3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 03:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
996 commits 167 branches 127 tags 105 MiB
Commit graph

996 commits

This branch
This branch
All branches
Author SHA1 Message Date
Travis Groth
a69b9957a1
docs: add nginx example (#1329) 
* docs: add nginx example

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-26 17:10:23 -04:00
Caleb Doxsey
51bdf9baae
authorize: add jti to JWT payload (#1328) 2020-08-24 15:35:16 -06:00
bobby
fbd8c8f294
deployment: add goimports with path awareness (#1316) 
Plus fix some spelling

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-24 13:04:55 -07:00
Cuong Manh Le
ffaceadfdd
internal/urlutil: remove un-used constants (#1326) 2020-08-25 02:07:56 +07:00
Cuong Manh Le
9de99d0211
all: add signout redirect url (#1324) 
Fixes #1213
 2020-08-25 01:23:58 +07:00
Renovate Bot
3d7206dc1e chore(deps): update module gorilla/handlers to v1.5.0 2020-08-24 14:23:20 +00:00
Renovate Bot
645e6dfa84 chore(deps): update golang.org/x/net commit hash to c890458 2020-08-24 13:37:29 +00:00
Renovate Bot
c7372cb6b0 chore(deps): update vuepress monorepo to v1.5.4 2020-08-24 05:26:10 +00:00
Renovate Bot
b50dd6e6e1 chore(deps): update module open-policy-agent/opa to v0.23.1 2020-08-24 04:28:33 +00:00
Renovate Bot
cbaf62aad3 chore(deps): update module gorilla/mux to v1.8.0 2020-08-24 03:41:03 +00:00
Renovate Bot
941f65224b chore(deps): update golang.org/x/crypto commit hash to 5c72a88 2020-08-24 02:42:15 +00:00
bobby
c1b3b45d12
proxy: remove unused handlers (#1317) 
proxy: remove unused handlers

authenticate: remove unused references to refresh_token

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-22 10:02:12 -07:00
Cuong Manh Le
82deafee63 integration: add forward auth test 2020-08-21 14:01:54 +07:00
Caleb Doxsey
79741d5345
autocert: fix locking issue (#1310) 2020-08-20 14:08:52 -06:00
Travis Groth
d81cfb6e99
pkg/storage/redis: update tests to use local certs + upstream image (#1306) 2020-08-20 12:44:15 -04:00
bobby
45fc4ec3cc
authorize: log users and groups (#1303) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-19 08:07:30 -07:00
Renovate Bot
66d43b6d27 chore(deps): update golang.org/x/time commit hash to 3af7569 2020-08-18 23:50:49 +00:00
Renovate Bot
9c3b0ad146 chore(deps): update golang.org/x/net commit hash to 3edf25e 2020-08-18 22:20:09 +00:00
Caleb Doxsey
c4c8ef8e53
azure: support deriving credentials from client id, client secret and provider url (#1300) 2020-08-18 10:17:28 -06:00
Caleb Doxsey
882b6b54ee
authenticate: move databroker connection to state (#1292) 
* authenticate: move databroker connection to state

* re-use err

* just return

* remove nil checks
 2020-08-18 09:33:43 -06:00
Caleb Doxsey
a1378c81f8
cache: support databroker option changes (#1294) 2020-08-18 07:27:20 -06:00
Cuong Manh Le
31205c0c29 proxy: fix wrong applied middleware 
Validate signature middleware must be applied for the callback
sub-router, not the whole dashboard router.

Fixes #1297
 2020-08-18 20:25:11 +07:00
Cuong Manh Le
afec38e5cb .github/workflows: skip running lint in pre-commit 
We did run lint in tests already.
 2020-08-18 20:24:15 +07:00
Cuong Manh Le
a4408ab6cf internal/directory/okta: fix wrong API query filter 
Okta uses space " " instead of plus sign "+" in query filter.
See https://developer.okta.com/docs/reference/api-overview/#filtering
 2020-08-18 20:24:15 +07:00
Travis Groth
9289de9140
ci: add precommit to test workflow (#669) 2020-08-17 18:34:38 -04:00
bobby
8a384985f0
autocert: fix bootstrapped cache store path (#1283) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-17 13:27:11 -07:00
Caleb Doxsey
6dee647a16
authorize: use atomic state for properties (#1290) 2020-08-17 14:24:06 -06:00
Renovate Bot
c0e230acbb chore(deps): update google.golang.org/genproto commit hash to f69a880 2020-08-17 15:23:15 +00:00
Cuong Manh Le
6518aa6023 Upgrade zipkin-go to v0.2.3 
Test needs to be changed to use lowercase name, as required by zipkin
JSON API v2 spec.

