pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 03:16:31 +02:00

Author	SHA1	Message	Date
bobby	bfc3fb67da	v0.10.0 (#1225 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-06 21:08:19 -07:00
roulesse	7da513f42c	Update synology.md (#1219 )	2020-08-06 15:28:51 -07:00
Travis Groth	4976fe3824	docs: add installation section (#1223 )	2020-08-06 16:34:01 -04:00
Travis Groth	1cafba18a5	docs: Kubernetes topic (#1222 ) * docs: kubernetes topic and installation stub	2020-08-06 15:28:12 -04:00
Travis Groth	28230c7dc5	docs: update architecture diagrams + descriptions (#1218 ) * docs: update architecture diagrams + descriptions * Update docs/docs/topics/production-deployment.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/docs/topics/production-deployment.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/docs/topics/production-deployment.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2020-08-06 13:40:08 -04:00
bobby	8d0cb86098	docs: fix links, fix upgrade guide (#1220 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-05 23:07:49 -07:00
bobby	ecfe25458e	docs: update reference docs (#1208 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2020-08-05 18:22:56 -07:00
Brad Jones	9af93ff090	Update README stating specific requirements for SIGNING_KEY (#1217 ) Makes clear it must be an EC key and also that it must be present in the authentication service, if run separately.	2020-08-05 14:47:31 -07:00
Travis Groth	258cb26ed5	docs: fix minor errors (#1214 ) * docs: fix typo in kubectl command * docs: Fix spurious table	2020-08-05 15:04:31 -04:00
Travis Groth	7a53e6bb42	proxy: add support for spdy upgrades (#1203 )	2020-08-04 13:26:14 -04:00
Travis Groth	01d0f7de6e	config: additional kubernetes token source support (#1200 )	2020-08-04 09:40:51 -04:00
Cuong Manh Le	c910196364	docs/docs: update upgrading to mention redis storage backend (#1172 ) Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2020-08-01 11:20:07 -07:00
bobby	8b68079488	docs: rename docs/reference to docs/topics (#1182 ) * docs: rename docs/reference to docs/topics Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-01 10:00:14 -07:00
Travis Groth	417c2f4890	docs: Redis and stateful storage docs (#1173 )	2020-07-31 11:56:01 -04:00
Cuong Manh Le	bc61206b78	pkg/storage/redis: add redis TLS support (#1163 ) Fixes #1156	2020-07-31 19:37:23 +07:00
Travis Groth	aa8ba35332	config: default to google idp credentials for serverless (#1170 )	2020-07-30 20:21:41 -04:00
Travis Groth	3c4513a91e	telmetry: add databroker storage metrics and tracing (#1161 ) * telmetry: add databroker storage metrics and tracing	2020-07-30 18:19:23 -04:00
bobby	8cae3f27bb	docs: refactor sections, consolidate examples (#1164 )	2020-07-30 11:02:14 -07:00
Diep Pham	f41eeaf138	docs: add recipe for TiddlyWiki on Node.js (#1143 )	2020-07-30 08:59:04 -07:00
Cuong Manh Le	3039407597	pkg/storage/redis: add authentication support (#1159 ) Fixes #1157	2020-07-29 23:08:38 +07:00
Travis Groth	996f0251b2	Add kubectl config commands (#1152 )	2020-07-28 17:14:22 -04:00
Cuong Manh Le	bec908b9af	docs/.vuepress: fix missing local-oidc recipes section (#1147 )	2020-07-28 19:51:17 +07:00
Miguel	72b6347886	docs: Add required in cookie_secret (#1142 )	2020-07-27 22:59:54 +07:00
Cuong Manh Le	1640151bc1	databroker server backend config (#1127 ) * config,docs: add databroker storage backend configuration * cache: allow configuring which backend storage to use Currently supported types are "memory", "redis".	2020-07-23 10:42:43 +07:00
Cuong Manh Le	489cdd8b63	internal/controlplane: using envoy strip host port matching (#1126 ) * internal/controlplane: using envoy strip host port matching With envoy 1.15.0 release, strip host port matching setting allows incoming request with Host "example:443" will match again route with domains match set to "example". Not that this is not standard HTTP behavior, but it's more convenient for users. Fixes #959 * docs/docs: add note about enable envoy strip host port matching	2020-07-22 23:51:57 +07:00
Travis Groth	a1b6bfec56	docs: Cloud Run / GCP Serverless (#1101 ) * Add GCP Serverless and Cloud Run docs	2020-07-20 14:00:52 -04:00
Cuong Manh Le	821f2e9000	config: allow setting directory sync interval and timeout (#1098 ) Updates #567	2020-07-17 23:11:27 +07:00
Caleb Doxsey	eef4c6f2c0	kubernetes docs (#1087 ) * wip * wip * remove dead code * add logging about errors for caching credentials * rename subcommand * add kubernetes docs	2020-07-16 12:15:41 -06:00
