3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 11:56:02 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 158 branches 125 tags 103 MiB
Commit graph

439 commits

Author SHA1 Message Date
wasaga
744e2c7993
xds: only tag contexts used for UpdateRecords (#2269) 2021-06-04 14:01:25 -04:00
Caleb Doxsey
d705b219ea
redis: enforce capacity via ZREVRANGE to avoid race (#2267) 2021-06-04 07:03:55 -06:00
dependabot[bot]
e9ffc5fde3
chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0 (#2231) 
* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* fix UpdateState method

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-05-24 09:33:53 -06:00
Caleb Doxsey
96b9702ee3
ppl: add data type, implement string and list matchers (#2228) 
* ppl: add data type, implement string and list matchers

* update policy converter
 2021-05-21 11:28:41 -06:00
Caleb Doxsey
bdccd4f785
ppl: bubble up values, bug fixes (#2213) 2021-05-18 14:01:36 -06:00
Caleb Doxsey
e138054cb9
Pomerium Policy Language (#2202) 
* policy: add parser and generator for Pomerium Policy Language

* add criteria

* add additional criteria
 2021-05-17 15:30:51 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
wasaga
1ac93c2d3a
telemetry: add hostname tag to metrics (#2191) 2021-05-11 17:58:02 -04:00
Caleb Doxsey
94aa0b1a48
databroker: implement leases (#2172) 
* databroker: implement leases

* return error

* handle gRPC errors
 2021-05-10 13:30:25 -06:00
Caleb Doxsey
a54d43b937
registry: implement redis backend (#2179) 2021-05-10 10:33:37 -06:00
Caleb Doxsey
aeece76928
databroker: store issued at timestamp with session (#2173) 2021-05-04 10:09:14 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
wasaga
129df47f9c
xds extended event (#2158) 2021-05-03 12:28:11 -04:00
Caleb Doxsey
b5b1013947
config: add client_crl (#2157) 
* config: add client_crl

* address comments

* add ignored file
 2021-04-30 14:36:32 -06:00
Caleb Doxsey
699ebf061a
config: add support for codec_type (#2156) 
* config: add support for codec_type

* add comma

* fix warning block

* fix docs
 2021-04-30 07:21:40 -06:00
Caleb Doxsey
0adbf4f24c
controlplane: save configuration events to databroker (#2153) 
* envoy: save events to databroker

* controlplane: add tests for envoy configuration events

* format imports
 2021-04-29 15:51:46 -06:00
Caleb Doxsey
c85c8b0778
authorize: refactor store locking (#2151) 
* authorize: refactor store locking

* fix nil reference panic
 2021-04-29 08:37:27 -06:00
Caleb Doxsey
91c7dc742f
databroker: store server version in backend (#2142) 2021-04-28 09:12:52 -06:00
wasaga
1b698053f6
let pass custom grpc dial opts (#2144) 2021-04-27 18:26:27 -04:00
Caleb Doxsey
636b3d6846
databroker: add options for maximum capacity (#2095) 
* databroker: add options

* implement redis

* add trace for enforce options
 2021-04-26 17:14:54 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00
wasaga
0e66619081
do not require project be in GOPATH/src (#2078) 2021-04-12 09:43:05 -04:00
wasaga
6aa716bc95
propagate changes back from encrypted backend (#2079) 2021-04-12 09:42:45 -04:00
Caleb Doxsey
aeb8aaf9cd
directory: remove provider from user id (#2068) 2021-04-07 15:06:08 -06:00
Caleb Doxsey
a51c7140ea
cryptutil: use bytes for hmac (#2067) 2021-04-07 14:57:24 -06:00
wasaga
a935c1ba30
config related metrics (#2065) 2021-04-07 12:29:36 -07:00
Caleb Doxsey
9de340b48b
cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00
Caleb Doxsey
294addd857
databroker: remove unused installation id, close streams when backend is closed (#2062) 2021-04-06 13:41:19 -06:00
Caleb Doxsey
8a2af8029b
authorize: additional tracing, add benchmark for encryptor (#2059) 2021-04-05 12:55:16 -06:00
Caleb Doxsey
f4c4fe314a
authorize: audit logging (#2050) 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
 2021-04-05 09:58:55 -06:00
Travis Groth
c7d243d742
proxy: restrict programmatic URLs to localhost (#2049) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-01 10:04:49 -04:00
Caleb Doxsey
d7ab817de7
authorize: add databroker server and record version to result, force sync via polling (#2024) 
* authorize: add databroker server and record version to result, force sync via polling

