3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
970 commits 156 branches 125 tags 103 MiB
Commit graph

970 commits

This branch
This branch
All branches
Author SHA1 Message Date
github-actions[bot]
e8d85aa776
docs: add round logo (#1574) (#1575) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-11-03 13:25:35 -05:00
Travis Groth
fe9282baf0
docs: fix remove_request_headers typo (#1388) (#1556) 
Co-authored-by: Manatsawin Hanmongkolchai <github@whs.in.th>
 2020-10-27 16:13:24 -04:00
Travis Groth
a7114755f1
Update changelog for v0.10.6 (#1477) 2020-09-30 18:07:30 -04:00
github-actions[bot]
1cb5fb56de
deps: update envoy arm64 to v1.15.1 (#1475) (#1476) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-09-30 16:20:15 -04:00
github-actions[bot]
8eec787b7b
chore(deps): envoy 1.15.1 (#1473) (#1474) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-30 08:47:17 -07:00
Travis Groth
d4852f761e
Update changelog for v0.10.5 (#1469) 2020-09-28 17:36:30 -04:00
Caleb Doxsey
5802204013
redis: use pubsub instead of keyspace events (#1451) 2020-09-23 15:52:18 -06:00
Travis Groth
70671a51d6
docs: update 0.10.4 changelog (#1441) 2020-09-22 13:24:31 -04:00
github-actions[bot]
34ad348704
httputil: remove retry button (#1438) (#1440) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-22 08:31:14 -07:00
Travis Groth
a010812ea9
Add v0.10.4 changelog entry (#1437) 2020-09-21 21:16:16 -04:00
github-actions[bot]
a502510526
proxy: always use https for application callback (#1433) (#1435) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-09-21 18:14:42 -04:00
github-actions[bot]
60d3fe0d20
redirect-server: add config headers to responses (#1416) (#1427) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2020-09-20 17:03:53 -07:00
github-actions[bot]
b437d18ac1
controplane: remove p-521 EC (#1420) (#1423) 
* controplane: remove p-521 EC

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-18 08:26:13 -07:00
github-actions[bot]
df6f22c58d
controlplane: support P-384 / P-512 EC curves (#1409) (#1410) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-17 08:16:49 -07:00
Travis Groth
7d77dc235e
Update changelog for v0.10.3 (#1401) 2020-09-11 17:25:26 -04:00
github-actions[bot]
b321f2ebf9
ci: publish cloudrun latest tag (#1398) (#1399) 
* ci: publish cloudrun latest tag

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-09-11 17:12:47 -04:00
Travis Groth
2839dcf732
proxy: remove impersonate headers for kubernetes (#1394) (#1396) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik

Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2020-09-09 19:23:20 -04:00
bobby
7d10b3ddd4 Desimone/authenticate default logout (#1390) 
* authenticate: fix unset post_logout_redirect_uri
* don't show url if does not exist
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-09 14:27:44 -07:00
github-actions[bot]
0834f24907
docs: update azure docs (#1377) (#1385) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-08 17:33:09 -07:00
Cuong Manh Le
b272a7f4b3
internal/directory/okta: remove rate limiter (#1370) (#1371) 
We did honor the rate limit header from okta, so don't bother to add our
rate limiter there.
 2020-09-04 21:15:48 +07:00
github-actions[bot]
3fd66c1401
internal/directory/okta: accept non-json service account (#1359) (#1360) 
Fixes #1354

Co-authored-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
 2020-09-01 23:09:32 +07:00
github-actions[bot]
c05a686205
internal/controlplane: add telemetry http handler (#1353) (#1355) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-09-01 09:52:20 -04:00
github-actions[bot]
7e081a200b
docs: add nginx example (#1329) (#1339) 
* docs: add nginx example

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-26 17:14:10 -04:00
Travis Groth
f65740799c
docs: update changelog for 0.10.2 (#1330) 2020-08-26 16:25:54 -04:00
Travis Groth
c51423d03d
[Backport 0-10-0] internal/directory/okta: improve API requests (#1332) 
* internal/directory/okta: add limiter to query okta API

Okta only allows 100 requests per minute, so apply the default rate
limit 1 QPS for it.

Fixes #1256

* internal/directory/okta: use okta filter to get updated groups

Okta API supports filter to get updated groups only, we can adopt that
to reduce number of requests to okta API, hence reduce chance that we
reach the rate limit.

