3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 19:36:32 +02:00
Code Issues Projects Releases Packages Wiki Activity
2184 commits 160 branches 125 tags 103 MiB
Commit graph

593 commits

Author SHA1 Message Date
Caleb Doxsey
2dc778035d
databroker: add support for field masks on Put (#3210) 
* databroker: add support for field masks on Put

* return errors

* clean up go.mod
 2022-03-29 16:36:40 -06:00
dependabot[bot]
8d8d82fa4d
chore(deps): bump github.com/caddyserver/certmagic from 0.15.4 to 0.16.0 (#3198) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.15.4 to 0.16.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.15.4 to 0.16.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.15.4...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update dependency names

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-03-28 12:46:17 -06:00
Caleb Doxsey
69ba511c64
authenticate: fix internal url with webauthn (#3194) 2022-03-28 06:36:48 -06:00
Caleb Doxsey
75a037b901
try pinning docker dependency (#3185) 
* try pinning docker dependency

* pin deps
 2022-03-23 13:47:35 -06:00
Caleb Doxsey
7d00ad9b7d
remove version (#3184) 2022-03-23 11:51:24 -06:00
Caleb Doxsey
a65024f8fe
github: fix missing groups (#3171) 2022-03-22 12:07:42 -06:00
Caleb Doxsey
f894205d08
directory: support non-base64 encoded service accounts (#3150) 2022-03-14 14:38:41 -06:00
Caleb Doxsey
aaff52fc61
databroker: use contextual logging for errors, use original record type for encryption (#3096) 2022-03-04 14:40:15 -05:00
JBodkin-Amphora
8567b56b8d
Extract email for active directory users that don't have access to exchange (#3053) 2022-03-04 13:18:39 -05:00
Caleb Doxsey
1342523cda
grpc: remove ptypes references (#3078) 2022-02-24 08:37:59 -07:00
Caleb Doxsey
38c7089642
userinfo: fix logout button, add sign out confirm page (#3058) 
* userinfo: fix logout button, add sign out confirm page

* fix test
 2022-02-23 08:15:00 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
46c4d5fa7e
session: remove unused session state properties (#3022) 
* fix error page

* share dashboard code

* sessions: remove unused session state properties

* remove programmatic

* remove version
 2022-02-09 10:59:06 -07:00
Caleb Doxsey
0898dd4f34
proxy: fix error page (#3020) 
* fix error page

* proxy: fix error page

* share dashboard code

* fix test
 2022-02-09 09:14:24 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Caleb Doxsey
7757988015
controlplane: add compression middleware (#3000) 2022-02-03 16:33:49 -07:00
Caleb Doxsey
d1c4c55fd9
auth0: support explicit domains in the service account (#2980) 
* auth0: support explicit domains in the service account

* also handle FromOptions
 2022-02-02 08:58:05 -07:00
Denis Mishin
ac9e086691
last known metric error (#2974) 2022-01-31 12:35:51 -05:00
Caleb Doxsey
64ee7eca5c
directory: save IDP errors to databroker, put event handling in dedicated package (#2957) 2022-01-28 15:15:32 -07:00
Caleb Doxsey
ace5bbb89a
config: fix policy matching for regular expressions (#2966) 
* config: fix policy matching for regular expressions

* compile regex in validate, add test

* fix test
 2022-01-25 08:48:40 -07:00
cfanbo
e83c7f971b
fix: frontend html tag mismatch (#2954) 2022-01-24 20:18:35 -05:00
Caleb Doxsey
ed6c3e5087
google: support groups for users outside of the organization (#2950) 
* google: support groups for users outside of the organization

* wrap error
 2022-01-21 09:36:32 -07:00
Sylvain Rabot
6574926c42
Remove spurious </ul> tags (#2946) 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2022-01-20 10:01:44 -07:00
Denis Mishin
6b26f58e4f
return explicit error when directory sync is disabled (#2949) 2022-01-19 17:02:49 -05:00
dependabot[bot]
58ca681f40
chore(deps): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible (#2910) 
* chore(deps): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible

Bumps [github.com/go-chi/chi](https://github.com/go-chi/chi) from 1.5.4 to 4.1.2+incompatible.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v1.5.4...v4.1.2)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade chi

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-01-10 10:50:11 -07:00
Caleb Doxsey
9330f6b0ac
authenticate: add device-enrolled page (#2892) 
* authenticate: add device-enrolled page

