3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
2381 commits 156 branches 125 tags 103 MiB
Commit graph

27 commits

Author SHA1 Message Date
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Caleb Doxsey
c19048649a
authorize: add support for cidr lookups (#3277) 2022-04-19 16:18:34 -06:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
0898dd4f34
proxy: fix error page (#3020) 
* fix error page

* proxy: fix error page

* share dashboard code

* fix test
 2022-02-09 09:14:24 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Caleb Doxsey
3497c39b9b
authorize: add support for webauthn device policy enforcement (#2700) 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
 2021-10-25 09:41:03 -06:00
Caleb Doxsey
efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
 2021-09-20 16:02:26 -06:00
Caleb Doxsey
9dc90d02d0
authorize: only redirect for HTML pages (#2264) 
* authorize: only redirect for HTML pages

* authorize: only redirect for HTML pages
 2021-06-02 16:18:02 -06:00
Caleb Doxsey
dad35bcfb0
ppl: refactor authorize to evaluate PPL (#2224) 
* ppl: refactor authorize to evaluate PPL

* remove opa test step

* add log statement

* simplify assignment

* deny with forbidden if logged in

* add safeEval function

* create evaluator-specific config and options

* embed the headers rego file directly
 2021-05-21 09:50:18 -06:00
bobby
9215833a0b
control plane: add request id to all error pages (#2149) 
* controlplane: add request id to all error pages

- use a single http error handler for both envoy and go control plane
- add http lib style status text for our custom statuses.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-04-28 15:04:44 -07:00
Caleb Doxsey
d7ab817de7
authorize: add databroker server and record version to result, force sync via polling (#2024) 
* authorize: add databroker server and record version to result, force sync via polling

* wrap inmem store to take read lock when grabbing databroker versions

* address code review comments

* reset max to 0
 2021-03-31 10:09:06 -06:00
Caleb Doxsey
3690a32855
config: use getters for authenticate, signout and forward auth urls (#2000) 2021-03-19 14:49:25 -06:00
Caleb Doxsey
eddabc46c7
envoy: upgrade to v1.17.1 (#1993) 2021-03-17 19:32:58 -06:00
Caleb Doxsey
1a1cc30c67
config: support map of jwt claim headers (#1906) 
* config: support map of jwt claim headers

* fix array handling, add test

* update docs

* use separate hook, add tests
 2021-02-17 13:43:18 -07:00
Caleb Doxsey
7d236ca1af
authorize: move headers and jwt signing to rego (#1856) 
* wip

* wip

* wip

* remove SignedJWT field

* set google_cloud_serverless_authentication_service_account

* update jwt claim headers

* add mock get_google_cloud_serverless_headers for opa test

* swap issuer and audience

* add comment

* change default port in authz
 2021-02-08 10:53:21 -07:00
Caleb Doxsey
eed873b263
authorize: remove DataBrokerData (#1846) 
* authorize: remove DataBrokerData

* fix method name
 2021-02-02 11:40:21 -07:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
Caleb Doxsey
bec98051ae
config: return errors on invalid URLs, fix linting (#1829) 2021-01-27 07:58:30 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
Caleb Doxsey
b16236496b
jws: remove issuer (#1754) 2021-01-11 07:57:54 -07:00
Caleb Doxsey
a19e45334b
proxy: remove impersonate headers for kubernetes (#1394) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
 2020-09-09 15:24:39 -06:00
Caleb Doxsey
6dee647a16
authorize: use atomic state for properties (#1290) 2020-08-17 14:24:06 -06:00
Caleb Doxsey
fbf5b403b9
config: allow dynamic configuration of cookie settings (#1267) 2020-08-13 08:11:34 -06:00
Cuong Manh Le
5d3b551524 authorize: increase test coverage 
- Add test cases for sync functions
 - Add test for valid JWT
 - Add session state to Test_getEvaluatorRequest
 2020-08-06 21:02:20 +07:00
Cuong Manh Le
351a449023
authorize: add test for denied response (#1197) 2020-08-04 21:20:30 +07:00
Cuong Manh Le
fa43db80c1
authorize: derive check response message from reply message (#1193) 
* authorize: derive check response message from reply message

While at it, add tests for ok response related functions.

* authorize: more test case for ok reply with k8s svc
 2020-08-04 09:12:30 +07:00