3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 10:56:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
1401 commits 157 branches 125 tags 103 MiB
Commit graph

88 commits

Author SHA1 Message Date
Caleb Doxsey
7f6107051f
config: add rewrite_response_headers option (#1961) 
* add lua script to rewrite response headers

* add policy config

* update docs
 2021-03-05 09:40:17 -07:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
a825b06014
metrics: add TLS options (#1939) 
* move metrics listener to envoy

* add metrics tls options

* add test

* update docs

* update config proto

* add function to validate metric addr

* fix validation
 2021-02-24 09:42:53 -07:00
Caleb Doxsey
8b42eb5ebd
config: add metrics_basic_auth option (#1917) 
* config: add metrics_basic_auth option

* remove println

* use constant time compare
 2021-02-22 13:37:18 -07:00
Caleb Doxsey
1a1cc30c67
config: support map of jwt claim headers (#1906) 
* config: support map of jwt claim headers

* fix array handling, add test

* update docs

* use separate hook, add tests
 2021-02-17 13:43:18 -07:00
Travis Groth
ee28f008b5
docs: add load balancing weight documentation (#1883) 2021-02-17 09:36:47 -08:00
Travis Groth
07d9074796
docs: additional load balancing documentation (#1875) 2021-02-12 10:29:01 -05:00
Caleb Doxsey
9f6dc78798
config: allow customization of envoy boostrap admin options (#1872) 2021-02-09 11:29:58 -07:00
bobby
fcd8c3644f
options: header only applies to routes and authN (#1862) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 11:05:33 -08:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
wasaga
66ff2cdaba
cluster name (#1834) 2021-01-29 16:55:38 -05:00
Vihar Desu
c39fdb51e8
updated host rewrite docs (#1799) 
* updated host rewrite docs

* quick fix

* fixed precommit
 2021-01-27 12:44:58 -07:00
wasaga
3a505d5573
expose envoy cluster options in policy (#1804) 2021-01-25 09:49:03 -05:00
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
09747aa3ba
add support for proxy protocol on HTTP listener (#1777) 
* add support for proxy protocol on HTTP listener

* rename option, add doc
 2021-01-19 05:56:58 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
Caleb Doxsey
ab4a68f56f
remove user impersonation and service account cli (#1768) 
* remove user impersonation and service account cli

* update doc

* remove user impersonation url query params

* fix flaky test
 2021-01-12 09:28:29 -07:00
Caleb Doxsey
00734243b3
telemetry: add support for datadog tracing (#1743) 
* add support for datadog tracing

* omitempty on datadog address

* envoy: add datadog exporter for tracing
 2021-01-06 12:27:23 -07:00
Travis Groth
50989a11b3
docs: tcp support (#1712) 2020-12-22 23:03:13 -05:00
bobby
c23c8b34b3
docs: replace httpbin with verify (#1702) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-22 09:53:08 -08:00
Travis Groth
64816720c8
internal/telemetry/metrics: update redis metrics for go-redis (#1694) 2020-12-16 14:53:39 -05:00
bobby
d3c697d3e4
nginx: fix docs (#1691) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-15 13:25:46 -08:00
Caleb Doxsey
2e8b842aed
remove "see policy" phrase in settings docs (#1668) 2020-12-09 11:35:02 -07:00
Travis Groth
82c7d1ee7a
docs: add allowed_idp_claims docs (#1665) 2020-12-09 12:16:13 -05:00
bobby
0cdd727d5e
update docs (#1645) 2020-12-03 08:29:17 -08:00
Caleb Doxsey
0571754f0c
move signing key algorithm documentation into yaml file (#1646) 2020-12-02 17:14:27 -07:00
bobby
5bbd745934
authorize: add signature algo support (RSA / EdDSA) (#1631) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 17:14:41 -08:00
Caleb Doxsey
2d5690dde6
remove deprecated cache_service_url config option (#1614) 
* remove deprecated cache_service_url config option

* remove broken test

* update integration test config

* update nginx example

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-11-23 14:57:29 -07:00
bobby
f604a3e87a
docs: use standard langauge for lists (#1590) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-12 14:44:00 -08:00
Caleb Doxsey
bfe68d1fd8
move docs to settings.yaml (#1579) 2020-11-05 12:13:10 -07:00
Philip Wassermann
85a5961e5e
authorize: add allow_any_authenticated_user policy (#1515) 2020-11-05 11:20:50 -07:00
Caleb Doxsey
2a97e92d50
add settings.yaml file (#1540) 
* store settings in yaml

* add shortdocs

* fix newline at EOF

* fix newline at EOF
 2020-10-22 15:28:16 -06:00
Caleb Doxsey
04c582121d
add flag to enable user impersonation (#1514) 
* add flag to enable user impersonation

* fix typo
 2020-10-14 08:17:59 -06:00
Jon Carl
83f998c088
update the documentation for auth0 to include group/role information (#1502) 
Signed-off-by: Jon Carl <jon.carl@auth0.com>
 2020-10-09 13:42:25 -06:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
54d37e62e8
config: add dns_lookup_family option to customize DNS IP resolution (#1436) 2020-09-21 15:32:37 -06:00
Manatsawin Hanmongkolchai
904edfed9a
docs: fix remove_request_headers typo (#1388) 2020-09-08 21:35:09 -07:00
Cuong Manh Le
08a094ae93
internal/directory/okta: remove rate limiter (#1370) 
We did honor the rate limit header from okta, so don't bother to add our
rate limiter there.
 2020-09-04 18:23:14 +07:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
f6b622c7dc
proxy: support websocket timeouts (#1362) 2020-09-02 07:55:57 -06:00
Cuong Manh Le
9de99d0211
all: add signout redirect url (#1324) 
Fixes #1213
 2020-08-25 01:23:58 +07:00
Cuong Manh Le
f356ff5581 config: add idp qps config 2020-08-14 09:50:49 +07:00
Caleb Doxsey
f822c9a5d2
config: allow reloading of telemetry settings (#1255) 
* metrics: support dynamic configuration settings

* add test

* trace: update configuration when settings change

* config: allow logging options to be configured when settings change

* envoy: allow changing log settings

* fix unexpected doc change

* fix tests

* pick a port at random

* update based on review
 2020-08-12 08:14:15 -06:00
bobby
8d0cb86098
docs: fix links, fix upgrade guide (#1220) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-05 23:07:49 -07:00
bobby
ecfe25458e
docs: update reference docs (#1208) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-08-05 18:22:56 -07:00
Brad Jones
9af93ff090
Update README stating specific requirements for SIGNING_KEY (#1217) 
Makes clear it must be an EC key and also that it must be present in the authentication service, if run separately.
 2020-08-05 14:47:31 -07:00