3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 03:46:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 158 branches 125 tags 103 MiB
Commit graph

439 commits

Author SHA1 Message Date
Alex
fc21579e4b
Fix typos (#3575) 
typos
 2022-08-30 15:51:40 -07:00
Caleb Doxsey
e5ac784cf4
autocert: add support for ACME TLS-ALPN (#3590) 
* autocert: add support for ACME TLS-ALPN

* always re-create acme tls server
 2022-08-29 16:19:20 -06:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
3c63b6c028
authorize: add policy error details for custom error messages (#3542) 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
 2022-08-09 14:46:31 -06:00
dependabot[bot]
60b9f3d92d
chore(deps): bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 (#3541) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.47.3 to 1.48.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.47.3...v1.48.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix linting issues

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-08-09 08:25:57 -06:00
dependabot[bot]
92a9251cde
chore(deps): bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 (#3499) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.46.2 to 1.47.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.2...v1.47.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* disable slowloris test

* fix lint

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-07-29 09:57:12 -06:00
Caleb Doxsey
89a105c8e6
authorize: add request id to context (#3497) 
* authorize: add request id to context

* fix context keys
 2022-07-26 14:34:48 -06:00
Caleb Doxsey
0b48da1e2f
databroker: support rotating shared secret (#3502) 
* databroker: support rotating shared secret

* fix test

* run tests on linux

* fix tests

* fix typo

* increase timeout
 2022-07-26 10:59:54 -06:00
Denis Mishin
a7483bd035
add lease name to the log (#3498) 2022-07-25 16:04:41 -04:00
Caleb Doxsey
1afbc6e9c4
options: fix overlapping certificate test (#3492) 2022-07-20 13:38:52 -06:00
Caleb Doxsey
fe61a74e1b
authorize: fix device synchronization (#3482) 2022-07-15 17:27:06 -06:00
Caleb Doxsey
24a9d627cd
postgres: registry support (#3454) 2022-07-13 09:14:47 -06:00
Denis Mishin
f67b33484b
add metrics aggregation (#3452) 2022-06-30 10:52:45 -04:00
Caleb Doxsey
1727d178ef
postgres: fix record deletion (#3446) 2022-06-24 09:32:44 -06:00
Caleb Doxsey
8699e36b64
cmd: remove test (#3442) 2022-06-21 11:08:15 -06:00
Denis Mishin
d1037d784a
allow pomerium to be embedded as a library (#3415) 2022-06-15 20:29:19 -04:00
Caleb Doxsey
45a29ea879
databroker: add support for syncing by type (#3412) 
* databroker: add support for syncing by type

* add type url, fix query
 2022-06-13 09:52:13 -06:00
Caleb Doxsey
a2d5d8062b
postgres: use CTE and GENERATED version number instead of serialized transaction (#3408) 
* postgres: use CTE and GENERATED version number instead of serialized transaction

* update server version

* fix indexing CIDRs
 2022-06-09 12:18:20 -06:00
Caleb Doxsey
493148b13f
authorize: fix not found check (#3410) 2022-06-08 09:15:57 -06:00
Caleb Doxsey
dafead3122
postgres: fix CIDR query (#3389) 2022-06-03 12:32:01 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Caleb Doxsey
1c2aad2de6
postgres: databroker storage backend (#3370) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* databroker: add support for query filtering

* fill server and record version

* postgres: databroker storage backend

* wip

* serialize puts

* add test

* skip tests for macos

* add test

* return error from protojson

* set data

* exclude postgres from cover tests
 2022-05-25 10:23:58 -06:00
Caleb Doxsey
994faba0c8
databroker: add support for query filtering (#3369) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* databroker: add support for query filtering

* fill server and record version

* add test checks

* add explanation to query filter error
 2022-05-19 09:07:32 -06:00
Caleb Doxsey
1669b601ea
storage: add filtering to SyncLatest (#3368) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* fix stream filter
 2022-05-17 16:00:23 -06:00
Caleb Doxsey
70f5d8b173
storage: add filter expressions, upgrade go to 1.18.1 (#3365) 
* storage: add filter expressions

