3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-17 19:17:17 +02:00
Code Issues Projects Releases Packages Wiki Activity
2120 commits 160 branches 126 tags 104 MiB
Commit graph

2120 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
24ea711162
chore(deps): bump github.com/prometheus/client_golang (#2961) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-24 09:13:44 -07:00
bobby
20902a715e
Update security.md (#2959) 
Unfortunately, it looks like all the low-effort security reports we get are coming from this list. Many times, the "researcher" is actually reporting a vulnerability on their own machine (foo.localhost.pomerium.io). 

https://github.com/sushiwushi/bug-bounty-dorks/blob/master/dorks.txt#L70
 2022-01-23 17:26:09 -08:00
Travis Groth
9c606db1ef
deployment: remove DST cert workaround from debug image (#2958) 2022-01-21 17:09:42 -05:00
Caleb Doxsey
ed6c3e5087
google: support groups for users outside of the organization (#2950) 
* google: support groups for users outside of the organization

* wrap error
 2022-01-21 09:36:32 -07:00
Caleb Doxsey
9f4fc986ee
devices: shrink credentials by removing unnecessary data (#2951) 2022-01-21 09:32:33 -07:00
Sylvain Rabot
6574926c42
Remove spurious </ul> tags (#2946) 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2022-01-20 10:01:44 -07:00
dependabot[bot]
6da57c4499
chore(deps): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 (#2939) 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.36.0 to 0.36.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.36.0...v0.36.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-20 10:01:00 -07:00
Caleb Doxsey
95d6d97143
authenticate: support webauthn redirects to non-pomerium domains (#2936) 
* authenticate: support webauthn redirects to non-pomerium domains

* add test

* remove dead code
 2022-01-19 15:10:57 -07:00
Denis Mishin
6b26f58e4f
return explicit error when directory sync is disabled (#2949) 2022-01-19 17:02:49 -05:00
Alex Fornuto
5bf912cf55
add More Resources section (#2947) 2022-01-19 07:13:02 -08:00
Alex Fornuto
fa8e68260b
Update cache to databroker (#2932) 2022-01-18 13:03:41 -06:00
dependabot[bot]
4040a12798
chore(deps): bump github.com/openzipkin/zipkin-go from 0.3.0 to 0.4.0 (#2942) 
Bumps [github.com/openzipkin/zipkin-go](https://github.com/openzipkin/zipkin-go) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/openzipkin/zipkin-go/releases)
- [Commits](https://github.com/openzipkin/zipkin-go/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/openzipkin/zipkin-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-18 09:46:33 -07:00
dependabot[bot]
746b278eca
chore(deps): bump github.com/envoyproxy/protoc-gen-validate (#2940) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.2 to 0.6.3.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.2...v0.6.3)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-17 11:32:42 -05:00
dependabot[bot]
2b2d65086c
chore(deps): bump google.golang.org/api from 0.64.0 to 0.65.0 (#2941) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.64.0 to 0.65.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.64.0...v0.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-17 11:32:05 -05:00
dependabot[bot]
9916db2ed7
chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0 (#2911) 
* chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-01-14 12:13:33 -07:00
Caleb Doxsey
8d882ce9c9
webauthn: use absolute URL for delete redirect (#2935) 
* authenticate: add callback endpoint

* webauthn: use absolute URL for delete redirect
 2022-01-14 10:23:27 -07:00
Caleb Doxsey
b019b61ccb
authenticate: add callback endpoint (#2931) 2022-01-14 10:22:46 -07:00
Caleb Doxsey
4583ecc730
devices: treat undefined device types as any (#2927) 2022-01-12 11:04:35 -07:00
Travis Groth
73dd6b93c2
deployment: fix distroless base arch (#2925) 2022-01-12 12:51:47 -05:00
Denis Mishin
1b80aa6c52
document service_proxy_upstream ingress annotation (#2915) 2022-01-12 10:15:55 -06:00
Caleb Doxsey
5b9a981191
handle device states in deny block, fix default device type (#2919) 
* handle device states in deny block, fix default device type

* fix tests
 2022-01-11 11:56:54 -07:00
Alex Fornuto
64d50613af
DOCS: keyword tag updates (#2922) 
* replace "zero-trust" with "zero trust"

* fix and update all keyword tags
 2022-01-11 12:36:47 -06:00
Jorge L. Fatta
3c87751c41
docs: fix argo link (#2918) 2022-01-11 10:48:26 -06:00
Caleb Doxsey
49fb00c895
envoy: check certificates for must-staple flag and drop them if they are missing the response (#2909) 
* envoy: check certificates for must-staple flag and drop them if they are missing the response

* Update config/envoyconfig/tls_test.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2022-01-10 10:51:56 -07:00
dependabot[bot]
58ca681f40
chore(deps): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible (#2910) 
* chore(deps): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible

Bumps [github.com/go-chi/chi](https://github.com/go-chi/chi) from 1.5.4 to 4.1.2+incompatible.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v1.5.4...v4.1.2)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade chi

