headers))
+- `set_request_headers` (Map of String) Set request headers.
+- `set_response_headers` (Map of String) Set response headers.
+- `show_error_details` (Boolean) Show error details.
+- `stat_name` (String) Name of the stat.
+- `timeout` (String) Timeout.
+- `tls_client_key_pair_id` (String) Client key pair ID for TLS client authentication.
+- `tls_custom_ca_key_pair_id` (String) Custom CA key pair ID for TLS verification.
+- `tls_downstream_server_name` (String) TLS downstream server name.
+- `tls_skip_verify` (Boolean) TLS skip verify.
+- `tls_upstream_allow_renegotiation` (Boolean) TLS upstream allow renegotiation.
+- `tls_upstream_server_name` (String) TLS upstream server name.
+- `to` (Set of String) To URLs.
+
+<a id="nestedatt--routes--jwt_groups_filter"></a>
+### Nested Schema for `routes.jwt_groups_filter`
+
+Optional:
+
+- `groups` (Set of String) Group IDs to include
+- `infer_from_ppl` (Boolean)
+
+
+<a id="nestedatt--routes--jwt_issuer_format"></a>
+### Nested Schema for `routes.jwt_issuer_format`
+
+Read-Only:
+
+- `format` (String)
+
+
+<a id="nestedatt--routes--rewrite_response_headers"></a>
+### Nested Schema for `routes.rewrite_response_headers`
+
+Required:
+
+- `header` (String) Header name to rewrite
+- `value` (String) New value for the header
+
+Optional:
+
+- `prefix` (String) Prefix matcher for the header
@@ -15,6 +15,10 @@ List all service accounts
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Optional
+
+- `namespace_id` (String) Namespace of the service accounts.
+
 ### Read-Only
 
 - `service_accounts` (Attributes List) (see [below for nested schema](#nestedatt--service_accounts))