pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 02:46:30 +02:00

Author	SHA1	Message	Date
github-actions[bot]	02fb31ce0c	deps: bump envoy to 1.17.2 (#2113 ) (#2114 ) Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-04-22 10:33:42 -04:00
github-actions[bot]	75ad91e102	deployment: update get-envoy script and release hooks (#2111 ) (#2112 ) Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-04-21 20:03:37 +00:00
Caleb Doxsey	eddabc46c7	envoy: upgrade to v1.17.1 (#1993 )	2021-03-17 19:32:58 -06:00
Caleb Doxsey	b1871b0f2e	envoy: validate binary checksum (#1908 ) * envoy: validate binary checksum * address comments * change to info * fix order	2021-02-18 15:22:46 -07:00
Caleb Doxsey	9c34fcbf29	protobuf: upgrade protoc to 3.14 (#1832 )	2021-01-27 10:06:40 -07:00
wasaga	19d78cb844	include envoy's proto specs into config.proto (#1817 )	2021-01-25 13:15:50 -05:00
bobby	484dfdfd69	dep: bump envoy to 1.16.2 (#1736 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-01-07 20:08:43 -08:00
Travis Groth	50989a11b3	docs: tcp support (#1712 )	2020-12-22 23:03:13 -05:00
bobby	c23c8b34b3	docs: replace httpbin with verify (#1702 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-22 09:53:08 -08:00
bobby	5bbd745934	authorize: add signature algo support (RSA / EdDSA) (#1631 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-11-30 17:14:41 -08:00
bobby	7e19780d70	chore(deps): update envoy 1.16.1 (#1613 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-11-23 07:57:10 -08:00
Travis Groth	095eb63a21	ci: update changelog generation to script (#1589 )	2020-11-12 20:00:07 -05:00
Caleb Doxsey	bfe68d1fd8	move docs to settings.yaml (#1579 )	2020-11-05 12:13:10 -07:00
Caleb Doxsey	2a97e92d50	add settings.yaml file (#1540 ) * store settings in yaml * add shortdocs * fix newline at EOF * fix newline at EOF	2020-10-22 15:28:16 -06:00
bobby	a375f707f8	dep(envoy): upgrade v0.16.0 (#1519 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-10-19 12:50:10 -04:00
Travis Groth	0b14722be4	deplyoment: add debug build / container / docs (#1513 )	2020-10-13 16:54:21 -04:00
Travis Groth	7613f4c67a	deps: update envoy arm64 to v1.15.1 (#1475 )	2020-09-30 15:07:01 -04:00
bobby	c10dbe8f2d	chore(deps): envoy 1.15.1 (#1473 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-09-30 08:35:32 -07:00
bobby	c1b3b45d12	proxy: remove unused handlers (#1317 ) proxy: remove unused handlers authenticate: remove unused references to refresh_token Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-22 10:02:12 -07:00
Caleb Doxsey	1285a9d91d	databroker: add support for config settings (#1253 )	2020-08-11 07:50:19 -06:00
bobby	d5433f8431	depedency: bump envoy to 1.15.0 (#1119 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-07-21 08:25:37 -07:00
bobby	1912e32927	deps: update envoy to 1.14.4 (#1076 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-07-20 21:12:44 -07:00
Caleb Doxsey	5f6a67e6eb	use custom binary for arm64 linux release (#1065 )	2020-07-14 07:59:26 -06:00
Caleb Doxsey	73105c0b08	audit: add protobuf definitions (#1047 )	2020-07-08 07:23:03 -06:00
Caleb Doxsey	dbd7f55b20	feature/databroker: user data and session refactor project (#926 ) * databroker: add databroker, identity manager, update cache (#864) * databroker: add databroker, identity manager, update cache * fix cache tests * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * authorize: use databroker data for rego policy (#904) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix gitlab test * use v4 backoff * authenticate: databroker changes (#914) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove groups and refresh test * databroker: remove dead code, rename cache url, move dashboard (#925) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * wip * remove groups and refresh test * fix redirect, signout * remove databroker client from proxy * remove unused method * remove user dashboard test * handle missing session ids * session: reject sessions with no id * sessions: invalidate old sessions via databroker server version (#930) * session: add a version field tied to the databroker server version that can be used to invalidate sessions * fix tests * add log * authenticate: create user record immediately, call "get" directly in authorize (#931)	2020-06-19 07:52:44 -06:00
