3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 11:56:02 +02:00
Code Issues Projects Releases Packages Wiki Activity
2184 commits 158 branches 125 tags 103 MiB
Commit graph

593 commits

Author SHA1 Message Date
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
0adb9e5dde
move file change detection before autocert (#1793) 2021-01-20 16:01:43 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
0bc598f952
Revert "reduce memory usage by handling http/2 coalescing via a lua script (#1779)" (#1785) 
This reverts commit b2ceaa9e91.
 2021-01-19 13:55:30 -07:00
bobby
4f78a9b301
chore(deps): update oidc to v3 (#1783) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-01-19 08:26:48 -08:00
Caleb Doxsey
b2ceaa9e91
reduce memory usage by handling http/2 coalescing via a lua script (#1779) 
* add support for proxy protocol on HTTP listener (#1777)

* add support for proxy protocol on HTTP listener

* rename option, add doc

* reduce memory usage by handling http/2 coalescing via a lua script

* move script to file

* use wellknown

* fix integration test
 2021-01-19 08:45:28 -07:00
Caleb Doxsey
09747aa3ba
add support for proxy protocol on HTTP listener (#1777) 
* add support for proxy protocol on HTTP listener

* rename option, add doc
 2021-01-19 05:56:58 -07:00
Caleb Doxsey
10912add67
config: detect underlying file changes (#1775) 
* wip

* cleanup

* add test

* use uuid for temp dir, derive root CA path from filemgr for tests

* fix comment

* fix double close

* use latest notify
 2021-01-14 18:06:02 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
bobby
6466efddd5
authenticate: update user info screens (#1774) 
- rename "dashboard" to userinfo to avoid confusion
- don't leak version from error page.
- fix typo in state.go
- make statik determenistic on modtime


Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-01-13 13:15:31 -08:00
Caleb Doxsey
38935271e7
google: fix nil name (#1771) 2021-01-12 12:47:48 -07:00
Caleb Doxsey
ab4a68f56f
remove user impersonation and service account cli (#1768) 
* remove user impersonation and service account cli

* update doc

* remove user impersonation url query params

* fix flaky test
 2021-01-12 09:28:29 -07:00
Travis Groth
eadd8c2482
autocert: improve logging (#1767) 2021-01-12 10:33:33 -05:00
Caleb Doxsey
a6bc9f492f
authorize: move impersonation into session/service account (#1765) 
* move impersonation into session/service account

* replace frontend statik

* fix data race

* move JWT filling to separate function, break up functions

* maybe fix data race

* fix code climate issue
 2021-01-11 15:40:08 -07:00
Caleb Doxsey
b16236496b
jws: remove issuer (#1754) 2021-01-11 07:57:54 -07:00
Caleb Doxsey
8d085547c5
tcp: prevent idle stream timeouts for TCP and Websocket routes (#1744) 2021-01-06 14:14:44 -07:00
Caleb Doxsey
00734243b3
telemetry: add support for datadog tracing (#1743) 
* add support for datadog tracing

* omitempty on datadog address

* envoy: add datadog exporter for tracing
 2021-01-06 12:27:23 -07:00
Caleb Doxsey
4f0ce4bc82
fix coverage (#1741) 
* fix coverage

* fix data races
 2021-01-06 08:30:38 -07:00
Caleb Doxsey
3524697f6f
use incremental API for envoy xDS (#1732) 
* use incremental API

* add test

* use backoff v4

* remove panic, add comment to exponential try, add test for HashProto

* merge master

* fix missing import
 2021-01-05 12:45:55 -07:00
Caleb Doxsey
a07d85b174
Revert "set recommended defaults (#1734)" (#1735) 
This reverts commit cd2a86afc4.
 2021-01-05 10:01:42 -07:00
Caleb Doxsey
cd2a86afc4
set recommended defaults (#1734) 
* set recommended defaults

* add comment
 2021-01-04 16:29:51 -07:00
Caleb Doxsey
672b9c7a72
remove :443 or :80 from proxy URLs in authclient (#1733) 
* remove :443 or :80 from proxy URLs in authclient

