3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-18 03:27:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
3593 commits 160 branches 126 tags 104 MiB
Commit graph

847 commits

Author SHA1 Message Date
Travis Groth
06e3f5def5
Fix missing/incorrect grpc labels (#804) 2020-05-29 15:57:58 -04:00
Travis Groth
6761cc7a14
telemetry: service label updates (#802) 2020-05-29 15:16:22 -04:00
Caleb Doxsey
c77b2c6876
authenticate: fix insecure gRPC connection string default port (#795) 2020-05-28 07:47:41 -06:00
Caleb Doxsey
988477c90d
authenticate: fix user-info call for AWS cognito (#792) 2020-05-27 15:37:42 -06:00
Caleb Doxsey
748ab836b6
cache: fix closing too early (#791) 
* cache: fix closing too early

* fix test
 2020-05-27 11:28:08 -06:00
Caleb Doxsey
f6114c288a
xds: add catch-all for pomerium routes (#789) 2020-05-27 09:12:04 -06:00
Caleb Doxsey
17952e3ac5
xds: disable cluster validation to handle out-of-order updates (#783) 2020-05-27 08:02:29 -06:00
Caleb Doxsey
8943c7c17d
xds: lazy-load root ca bundle to avoid log in version command (#778) 2020-05-26 12:00:36 -06:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Bobby DeSimone
39187eb305
state: infer user from subject (#772) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:31:55 -07:00
Travis Groth
aba549a70f
envoy: ensure command line args reflect the current log level (#779) 2020-05-26 11:37:10 -04:00
Caleb Doxsey
dedf4b1428
controlplane: xds unit tests (#770) 
* xds: use plain functions, add unit tests for control plane routes

* xds: add test for grpc routes

* xds: add test for pomerium http routes

* xds: add test for policy routes

* xds: use plain functions

* xds: test get all routeable domains

* xds: add build downstream tls context test

* more tests

* test for client cert

* more tests
 2020-05-25 11:14:07 -06:00
Caleb Doxsey
7b96d2de66
dashboard: inline svgs + css for better forward auth (#771) 2020-05-25 11:12:40 -06:00
Travis Groth
727d4bed9d
envoy: Tracing config improvements (#754) 2020-05-23 18:40:26 -04:00
Benoît Knecht
5c3c020508
sessions/state: Add nickname claim (#755) 
GitLab returns the user name in a `nickname` claim instead of `user`, so make
it available in `sessions.State`.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
 2020-05-22 11:38:27 -07:00
Travis Groth
ca5f68e371
telemetry: Refactor GRPC Server Handler (#756) 
* Refactor GRPC server stats handler location
 2020-05-22 13:36:55 -04:00
Travis Groth
e2a7149c36
telemetry: Remove 'accept-encoding' header from proxied metric requests (#750) 2020-05-22 07:47:37 -04:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Caleb Doxsey
9b82954012
envoy: support ports in hosts for routing (#748) 
* envoy: support ports in hosts for routing

* additional domains
 2020-05-21 12:06:50 -06:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00
Travis Groth
66e4c7d7ca
envoy: Add GRPC stats handler to control plane service (#744) 
* Add GRPC stats handler to control plane service
 2020-05-20 22:26:34 -04:00
Caleb Doxsey
84378440f0
envoy: improvements to logging (#742) 2020-05-20 13:05:41 -06:00
Caleb Doxsey
d2e463e9ef
envoy: add duration and size to access log (#735) 2020-05-19 12:11:48 -06:00
Caleb Doxsey
e30e717942
main: move pomerium main code to an internal cmd package so that it can be called directly from tests (#734) 
* main: move pomerium main code to an internal cmd package so that it can be called directly from tests

* fix test
 2020-05-19 11:17:40 -06:00
Caleb Doxsey
ae0405f11e
envoy: fix lua warning (#731) 2020-05-19 10:21:50 -06:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Caleb Doxsey
1859f6d06b
envoy: switch to STRICT_DNS (#733) 2020-05-19 09:17:05 -06:00
Caleb Doxsey
959c9e8225
envoy: always populate pomerium-authz cluster (#730) 2020-05-19 08:11:12 -06:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
14c27974b9
envoy: enable TLS verification for internal services (#726) 2020-05-18 19:22:50 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache (#698) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Travis Groth
d514ec2ecf Proxy envoy metrics through control plane prometheus endpoint (#709) 
* Proxy metrics requests to envoy control plane
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00
Travis Groth
65bb1501fd deployment: Envoy cross platform improvements (#701) 
* Share processgroup on all platforms

* Fix cross platform release handling
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Travis Groth
0c1ac5a575 Return an error regardless of envoy's exit status (#694) 2020-05-18 17:10:10 -04:00
Travis Groth
f5a9bad3d6 enable ipv6 grpc routing (#692) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
41855e5419 envoy: use envoy request id for logging across systems with http and gRPC (#691) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
593c47f8ac proxy: remove pomerium cookie and authorization from upstream requests (#687) 
* proxy: remove pomerium cookie and authorization from upstream requests

* fix typo
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
af649d3eb0 envoy: implement header and query param session loading (#684) 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
0d9a372182 envoy: implement refresh session (#674) 
* authorize: refresh session WIP

* remove upstream cookie with lua

* only refresh session on expired

* authorize: handle session expiration

* authorize: add refresh test, fix isExpired check

* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers

* authenticate: use id token expiry
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ae3049baca envoy: implement set_request_headers (#673) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
98d2f194a0 authorize: allow CORS preflight requests (#672) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
d92ee8d2a0 proxy: implement preserve host header option (#671) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
3879fe2f2a proxy: add websocket support (#670) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00