* wrap inmem store to take read lock when grabbing databroker versions

* address code review comments

* reset max to 0
 2021-03-31 10:09:06 -06:00
wasaga
8f97b0d6ee
skip redis cluster on non-linux systems (#2045) 2021-03-31 10:42:49 -04:00
wasaga
80c55dd50c
databroker: return server version in Get (#2039) 2021-03-29 13:18:38 -04:00
Caleb Doxsey
5a33012950
protoutil: add generic transformer (#2023) 2021-03-26 09:59:38 -06:00
Caleb Doxsey
dda6a9af60
cryptutil: add envelope encryption w/key encryption key and data encryption key (#2020) 
* cryptutil: add envelope encryption w/key encryption key and data encryption key

* use randomBytes, derive kek id, add tests

* add comment about lru error
 2021-03-26 06:57:35 -06:00
Caleb Doxsey
4cc697ace4
autocert: add metrics for renewal count, total and next expiration (#2019) 2021-03-25 08:03:04 -06:00
Caleb Doxsey
e2ebef44ef
telemetry: add installation id (#2017) 
* telemetry: add installation id

* set installation id globally

* remove unneeded changes
 2021-03-24 07:22:54 -06:00
ntoofu
fee4979246
Add xff_num_trusted_hops config option (#2003) 
* Add `xff_num_trusted_hops` config option

* Fix code formatting with gofmt

* Update docs for `xff_num_trusted_hops`
 2021-03-22 10:30:20 -06:00
Caleb Doxsey
23bc3f979f
config: add headers to config proto (#1996) 2021-03-19 08:06:01 -06:00
Caleb Doxsey
77fe37c8c0
redis: add redis cluster support (#1992) 
* redis: add redis cluster support

* redis: update docs
 2021-03-17 13:48:41 -06:00
Caleb Doxsey
975b56d2d2
redis: add support for redis-sentinel (#1991) 
* redis: add support for redis-sentinel

* try setting hostname

* try using container ips

* try the default network

* use container ip address
 2021-03-16 16:45:08 -06:00
Caleb Doxsey
46ae3cf358
add rewrite_response_headers to protobuf (#1962) 2021-03-05 13:57:27 -07:00
Caleb Doxsey
f396c2a0f7
config: log config source changes (#1959) 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
a825b06014
metrics: add TLS options (#1939) 
* move metrics listener to envoy

* add metrics tls options

* add test

* update docs

* update config proto

* add function to validate metric addr

* fix validation
 2021-02-24 09:42:53 -07:00
wasaga
de55199a70
use build_info as liveness gauge metric (#1940) 2021-02-24 10:57:31 -05:00
Caleb Doxsey
8b42eb5ebd
config: add metrics_basic_auth option (#1917) 
* config: add metrics_basic_auth option

* remove println

* use constant time compare
 2021-02-22 13:37:18 -07:00
Caleb Doxsey
5d60cff21e
databroker: refactor databroker to sync all changes (#1879) 
* refactor backend, implement encrypted store

* refactor in-memory store

* wip

* wip

* wip

* add syncer test

* fix redis expiry

* fix linting issues

* fix test by skipping non-config records

* fix backoff import

* fix init issues

* fix query

* wait for initial sync before starting directory sync

* add type to SyncLatest

* add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest

* update sync types and tests

* add redis tests

* skip macos in github actions

* add comments to proto

* split getBackend into separate methods

* handle errors in initVersion

* return different error for not found vs other errors in get

* use exponential backoff for redis transaction retry

* rename raw to result

* use context instead of close channel

* store type urls as constants in databroker

* use timestampb instead of ptypes

* fix group merging not waiting

* change locked names

* update GetAll to return latest record version

* add method to grpcutil to get the type url for a protobuf type
 2021-02-18 15:24:33 -07:00