3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 20:36:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
2359 commits 159 branches 125 tags 104 MiB
Commit graph

229 commits

Author SHA1 Message Date
Caleb Doxsey
fe61a74e1b
authorize: fix device synchronization (#3482) 2022-07-15 17:27:06 -06:00
Caleb Doxsey
24a9d627cd
postgres: registry support (#3454) 2022-07-13 09:14:47 -06:00
Denis Mishin
f67b33484b
add metrics aggregation (#3452) 2022-06-30 10:52:45 -04:00
Caleb Doxsey
1727d178ef
postgres: fix record deletion (#3446) 2022-06-24 09:32:44 -06:00
Caleb Doxsey
8699e36b64
cmd: remove test (#3442) 2022-06-21 11:08:15 -06:00
Denis Mishin
d1037d784a
allow pomerium to be embedded as a library (#3415) 2022-06-15 20:29:19 -04:00
Caleb Doxsey
45a29ea879
databroker: add support for syncing by type (#3412) 
* databroker: add support for syncing by type

* add type url, fix query
 2022-06-13 09:52:13 -06:00
Caleb Doxsey
a2d5d8062b
postgres: use CTE and GENERATED version number instead of serialized transaction (#3408) 
* postgres: use CTE and GENERATED version number instead of serialized transaction

* update server version

* fix indexing CIDRs
 2022-06-09 12:18:20 -06:00
Caleb Doxsey
493148b13f
authorize: fix not found check (#3410) 2022-06-08 09:15:57 -06:00
Caleb Doxsey
dafead3122
postgres: fix CIDR query (#3389) 2022-06-03 12:32:01 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Caleb Doxsey
1c2aad2de6
postgres: databroker storage backend (#3370) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* databroker: add support for query filtering

* fill server and record version

* postgres: databroker storage backend

* wip

* serialize puts

* add test

* skip tests for macos

* add test

* return error from protojson

* set data

* exclude postgres from cover tests
 2022-05-25 10:23:58 -06:00
Caleb Doxsey
994faba0c8
databroker: add support for query filtering (#3369) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* databroker: add support for query filtering

* fill server and record version

* add test checks

* add explanation to query filter error
 2022-05-19 09:07:32 -06:00
Caleb Doxsey
1669b601ea
storage: add filtering to SyncLatest (#3368) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* fix stream filter
 2022-05-17 16:00:23 -06:00
Caleb Doxsey
70f5d8b173
storage: add filter expressions, upgrade go to 1.18.1 (#3365) 
* storage: add filter expressions

* upgrade go
 2022-05-16 20:09:50 -06:00
Caleb Doxsey
2e1366c417
databroker: fix in-memory backend deadlock (#3300) 2022-04-27 15:33:29 -04:00
Caleb Doxsey
f73c5c615f
databroker: add support for putting multiple records (#3291) 
* databroker: add support for putting multiple records

* add OptimumPutRequestsFromRecords function

* replace GetAll with SyncLatest

* fix stream when there are no records
 2022-04-26 16:41:38 -06:00
Caleb Doxsey
25a7afd6e6
ppl: support . in object_get paths (#3263) 2022-04-11 09:24:39 -06:00
Caleb Doxsey
761c17b8ac
grpc: wait for connect to be ready before making calls (#3253) 
* grpc: wait for connect to be ready before making calls

* make sure to stop the ticker
 2022-04-08 12:18:52 -06:00
Denis Mishin
443f4a01f5
add databroker multi lease handlers (#3255) 2022-04-08 13:31:49 -04:00
Caleb Doxsey
b79f1e379f
config: add support for downstream TLS server name (#3243) 
* config: add support for downstream TLS server name

* fix whitespace

* fix whitespace

* add docs

* add tls_upstream_server_name and tls_downstream_server_name to config

* Update docs/reference/settings.yaml

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* Update docs/reference/readme.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* add deprecation notice

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2022-04-06 06:48:45 -07:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
a243056cfa
Revert "databroker: add support for field masks on Put (#3210)" (#3217) 
This reverts commit 2dc778035d.
 2022-03-31 11:17:57 -04:00
Caleb Doxsey
2dc778035d
databroker: add support for field masks on Put (#3210) 
* databroker: add support for field masks on Put

