pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 20:36:03 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	9330f6b0ac	authenticate: add device-enrolled page (#2892 ) * authenticate: add device-enrolled page * remove device credential id from page	2022-01-06 10:01:12 -07:00
cfanbo	84dad4c612	remove deprecated ioutil usages (#2877 ) * fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option * DOCS: Remove duplicate configuration items Remove duplicate configuration items of route * remove deprecated ioutil usages	2021-12-30 10:02:12 -08:00
Denis Mishin	c19dd80fe6	more idp metrics (#2842 )	2021-12-22 17:30:16 -05:00
Caleb Doxsey	0ee6a72c02	dashboard: add confirmation dialog, fix button in firefox (#2841 )	2021-12-21 14:12:41 -07:00
Caleb Doxsey	70e0e866fc	devices: add experimental icon (#2836 )	2021-12-20 14:26:03 -07:00
Caleb Doxsey	838c9e3a3d	dashboard: improve display of device credentials, allow deletion (#2829 ) * dashboard: improve display of device credentials, allow deletion * fix test	2021-12-20 12:19:54 -07:00
Denis Mishin	5e8fcf8d20	move NewGRPCClientConn to public package (#2826 )	2021-12-19 22:10:24 -05:00
cfanbo	8f62b06425	fix: Fixed return description error (#2825 ) * fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option	2021-12-17 08:57:35 -08:00
Denis Mishin	9466d7ef53	rm cli code (#2824 )	2021-12-15 16:25:21 -05:00
Denis Mishin	993da5704b	dev build support for darwin-arm64 from envoy tip (#2815 )	2021-12-13 11:37:24 -05:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00
Travis Groth	54ec88fb93	internal/telemetry: fix grpc server stats (#2811 )	2021-12-08 16:13:08 -05:00
Travis Groth	e2e0646f70	Fix IdP client metrics (#2810 )	2021-12-08 13:22:53 -05:00
Caleb Doxsey	8331db9a26	envoy: treat configuration errors as fatal (#2777 )	2021-12-08 10:39:18 -07:00
Caleb Doxsey	c97dcf7e0f	envoy: add hash policy and routing key for hash-based load balancers (#2791 ) * envoy: add hash policy and routing key for hash-based load balancers * fix integration test * fix nginx	2021-12-01 13:42:12 -07:00
Caleb Doxsey	a8b76bd623	authorize: support X-Pomerium-Authorization in addition to Authorization (#2780 ) * authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>	2021-11-29 12:19:14 -07:00
bobby	1a7c5415e7	identity: only assign `access_type` uri params to google. (#2782 ) * identity: only assign `access_type` uri params to google. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * bump upgrading Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-11-28 19:01:34 -08:00
Herman Slatman	7812c6985d	Add additional ACME options (#2695 ) The `autocert_ca` and `autocert_email` options have been added to be able to configure CAs that support the ACME protocol as an alternative to Let's Encrypt. Fix ProtoBuf definition for additional autocert options Fix PR comments and add ACME EAB configuration Add configuration option for trusted CAs when talking ACME Fix linter issues copy edits render updated reference to docs Add test for autocert manager configuration Add tests for autocert configuration options Fix CI build issues Don't set empty acme.EAB struct if configuration not set Remove required email when setting custom CA When using a non-default CA it's no longer required to specify an email address. I required this before, because it seemed to cause an issue in which no certificate was issued. The root cause was something different, rendering the hard email requirement pointless. It's still beneficial to specify an email, though. I changed the text in the docs to explain that. Update generated docs Fix failing tests by recreation of a new ACMEManager The default ACMEManager object was reused in multiple tests, resulting in unexpected states when tests run in parallel. By using a new instance for every test, this is no longer an issue.	2021-11-02 14:44:27 -07:00
Caleb Doxsey	500405512f	dependencies: vendor base58, remove shortuuid (#2739 ) * vendor base58 * remove shortuuid	2021-11-02 09:23:15 -06:00
Caleb Doxsey	b0f8c055ec	authenticate: always update user record on login (#2719 ) * authenticate: always update user record on login * identity: fix user refresh * add test for manager update * fix time	2021-11-01 14:18:18 -06:00
Caleb Doxsey	79ec52d354	identity: fix user refresh (#2724 )	2021-10-28 14:02:25 -06:00
Caleb Doxsey	1238f0506d	databroker: add additional log for config source (#2718 )	2021-10-27 13:02:37 -06:00
