pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	54d37e62e8	config: add dns_lookup_family option to customize DNS IP resolution (#1436 )	2020-09-21 15:32:37 -06:00
bobby	bf937f362b	controplane: remove p-521 EC (#1420 ) * controplane: remove p-521 EC Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-09-18 08:18:21 -07:00
bobby	79a01bcfbb	controlplane: support P-384 / P-512 EC curves (#1409 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-09-16 17:35:00 -07:00
Travis Groth	90d95b8c10	Set ExtAuthz Cluster name to URL Host (#1132 )	2020-07-23 14:10:16 -04:00
Caleb Doxsey	96424dac0f	implement google cloud serverless authentication (#1080 ) * add google cloud serverless support * force ipv4 for google cloud serverless * disable long line linting * fix destination hostname * add test * add support for service accounts * fix utc time in test	2020-07-16 08:25:14 -06:00
Caleb Doxsey	fca17d365a	xds: force ipv4 for localhost to workaround ipv6 issue in docker compose (#819 )	2020-06-01 08:58:28 -06:00
Caleb Doxsey	f770ccfedd	config: add getters for URLs to avoid nils (#777 ) * config: add getters for URLs to avoid nils * allow nil url for cache grpc client connection in authenticate	2020-05-26 11:36:18 -06:00
Caleb Doxsey	dedf4b1428	controlplane: xds unit tests (#770 ) * xds: use plain functions, add unit tests for control plane routes * xds: add test for grpc routes * xds: add test for pomerium http routes * xds: add test for policy routes * xds: use plain functions * xds: test get all routeable domains * xds: add build downstream tls context test * more tests * test for client cert * more tests	2020-05-25 11:14:07 -06:00
Caleb Doxsey	1859f6d06b	envoy: switch to STRICT_DNS (#733 )	2020-05-19 09:17:05 -06:00
Caleb Doxsey	959c9e8225	envoy: always populate pomerium-authz cluster (#730 )	2020-05-19 08:11:12 -06:00
Caleb Doxsey	14c27974b9	envoy: enable TLS verification for internal services (#726 )	2020-05-18 19:22:50 -06:00
Caleb Doxsey	e854cfe83b	envoy: implement policy TLS options (#724 ) * envoy: implement policy TLS options * fix tests * log which CAs are being used	2020-05-18 16:52:51 -06:00
Caleb Doxsey	dccec1e646	envoy: support autocert (#695 ) * envoy: support autocert * envoy: fallback to http host routing if sni fails to match * update comment * envoy: renew certs when necessary * fix tests	2020-05-18 17:10:10 -04:00
Caleb Doxsey	0d9a372182	envoy: implement refresh session (#674 ) * authorize: refresh session WIP * remove upstream cookie with lua * only refresh session on expired * authorize: handle session expiration * authorize: add refresh test, fix isExpired check * proxy: implement preserve host header option * authorize: allow CORS preflight requests * proxy: add request headers * authenticate: use id token expiry	2020-05-18 17:10:10 -04:00
Travis Groth	99e788a9b4	envoy: Initial changes	2020-05-18 17:10:10 -04:00

15 commits