3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 07:19:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
2090 commits 174 branches 133 tags 111 MiB
Commit graph

227 commits

Author SHA1 Message Date
Caleb Doxsey
9bce8314ba
envoy: refactor envoy embedding (#2296) 
* envoy: add full version

* remove unused import

* envoy: refactor envoy embedding

* fix lint

* commit ignored files

* maybe fix test
 2021-06-15 08:18:30 -06:00
Caleb Doxsey
02d9460765
envoy: fix usage of codec_type with alpn (#2277) 2021-06-07 14:26:20 -06:00
Caleb Doxsey
2156dbc553
envoy: always set jwt claim headers even if no value is available (#2261) 
* envoy: always set jwt claim headers even if no value is available

* add test
 2021-06-04 10:01:00 -07:00
Caleb Doxsey
c3286aa355
envoyconfig: use zipkin tracer (#2265) 2021-06-03 09:28:00 -06:00
Caleb Doxsey
513859665a
tracing: support dynamic reloading, more aggressive envoy restart (#2262) 
* tracing: support dynamic reloading, more aggressive envoy restart

* set exporter to nil

* actually register tracer
 2021-06-02 09:58:07 -06:00
wasaga
12c8bb2da4
authorize: preserve original context (#2247) 2021-06-01 11:10:35 -04:00
wasaga
96d6005639
config: warn about unrecognized keys (#2256) 2021-05-31 23:35:38 -04:00
bobby
c5f90e40f3
options: s/shared-key/shared secret (#2257) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-05-31 12:55:11 -07:00
Caleb Doxsey
9b61d04dd8
envoyconfig: fallback to global custom ca when no policy ca is defined (#2235) 
* envoyconfig: fallback to global custom ca when no policy ca is defined

* update upgrading

* combine custom ca with root cas
 2021-05-28 09:36:15 -06:00
Caleb Doxsey
91dd937468
policy: fix allowed idp claims PPL generation (#2243) 2021-05-27 15:12:12 -06:00
Caleb Doxsey
96b9702ee3
ppl: add data type, implement string and list matchers (#2228) 
* ppl: add data type, implement string and list matchers

* update policy converter
 2021-05-21 11:28:41 -06:00
Caleb Doxsey
a1061c5c03
envoy: add global response headers to local replies (#2217) 2021-05-20 08:56:43 -06:00
Caleb Doxsey
c489391bbf
ppl: convert config policy to ppl (#2218) 2021-05-19 12:42:36 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
bobby
27c8cd9bd8
proxy / controplane: use old upstream cipher suite (#2196) 2021-05-12 15:37:20 -07:00
Caleb Doxsey
da01082797
envoy: disable timeouts for kubernetes (#2189) 2021-05-11 14:42:49 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
Caleb Doxsey
b5b1013947
config: add client_crl (#2157) 
* config: add client_crl

* address comments

* add ignored file
 2021-04-30 14:36:32 -06:00
Caleb Doxsey
699ebf061a
config: add support for codec_type (#2156) 
* config: add support for codec_type

* add comma

* fix warning block

* fix docs
 2021-04-30 07:21:40 -06:00
Caleb Doxsey
636b3d6846
databroker: add options for maximum capacity (#2095) 
* databroker: add options

* implement redis

* add trace for enforce options
 2021-04-26 17:14:54 -06:00
Caleb Doxsey
b3216ae854
httputil: fix SPDY support with reverse proxy (#2134) 2021-04-26 14:45:07 -06:00
Caleb Doxsey
008bda99e2
envoyconfig: fix metrics ingress listener name (#2124) 2021-04-26 07:49:48 -06:00
Caleb Doxsey
22f6a2207b
envoy: re-implement recommended defaults (#2123) 2021-04-23 14:54:13 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Travis Groth
ebfbdb721b
config: don't change address value on databroker or authorize (#2092) 2021-04-16 10:46:32 -04:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00
Caleb Doxsey
f760cdece5
envoyconfig: move most bootstrap config to shared package (#2088) 2021-04-14 12:07:49 -06:00
Caleb Doxsey
1dcccf2b56
envoy: refactor controlplane xds to new envoyconfig package (#2086) 2021-04-13 13:51:44 -06:00
Caleb Doxsey
8924b1a5fc
config: use tls_custom_ca from policy if available (#2077) 2021-04-09 12:26:46 -06:00
Caleb Doxsey
9de340b48b
cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00
Caleb Doxsey
d8f11dcb91
proxy: support re-proxying request through control plane for kubernetes (#2051) 
* proxy: support re-proxying request from envoy for kubernetes

* encrypt policy id for reproxy, implement tls options

* add comment, use hmac

* use httputil handler and error

* remove reproxy headers on all incoming request

* only allow re-proxying for kubernetes, strip headers

* fix tests
 2021-04-06 12:08:09 -06:00
Caleb Doxsey
f4c4fe314a
authorize: audit logging (#2050) 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
 2021-04-05 09:58:55 -06:00
Travis Groth
c7d243d742
proxy: restrict programmatic URLs to localhost (#2049) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-01 10:04:49 -04:00
contrun
9980206073
change require_proxy_protocol to use_proxy_protocol (#2043) 
I set `use_proxy_protocol` to be true in my yaml config. Envoy didn't use proxy protocol albeit. Both the documents and https://github.com/pomerium/pomerium/pull/1777 hint the name should be use_proxy_protocol.
 2021-03-31 07:40:31 -06:00
wasaga
c27cd9030d
support host:port in metrics_address (#2042) 2021-03-30 18:54:33 -04:00
Caleb Doxsey
e2ebef44ef
telemetry: add installation id (#2017) 
* telemetry: add installation id

* set installation id globally

* remove unneeded changes
 2021-03-24 07:22:54 -06:00
Caleb Doxsey
853d2dd478
config: use getters for certificates (#2001) 
* config: use getters for certificates

* update log message
 2021-03-23 08:02:50 -06:00
ntoofu
fee4979246
Add xff_num_trusted_hops config option (#2003) 
* Add `xff_num_trusted_hops` config option

* Fix code formatting with gofmt

* Update docs for `xff_num_trusted_hops`
 2021-03-22 10:30:20 -06:00
Caleb Doxsey
3690a32855
config: use getters for authenticate, signout and forward auth urls (#2000) 2021-03-19 14:49:25 -06:00
Caleb Doxsey
23bc3f979f
config: add headers to config proto (#1996) 2021-03-19 08:06:01 -06:00
Caleb Doxsey
46ae3cf358
add rewrite_response_headers to protobuf (#1962) 2021-03-05 13:57:27 -07:00
Caleb Doxsey
7f6107051f
config: add rewrite_response_headers option (#1961) 
* add lua script to rewrite response headers

* add policy config

* update docs
 2021-03-05 09:40:17 -07:00
Caleb Doxsey
f396c2a0f7
config: log config source changes (#1959) 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
e9083b6dad
config: expose viper policy hooks (#1947) 2021-02-25 10:12:51 -07:00
Caleb Doxsey
a825b06014
metrics: add TLS options (#1939) 
* move metrics listener to envoy

* add metrics tls options

* add test

* update docs

* update config proto

* add function to validate metric addr

* fix validation
 2021-02-24 09:42:53 -07:00
wasaga
de55199a70
use build_info as liveness gauge metric (#1940) 2021-02-24 10:57:31 -05:00
bobby
9c7958b66f
middleware: equalize lengths of input (#1934) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-23 08:31:17 -08:00
Travis Groth
e56fb38cb5
config: fix redirect routes from protobuf (#1930) 2021-02-22 18:10:50 -05:00