3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 03:16:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
2184 commits 158 branches 125 tags 103 MiB
Commit graph

61 commits

Author SHA1 Message Date
Caleb Doxsey
efd609f6ce
config: add idp_client_id and idp_client_secret to protobuf (#3060) 2022-02-18 08:55:31 -07:00
Caleb Doxsey
99b9a3ee12
authorize: add support for passing access or id token upstream (#3047) 
* authorize: add support for passing access or id token upstream

* use an enum
 2022-02-17 09:28:31 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
ace5bbb89a
config: fix policy matching for regular expressions (#2966) 
* config: fix policy matching for regular expressions

* compile regex in validate, add test

* fix test
 2022-01-25 08:48:40 -07:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Denis Mishin
55fec9b51b
add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
Caleb Doxsey
63ee30d69c
options: remove refresh_cooldown, add allow_spdy to proto (#2446) 2021-08-06 10:06:57 -06:00
Caleb Doxsey
0620cfdc50
config: add support for embedded PPL policy (#2401) 2021-07-27 13:44:10 -06:00
Caleb Doxsey
ca8205f0b4
config: add warning about http URLs (#2358) 2021-07-13 11:12:03 -06:00
wasaga
3073146ff2
fix: timeout field in protobuf, add websocket tests 2021-07-07 12:06:56 -04:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
c489391bbf
ppl: convert config policy to ppl (#2218) 2021-05-19 12:42:36 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
Caleb Doxsey
d8f11dcb91
proxy: support re-proxying request through control plane for kubernetes (#2051) 
* proxy: support re-proxying request from envoy for kubernetes

* encrypt policy id for reproxy, implement tls options

* add comment, use hmac

* use httputil handler and error

* remove reproxy headers on all incoming request

* only allow re-proxying for kubernetes, strip headers

* fix tests
 2021-04-06 12:08:09 -06:00
Caleb Doxsey
46ae3cf358
add rewrite_response_headers to protobuf (#1962) 2021-03-05 13:57:27 -07:00
Caleb Doxsey
7f6107051f
config: add rewrite_response_headers option (#1961) 
* add lua script to rewrite response headers

* add policy config

* update docs
 2021-03-05 09:40:17 -07:00
Travis Groth
e56fb38cb5
config: fix redirect routes from protobuf (#1930) 2021-02-22 18:10:50 -05:00
Caleb Doxsey
25b697a13d
authorize: allow access by user id (#1850) 2021-02-03 07:15:44 -07:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
wasaga
66ff2cdaba
cluster name (#1834) 2021-01-29 16:55:38 -05:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
wasaga
19d78cb844
include envoy's proto specs into config.proto (#1817) 2021-01-25 13:15:50 -05:00
wasaga
3a505d5573
expose envoy cluster options in policy (#1804) 2021-01-25 09:49:03 -05:00
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
Caleb Doxsey
ad828c6e84
add support for TCP routes (#1695) 2020-12-16 13:09:48 -07:00
bobby
652e8bb3d3
deps: update hashstructure v2 (#1632) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 16:53:21 -08:00
Philip Wassermann
85a5961e5e
authorize: add allow_any_authenticated_user policy (#1515) 2020-11-05 11:20:50 -07:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Travis Groth
fbb367d393
config: omit empty subpolicies in yaml/json (#1229) 2020-08-07 14:43:28 -04:00
Travis Groth
7a53e6bb42
proxy: add support for spdy upgrades (#1203) 2020-08-04 13:26:14 -04:00
Travis Groth
01d0f7de6e
config: additional kubernetes token source support (#1200) 2020-08-04 09:40:51 -04:00
Caleb Doxsey
504197d83b
custom rego in databroker (#1124) 
* add support for sub policies

* add support for sub policies

* update authz rego policy to support sub policies
 2020-07-22 10:44:05 -06:00
Caleb Doxsey
b79e73b8b8
config: add support for policies stored in the databroker (#1099) 
* wip

* always use databroker config source

* add test

* valid policy, remove debug lines
 2020-07-17 10:35:29 -06:00
Caleb Doxsey
96424dac0f
implement google cloud serverless authentication (#1080) 
* add google cloud serverless support

* force ipv4 for google cloud serverless

* disable long line linting

* fix destination hostname

* add test

* add support for service accounts

* fix utc time in test
 2020-07-16 08:25:14 -06:00
Caleb Doxsey
a70254ab76
kubernetes apiserver integration (#1063) 
* sessions: support bearer tokens in authorization

* wip

* remove dead code

* refactor signed jwt code

* use function

* update per comments

* fix test
 2020-07-14 08:33:24 -06:00
Caleb Doxsey
fae02791f5
cryptutil: move to pkg dir, add token generator (#1029) 
* cryptutil: move to pkg dir, add token generator

* add gitignored files

* add tests
 2020-06-30 15:55:33 -06:00
Cuong Manh Le
65150f2c3d
docs: document preserve_host_header with policy routes to static ip (#1024) 
Fixes #1012
 2020-06-30 14:26:08 +07:00
Cuong Manh Le
8d0deb0732
config: add PassIdentityHeaders option (#903) 
Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.

Fixes #702
 2020-06-22 10:29:44 +07:00
Travis Groth
ee2170f5f5
config: add a consistent route ID (#905) 2020-06-16 09:20:18 -04:00
Cuong Manh Le
4d5edb0d64
Feature/remove request headers (#822) 
* config: add RemoveRequestHeaders

Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.

This is also a preparation for future PRs to implement disable user
identity in request headers feature.

* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
 2020-06-03 07:46:51 -07:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Ogundele Olumide
75f4dadad6
identity/provider: implement generic revoke method (#595) 
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-21 14:40:33 -07:00