3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-23 22:17:14 +02:00
Code Issues Projects Releases Packages Wiki Activity
2120 commits 162 branches 127 tags 104 MiB
Commit graph

2120 commits

This branch
This branch
All branches
Author SHA1 Message Date
Travis Groth
843c4b6fee
docs: upgrade notes on allowed_users by ID (#2133) 2021-04-27 07:37:01 -04:00
Caleb Doxsey
636b3d6846
databroker: add options for maximum capacity (#2095) 
* databroker: add options

* implement redis

* add trace for enforce options
 2021-04-26 17:14:54 -06:00
Caleb Doxsey
b3216ae854
httputil: fix SPDY support with reverse proxy (#2134) 2021-04-26 14:45:07 -06:00
wasaga
9d0baad136
use cached envoy (#2132) 2021-04-26 15:58:46 -04:00
dependabot[bot]
5767443836
chore(deps): bump google.golang.org/api from 0.44.0 to 0.45.0 (#2128) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.44.0 to 0.45.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.44.0...v0.45.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-26 07:53:09 -06:00
Caleb Doxsey
008bda99e2
envoyconfig: fix metrics ingress listener name (#2124) 2021-04-26 07:49:48 -06:00
dependabot[bot]
9718d27ba6
chore(deps): bump github.com/envoyproxy/protoc-gen-validate (#2129) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.5.1 to 0.6.0.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.5.1...v0.6.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-26 07:45:42 -06:00
dependabot[bot]
8c04bbbe67
chore(deps): bump github.com/prometheus/common from 0.20.0 to 0.21.0 (#2130) 
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.20.0...v0.21.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-26 07:44:54 -06:00
Caleb Doxsey
22f6a2207b
envoy: re-implement recommended defaults (#2123) 2021-04-23 14:54:13 -06:00
Caleb Doxsey
f365b30e02
authorize: remove log (#2122) 2021-04-23 14:00:08 -06:00
Caleb Doxsey
762b565239
authorize: fix empty sub policy arrays (#2119) 2021-04-23 11:00:30 -06:00
Caleb Doxsey
433831fbea
authorize: fix unsigned URL (#2118) 2021-04-22 17:33:46 -06:00
dependabot[bot]
d365771e90
chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 (#2074) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.12.0...v0.13.0)

Signed-off-by: dependabot[bot] <support@github.com>

* autocert: fix for certmagic 0.12 -> 0.13

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-22 15:31:19 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
Hugo Blom
2806b67bee
drop tun.cfg.dstHost from jwtCacheKey (#2115) 2021-04-22 11:50:37 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Travis Groth
e7995954ff
deps: bump envoy to 1.17.2 (#2113) 2021-04-22 10:28:04 -04:00
Travis Groth
2b59db27be
deployment: update get-envoy script and release hooks (#2111) 2021-04-21 16:00:16 -04:00
Travis Groth
3b1e5a9a48
deployment: Publish OS packages to cloudsmith (#2105) 
* deployment: Publish OS packages to cloudsmith
 2021-04-21 07:12:14 -04:00
Caleb Doxsey
3906b70bc5
authorize: support arbitrary jwt claims (#2102) 
* authorize: support arbitrary jwt claims

