pomerium

3pp-mirror/pomerium

Fork 0

mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00

Commit graph

Author	SHA1	Message	Date
Kenneth Jenkins	8463020e68	ssh: rework cached record invalidation (#5688 ) Add an additional method to the ssh.Evaluator interface for invalidating cached databroker records. Invalidating the global cache is not sufficient, because there may be sync queriers as well. Make sure to invalidate the User record (in addition to the Session record) during the login flow.	2025-07-02 12:21:39 -07:00
Kenneth Jenkins	177677f239	ssh: continuous authorization (#5687 ) Re-evaluate ssh authorization decision on a fixed interval, or whenever the config changes. If access is no longer allowed, log a new 'authorize check' message and disconnect. Refactor the ssh.StreamManager initialization so that its lifecycle matches the Authorize lifecycle.	2025-07-02 12:01:25 -07:00
Kenneth Jenkins	9678e6a231	ssh: implement authorization policy evaluation (#5665 ) Implement the pkg/ssh.AuthInterface. Add logic for converting from the ssh stream state to an evaluator request, and for interpreting the results of policy evaluation. Refactor some of the existing authorize logic to make it easier to reuse.	2025-07-01 12:04:00 -07:00

Author

SHA1

Message

Date

Kenneth Jenkins

8463020e68

ssh: rework cached record invalidation (#5688 )

Add an additional method to the ssh.Evaluator interface for invalidating
cached databroker records. Invalidating the global cache is not
sufficient, because there may be sync queriers as well.

Make sure to invalidate the User record (in addition to the Session 
record) during the login flow.

2025-07-02 12:21:39 -07:00

Kenneth Jenkins

177677f239

ssh: continuous authorization (#5687 )

Re-evaluate ssh authorization decision on a fixed interval, or whenever 
the config changes. If access is no longer allowed, log a new 'authorize
check' message and disconnect. 

Refactor the ssh.StreamManager initialization so that its lifecycle 
matches the Authorize lifecycle.

2025-07-02 12:01:25 -07:00

Kenneth Jenkins

9678e6a231

ssh: implement authorization policy evaluation (#5665 )

Implement the pkg/ssh.AuthInterface. Add logic for converting from the
ssh stream state to an evaluator request, and for interpreting the
results of policy evaluation. Refactor some of the existing authorize
logic to make it easier to reuse.

2025-07-01 12:04:00 -07:00

3 commits