3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 10:56:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
1359 commits 157 branches 125 tags 103 MiB
Commit graph

109 commits

Author SHA1 Message Date
Caleb Doxsey
5be71b8e07
xds: fix misdirected script (#1895) 2021-02-16 14:57:21 -07:00
Caleb Doxsey
eb08658cfc
logs: strip query string (#1894) 2021-02-16 14:23:52 -07:00
Caleb Doxsey
963399b53d
proxy: implement pass-through for authenticate backend (#1870) 
* proxy: implement pass-through for authenticate backend

* address comments
 2021-02-09 14:03:54 -07:00
Caleb Doxsey
4bf5179bb6
controlplane: maybe fix flaky test (#1873) 2021-02-09 13:52:20 -07:00
bobby
a38913925d
controlplane: add global headers to virtualhost (#1861) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 12:30:45 -08:00
wasaga
7b06d37913
unique envoy cluster ids (#1858) 2021-02-08 13:52:09 -05:00
Caleb Doxsey
b7f0242090
authorize: remove admin (#1833) 
* authorize: remove admin

* regen rego

* add note to upgrading
 2021-02-01 15:22:02 -07:00
Caleb Doxsey
a5a3ab55fc
xds: fix always requiring client certificates (#1844) 
* xds: fix always requiring client certificates

* break early
 2021-02-01 12:44:22 -07:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
wasaga
66ff2cdaba
cluster name (#1834) 2021-01-29 16:55:38 -05:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
Caleb Doxsey
bec98051ae
config: return errors on invalid URLs, fix linting (#1829) 2021-01-27 07:58:30 -07:00
Caleb Doxsey
a8a703218f
return errors in xds build methods (#1827) 2021-01-26 14:40:39 -07:00
Caleb Doxsey
a14b65ec3f
controlplane: only add listener virtual domains for addresses matching the current TLS domain (#1823) 2021-01-26 09:01:24 -07:00
Caleb Doxsey
84e8f6cc05
config: fix databroker policies (#1821) 2021-01-25 17:18:50 -07:00
Caleb Doxsey
bcc8c17855
controlplane: only enable STATIC dns when all adresses are IP addresses (#1822) 2021-01-25 15:49:58 -07:00
wasaga
3a505d5573
expose envoy cluster options in policy (#1804) 2021-01-25 09:49:03 -05:00
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
0bc598f952
Revert "reduce memory usage by handling http/2 coalescing via a lua script (#1779)" (#1785) 
This reverts commit b2ceaa9e91.
 2021-01-19 13:55:30 -07:00
Caleb Doxsey
b2ceaa9e91
reduce memory usage by handling http/2 coalescing via a lua script (#1779) 
* add support for proxy protocol on HTTP listener (#1777)

* add support for proxy protocol on HTTP listener

* rename option, add doc

* reduce memory usage by handling http/2 coalescing via a lua script

* move script to file

* use wellknown

* fix integration test
 2021-01-19 08:45:28 -07:00
Caleb Doxsey
09747aa3ba
add support for proxy protocol on HTTP listener (#1777) 
* add support for proxy protocol on HTTP listener

* rename option, add doc
 2021-01-19 05:56:58 -07:00
Caleb Doxsey
10912add67
config: detect underlying file changes (#1775) 
* wip

* cleanup

* add test

* use uuid for temp dir, derive root CA path from filemgr for tests

* fix comment

* fix double close

* use latest notify
 2021-01-14 18:06:02 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
bobby
6466efddd5
authenticate: update user info screens (#1774) 
- rename "dashboard" to userinfo to avoid confusion
- don't leak version from error page.
- fix typo in state.go
- make statik determenistic on modtime


Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-01-13 13:15:31 -08:00
Caleb Doxsey
8d085547c5
tcp: prevent idle stream timeouts for TCP and Websocket routes (#1744) 2021-01-06 14:14:44 -07:00
Caleb Doxsey
3524697f6f
use incremental API for envoy xDS (#1732) 
* use incremental API

* add test

* use backoff v4

* remove panic, add comment to exponential try, add test for HashProto

* merge master

* fix missing import
 2021-01-05 12:45:55 -07:00
Caleb Doxsey
a07d85b174
Revert "set recommended defaults (#1734)" (#1735) 
This reverts commit cd2a86afc4.
 2021-01-05 10:01:42 -07:00
Caleb Doxsey
cd2a86afc4
set recommended defaults (#1734) 
* set recommended defaults

* add comment
 2021-01-04 16:29:51 -07:00
bobby
f837c92741
dev: update linter (#1728) 
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-30 09:02:57 -08:00
Travis Groth
661005c497
internal/controlplane: 0s default timeout for tcp routes (#1716) 2020-12-23 11:09:07 -05:00
Caleb Doxsey
ad828c6e84
add support for TCP routes (#1695) 2020-12-16 13:09:48 -07:00
Caleb Doxsey
8ada0c51dd
attach version to gRPC server metadata (#1598) 
* attach version to gRPC server metadata

* fix linting
 2020-11-17 07:18:48 -07:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
Caleb Doxsey
4ed3d84632
debug: add pprof endpoints (#1504) 2020-10-09 12:40:33 -06:00
Caleb Doxsey
27d0cf180a
authenticate: protect /.pomerium/admin endpoint (#1500) 
* authenticate: protect /.pomerium/admin endpoint

* add integration test
 2020-10-08 15:44:12 -06:00
bobby
9b39deabd8
forward-auth: use envoy's ext_authz check (#1482) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-04 20:01:06 -07:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
54d37e62e8
config: add dns_lookup_family option to customize DNS IP resolution (#1436) 2020-09-21 15:32:37 -06:00
bobby
bf937f362b
controplane: remove p-521 EC (#1420) 
* controplane: remove p-521 EC

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-18 08:18:21 -07:00
bobby
79a01bcfbb
controlplane: support P-384 / P-512 EC curves (#1409) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-16 17:35:00 -07:00
Caleb Doxsey
a19e45334b
proxy: remove impersonate headers for kubernetes (#1394) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
 2020-09-09 15:24:39 -06:00
Caleb Doxsey
1fcd86120b
proxy: for filter matches only include bare domain name (#1389) 2020-09-09 08:56:15 -06:00
bobby
43d37ace94
proxy/controlplane: make health checks debug level (#1368) 
- proxy: remove version from ping handler

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-04 07:31:12 -07:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00