3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 02:46:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
1175 commits 156 branches 125 tags 103 MiB
Commit graph

13 commits

Author SHA1 Message Date
Cuong Manh Le
8d0deb0732
config: add PassIdentityHeaders option (#903) 
Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.

Fixes #702
 2020-06-22 10:29:44 +07:00
Cuong Manh Le
8856577f39
integration: fix wrong jwt assertion test (#909) 
The test intends to check "X-Pomerium-Jwt-Assertion" exists in response
header and not empty, but accidently always test for non-empty string.
 2020-06-17 21:49:39 +07:00
Cuong Manh Le
4d5edb0d64
Feature/remove request headers (#822) 
* config: add RemoveRequestHeaders

Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.

This is also a preparation for future PRs to implement disable user
identity in request headers feature.

* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
 2020-06-03 07:46:51 -07:00
Bobby DeSimone
ca499ac9be
envoy: add jwt-assertion (#727) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:34:49 -07:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Caleb Doxsey
b4ac3ca8d8 skip failing tests 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ef399380b7 merge master 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00
Caleb Doxsey
49067c8f06
integration-tests: TLS policy configuration options (#708) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* generate additional tls certs

* integration-tests: tls_skip_verify option

* integration-tests: wait for openid to come up before starting authenticate

* add tls_server_name test

* add test for tls_custom_ca

* increase setup timeout to 15 minutes

* fix secret name reference

* mtls wip

* mtls wip

* add test for client_cert
 2020-05-15 16:37:09 -06:00
Caleb Doxsey
397d4a9f51
integration-tests: switch to go for backends to support TLS scenarios (#707) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* fix duplicate port value
 2020-05-15 09:25:27 -06:00
Caleb Doxsey
cbc6374efd
integration-tests: set_request_headers and preserve_host_header options (#668) 
* integration-tests: rename to policy_test

* integration-tests: add request header test

* integration-tests: add test for preserve_host_header
 2020-05-07 10:52:55 -06:00