3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-18 02:32:46 +02:00
Code Issues Projects Releases Packages Wiki Activity
2090 commits 164 branches 127 tags 106 MiB
Commit graph

582 commits

Author SHA1 Message Date
Caleb Doxsey
f396c2a0f7
config: log config source changes (#1959) 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
a825b06014
metrics: add TLS options (#1939) 
* move metrics listener to envoy

* add metrics tls options

* add test

* update docs

* update config proto

* add function to validate metric addr

* fix validation
 2021-02-24 09:42:53 -07:00
wasaga
de55199a70
use build_info as liveness gauge metric (#1940) 2021-02-24 10:57:31 -05:00
bobby
cdcb65b77c
ci: go 1.16.x, cached tests (#1937) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-23 11:39:52 -08:00
Caleb Doxsey
138df5ae24
identity: record metric for last refresh (#1936) 2021-02-23 10:08:01 -07:00
Caleb Doxsey
218acc001b
autocert: remove non-determinism (#1932) 
* autocert: remove non-determinism

* try sorting coverage
 2021-02-23 08:56:11 -08:00
bobby
9c7958b66f
middleware: equalize lengths of input (#1934) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-23 08:31:17 -08:00
Caleb Doxsey
8b42eb5ebd
config: add metrics_basic_auth option (#1917) 
* config: add metrics_basic_auth option

* remove println

* use constant time compare
 2021-02-22 13:37:18 -07:00
Caleb Doxsey
03d8ffaee2
google: fix default provider URL (#1928) 2021-02-22 11:21:16 -07:00
Caleb Doxsey
5d60cff21e
databroker: refactor databroker to sync all changes (#1879) 
* refactor backend, implement encrypted store

* refactor in-memory store

* wip

* wip

* wip

* add syncer test

* fix redis expiry

* fix linting issues

* fix test by skipping non-config records

* fix backoff import

* fix init issues

* fix query

* wait for initial sync before starting directory sync

* add type to SyncLatest

* add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest

* update sync types and tests

* add redis tests

* skip macos in github actions

* add comments to proto

* split getBackend into separate methods

* handle errors in initVersion

* return different error for not found vs other errors in get

* use exponential backoff for redis transaction retry

* rename raw to result

* use context instead of close channel

* store type urls as constants in databroker

* use timestampb instead of ptypes

* fix group merging not waiting

* change locked names

* update GetAll to return latest record version

* add method to grpcutil to get the type url for a protobuf type
 2021-02-18 15:24:33 -07:00
Caleb Doxsey
b1871b0f2e
envoy: validate binary checksum (#1908) 
* envoy: validate binary checksum

* address comments

* change to info

* fix order
 2021-02-18 15:22:46 -07:00
wasaga
c02223a8f0
fix flaky registry test (#1911) 2021-02-17 20:17:42 -05:00
wasaga
d04416a5fd
in-memory service registry (#1892) 2021-02-17 14:28:54 -05:00
Caleb Doxsey
64d247cfeb
onelogin: fix default scopes for v2 (#1896) 2021-02-17 08:51:13 -07:00
Caleb Doxsey
5be71b8e07
xds: fix misdirected script (#1895) 2021-02-16 14:57:21 -07:00
Yuchen Ying
51be8ffd76
remove unused internal/protoutil (#1893) 2021-02-16 13:54:38 -08:00
Caleb Doxsey
eb08658cfc
logs: strip query string (#1894) 2021-02-16 14:23:52 -07:00
bobby
c3e3ed9b50
authenticate: validate origin of signout (#1876) 
* authenticate: validate origin of signout

- add a debug task to kill envoy
- improve various function docs
- userinfo: return "error" page if user is logged out without redirect uri set
- remove front channel logout. There's little difference between it, and the signout function.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-11 21:37:54 -08:00
Caleb Doxsey
963399b53d
proxy: implement pass-through for authenticate backend (#1870) 
* proxy: implement pass-through for authenticate backend