* handle buffered bytes
 2021-01-04 16:06:24 -07:00
bobby
f837c92741
dev: update linter (#1728) 
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-30 09:02:57 -08:00
Caleb Doxsey
5b18527fee
tcptunnel: handle invalid http response codes (#1727) 2020-12-30 08:00:39 -07:00
Travis Groth
661005c497
internal/controlplane: 0s default timeout for tcp routes (#1716) 2020-12-23 11:09:07 -05:00
Caleb Doxsey
4d3d61eaeb
unimpersonate button (#1700) 
* add Unimpersonate button when impersonating

* update statik
 2020-12-17 16:38:23 -07:00
Caleb Doxsey
61ab4e4837
TCP client command (#1696) 
* add cli commands

* add jwt cache test

* add tcptunnel test

* add stdin/stdout support

* use cryptutil hash function

* doc updates

* fix log timestamp
 2020-12-17 12:37:28 -07:00
Caleb Doxsey
ad828c6e84
add support for TCP routes (#1695) 2020-12-16 13:09:48 -07:00
Travis Groth
64816720c8
internal/telemetry/metrics: update redis metrics for go-redis (#1694) 2020-12-16 14:53:39 -05:00
Nguyen Hoang Nam
931c87d85c
internal/directory: use gitlab provider url option (#1689) 
* internal/directory: use gitlab provider url option

* deps: go mod tidy
 2020-12-15 09:23:16 -07:00
Caleb Doxsey
6e33067eef
don't create users when updating sessions (#1671) 2020-12-10 14:57:28 -07:00
Caleb Doxsey
3b634de550
implement new redis storage backend with go-redis package (#1649) 2020-12-10 12:21:31 -07:00
Caleb Doxsey
d18e8c661d
improve ca cert error message, use GetCertPool for databroker storage (#1666) 2020-12-09 11:16:39 -07:00
Caleb Doxsey
1ad3646326
fix config race (#1660) 2020-12-07 10:12:40 -07:00
Travis Groth
fdbef33aa1
run goimports (#1651) 2020-12-04 15:04:48 -05:00
bobby
7e86ed3c60
microsoft: add support for common endpoint (#1648) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-04 08:42:11 -08:00
Caleb Doxsey
c801ca0442
fix ordering of autocert config source (#1640) 2020-12-01 14:23:01 -07:00
Caleb Doxsey
b121e436f3
fix profile image on dashboard (#1637) 2020-12-01 07:58:01 -07:00
bobby
652e8bb3d3
deps: update hashstructure v2 (#1632) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 16:53:21 -08:00
Caleb Doxsey
3f7777f7e0
wait for initial sync to complete before starting control plane (#1636) 2020-11-30 15:45:12 -07:00
Caleb Doxsey
aad8ac2e61
replace GetAllPages with InitialSync, improve merge performance (#1624) 
* replace GetAllPages with InitialSync, improve merge performance

* fmt proto

* add test for base64 function

* add sync test

* go mod tidy

Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 12:21:44 -07:00
Caleb Doxsey
2d5690dde6
remove deprecated cache_service_url config option (#1614) 
* remove deprecated cache_service_url config option

* remove broken test

* update integration test config

* update nginx example

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-11-23 14:57:29 -07:00
Caleb Doxsey
ee03d0e9f8
remove memberlist (#1615) 2020-11-23 14:56:05 -07:00
Caleb Doxsey
a41c37f9e0
add paging support to GetAll (#1601) 
* add paging support to GetAll

* fix import
 2020-11-18 17:02:57 -07:00
Caleb Doxsey
8ada0c51dd
attach version to gRPC server metadata (#1598) 
* attach version to gRPC server metadata

* fix linting
 2020-11-17 07:18:48 -07:00
Caleb Doxsey
ccdd1e5586
use custom default http transport (#1576) 
* use custom default http transport

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* return early

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-11-04 15:35:10 -07:00