3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
1087 commits 157 branches 125 tags 103 MiB
Commit graph

27 commits

Author SHA1 Message Date
Caleb Doxsey
27d0cf180a
authenticate: protect /.pomerium/admin endpoint (#1500) 
* authenticate: protect /.pomerium/admin endpoint

* add integration test
 2020-10-08 15:44:12 -06:00
bobby
9b39deabd8
forward-auth: use envoy's ext_authz check (#1482) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-04 20:01:06 -07:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
a19e45334b
proxy: remove impersonate headers for kubernetes (#1394) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
 2020-09-09 15:24:39 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Caleb Doxsey
f6b622c7dc
proxy: support websocket timeouts (#1362) 2020-09-02 07:55:57 -06:00
Cuong Manh Le
4b3e07c5f5 internal/controlplane: mocking policy name in test 
We don't have to test for exact policy name, as it does not make sense
and force us to change test every new go release.
 2020-08-12 22:20:50 +07:00
Travis Groth
7a53e6bb42
proxy: add support for spdy upgrades (#1203) 2020-08-04 13:26:14 -04:00
Caleb Doxsey
a5e8abd6af
handle example.com and example.com:443 (#1153) 
* handle example.com and example.com:443

* fix domain comparisons
 2020-07-28 15:30:41 -06:00
Cuong Manh Le
d764981618
internal/controlplane: set envoy prefix rewrite if present (#1034) 
While at it, also refactoring buildPolicyRoutes.

Fixes #1033
Fixes #880
 2020-07-03 09:35:36 +07:00
bobby
f94f45d9a2
controlplane: add robots route (#966) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-22 11:48:59 -07:00
Cuong Manh Le
8d0deb0732
config: add PassIdentityHeaders option (#903) 
Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.

Fixes #702
 2020-06-22 10:29:44 +07:00
Cuong Manh Le
f62bb686d8
internal/controlplane: make sure options.Headers are set for response (#907) 
When switching to envoy, we forgot to adopt the middleware to set
response headers with options.Headers, which causes HSTS header is
missing in v0.9.0 release.

Fixes #901
 2020-06-17 00:56:01 +07:00
Cuong Manh Le
4d5edb0d64
Feature/remove request headers (#822) 
* config: add RemoveRequestHeaders

Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.

This is also a preparation for future PRs to implement disable user
identity in request headers feature.

* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
 2020-06-03 07:46:51 -07:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Caleb Doxsey
dedf4b1428
controlplane: xds unit tests (#770) 
* xds: use plain functions, add unit tests for control plane routes

* xds: add test for grpc routes

* xds: add test for pomerium http routes

* xds: add test for policy routes

* xds: use plain functions

* xds: test get all routeable domains

* xds: add build downstream tls context test

* more tests

* test for client cert

* more tests
 2020-05-25 11:14:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Caleb Doxsey
9b82954012
envoy: support ports in hosts for routing (#748) 
* envoy: support ports in hosts for routing

* additional domains
 2020-05-21 12:06:50 -06:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
593c47f8ac proxy: remove pomerium cookie and authorization from upstream requests (#687) 
* proxy: remove pomerium cookie and authorization from upstream requests

* fix typo
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ae3049baca envoy: implement set_request_headers (#673) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
d92ee8d2a0 proxy: implement preserve host header option (#671) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
3879fe2f2a proxy: add websocket support (#670) 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00