Caleb Doxsey	99b905a336	github: use GraphQL API to reduce number of API calls for directory sync (#2715 ) * github: use GraphQL API to reduce number of API calls for directory sync * fix id encoding * github: use slug instead of id, update upgrading.md * Update docs/docs/upgrading.md Co-authored-by: Alex Fornuto <afornuto@pomerium.com> Co-authored-by: Alex Fornuto <afornuto@pomerium.com>	2021-10-27 11:50:48 -06:00
Caleb Doxsey	d390e80b30	authenticate: add databroker versions to session cookie (#2709 ) * authenticate: add databroker versions to session cookie authorize: wait for databroker synchronization on updated sessions * fix test	2021-10-26 14:45:53 -06:00
Caleb Doxsey	b2c76c3816	grpc: remove peer field from logs (#2712 )	2021-10-26 14:43:59 -06:00
Caleb Doxsey	62d6ce8507	telemetry: improve zipkin error logs (#2710 )	2021-10-26 14:43:43 -06:00
Caleb Doxsey	3497c39b9b	authorize: add support for webauthn device policy enforcement (#2700 ) * authorize: add support for webauthn device policy enforcement * update docs * group statuses	2021-10-25 09:41:03 -06:00
Denis Mishin	30664cd307	skip configuration updates to the most recent one (#2690 )	2021-10-21 11:03:26 -04:00
Caleb Doxsey	1162585471	authenticate: add support for webauthn (#2688 ) * authenticate: add support for webauthn * remove rfc4648 library due to missing LICENSE * fix test * put state function in separate function	2021-10-20 13:18:34 -06:00
Caleb Doxsey	a7442b1498	pomerium-cli: add support for a custom browser command (#2617 )	2021-09-21 08:31:30 -06:00
Caleb Doxsey	2f7a79d4f5	authclient: clone TLS configuration to prevent overriding NextProtos (#2594 )	2021-09-13 16:12:26 -06:00
Caleb Doxsey	77ae17d23b	tcptunnel: force the use of HTTP/1.1 during ALPN (#2593 ) * tcptunnel: force the use of HTTP/1.1 during ALPN * remove unused code	2021-09-13 13:53:19 -06:00
Caleb Doxsey	532b997fed	userinfo: format exp, iat and updated_at (#2585 )	2021-09-10 06:23:54 -06:00
Caleb Doxsey	4720199d59	autocert: remove log (#2584 )	2021-09-10 06:23:32 -06:00
Caleb Doxsey	823b430d60	google: support provider URL (#2567 ) * google: support provider URL * change google default options	2021-09-07 08:14:52 -06:00
Caleb Doxsey	3773a95d50	directory: implement exponential backoff for refresh (#2570 ) * directory: implement exponential backoff for refresh * disable randomization for exponential backoff testing	2021-09-03 15:49:56 -06:00
Alex Fornuto	db5d1593e3	Remove api from GitLab defaultScope (#2518 ) * remove api from gitlab defaultScope * rm redundant scope	2021-08-25 10:26:35 -05:00
Caleb Doxsey	f5a558d4a0	grpc: disable gRPC connection re-use across services (#2515 )	2021-08-24 11:47:16 -06:00
bobby	1565d25d32	ci: use go 1.17.x (#2492 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-08-19 21:13:36 -07:00
Caleb Doxsey	9fa65e069c	github: support provider URL (#2490 )	2021-08-18 09:20:08 -06:00
Caleb Doxsey	bbec2cae9f	grpc: send client traffic through envoy (#2469 ) * wip * wip * handle wildcards in override name * remove wait for ready, add comment about sync, force initial sync complete in test * address comments	2021-08-16 16:12:22 -06:00
bobby	87c3c675d2	all: remove unused handler code (#2439 ) * - Remove unused middleware Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove unused func weightedStrings Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove unused func getJWTSetCookieHeaders Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * Fix test name	2021-08-16 16:04:39 -04:00
Caleb Doxsey	6af0655206	protoutil: add NewAny method for deterministic serialization (#2462 )	2021-08-09 17:51:57 -06:00
wasaga	51ab7e6226	telemetry: add nonce and make explicit ack/nack (#2434 )	2021-08-04 21:08:55 -04:00
wasaga	204aa30b6e	telemetry: try guess hostname or external IP addr for metrics (#2412 )	2021-08-03 18:10:14 -04:00
Caleb Doxsey	1a95036b8c	sessions: add impersonate_session_id, remove legacy impersonation (#2407 ) * sessions: add impersonate_session_id, remove legacy impersonation * show impersonated user details * fix headers * address feedback * only check impersonate id on non-nil pbSession * Revert "only check impersonate id on non-nil pbSession" This reverts commit `a6f7ca5abd`.	2021-07-30 08:42:36 -06:00
Caleb Doxsey	0620cfdc50	config: add support for embedded PPL policy (#2401 )	2021-07-27 13:44:10 -06:00
Caleb Doxsey	8f7357b333	google: remove WithHTTPClient (#2391 )	2021-07-23 15:36:56 -06:00
Caleb Doxsey	ac8ae3ef5b	directory: add logging http client to help with debugging outbound http requests (#2385 )	2021-07-22 11:58:52 -06:00
Caleb Doxsey	8a74fae2e7	urlutil: improve error message for urls with port in path (#2377 )	2021-07-20 11:08:50 -06:00

1 2 3 4 5 ...

618 commits