Cuong Manh Le	8e56db7830	docs/docs: add changelog for #1055 (#1084 )	2020-07-16 09:57:25 +07:00
Cuong Manh Le	d40f294586	authorize: include "kid" in JWT header (#1049 ) Fixes #1046	2020-07-09 12:39:53 +07:00
Cuong Manh Le	de54e449f0	docs/recipes: add local oidc example (#1045 ) docs/recipes: add local oidc example Closes #1042	2020-07-08 08:59:02 +07:00
Cuong Manh Le	2c3c7b837d	docs/configuration: add doc for trailing slash limitation in "To" field (#1040 ) Due to the limitation of envoy, it can't handle rewriting of "From" field without path to a destination with path. Updates #880 Updates #1033	2020-07-07 11:35:59 +07:00
Cuong Manh Le	65150f2c3d	docs: document preserve_host_header with policy routes to static ip (#1024 ) Fixes #1012	2020-06-30 14:26:08 +07:00
Caleb Doxsey	091b71f12e	grpc: rename internal/grpc to pkg/grpc (#1010 ) * grpc: rename internal/grpc to pkg/grpc * don't ignore pkg dir * remove debug line	2020-06-26 09:17:02 -06:00
Jeff Hubbach	a98d39c5af	Docs: Update Istio VirtualService example (#1006 ) It's necessary to specify the destination port for Pomerium services	2020-06-25 18:15:34 -07:00
Travis Groth	c049d87362	docs: document service account requirements (#999 )	2020-06-25 19:32:36 -04:00
bobby	dbd1eac97f	identity: support custom code flow request params (#998 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-06-25 08:28:46 -07:00
Bobby DeSimone	1d1311a240	config: error if groups are used without service account Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-06-24 16:01:08 -07:00
Cuong Manh Le	17ba595ced	authenticate: support hot reloaded config (#984 ) By implementinng OptionsUpdater interface. Fixes #982	2020-06-24 00:18:20 +07:00
Cuong Manh Le	4ca0189524	docs/docs/identity-providers: document gitlab default scopes changed (#980 ) Fixes #938	2020-06-24 00:05:21 +07:00
Caleb Doxsey	24b523c043	docs: update upgrading document for breaking changes (#974 )	2020-06-22 15:26:42 -06:00
Caleb Doxsey	f33bf07334	docs: update service account instructions for OneLogin (#973 )	2020-06-22 15:21:21 -06:00
Caleb Doxsey	ae97d280c5	docs: service account instructions for gitlab (#970 )	2020-06-22 15:04:36 -06:00
Caleb Doxsey	451bdbeb0d	docs: update okta service account docs to match new format (#972 )	2020-06-22 15:04:01 -06:00
Caleb Doxsey	cb08cb7a93	docs: service account instructions for azure (#969 )	2020-06-22 14:15:49 -06:00
Caleb Doxsey	f11c5ba172	docs: update GitHub documentation for service account (#967 ) * docs: update GitHub documentation for service account * add read:org permission	2020-06-22 12:36:07 -06:00
Cuong Manh Le	5b9c09caba	docs/docs: remove extra text when resolve conflict (#955 )	2020-06-22 10:38:31 +07:00
Cuong Manh Le	8d0deb0732	config: add PassIdentityHeaders option (#903 ) Currently, user's identity headers are always inserted to downstream request. For privacy reason, it would be better to not insert these headers by default, and let user chose whether to include these headers per=policy basis. Fixes #702	2020-06-22 10:29:44 +07:00
Cuong Manh Le	c29807c391	docs: document un-supported HTTP 1.0 in 0.9.0 and higher (#932 ) docs: document un-supported HTTP 1.0 in 0.9.0 and higher Fixes #915 Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2020-06-20 01:11:00 +07:00
Caleb Doxsey	dbd7f55b20	feature/databroker: user data and session refactor project (#926 ) * databroker: add databroker, identity manager, update cache (#864) * databroker: add databroker, identity manager, update cache * fix cache tests * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * authorize: use databroker data for rego policy (#904) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix gitlab test * use v4 backoff * authenticate: databroker changes (#914) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove groups and refresh test * databroker: remove dead code, rename cache url, move dashboard (#925) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * wip * remove groups and refresh test * fix redirect, signout * remove databroker client from proxy * remove unused method * remove user dashboard test * handle missing session ids * session: reject sessions with no id * sessions: invalidate old sessions via databroker server version (#930) * session: add a version field tied to the databroker server version that can be used to invalidate sessions * fix tests * add log * authenticate: create user record immediately, call "get" directly in authorize (#931)	2020-06-19 07:52:44 -06:00

1 2 3 4 5 ...

270 commits