3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
2048 commits 157 branches 125 tags 103 MiB
Commit graph

2048 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alex Fornuto
82e654fcad
add spdy annotation (#2747) 2021-11-08 08:06:55 -06:00
Caleb Doxsey
85bb396555
device: add type id and credential id to enrollment for easier referencing (#2749) 2021-11-05 09:48:45 -06:00
Alex Fornuto
4cb3281af7
Docs: Ingress Controller (#2667) 
* update k8s install for ingress conrtoller

* typo correction

* prep k8s section

* squashme

* init Ingress Controller doc

Co-authored-by: travisgroth <tgroth@pomerium.com>
Co-authored-by: wasaga <dmishin@pomerium.com>

* update, organize, annotate

* breakout custom from standard annotations

* more info links

* Update docs/docs/k8s/ingress.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/docs/k8s/ingress.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/docs/k8s/ingress.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* prep k8s section

* document YAML policies in Ingress

* sort and compress standard annotations

* final draft

* link cleanup

* Create ingress.md

* Update docs/docs/k8s/ingress.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Apply suggestions from code review

* rm redundant config

* fix file reference

* update available annotations

* Copy Proofread

Grammar updates.

* discussed copy edit

* whitespace cleanup

* add redirect for moved k8s docs

* fixed malformed links

* Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

partial copy edits

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

partial copy edits

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

partial copy edits

* One last TLS

* Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* clarify namespaces flag

* Update docs/docs/k8s/ingress.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: travisgroth <tgroth@pomerium.com>
Co-authored-by: wasaga <dmishin@pomerium.com>
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-11-04 12:59:51 -05:00
dependabot[bot]
ea45ba70c8
chore(deps): bump google.golang.org/api from 0.58.0 to 0.60.0 (#2737) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.58.0 to 0.60.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.58.0...v0.60.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-03 08:50:27 -06:00
Herman Slatman
7812c6985d
Add additional ACME options (#2695) 
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.

Fix ProtoBuf definition for additional autocert options

Fix PR comments and add ACME EAB configuration

Add configuration option for trusted CAs when talking ACME

Fix linter issues

copy edits

render updated reference to docs

Add test for autocert manager configuration

Add tests for autocert configuration options

Fix CI build issues

Don't set empty acme.EAB struct if configuration not set

Remove required email when setting custom CA

When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.

Update generated docs

Fix failing tests by recreation of a new ACMEManager

The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
 2021-11-02 14:44:27 -07:00
Caleb Doxsey
500405512f
dependencies: vendor base58, remove shortuuid (#2739) 
* vendor base58

* remove shortuuid
 2021-11-02 09:23:15 -06:00
Alex Fornuto
3dd60cedd6
update headers in traefik example config (#2732) 2021-11-01 20:32:22 -05:00
dependabot[bot]
11d098c9db
chore(deps): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 (#2735) 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.33.1 to 0.34.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.33.1...v0.34.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-01 16:27:53 -06:00
dependabot[bot]
b7f9180c31
chore(deps): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 (#2734) 
Bumps [github.com/openzipkin/zipkin-go](https://github.com/openzipkin/zipkin-go) from 0.2.5 to 0.3.0.
- [Release notes](https://github.com/openzipkin/zipkin-go/releases)
- [Commits](https://github.com/openzipkin/zipkin-go/compare/v0.2.5...v0.3.0)

---
updated-dependencies:
- dependency-name: github.com/openzipkin/zipkin-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-01 15:13:01 -06:00
dependabot[bot]
185f304b21
chore(deps): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 (#2704) 
Bumps [gopkg.in/auth0.v5](https://github.com/go-auth0/auth0) from 5.19.2 to 5.20.0.
- [Release notes](https://github.com/go-auth0/auth0/releases)
- [Changelog](https://github.com/go-auth0/auth0/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-auth0/auth0/compare/v5.19.2...v5.20.0)

---
updated-dependencies:
- dependency-name: gopkg.in/auth0.v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-01 15:12:18 -06:00
dependabot[bot]
cff3fcba6c
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 (#2736) 
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.21.9 to 3.21.10.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.9...v3.21.10)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-01 15:09:48 -06:00
Caleb Doxsey
b0f8c055ec
authenticate: always update user record on login (#2719) 
* authenticate: always update user record on login

* identity: fix user refresh

* add test for manager update

* fix time
 2021-11-01 14:18:18 -06:00
cmo-pomerium
90f2b00bb6
Docs: Update Community Page (#2713) 
* Update readme.md

* bulleted list for updates

* copy edits

* add mailchimp plugin

* Update readme.md

* invoke custom component

* style custom mailchimp form

* List Discourse for support

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-01 09:10:58 -05:00
Travis Groth
811059dbfd
deployment: relocate pomerium-cli to /usr/bin (#2727) 2021-10-29 16:30:30 -04:00
Denis Mishin
7a7d5722f8
desktop client api (#2711) 2021-10-29 10:56:48 -06:00
Travis Groth
c3171ad58b
ci: remove hadolint (#2726) 2021-10-28 18:42:06 -04:00
dependabot[bot]
4d501de451
chore(deps): bump github.com/docker/docker (#2705) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.9+incompatible to 20.10.10+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.9...v20.10.10)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-28 14:03:22 -06:00
Caleb Doxsey
79ec52d354
identity: fix user refresh (#2724) 2021-10-28 14:02:25 -06:00
Kerwood
2b474465ca
Minor fix in routes documentation (#2714) 
* Minor fix in routes documentation