Bobby DeSimone	e57f92486a	envoy: bump envoy to 1.14.2 (#894 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-06-15 07:55:44 -07:00
Caleb Doxsey	e4832cb4ed	authorize: add client mTLS support (#751 ) * authorize: add client mtls support * authorize: better error messages for envoy * switch from function to input * add TrustedCa to envoy config so that users are prompted for the correct client certificate * update documentation * fix invalid ClientCAFile * regenerate cache protobuf * avoid recursion, add test * move comment line * use http.StatusOK * various fixes	2020-05-21 16:01:07 -06:00
Caleb Doxsey	ef399380b7	merge master	2020-05-18 17:10:10 -04:00
Travis Groth	65bb1501fd	deployment: Envoy cross platform improvements (#701 ) * Share processgroup on all platforms * Fix cross platform release handling	2020-05-18 17:10:10 -04:00
Travis Groth	d58f68ab15	Update build and release process for envoy embedding (#699 )	2020-05-18 17:10:10 -04:00
Caleb Doxsey	02615b8b6c	Merge remote-tracking branch 'origin/master' into feature/envoy	2020-05-18 17:10:10 -04:00
Travis Groth	99e788a9b4	envoy: Initial changes	2020-05-18 17:10:10 -04:00
Bobby DeSimone	1cba3d50eb	docs: fixes to v0.8.0 docs (#696 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-13 12:38:01 -07:00
Bobby DeSimone	80166bcc40	deployment: release v0.8.0 (#686 ) Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2020-05-12 19:10:12 -07:00
Bobby DeSimone	bf9a6f5e97	cryptutil: add automatic certificate management (#644 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-05 12:50:19 -07:00
Travis Groth	1dc1c870c3	Switch integration tests from minikube to kind (#656 )	2020-05-05 15:23:16 -04:00
Caleb Doxsey	ea1c6efc24	authorize: fix domain check bug, rewrite url for forward auth, add dev script	2020-04-20 18:24:48 -06:00
Bobby DeSimone	9f02c79b90	docs: update helm for v3 (#469 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-01-31 20:23:56 -08:00
Bobby DeSimone	0f6a9d7f1d	proxy: fix forward auth, request signing Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-11-25 14:29:52 -08:00
Bobby DeSimone	ec9607d1d5	v0.5.0 (#375 )	2019-11-14 20:02:16 -08:00
Bobby DeSimone	d3d60d1055	all: support route scoped sessions Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-11-06 17:54:15 -08:00
Bobby DeSimone	65549124df	scripts: fix helm gke script Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-09-24 22:49:34 -07:00
Bobby DeSimone	32f280f8f9	docs: update kubernetes example Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-08-20 08:46:18 -07:00
Bobby DeSimone	0a530fbea2	docs: update site ui Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-08-03 22:28:18 -07:00
Bobby DeSimone	cf0f98536a	authenticate: programmatic access support - authenticate: added a token exchange api endpoint that converts an identity provider's JWT into a pomerium session. - internal/identity: authenticate now passes context. - internal/identity: removed extraneous GetSignInURL from okta. - internal/sessions: add rest store - update go.mod / go.sum depedencies. - docs: add programmatic examples in shell and python	2019-06-12 14:51:19 -07:00
Bobby DeSimone	0bbb923579	docs: tweaks to helm script and example config	2019-06-05 17:58:24 -07:00
Bobby DeSimone	6eab1b7630	docs: fix typos in examples	2019-06-04 22:19:07 -07:00
Bobby DeSimone	14403ce388	docs: update examples for v0.0.5 (#147 )	2019-06-03 14:05:28 -07:00
Bobby DeSimone	3d6471c4b3	docs: fix example policy name typo (#143 ) Rename s/config-policy-only.yaml /config.example.policy.only/ Removed POLICY_FILE references	2019-05-27 14:06:10 -07:00
Bobby DeSimone	794b7996db	Merge pull request #139 from travisgroth/feature/viper-config deployment: expose config file interface in docker images	2019-05-26 20:09:07 -07:00

1 2

67 commits