Updates #1256

* internal/directory/okta: fix wrong API query filter

Okta uses space " " instead of plus sign "+" in query filter.
See https://developer.okta.com/docs/reference/api-overview/#filtering

* internal/directory: use default QPS setting for backport

Co-authored-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
 2020-08-26 12:31:00 -04:00
Travis Groth
683c591f14
Backport go 1.15 changes for 0-10-0 (#1334) 
* pkg/storage/redis: use SANs cert

Since go1.15, X.509 CommonName is deprecated, switch to a SANs
certificate for test redis TLS.

While at it, add instruction to genearte cert and build test image.

See: https://golang.org/doc/go1.15#commonname

* config: do not test for exact route id

Different go version can genearte different route id, due to the fact
that we are relying on xxhash.

* internal/controlplane: mocking policy name in test

We don't have to test for exact policy name, as it does not make sense
and force us to change test every new go release.

Co-authored-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
 2020-08-25 16:59:36 -04:00
Caleb Doxsey
9efeabd956
autocert: fix locking issue (#1310) (#1311) 2020-08-20 14:43:51 -06:00
Travis Groth
b521ccc5e2
docs: v0.10.1 changelog (#1308) 
* Update changelog for v0.10.1

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-20 13:24:58 -04:00
github-actions[bot]
9c9cccb321
pkg/storage/redis: update tests to use local certs + upstream image (#1306) (#1307) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-08-20 13:04:49 -04:00
bobby
acfba615c6 authorize: log users and groups (#1303) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-19 08:59:24 -07:00
Caleb Doxsey
26c05e5436
azure: support deriving credentials from client id, client secret and provider url (#1300) (#1301) 2020-08-18 10:41:21 -06:00
github-actions[bot]
95f9e94bea
autocert: fix bootstrapped cache store path (#1283) (#1291) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-17 15:27:34 -07:00
github-actions[bot]
8dbfa3a2dc
docs: use .com sitemap hostname (#1274) (#1275) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-13 12:23:35 -07:00
github-actions[bot]
7f1e7130f5
docs: fix in-action video (#1268) (#1269) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-08-12 18:18:16 -07:00
github-actions[bot]
c5ce2f1996
docs: image, sitemap and redirect fixes (#1263) (#1265) 
* docs: fix image linkes for cdn

* docs: use relative top level redirect

* docs: generate sitemap under /docs/

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-08-12 12:26:23 -07:00
github-actions[bot]
fde2d905c7
docs: fix redirect loop (#1245) (#1246) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-09 21:35:37 -07:00
github-actions[bot]
8d655030aa
docs: add / redirect (#1241) (#1242) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-09 21:09:22 -07:00
github-actions[bot]
f03ea99649
docs: prepare for enterprise / oss split (#1238) (#1239) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-09 21:05:34 -07:00
github-actions[bot]
4e1c99c897
authorize: add databroker url check (#1228) (#1231) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-07 12:58:17 -07:00
github-actions[bot]
e86989e248
config: omit empty subpolicies in yaml/json (#1229) (#1230) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-08-07 15:27:43 -04:00
bobby
bfc3fb67da
v0.10.0 (#1225) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-06 21:08:19 -07:00
roulesse
7da513f42c
Update synology.md (#1219) 2020-08-06 15:28:51 -07:00
Travis Groth
8e48ae03a8
cache: only run memberlist for in-memory databroker (#1224) 2020-08-06 17:19:38 -04:00
Travis Groth
4976fe3824
docs: add installation section (#1223) 2020-08-06 16:34:01 -04:00
Travis Groth
1cafba18a5
docs: Kubernetes topic (#1222) 
* docs: kubernetes topic and installation stub
 2020-08-06 15:28:12 -04:00
Travis Groth
28230c7dc5
docs: update architecture diagrams + descriptions (#1218) 
* docs: update architecture diagrams + descriptions

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-06 13:40:08 -04:00
Cuong Manh Le
f46f124f13 authorize: add tests for get jwt claim headers 2020-08-06 21:02:20 +07:00
Cuong Manh Le
5d3b551524 authorize: increase test coverage 
- Add test cases for sync functions
 - Add test for valid JWT
 - Add session state to Test_getEvaluatorRequest
 2020-08-06 21:02:20 +07:00
Cuong Manh Le
0624658e4b authorize: move service account normalization to its own function 
This helps testing the code easier, increase coverage.
 2020-08-06 21:02:20 +07:00
Cuong Manh Le
e6c78f10e9 authorize/evaluator: add test for ClearRecords 2020-08-06 21:02:20 +07:00