See: https://github.com/openzipkin/zipkin-go/pull/166
 2020-08-17 16:48:50 +07:00
Caleb Doxsey
d9a224a5e8
proxy: move properties to atomically updated state (#1280) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct

* proxy: allow local state to be updated on configuration changes

* fix test

* return new connection

* use warn, collapse to single line

* address concerns, fix tests
 2020-08-14 11:44:58 -06:00
Cuong Manh Le
23eea09ed0 internal/directory/okta: use okta filter to get updated groups 
Okta API supports filter to get updated groups only, we can adopt that
to reduce number of requests to okta API, hence reduce chance that we
reach the rate limit.

Updates #1256
 2020-08-14 22:01:31 +07:00
Cuong Manh Le
d1c0ae730f internal/directory/okta: honor rate limit reset header 
So we can wait until the rate limit release time to continue query okta
API.

Updates #1256
 2020-08-14 22:01:31 +07:00
Caleb Doxsey
d608526998
authenticate: move properties to atomically updated state (#1277) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00
Cuong Manh Le
598102f587 internal/directory/okta: add limiter to query okta API 
Okta only allows 100 requests per minute, so apply the default rate
limit 1 QPS for it.

Fixes #1256
 2020-08-14 09:50:49 +07:00
Cuong Manh Le
f356ff5581 config: add idp qps config 2020-08-14 09:50:49 +07:00
Caleb Doxsey
045c10edc6
authenticate: support reloading IDP settings (#1273) 
* identity: add name method to provider

* authenticate: support dynamically loading the provider
 2020-08-13 12:14:30 -06:00
bobby
332324fa2d
docs: use .com sitemap hostname (#1274) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-13 10:59:42 -07:00
Caleb Doxsey
fbf5b403b9
config: allow dynamic configuration of cookie settings (#1267) 2020-08-13 08:11:34 -06:00
Travis Groth
0c51ad0e66
docs: fix in-action video (#1268) 2020-08-12 19:34:50 -04:00
Caleb Doxsey
2afd7b6864
envoy: add support for hot-reloading bootstrap configuration (#1259) 
* envoy: add support for hot-reloading bootstrap configuration

* use passed in log level

* fix unnecessary firstNonEmpty

* move process release to after new command start
 2020-08-12 16:13:19 -06:00
Cuong Manh Le
82b1daae50
internal/directory/okta: increase default batch size to 200 (#1264) 
See: https://developer.okta.com/docs/reference/api/groups/#list-groups-with-membership-updated-after-timestamp

Updates #1256
 2020-08-13 02:27:01 +07:00
Travis Groth
6314c43f40
docs: image, sitemap and redirect fixes (#1263) 
* docs: fix image linkes for cdn

* docs: use relative top level redirect

* docs: generate sitemap under /docs/
 2020-08-12 15:22:53 -04:00
Cuong Manh Le
8d7f82de4e Fix broken logo link in README.md 2020-08-13 01:23:48 +07:00
Caleb Doxsey
bd5c784670
config: validate databroker settings (#1260) 
* config: validate databroker settings

* fix test
 2020-08-12 11:32:34 -06:00
Cuong Manh Le
877edde0be .github/workflows: upgrade to go1.15 2020-08-12 22:33:50 +07:00
Cuong Manh Le
9af2226b5b pkg/storage/redis: use SANs cert 
Since go1.15, X.509 CommonName is deprecated, switch to a SANs
certificate for test redis TLS.

While at it, add instruction to genearte cert and build test image.

See: https://golang.org/doc/go1.15#commonname
 2020-08-12 22:20:50 +07:00
Cuong Manh Le
4b3e07c5f5 internal/controlplane: mocking policy name in test 
We don't have to test for exact policy name, as it does not make sense
and force us to change test every new go release.
 2020-08-12 22:20:50 +07:00
Cuong Manh Le
ddcfe7a5e9 config: do not test for exact route id 
Different go version can genearte different route id, due to the fact
that we are relying on xxhash.
 2020-08-12 22:20:50 +07:00
Caleb Doxsey
f822c9a5d2
config: allow reloading of telemetry settings (#1255) 
* metrics: support dynamic configuration settings

* add test

* trace: update configuration when settings change

* config: allow logging options to be configured when settings change

* envoy: allow changing log settings

* fix unexpected doc change

* fix tests

* pick a port at random

* update based on review
 2020-08-12 08:14:15 -06:00
Cuong Manh Le
0d611c2a40
config: warn if custom scopes set for builtin providers (#1252) 
* config: warn if custom scopes set for builtin providers

Fixes #1144

* config: make warn msg constant
 2020-08-11 23:23:34 +07:00