3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 157 branches 125 tags 103 MiB
Commit graph

297 commits

Author SHA1 Message Date
Caleb Doxsey
1a1cc30c67
config: support map of jwt claim headers (#1906) 
* config: support map of jwt claim headers

* fix array handling, add test

* update docs

* use separate hook, add tests
 2021-02-17 13:43:18 -07:00
Caleb Doxsey
eb08658cfc
logs: strip query string (#1894) 2021-02-16 14:23:52 -07:00
Caleb Doxsey
7d236ca1af
authorize: move headers and jwt signing to rego (#1856) 
* wip

* wip

* wip

* remove SignedJWT field

* set google_cloud_serverless_authentication_service_account

* update jwt claim headers

* add mock get_google_cloud_serverless_headers for opa test

* swap issuer and audience

* add comment

* change default port in authz
 2021-02-08 10:53:21 -07:00
Caleb Doxsey
25b697a13d
authorize: allow access by user id (#1850) 2021-02-03 07:15:44 -07:00
Caleb Doxsey
7a5c4fd0f6
authorize: handle null (#1853) 2021-02-02 17:29:21 -08:00
Caleb Doxsey
74ac23c980
authorize: remove DataBrokerData input (#1847) 
* authorize: remove DataBrokerData

* add opa test

* domain, group tests

* more tests

* remove databroker data input

* update authz tests

* update dead code

* fix method name

* handle / in keys
 2021-02-02 14:27:35 -07:00
Caleb Doxsey
eed873b263
authorize: remove DataBrokerData (#1846) 
* authorize: remove DataBrokerData

* fix method name
 2021-02-02 11:40:21 -07:00
Caleb Doxsey
655951cfa1
opa: format rego files (#1845) 
* opa: format rego files

* statik
 2021-02-01 15:43:08 -07:00
Caleb Doxsey
b7f0242090
authorize: remove admin (#1833) 
* authorize: remove admin

* regen rego

* add note to upgrading
 2021-02-01 15:22:02 -07:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
Caleb Doxsey
bec98051ae
config: return errors on invalid URLs, fix linting (#1829) 2021-01-27 07:58:30 -07:00
Caleb Doxsey
84e8f6cc05
config: fix databroker policies (#1821) 2021-01-25 17:18:50 -07:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
bobby
6466efddd5
authenticate: update user info screens (#1774) 
- rename "dashboard" to userinfo to avoid confusion
- don't leak version from error page.
- fix typo in state.go
- make statik determenistic on modtime


Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-01-13 13:15:31 -08:00
Caleb Doxsey
ab4a68f56f
remove user impersonation and service account cli (#1768) 
* remove user impersonation and service account cli

* update doc

* remove user impersonation url query params

* fix flaky test
 2021-01-12 09:28:29 -07:00
Caleb Doxsey
a6bc9f492f
authorize: move impersonation into session/service account (#1765) 
* move impersonation into session/service account

* replace frontend statik

* fix data race

* move JWT filling to separate function, break up functions

* maybe fix data race

* fix code climate issue
 2021-01-11 15:40:08 -07:00
Caleb Doxsey
b16236496b
jws: remove issuer (#1754) 2021-01-11 07:57:54 -07:00
Caleb Doxsey
4f0ce4bc82
fix coverage (#1741) 
* fix coverage

* fix data races
 2021-01-06 08:30:38 -07:00
bobby
f837c92741
dev: update linter (#1728) 
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-30 09:02:57 -08:00
Caleb Doxsey
4eec2ed1d5
evaluator: use impersonate groups if impersonate email is set (#1701) 2020-12-21 08:47:12 -08:00
Caleb Doxsey
ad828c6e84
add support for TCP routes (#1695) 2020-12-16 13:09:48 -07:00
Caleb Doxsey
744d4453d5
use the directory email when provided for the jwt (#1647) 2020-12-04 11:14:19 -07:00
bobby
5bbd745934
authorize: add signature algo support (RSA / EdDSA) (#1631) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 17:14:41 -08:00
Caleb Doxsey
3f7777f7e0
wait for initial sync to complete before starting control plane (#1636) 2020-11-30 15:45:12 -07:00
Caleb Doxsey
aad8ac2e61
replace GetAllPages with InitialSync, improve merge performance (#1624) 
* replace GetAllPages with InitialSync, improve merge performance

* fmt proto

* add test for base64 function

* add sync test

* go mod tidy

Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 12:21:44 -07:00
Caleb Doxsey
2d5690dde6
remove deprecated cache_service_url config option (#1614) 
* remove deprecated cache_service_url config option

* remove broken test

* update integration test config

* update nginx example

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-11-23 14:57:29 -07:00
Caleb Doxsey
a41c37f9e0
add paging support to GetAll (#1601) 
* add paging support to GetAll

* fix import
 2020-11-18 17:02:57 -07:00
bobby
c199909032
forward-auth: fix special character support for nginx (#1578) 2020-11-12 13:10:57 -05:00
Philip Wassermann
85a5961e5e
authorize: add allow_any_authenticated_user policy (#1515) 2020-11-05 11:20:50 -07:00
Caleb Doxsey
10b5c5ca0e
fix querying claim data on the dashboard (#1560) 2020-10-29 10:49:02 -06:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
bobby
aadbcd23bd
fwd-auth: fix nginx-ingress forward-auth (#1505 / #1497) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-19 08:09:13 -07:00
bobby
c85b45cff6
authorize: add redirect url to debug page (#1533) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-19 08:07:51 -07:00
bobby
5cc65adc48
internal/frontend: resolve authN helper url (#1521) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-18 17:11:47 -07:00
Caleb Doxsey
04c582121d
add flag to enable user impersonation (#1514) 
* add flag to enable user impersonation

* fix typo
 2020-10-14 08:17:59 -06:00
Caleb Doxsey
eb79cc0957
databroker: require JWT for access (#1503) 2020-10-09 11:08:40 -06:00
bobby
9b39deabd8
forward-auth: use envoy's ext_authz check (#1482) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-04 20:01:06 -07:00
Caleb Doxsey
a19e45334b
proxy: remove impersonate headers for kubernetes (#1394) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
 2020-09-09 15:24:39 -06:00
Caleb Doxsey
0a6796ff71
authorize: add support for service accounts (#1374) 2020-09-04 10:37:00 -06:00
Caleb Doxsey
49d1a71ff2
databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source (#1367) 2020-09-03 08:11:34 -06:00
Caleb Doxsey
0a2638e5dc
authorize: use impersonate email/groups in JWT (#1364) 2020-09-02 13:50:46 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Caleb Doxsey
51bdf9baae
authorize: add jti to JWT payload (#1328) 2020-08-24 15:35:16 -06:00
bobby
45fc4ec3cc
authorize: log users and groups (#1303) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-19 08:07:30 -07:00
Caleb Doxsey
6dee647a16
authorize: use atomic state for properties (#1290) 2020-08-17 14:24:06 -06:00
Caleb Doxsey
fbf5b403b9
config: allow dynamic configuration of cookie settings (#1267) 2020-08-13 08:11:34 -06:00
bobby
1b365e52f3
authorize: add databroker url check (#1228) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-07 09:31:27 -07:00