* remove dead code
 2021-04-19 14:55:08 -06:00
bobby
073c6063db
docs: add threat model to security page (#2097) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-04-19 09:15:41 -07:00
dependabot[bot]
99eaf599c2
chore(deps): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 (#2098) 
Bumps [gopkg.in/auth0.v5](https://github.com/go-auth0/auth0) from 5.14.1 to 5.15.0.
- [Release notes](https://github.com/go-auth0/auth0/releases)
- [Changelog](https://github.com/go-auth0/auth0/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-auth0/auth0/compare/v5.14.1...v5.15.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-19 09:57:06 -06:00
dependabot[bot]
6a64f087ed
chore(deps): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 (#2099) 
Bumps [github.com/go-redis/redis/v8](https://github.com/go-redis/redis) from 8.8.0 to 8.8.2.
- [Release notes](https://github.com/go-redis/redis/releases)
- [Changelog](https://github.com/go-redis/redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-redis/redis/compare/v8.8.0...v8.8.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-19 09:56:41 -06:00
Travis Groth
ebfbdb721b
config: don't change address value on databroker or authorize (#2092) 2021-04-16 10:46:32 -04:00
Caleb Doxsey
7c98e0ae76
xdsmgr: update resource versions on NACK (#2093) 2021-04-16 08:23:40 -06:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00
Caleb Doxsey
f760cdece5
envoyconfig: move most bootstrap config to shared package (#2088) 2021-04-14 12:07:49 -06:00
wasaga
c12c0aab49
metrics_address should be optional parameter (#2087) 2021-04-13 15:56:35 -04:00
Caleb Doxsey
1dcccf2b56
envoy: refactor controlplane xds to new envoyconfig package (#2086) 2021-04-13 13:51:44 -06:00
wasaga
0e66619081
do not require project be in GOPATH/src (#2078) 2021-04-12 09:43:05 -04:00
wasaga
6aa716bc95
propagate changes back from encrypted backend (#2079) 2021-04-12 09:42:45 -04:00
Caleb Doxsey
8924b1a5fc
config: use tls_custom_ca from policy if available (#2077) 2021-04-09 12:26:46 -06:00
Caleb Doxsey
6d1d2bec54
crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075) 
* crypto: use actual bytes of shared secret, not the base64 encoded representation

* return errors

* return errors
 2021-04-08 20:04:01 -06:00
dependabot[bot]
7a04b16163
chore(deps): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 (#2071) 
Bumps [gopkg.in/auth0.v5](https://github.com/go-auth0/auth0) from 5.13.0 to 5.14.1.
- [Release notes](https://github.com/go-auth0/auth0/releases)
- [Changelog](https://github.com/go-auth0/auth0/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-auth0/auth0/compare/v5.13.0...v5.14.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:15:38 -06:00
dependabot[bot]
9359ae6deb
chore(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0 (#2072) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.36.1 to 1.37.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.36.1...v1.37.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:10:52 -06:00
dependabot[bot]
f72fa85f89
chore(deps): bump google.golang.org/api from 0.43.0 to 0.44.0 (#2073) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.43.0 to 0.44.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.43.0...v0.44.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:09:49 -06:00
Travis Groth
f59f31410a
deps: switch from renovate to dependabot (#2069) 2021-04-08 10:29:48 -04:00
Caleb Doxsey
aeb8aaf9cd
directory: remove provider from user id (#2068) 2021-04-07 15:06:08 -06:00
Caleb Doxsey
a51c7140ea
cryptutil: use bytes for hmac (#2067) 2021-04-07 14:57:24 -06:00
wasaga
a935c1ba30
config related metrics (#2065) 2021-04-07 12:29:36 -07:00
Caleb Doxsey
9de340b48b
cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00
Caleb Doxsey
294addd857
databroker: remove unused installation id, close streams when backend is closed (#2062) 2021-04-06 13:41:19 -06:00
Travis Groth
187d0a0195
docs: update community slack link (#2063) 2021-04-06 14:57:59 -04:00
Caleb Doxsey
d8f11dcb91
proxy: support re-proxying request through control plane for kubernetes (#2051) 
* proxy: support re-proxying request from envoy for kubernetes

* encrypt policy id for reproxy, implement tls options

* add comment, use hmac

* use httputil handler and error

* remove reproxy headers on all incoming request

* only allow re-proxying for kubernetes, strip headers

* fix tests
 2021-04-06 12:08:09 -06:00
Caleb Doxsey
f84f7551d0
authenticate: fix default sign out url (#2061) 2021-04-06 10:35:08 -06:00
Caleb Doxsey
8a2af8029b
authorize: additional tracing, add benchmark for encryptor (#2059) 2021-04-05 12:55:16 -06:00
Caleb Doxsey
f4c4fe314a
authorize: audit logging (#2050) 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
 2021-04-05 09:58:55 -06:00
Renovate Bot
00e56212ec fix(deps): update module github.com/golang/protobuf to v1.5.2 2021-04-05 10:37:13 +00:00
Renovate Bot
7f3093f60f fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 2021-04-05 09:50:57 +00:00
Renovate Bot
4c85d3b3d8 fix(deps): update google.golang.org/genproto commit hash to 6c239bb 2021-04-05 09:04:12 +00:00