* upgrade go
 2022-05-16 20:09:50 -06:00
Caleb Doxsey
2e1366c417
databroker: fix in-memory backend deadlock (#3300) 2022-04-27 15:33:29 -04:00
Caleb Doxsey
f73c5c615f
databroker: add support for putting multiple records (#3291) 
* databroker: add support for putting multiple records

* add OptimumPutRequestsFromRecords function

* replace GetAll with SyncLatest

* fix stream when there are no records
 2022-04-26 16:41:38 -06:00
Caleb Doxsey
25a7afd6e6
ppl: support . in object_get paths (#3263) 2022-04-11 09:24:39 -06:00
Caleb Doxsey
761c17b8ac
grpc: wait for connect to be ready before making calls (#3253) 
* grpc: wait for connect to be ready before making calls

* make sure to stop the ticker
 2022-04-08 12:18:52 -06:00
Denis Mishin
443f4a01f5
add databroker multi lease handlers (#3255) 2022-04-08 13:31:49 -04:00
Caleb Doxsey
b79f1e379f
config: add support for downstream TLS server name (#3243) 
* config: add support for downstream TLS server name

* fix whitespace

* fix whitespace

* add docs

* add tls_upstream_server_name and tls_downstream_server_name to config

* Update docs/reference/settings.yaml

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* Update docs/reference/readme.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* add deprecation notice

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2022-04-06 06:48:45 -07:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
a243056cfa
Revert "databroker: add support for field masks on Put (#3210)" (#3217) 
This reverts commit 2dc778035d.
 2022-03-31 11:17:57 -04:00
Caleb Doxsey
2dc778035d
databroker: add support for field masks on Put (#3210) 
* databroker: add support for field masks on Put

* return errors

* clean up go.mod
 2022-03-29 16:36:40 -06:00
Caleb Doxsey
8fc5dbf4c5
grpc: regenerate protobuf code (#3208) 2022-03-29 15:18:10 -06:00
Caleb Doxsey
9e4edb8003
protoutil: add support for converting arbitrary protobuf messages into structs (#3106) 2022-03-08 12:21:22 -07:00
Caleb Doxsey
aaff52fc61
databroker: use contextual logging for errors, use original record type for encryption (#3096) 2022-03-04 14:40:15 -05:00
Caleb Doxsey
1342523cda
grpc: remove ptypes references (#3078) 2022-02-24 08:37:59 -07:00
Caleb Doxsey
38c7089642
userinfo: fix logout button, add sign out confirm page (#3058) 
* userinfo: fix logout button, add sign out confirm page

* fix test
 2022-02-23 08:15:00 -07:00
Caleb Doxsey
efd609f6ce
config: add idp_client_id and idp_client_secret to protobuf (#3060) 2022-02-18 08:55:31 -07:00
Caleb Doxsey
99b9a3ee12
authorize: add support for passing access or id token upstream (#3047) 
* authorize: add support for passing access or id token upstream

* use an enum
 2022-02-17 09:28:31 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Denis Mishin
ac9e086691
last known metric error (#2974) 2022-01-31 12:35:51 -05:00
Caleb Doxsey
64ee7eca5c
directory: save IDP errors to databroker, put event handling in dedicated package (#2957) 2022-01-28 15:15:32 -07:00
Caleb Doxsey
9f4fc986ee
devices: shrink credentials by removing unnecessary data (#2951) 2022-01-21 09:32:33 -07:00
dependabot[bot]
9916db2ed7
chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0 (#2911) 
* chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-01-14 12:13:33 -07:00
Caleb Doxsey
4583ecc730
devices: treat undefined device types as any (#2927) 2022-01-12 11:04:35 -07:00
Caleb Doxsey
5b9a981191
handle device states in deny block, fix default device type (#2919) 
* handle device states in deny block, fix default device type

* fix tests
 2022-01-11 11:56:54 -07:00
Caleb Doxsey
49fb00c895
envoy: check certificates for must-staple flag and drop them if they are missing the response (#2909) 
* envoy: check certificates for must-staple flag and drop them if they are missing the response

* Update config/envoyconfig/tls_test.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2022-01-10 10:51:56 -07:00