3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-08 06:46:02 +02:00
Code Issues Projects Releases Packages Wiki Activity
2359 commits 158 branches 125 tags 104 MiB
Commit graph

229 commits

Author SHA1 Message Date
wasaga
19d78cb844
include envoy's proto specs into config.proto (#1817) 2021-01-25 13:15:50 -05:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
Caleb Doxsey
ab4a68f56f
remove user impersonation and service account cli (#1768) 
* remove user impersonation and service account cli

* update doc

* remove user impersonation url query params

* fix flaky test
 2021-01-12 09:28:29 -07:00
Caleb Doxsey
a6bc9f492f
authorize: move impersonation into session/service account (#1765) 
* move impersonation into session/service account

* replace frontend statik

* fix data race

* move JWT filling to separate function, break up functions

* maybe fix data race

* fix code climate issue
 2021-01-11 15:40:08 -07:00
Caleb Doxsey
4f0ce4bc82
fix coverage (#1741) 
* fix coverage

* fix data races
 2021-01-06 08:30:38 -07:00
Caleb Doxsey
6cc720a1b5
fix error wrapping (#1737) 2021-01-05 12:46:14 -07:00
Caleb Doxsey
3524697f6f
use incremental API for envoy xDS (#1732) 
* use incremental API

* add test

* use backoff v4

* remove panic, add comment to exponential try, add test for HashProto

* merge master

* fix missing import
 2021-01-05 12:45:55 -07:00
bobby
f837c92741
dev: update linter (#1728) 
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-30 09:02:57 -08:00
Travis Groth
64816720c8
internal/telemetry/metrics: update redis metrics for go-redis (#1694) 2020-12-16 14:53:39 -05:00
Caleb Doxsey
35f871ad42
fix concurrency race (#1675) 2020-12-11 14:43:26 -07:00
Caleb Doxsey
3b634de550
implement new redis storage backend with go-redis package (#1649) 2020-12-10 12:21:31 -07:00
Caleb Doxsey
d18e8c661d
improve ca cert error message, use GetCertPool for databroker storage (#1666) 2020-12-09 11:16:39 -07:00
Caleb Doxsey
1ad3646326
fix config race (#1660) 2020-12-07 10:12:40 -07:00
Caleb Doxsey
c4f675d7a7
fix panic when deleting a record twice from the inmemory data store (#1639) 2020-12-01 14:23:36 -07:00
bobby
5bbd745934
authorize: add signature algo support (RSA / EdDSA) (#1631) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 17:14:41 -08:00
Caleb Doxsey
aad8ac2e61
replace GetAllPages with InitialSync, improve merge performance (#1624) 
* replace GetAllPages with InitialSync, improve merge performance

* fmt proto

* add test for base64 function

* add sync test

* go mod tidy

Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 12:21:44 -07:00
Caleb Doxsey
2d5690dde6
remove deprecated cache_service_url config option (#1614) 
* remove deprecated cache_service_url config option

* remove broken test

* update integration test config

* update nginx example

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-11-23 14:57:29 -07:00
bobby
f980517b7c
cryptutil: more explicit decryption error (#1607) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-23 07:57:30 -08:00
Travis Groth
85c109114c
pkg/storage/redis: Prevent connection churn (#1603) 2020-11-19 14:15:59 -05:00
Caleb Doxsey
a41c37f9e0
add paging support to GetAll (#1601) 
* add paging support to GetAll

* fix import
 2020-11-18 17:02:57 -07:00
Caleb Doxsey
8ada0c51dd
attach version to gRPC server metadata (#1598) 
* attach version to gRPC server metadata

* fix linting
 2020-11-17 07:18:48 -07:00
Philip Wassermann
85a5961e5e
authorize: add allow_any_authenticated_user policy (#1515) 2020-11-05 11:20:50 -07:00
Caleb Doxsey
ccdd1e5586
use custom default http transport (#1576) 
* use custom default http transport

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* return early

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-11-04 15:35:10 -07:00
Caleb Doxsey
10b5c5ca0e
fix querying claim data on the dashboard (#1560) 2020-10-29 10:49:02 -06:00
Caleb Doxsey
93c257259e
databroker: add audience to session (#1557) 
* add audience to session

