3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 04:46:01 +02:00
Code Issues Projects Releases Packages Wiki Activity
2184 commits 159 branches 125 tags 104 MiB
Commit graph

593 commits

Author SHA1 Message Date
Caleb Doxsey
62d6ce8507
telemetry: improve zipkin error logs (#2710) 2021-10-26 14:43:43 -06:00
Caleb Doxsey
3497c39b9b
authorize: add support for webauthn device policy enforcement (#2700) 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
 2021-10-25 09:41:03 -06:00
Denis Mishin
30664cd307
skip configuration updates to the most recent one (#2690) 2021-10-21 11:03:26 -04:00
Caleb Doxsey
1162585471
authenticate: add support for webauthn (#2688) 
* authenticate: add support for webauthn

* remove rfc4648 library due to missing LICENSE

* fix test

* put state function in separate function
 2021-10-20 13:18:34 -06:00
Caleb Doxsey
a7442b1498
pomerium-cli: add support for a custom browser command (#2617) 2021-09-21 08:31:30 -06:00
Caleb Doxsey
2f7a79d4f5
authclient: clone TLS configuration to prevent overriding NextProtos (#2594) 2021-09-13 16:12:26 -06:00
Caleb Doxsey
77ae17d23b
tcptunnel: force the use of HTTP/1.1 during ALPN (#2593) 
* tcptunnel: force the use of HTTP/1.1 during ALPN

* remove unused code
 2021-09-13 13:53:19 -06:00
Caleb Doxsey
532b997fed
userinfo: format exp, iat and updated_at (#2585) 2021-09-10 06:23:54 -06:00
Caleb Doxsey
4720199d59
autocert: remove log (#2584) 2021-09-10 06:23:32 -06:00
Caleb Doxsey
823b430d60
google: support provider URL (#2567) 
* google: support provider URL

* change google default options
 2021-09-07 08:14:52 -06:00
Caleb Doxsey
3773a95d50
directory: implement exponential backoff for refresh (#2570) 
* directory: implement exponential backoff for refresh

* disable randomization for exponential backoff testing
 2021-09-03 15:49:56 -06:00
Alex Fornuto
db5d1593e3
Remove api from GitLab defaultScope (#2518) 
* remove api from gitlab defaultScope

* rm redundant scope
 2021-08-25 10:26:35 -05:00
Caleb Doxsey
f5a558d4a0
grpc: disable gRPC connection re-use across services (#2515) 2021-08-24 11:47:16 -06:00
bobby
1565d25d32
ci: use go 1.17.x (#2492) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-08-19 21:13:36 -07:00
Caleb Doxsey
9fa65e069c
github: support provider URL (#2490) 2021-08-18 09:20:08 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
bobby
87c3c675d2
all: remove unused handler code (#2439) 
* - Remove unused middleware

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* remove unused func weightedStrings

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* remove unused func getJWTSetCookieHeaders

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* Fix test name
 2021-08-16 16:04:39 -04:00
Caleb Doxsey
6af0655206
protoutil: add NewAny method for deterministic serialization (#2462) 2021-08-09 17:51:57 -06:00
wasaga
51ab7e6226
telemetry: add nonce and make explicit ack/nack (#2434) 2021-08-04 21:08:55 -04:00
wasaga
204aa30b6e
telemetry: try guess hostname or external IP addr for metrics (#2412) 2021-08-03 18:10:14 -04:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
0620cfdc50
config: add support for embedded PPL policy (#2401) 2021-07-27 13:44:10 -06:00
Caleb Doxsey
8f7357b333
google: remove WithHTTPClient (#2391) 2021-07-23 15:36:56 -06:00
Caleb Doxsey
ac8ae3ef5b
directory: add logging http client to help with debugging outbound http requests (#2385) 2021-07-22 11:58:52 -06:00
Caleb Doxsey
8a74fae2e7
urlutil: improve error message for urls with port in path (#2377) 2021-07-20 11:08:50 -06:00
Caleb Doxsey
fbf44261c1
telemetry: support b3 headers on gRPC server calls (#2376) 2021-07-20 05:36:58 -06:00
Caleb Doxsey
1123de07a6
envoy: only allow embedding (#2368) 2021-07-19 08:32:48 -06:00
Caleb Doxsey
2a5dcc2848
ci: use revive instead of golint (#2370) 2021-07-16 10:26:47 -06:00
Caleb Doxsey
d45a7e9996
databroker: tests (#2367) 
* databroker: tests

* fix lint
 2021-07-16 10:26:29 -06:00
Caleb Doxsey
4c64daa8c2
envoy: only check for pid with monitor (#2355) 2021-07-13 09:58:37 -06:00
Taylor
93e735831f
authclient - use proxy from environment (#2316) 2021-07-08 08:16:15 -07:00
Caleb Doxsey
cb09aa4199
envoyconfig: add bootstrap layered runtime configuration (#2343) 2021-07-07 15:18:02 -06:00
Caleb Doxsey
163e53823c
registry/redis: call publish from within lua function (#2337) 2021-07-07 07:28:02 -06:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
Travis Groth
2ceaae8e54
internal/envoy: add debugging information if envoy is no longer running (#2320) 2021-06-30 11:18:43 -07:00
wasaga
41a2622736
certs: reject certs from databroker if they conflict with local (#2309) 2021-06-24 18:40:59 -04:00
Caleb Doxsey
b1d7a126ab
directory/azure: add paging support to user group members call (#2311) 2021-06-24 08:52:41 -06:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
9bce8314ba
envoy: refactor envoy embedding (#2296) 
* envoy: add full version

* remove unused import

* envoy: refactor envoy embedding

* fix lint

* commit ignored files

* maybe fix test
 2021-06-15 08:18:30 -06:00
Caleb Doxsey
31fa214983
envoy: add full version (#2287) 
* envoy: add full version

* remove unused import

* get envoy for lint
 2021-06-14 13:58:12 -06:00
dependabot[bot]
5dd68f5ff0
chore(deps): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0 (#2291) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.13.1 to 0.14.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.13.1...v0.14.0)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update Obtain and Renew cert to new signatures

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2021-06-14 11:48:05 -04:00
wasaga
b372ab4bcc
ocsp: reload on ocsp response changes (#2286) 2021-06-11 15:58:01 -04:00
Caleb Doxsey
f9675f61cc
deps: upgrade to go-jose v3 (#2284) 2021-06-10 09:35:44 -06:00
wasaga
744e2c7993
xds: only tag contexts used for UpdateRecords (#2269) 2021-06-04 14:01:25 -04:00
Caleb Doxsey
4af12c4bbb
xds: retry storing configuration events (#2266) 2021-06-03 13:03:55 -06:00
Caleb Doxsey
c3286aa355
envoyconfig: use zipkin tracer (#2265) 2021-06-03 09:28:00 -06:00
Caleb Doxsey
513859665a
tracing: support dynamic reloading, more aggressive envoy restart (#2262) 
* tracing: support dynamic reloading, more aggressive envoy restart

* set exporter to nil

* actually register tracer
 2021-06-02 09:58:07 -06:00
Caleb Doxsey
7f05133e3b
envoy: disable hot-reload for macos (#2259) 
* envoy: disable hotload for macos

* lint

* envoy: ignore error when retrieving process status
 2021-06-01 13:35:55 -06:00
wasaga
12c8bb2da4
authorize: preserve original context (#2247) 2021-06-01 11:10:35 -04:00
Caleb Doxsey
1eea197859
darwin: use x86 envoy build for arm64 (#2246) 
* darwin: use x86 envoy build for arm64

* allow arm64 build for darwin
 2021-05-28 15:59:09 -07:00