* return errors

* clean up go.mod
 2022-03-29 16:36:40 -06:00
Caleb Doxsey
8fc5dbf4c5
grpc: regenerate protobuf code (#3208) 2022-03-29 15:18:10 -06:00
Caleb Doxsey
9e4edb8003
protoutil: add support for converting arbitrary protobuf messages into structs (#3106) 2022-03-08 12:21:22 -07:00
Caleb Doxsey
aaff52fc61
databroker: use contextual logging for errors, use original record type for encryption (#3096) 2022-03-04 14:40:15 -05:00
Caleb Doxsey
1342523cda
grpc: remove ptypes references (#3078) 2022-02-24 08:37:59 -07:00
Caleb Doxsey
38c7089642
userinfo: fix logout button, add sign out confirm page (#3058) 
* userinfo: fix logout button, add sign out confirm page

* fix test
 2022-02-23 08:15:00 -07:00
Caleb Doxsey
efd609f6ce
config: add idp_client_id and idp_client_secret to protobuf (#3060) 2022-02-18 08:55:31 -07:00
Caleb Doxsey
99b9a3ee12
authorize: add support for passing access or id token upstream (#3047) 
* authorize: add support for passing access or id token upstream

* use an enum
 2022-02-17 09:28:31 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Denis Mishin
ac9e086691
last known metric error (#2974) 2022-01-31 12:35:51 -05:00
Caleb Doxsey
64ee7eca5c
directory: save IDP errors to databroker, put event handling in dedicated package (#2957) 2022-01-28 15:15:32 -07:00
Caleb Doxsey
9f4fc986ee
devices: shrink credentials by removing unnecessary data (#2951) 2022-01-21 09:32:33 -07:00
dependabot[bot]
9916db2ed7
chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0 (#2911) 
* chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-01-14 12:13:33 -07:00
Caleb Doxsey
4583ecc730
devices: treat undefined device types as any (#2927) 2022-01-12 11:04:35 -07:00
Caleb Doxsey
5b9a981191
handle device states in deny block, fix default device type (#2919) 
* handle device states in deny block, fix default device type

* fix tests
 2022-01-11 11:56:54 -07:00
Caleb Doxsey
49fb00c895
envoy: check certificates for must-staple flag and drop them if they are missing the response (#2909) 
* envoy: check certificates for must-staple flag and drop them if they are missing the response

* Update config/envoyconfig/tls_test.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2022-01-10 10:51:56 -07:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Denis Mishin
c19dd80fe6
more idp metrics (#2842) 2021-12-22 17:30:16 -05:00
Caleb Doxsey
838c9e3a3d
dashboard: improve display of device credentials, allow deletion (#2829) 
* dashboard: improve display of device credentials, allow deletion

* fix test
 2021-12-20 12:19:54 -07:00
Caleb Doxsey
a3be1b7cc5
devices: switch "default" device type to two built-in default device types (#2835) 2021-12-20 10:44:29 -07:00
Denis Mishin
5e8fcf8d20
move NewGRPCClientConn to public package (#2826) 2021-12-19 22:10:24 -05:00
Caleb Doxsey
5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Caleb Doxsey
2d04106e6d
ppl: add support for http_path and http_method (#2813) 
* ppl: add support for http_path and http_method

* fix import ordering
 2021-12-10 07:28:51 -07:00
Caleb Doxsey
ca48052551
tls: fallback to self-signed certificate (#2760) 
* tls: fallback to self-signed certificate

* remove unknown domain because certs are no longer valid

* update multi-deployment to use service-specific certificates
 2021-11-15 14:11:53 -07:00
Caleb Doxsey
85bb396555
device: add type id and credential id to enrollment for easier referencing (#2749) 2021-11-05 09:48:45 -06:00
Herman Slatman
7812c6985d
Add additional ACME options (#2695) 
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.

Fix ProtoBuf definition for additional autocert options

Fix PR comments and add ACME EAB configuration

Add configuration option for trusted CAs when talking ACME

Fix linter issues

copy edits

render updated reference to docs

Add test for autocert manager configuration

Add tests for autocert configuration options

Fix CI build issues

Don't set empty acme.EAB struct if configuration not set

Remove required email when setting custom CA

When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.

Update generated docs

Fix failing tests by recreation of a new ACMEManager

The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
 2021-11-02 14:44:27 -07:00