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-01-10 10:50:11 -07:00
dependabot[bot]
ed21f2df03
chore(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 (#2912) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.19.1...v1.20.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-10 12:29:20 -05:00
dependabot[bot]
efbe9ce4bc
chore(deps): bump google.golang.org/api from 0.63.0 to 0.64.0 (#2913) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.63.0 to 0.64.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.63.0...v0.64.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-10 12:13:17 -05:00
dependabot[bot]
4f622e7c8d
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 (#2886) 
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.21.11 to 3.21.12.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.11...v3.21.12)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-07 14:13:44 -07:00
Alex Fornuto
8b531b8cf9
update and align reference settings (#2905) 2022-01-07 12:28:42 -08:00
Alex Fornuto
3913aac581
fix references to common traffic patterns (#2906) 2022-01-07 13:35:03 -06:00
Alex
5d34cad553
Remove references to idp_provider_url for Google. (#2882) 
* Remove references to idp_provider_url for Google. Closes #2866

* replace google with Okta in nginx docker example

Co-authored-by: alexfornuto <alex@fornuto.com>
 2022-01-07 11:21:01 -06:00
Caleb Doxsey
425c8bd58d
envoy: upgrade to 1.20.1 (#2902) 2022-01-06 15:04:22 -07:00
Caleb Doxsey
9330f6b0ac
authenticate: add device-enrolled page (#2892) 
* authenticate: add device-enrolled page

* remove device credential id from page
 2022-01-06 10:01:12 -07:00
Caleb Doxsey
6ed3fa20bc
integration: fix default port for verify service (#2895) 2022-01-05 12:48:35 -07:00
Alex Fornuto
d864aa64e5
DOCS: GitLab Integration guide (#2800) 
* WiP draft of GitLab Integration guide

* fix multiline docker command

* more steps

* complete guide

* add GitLab to Guides index

* add splash frame to video

* rewrite GitLab guide based on tech review

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* reduce complexity, note additional config

* rm whitespace

* Apply suggestions from code review

Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>

* fix indent for numbering

* Update docs/guides/gitlab.md

Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
 2022-01-05 13:48:07 -06:00
Travis Groth
324110f464
misc: disable blank github issues (#2898) 2022-01-05 11:38:27 -05:00
Travis Groth
62b07cb530
deployment: multi-arch master images (#2896) 2022-01-05 11:00:24 -05:00
Alex Fornuto
82217bac6b
fix links, rm errant formatting attempt (#2888) 2022-01-03 14:33:06 -06:00
Alex Fornuto
21ef7e161c
add link to background page (#2883) 2021-12-31 13:56:03 -08:00
Alex Fornuto
1e7eded292
Docs: Mutual Auth Topic page (#2820) 
* WIP update

* init mutual auth topic page

* WIP

* update JWT verification guide

* s/Java/Json/g

* Add mTLS and update some charts

* resummarize

* get my updates in before Bobby gets here

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* finish updates

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* adjust styling for HRs and blockquotes

* mutual auth overhaul

* grammar adjustment

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* remove new blockquote style

* manual review updates

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-12-30 16:06:33 -06:00
Alex Fornuto
9883cfd72d
fixes broken links, adds checker workarounds (#2878) 2021-12-30 15:02:06 -06:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Alex Fornuto
9b5a816246
DOCS: Remove duplicate configuration items (#2873) 
Remove duplicate configuration items of route

Co-authored-by: cfanbo <haohtml@gmail.com>
 2021-12-29 15:18:10 -06:00
Alex Fornuto
6cb88172d7
Support redirect (#2874) 
* create support redirect template

* add newline

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* rm newline

* move support.md and init issue link

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-12-29 13:33:10 -06:00
Alex Fornuto
7d8c89a3a9
Create Support Redirect Template (#2869) 
* create support redirect template

* add newline

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* rm newline

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-12-29 12:15:27 -06:00
Alex Fornuto
76ae96980a
DOCS: Fixes to 16 release (#2856) 
* clarify upgrade notes and certificate reference

* backport updated reference to source and sort

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* update webauthn link

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-12-29 12:12:33 -06:00
Alex Fornuto
eab9b960bf
Rephrase Discussion around Discuss (#2870) 
* rephrase discussion around Discuss

* rm whitespace
 2021-12-29 12:11:11 -06:00
Alex Fornuto
f65041ebd1
DOCS: Document webauthn with device ID (#2830) 
* init device identity topic page

* add device options to PPL

* init device enrollment guide

* adjust for #2835 and crosslink

* tooltip in PPL on finding device ID

* sort and link matchers

* adjust terminology and crosslink

* standardize new topic name

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* rewrite device identity topic page

* rebase cleanup

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* add links from review with footer refs

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* rm errant newlines

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-12-29 11:19:21 -06:00
Sylvain Rabot
727b8dd8ac
docs: fix generation of the public key (#2864) 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2021-12-28 20:27:25 -08:00
Sylvain Rabot
9c7cf05a13
Fix typo (#2861) 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2021-12-28 12:53:43 -06:00