* address comments
 2021-02-09 14:03:54 -07:00
Caleb Doxsey
4bf5179bb6
controlplane: maybe fix flaky test (#1873) 2021-02-09 13:52:20 -07:00
Caleb Doxsey
9f6dc78798
config: allow customization of envoy boostrap admin options (#1872) 2021-02-09 11:29:58 -07:00
bobby
a38913925d
controlplane: add global headers to virtualhost (#1861) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 12:30:45 -08:00
bobby
fcd8c3644f
options: header only applies to routes and authN (#1862) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 11:05:33 -08:00
wasaga
7b06d37913
unique envoy cluster ids (#1858) 2021-02-08 13:52:09 -05:00
renovate[bot]
2dc0be2ec9
chore(deps): update module auth0 to v5 (#1868) 
* chore(deps): update module auth0 to v5

* fix v4->v5

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-02-08 08:50:15 -07:00
Caleb Doxsey
b7f0242090
authorize: remove admin (#1833) 
* authorize: remove admin

* regen rego

* add note to upgrading
 2021-02-01 15:22:02 -07:00
Caleb Doxsey
a5a3ab55fc
xds: fix always requiring client certificates (#1844) 
* xds: fix always requiring client certificates

* break early
 2021-02-01 12:44:22 -07:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
renovate[bot]
9cee50a12c
chore(deps): update module google.golang.org/api to v0.38.0 (#1656) 
* chore(deps): update module google.golang.org/api to v0.38.0

* fix google api tests

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-02-01 07:18:56 -07:00
wasaga
66ff2cdaba
cluster name (#1834) 2021-01-29 16:55:38 -05:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
Caleb Doxsey
bec98051ae
config: return errors on invalid URLs, fix linting (#1829) 2021-01-27 07:58:30 -07:00
Caleb Doxsey
a8a703218f
return errors in xds build methods (#1827) 2021-01-26 14:40:39 -07:00
Caleb Doxsey
5e3aa91f23
authenticate: delay evaluation of OIDC provider (#1802) 
* authenticate: delay evaluation of OIDC provider

* add additional error message

* address comments
 2021-01-26 09:20:56 -07:00
Caleb Doxsey
a14b65ec3f
controlplane: only add listener virtual domains for addresses matching the current TLS domain (#1823) 2021-01-26 09:01:24 -07:00
Caleb Doxsey
84e8f6cc05
config: fix databroker policies (#1821) 2021-01-25 17:18:50 -07:00
Caleb Doxsey
bcc8c17855
controlplane: only enable STATIC dns when all adresses are IP addresses (#1822) 2021-01-25 15:49:58 -07:00
wasaga
3a505d5573
expose envoy cluster options in policy (#1804) 2021-01-25 09:49:03 -05:00
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
0adb9e5dde
move file change detection before autocert (#1793) 2021-01-20 16:01:43 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
0bc598f952
Revert "reduce memory usage by handling http/2 coalescing via a lua script (#1779)" (#1785) 
This reverts commit b2ceaa9e91.
 2021-01-19 13:55:30 -07:00
bobby
4f78a9b301
chore(deps): update oidc to v3 (#1783) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-01-19 08:26:48 -08:00
Caleb Doxsey
b2ceaa9e91
reduce memory usage by handling http/2 coalescing via a lua script (#1779) 
* add support for proxy protocol on HTTP listener (#1777)

* add support for proxy protocol on HTTP listener

* rename option, add doc

* reduce memory usage by handling http/2 coalescing via a lua script

* move script to file

* use wellknown

* fix integration test
 2021-01-19 08:45:28 -07:00
Caleb Doxsey
09747aa3ba
add support for proxy protocol on HTTP listener (#1777) 
* add support for proxy protocol on HTTP listener

* rename option, add doc
 2021-01-19 05:56:58 -07:00