* update reference markdown

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-10-27 23:06:00 -07:00
Alex Fornuto
5a7b6c216a
reference gRPC API reference (#2717) 2021-10-27 16:38:41 -05:00
Caleb Doxsey
1238f0506d
databroker: add additional log for config source (#2718) 2021-10-27 13:02:37 -06:00
dependabot[bot]
985dce9330
chore(deps): bump github.com/envoyproxy/protoc-gen-validate (#2703) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.1...v0.6.2)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-27 14:34:20 -04:00
Caleb Doxsey
99b905a336
github: use GraphQL API to reduce number of API calls for directory sync (#2715) 
* github: use GraphQL API to reduce number of API calls for directory sync

* fix id encoding

* github: use slug instead of id, update upgrading.md

* Update docs/docs/upgrading.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2021-10-27 11:50:48 -06:00
Caleb Doxsey
d390e80b30
authenticate: add databroker versions to session cookie (#2709) 
* authenticate: add databroker versions to session cookie
authorize: wait for databroker synchronization on updated sessions

* fix test
 2021-10-26 14:45:53 -06:00
Caleb Doxsey
b2c76c3816
grpc: remove peer field from logs (#2712) 2021-10-26 14:43:59 -06:00
Caleb Doxsey
62d6ce8507
telemetry: improve zipkin error logs (#2710) 2021-10-26 14:43:43 -06:00
dependabot[bot]
a10da14af7
chore(deps): bump github.com/prometheus/common from 0.31.1 to 0.32.1 (#2706) 2021-10-26 16:34:49 -04:00
cmo-pomerium
97dfb7c386
Update architecture.md (#2701) 
Deleted an extraneous ]
 2021-10-25 14:07:44 -07:00
Caleb Doxsey
3497c39b9b
authorize: add support for webauthn device policy enforcement (#2700) 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
 2021-10-25 09:41:03 -06:00
Caleb Doxsey
9d4ebcf871
webauthn: update session to support device credentials per type (#2699) 2021-10-22 14:33:34 -06:00
Caleb Doxsey
6e48627b4d
ppl: add support for additional data (#2696) 
* ppl: add support for additional data

* remove unused NewCriterionDeviceRule
 2021-10-22 12:32:20 -06:00
FutureMatt
0638b07f4d
Update create TLS command to quote strings. (#2694) 
In some instances the cert and key path returned from `mkcert -CAROOT` might contain spaces. If it does the example command fails with the somewhat cryptic error `error: exactly one NAME is required, got 3`. Quoting the values resolves the issue.
 2021-10-22 10:55:35 -05:00
Alex Fornuto
91fd44e686
DOCS: CORS preflight in console (#2642) 
* document CORS preflight for console

* rm paste error.
 2021-10-21 11:45:19 -05:00
dependabot[bot]
b666918e43
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 (#2671) 
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.21.8 to 3.21.9.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.8...v3.21.9)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-21 09:07:53 -07:00
Denis Mishin
30664cd307
skip configuration updates to the most recent one (#2690) 2021-10-21 11:03:26 -04:00
Alex Fornuto
f22e34c8e0
correct claim example (#2689) 2021-10-20 22:29:51 -05:00
Caleb Doxsey
1162585471
authenticate: add support for webauthn (#2688) 
* authenticate: add support for webauthn

* remove rfc4648 library due to missing LICENSE

* fix test

* put state function in separate function
 2021-10-20 13:18:34 -06:00
Caleb Doxsey
3051ad77e0
protoc: add xds repo (#2687) 
* protoc: add xds repo

* fix protoc-gen-validate dependency
 2021-10-19 14:36:23 -06:00
Caleb Doxsey
1c445c426d
webauthnutil: add helpers for webauthn (#2686) 
* devices: add device protobuf types

* webauthnutil: add helpers for webauthn
 2021-10-19 13:39:01 -06:00
dependabot[bot]
961bc8abb4
chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 (#2672) 
Bumps [github.com/peterbourgon/ff/v3](https://github.com/peterbourgon/ff) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/peterbourgon/ff/releases)
- [Commits](https://github.com/peterbourgon/ff/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: github.com/peterbourgon/ff/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-19 13:36:36 -04:00
dependabot[bot]
b96f19633c
chore(deps): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 (#2685) 
Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.14.5 to 0.15.1.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.14.5...v0.15.1)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-19 07:51:48 -06:00
Caleb Doxsey
ddccbcf631
devices: add device protobuf types (#2682) 2021-10-19 07:22:26 -06:00
Nihaal Sangha
84f79d8639
Fix typo in docs (#2683) 2021-10-17 18:34:29 -07:00
Caleb Doxsey
0f0a5dc7f0
cryptutil: add SecureToken (#2681) 
* cryptutil: add SecureToken

* add parse
 2021-10-14 18:48:41 -06:00
Travis Groth
4e4a161521
deployment: remove DST_Root_CA_X3 from docker images (#2677) 2021-10-14 20:10:49 -04:00
Tom Meadows
7e1537792d
fixed typo on kubectl (#2673) 2021-10-14 09:37:25 -05:00
Alex Fornuto
b2b8c481d5
Refresh and Update TCP documentation (#2627) 
* init client app doc

* init TCP section

* add redirect for TCP client doc

* Redis and Mysql

* finish TCP exampels

* init Draft template

* cleanup whitespace

* escape markdown image in template

* add redirect and update links

* copy edit

* Update readme.md

* fmt

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* optimize png

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* header cleanup and child listing

* Update docs/docs/tcp/ssh.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-10-14 09:35:31 -05:00
dependabot[bot]
97345e41a3
chore(deps): bump github.com/docker/docker (#2670) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.8+incompatible to 20.10.9+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.8...v20.10.9)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-12 11:04:00 -04:00
Denis Mishin
55fec9b51b
add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
Alex Fornuto
8a8dcdf491
add service account redirects (#2664) 2021-10-06 08:23:22 -07:00