* remove device credential id from page
 2022-01-06 10:01:12 -07:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Denis Mishin
c19dd80fe6
more idp metrics (#2842) 2021-12-22 17:30:16 -05:00
Caleb Doxsey
0ee6a72c02
dashboard: add confirmation dialog, fix button in firefox (#2841) 2021-12-21 14:12:41 -07:00
Caleb Doxsey
70e0e866fc
devices: add experimental icon (#2836) 2021-12-20 14:26:03 -07:00
Caleb Doxsey
838c9e3a3d
dashboard: improve display of device credentials, allow deletion (#2829) 
* dashboard: improve display of device credentials, allow deletion

* fix test
 2021-12-20 12:19:54 -07:00
Denis Mishin
5e8fcf8d20
move NewGRPCClientConn to public package (#2826) 2021-12-19 22:10:24 -05:00
cfanbo
8f62b06425
fix: Fixed return description error (#2825) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option
 2021-12-17 08:57:35 -08:00
Denis Mishin
9466d7ef53
rm cli code (#2824) 2021-12-15 16:25:21 -05:00
Denis Mishin
993da5704b
dev build support for darwin-arm64 from envoy tip (#2815) 2021-12-13 11:37:24 -05:00
Caleb Doxsey
5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Travis Groth
54ec88fb93
internal/telemetry: fix grpc server stats (#2811) 2021-12-08 16:13:08 -05:00
Travis Groth
e2e0646f70
Fix IdP client metrics (#2810) 2021-12-08 13:22:53 -05:00
Caleb Doxsey
8331db9a26
envoy: treat configuration errors as fatal (#2777) 2021-12-08 10:39:18 -07:00
Caleb Doxsey
c97dcf7e0f
envoy: add hash policy and routing key for hash-based load balancers (#2791) 
* envoy: add hash policy and routing key for hash-based load balancers

* fix integration test

* fix nginx
 2021-12-01 13:42:12 -07:00
Caleb Doxsey
a8b76bd623
authorize: support X-Pomerium-Authorization in addition to Authorization (#2780) 
* authorize: support X-Pomerium-Authorization in addition to Authorization

* tangentental correction

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-29 12:19:14 -07:00
bobby
1a7c5415e7
identity: only assign access_type uri params to google. (#2782) 
* identity: only assign `access_type` uri params to google.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* bump upgrading

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-11-28 19:01:34 -08:00
Herman Slatman
7812c6985d
Add additional ACME options (#2695) 
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.

Fix ProtoBuf definition for additional autocert options

Fix PR comments and add ACME EAB configuration

Add configuration option for trusted CAs when talking ACME

Fix linter issues

copy edits

render updated reference to docs

Add test for autocert manager configuration

Add tests for autocert configuration options

Fix CI build issues

Don't set empty acme.EAB struct if configuration not set

Remove required email when setting custom CA

When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.

Update generated docs

Fix failing tests by recreation of a new ACMEManager

The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
 2021-11-02 14:44:27 -07:00
Caleb Doxsey
500405512f
dependencies: vendor base58, remove shortuuid (#2739) 
* vendor base58

* remove shortuuid
 2021-11-02 09:23:15 -06:00
Caleb Doxsey
b0f8c055ec
authenticate: always update user record on login (#2719) 
* authenticate: always update user record on login

* identity: fix user refresh

* add test for manager update

* fix time
 2021-11-01 14:18:18 -06:00
Caleb Doxsey
79ec52d354
identity: fix user refresh (#2724) 2021-10-28 14:02:25 -06:00
Caleb Doxsey
1238f0506d
databroker: add additional log for config source (#2718) 2021-10-27 13:02:37 -06:00
Caleb Doxsey
99b905a336
github: use GraphQL API to reduce number of API calls for directory sync (#2715) 
* github: use GraphQL API to reduce number of API calls for directory sync

* fix id encoding

* github: use slug instead of id, update upgrading.md

* Update docs/docs/upgrading.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2021-10-27 11:50:48 -06:00
Caleb Doxsey
d390e80b30
authenticate: add databroker versions to session cookie (#2709) 
* authenticate: add databroker versions to session cookie
authorize: wait for databroker synchronization on updated sessions

* fix test
 2021-10-26 14:45:53 -06:00
Caleb Doxsey
b2c76c3816
grpc: remove peer field from logs (#2712) 2021-10-26 14:43:59 -06:00