3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-05 05:16:04 +02:00
Code Issues Projects Releases Packages Wiki Activity
2359 commits 159 branches 125 tags 104 MiB
Commit graph

245 commits

Author SHA1 Message Date
Yuchen Ying
8fc1e9cca8
Add an option to request certificate with Must-Staple. (#697) 2020-06-17 08:29:34 -07:00
Travis Groth
ee2170f5f5
config: add a consistent route ID (#905) 2020-06-16 09:20:18 -04:00
Cuong Manh Le
e0bdd906f9
config: change the default logging level to INFO (#902) 
config: change the default logging level to INFO

DEBUG logging level is very verbose and potentially logs sensitive data.
We should set default log level to INFO.

Updates #895
Fixes #896
 2020-06-15 22:55:18 +07:00
Travis Groth
42966ab39b
options: ensure viper ignores certificates config field (#876) 2020-06-11 16:38:13 -04:00
Yuchen Ying
b000930914
Remove unnecessary viper.New() (#849) 2020-06-11 10:26:42 -04:00
Yuchen Ying
7abe3a3b02
Remove additional indirection. (#848) 
o is already a pointer to Options struct.
 2020-06-08 07:36:24 -06:00
Cuong Manh Le
4d5edb0d64
Feature/remove request headers (#822) 
* config: add RemoveRequestHeaders

Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.

This is also a preparation for future PRs to implement disable user
identity in request headers feature.

* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
 2020-06-03 07:46:51 -07:00
Caleb Doxsey
12e373249b
config: strip quotes from http redirect addr (#818) 2020-06-01 08:51:56 -06:00
Travis Groth
6761cc7a14
telemetry: service label updates (#802) 2020-05-29 15:16:22 -04:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Bobby DeSimone
b7f4c0ce2b
config: add some cert tests (#758) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-22 13:32:34 -07:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00
Bobby DeSimone
bf9a6f5e97
cryptutil: add automatic certificate management (#644) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-05 12:50:19 -07:00
Ogundele Olumide
75f4dadad6
identity/provider: implement generic revoke method (#595) 
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-21 14:40:33 -07:00
Caleb Doxsey
e1d2501a94 proxy: move warning message to config validation 2020-04-20 18:24:36 -06:00
Caleb Doxsey
e8c8e7c688 config: use full string url instead of just the hostname for the policy options 2020-04-20 18:24:11 -06:00
Caleb Doxsey
5ecfa34361 config: gofmt 2020-04-20 18:23:35 -06:00
Caleb Doxsey
7027f458dd config: add prefix, path and regex options 
proxy: support prefix, path and regex options
 2020-04-20 18:23:34 -06:00
Travis Groth
789068e27a
Add configurable JWT claim headers (#596) 2020-04-09 23:41:55 -04:00
Bobby DeSimone
ba14ea246d
*: remove import path comments (#545) 
- import path comments are obsoleted by the go.mod file's module statement

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-03-16 10:13:47 -07:00
Travis Groth
e666306ef8
Remove superfluous Options.Checksum type conversions (#522) 2020-03-06 17:59:26 -05:00
Travis Groth
3654f44384
config: Expose and set default GRPC Server Keepalive Parameters (#509) 2020-02-19 21:21:28 -05:00
Bobby DeSimone
5716113c2a
authenticate: make callback path configurable (#493) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-08 09:06:23 -08:00
Bobby DeSimone
2f13488598
authorize: use opa for policy engine (#474) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-02 11:18:22 -08:00
Travis Groth
2d2b16566a
Add yaml tag to Options.Policies (#475) 2020-01-30 20:41:39 -08:00
Bobby DeSimone
e82477ea5c
deployment: throw away golanglint-ci defaults (#439) 
* deployment: throw away golanglint-ci defaults

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-26 12:33:45 -08:00
Bobby DeSimone
8956bf4411
proxy: add preserve host header (#463) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-22 21:03:22 -08:00
Bobby DeSimone
dccc7cd2ff
cache : add cache service (#457) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-20 18:25:34 -08:00
Bobby DeSimone
ec029c679b
authenticate/proxy: add backend refresh (#438) 2019-12-30 10:47:54 -08:00
Y.Horie
9a330613aa config: Remove CookieRefresh (#428) (#436) 2019-12-24 11:22:55 -08:00
Travis Groth
1dfcd396fc
config: Validate that shared_key does not contain whitespace 2019-12-20 06:20:39 -05:00
Bobby DeSimone
12bae5cc43
errors: use %w verb directive (#419) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-12-03 20:02:43 -08:00
Bobby DeSimone
c8e6277a30
Merge remote-tracking branch 'upstream/master' into bugs/fix-forward-auth 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-25 15:02:25 -08:00
Bobby DeSimone
0f6a9d7f1d
proxy: fix forward auth, request signing 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-25 14:29:52 -08:00
Travis Groth
e5b13a9bf6
add yaml tags to all pointers in config (#397) 2019-11-24 16:45:21 -05:00
Travis Groth
8164cfd85a
config: Update yaml tags (#394) 
* Add/update yaml tags for Options and Policy
 2019-11-20 22:37:44 -05:00
Travis Groth
f3c62c10cc
Rename internal/config to config (#380) 2019-11-09 19:53:11 -05:00