* update audience

* parse next url and add it to audience
 2020-10-27 14:22:26 -06:00
Caleb Doxsey
a85b3b04c1
store raw id token so it can be passed to the logout url (#1543) 2020-10-26 10:20:23 -06:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
Caleb Doxsey
1763f02620
fix databroker requiring signed jwt (#1538) 
* add test, explicitly call RequireSignedJWT instead of using interceptor to handle combined gRPC server

* register handler, handle config changes

* fix nil error in tests

* unexport constructor
 2020-10-20 10:29:22 -06:00
Caleb Doxsey
04c582121d
add flag to enable user impersonation (#1514) 
* add flag to enable user impersonation

* fix typo
 2020-10-14 08:17:59 -06:00
Caleb Doxsey
eb79cc0957
databroker: require JWT for access (#1503) 2020-10-09 11:08:40 -06:00
Caleb Doxsey
aa731ae068
directory: add explicit RefreshUser endpoint for faster sync (#1460) 
* directory: add explicit RefreshUser endpoint for faster sync

* add test

* implement azure

* update api call

* add test for azure User

* implement github

* implement AccessToken, gitlab

* implement okta

* implement onelogin

* fix test

* fix inconsistent test

* implement auth0
 2020-10-05 08:23:15 -06:00
Caleb Doxsey
3e86d2f9bf
directory: additional user info (#1467) 
* directory: support additional user information

* implement github

* implement gitlab

* implement onelogin

* implement okta

* rename to display name

* implement google

* fill in properties

* fix azure email parsing

* fix tests, lint

* fix onelogin tests

* fix gitlab/github tests
 2020-09-29 09:38:16 -06:00
Caleb Doxsey
f4c61a0cdc
redis: use pubsub instead of keyspace events (#1450) 2020-09-23 14:40:05 -06:00
Caleb Doxsey
2364da14c8
databroker: add support for querying the databroker (#1443) 
* databroker: add support for querying the databroker

* remove query method, use getall so encryption works

* add test

* return early
 2020-09-22 16:01:37 -06:00
Caleb Doxsey
54d37e62e8
config: add dns_lookup_family option to customize DNS IP resolution (#1436) 2020-09-21 15:32:37 -06:00
Caleb Doxsey
0a6796ff71
authorize: add support for service accounts (#1374) 2020-09-04 10:37:00 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
8ab0dcb45b
logs: add new log scrubber (#1346) 2020-08-31 08:12:08 -06:00
bobby
fbd8c8f294
deployment: add goimports with path awareness (#1316) 
Plus fix some spelling

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-24 13:04:55 -07:00
Travis Groth
d81cfb6e99
pkg/storage/redis: update tests to use local certs + upstream image (#1306) 2020-08-20 12:44:15 -04:00
Caleb Doxsey
c4c8ef8e53
azure: support deriving credentials from client id, client secret and provider url (#1300) 2020-08-18 10:17:28 -06:00
Caleb Doxsey
a1378c81f8
cache: support databroker option changes (#1294) 2020-08-18 07:27:20 -06:00
Caleb Doxsey
d9a224a5e8
proxy: move properties to atomically updated state (#1280) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct

* proxy: allow local state to be updated on configuration changes

* fix test

* return new connection

* use warn, collapse to single line

* address concerns, fix tests
 2020-08-14 11:44:58 -06:00
Caleb Doxsey
d608526998
authenticate: move properties to atomically updated state (#1277) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00
Cuong Manh Le
9af2226b5b pkg/storage/redis: use SANs cert 
Since go1.15, X.509 CommonName is deprecated, switch to a SANs
certificate for test redis TLS.

While at it, add instruction to genearte cert and build test image.

See: https://golang.org/doc/go1.15#commonname
 2020-08-12 22:20:50 +07:00
Caleb Doxsey
1285a9d91d
databroker: add support for config settings (#1253) 2020-08-11 07:50:19 -06:00
Cuong Manh Le
ec52412d79
pkg/storage: make Watch returns receive only channel (#1211) 
So the caller can not write to the channel, and insist that the channel
is for notifying only.
 2020-08-05 23:49:28 +07:00