pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	3bdbd56222	core/config: add pass_identity_headers option (#4720 ) * core/config: add pass_identity_headers option * add to proto * remove deprecated field	2023-11-08 13:07:37 -07:00
Denis Mishin	bfcc970839	databroker: build config concurrently, option to bypass validation (#4655 ) * validation: option to bypass * concurrently build config * add regex_priority_order and route sorting * rm mutex	2023-11-06 13:21:29 -05:00
Kenneth Jenkins	fd84075af1	config: remove set_authorization_header option (#4489 ) Remove the deprecated set_authorization_header option entirely. Add an entry to the removedConfigFields map with a link to the relevant Upgrading page section.	2023-08-29 09:02:08 -07:00
Kenneth Jenkins	a2539839d3	config: deprecate tls_downstream_client_ca (#4461 ) Log a deprecation warning for any route where tls_downstream_client_ca or tls_downstream_client_ca_file is non-empty.	2023-08-15 14:38:36 -07:00
Kenneth Jenkins	e8b489eb87	authorize: rework token substitution in headers (#4456 ) Currently Pomerium replaces dynamic set_request_headers tokens sequentially. As a result, if a replacement value itself contained a supported "$pomerium" token, Pomerium may treat that as another replacement, resulting in incorrect output. This is unlikely to be a problem given the current set of dynamic tokens, but if we continue to add additional tokens, this will likely become more of a concern. To forestall any issues, let's perform all replacements in one pass, using the os.Expand() method. This does require a slight change to the syntax, as tokens containing a '.' will need to be wrapped in curly braces, e.g. ${pomerium.id_token}. A literal dollar sign can be included by using $$ in the input.	2023-08-14 15:28:10 -07:00
Caleb Doxsey	5be322e2ef	config: add support for $pomerium.id_token and $pomerium.access_token in set_request_headers (#4219 ) * config: add support for $pomerium.id_token and $pomerium.access_token in set_request_headers * lint * Update authorize/evaluator/headers_evaluator_test.go Co-authored-by: Denis Mishin <dmishin@pomerium.com> * fix spelling --------- Co-authored-by: Denis Mishin <dmishin@pomerium.com>	2023-06-01 16:00:02 -06:00
Caleb Doxsey	18bc86d632	config: add support for wildcard from addresses (#4131 ) * config: add support for wildcards * update policy matching, header generation * remove deprecated field * fix test	2023-04-25 13:34:38 -06:00
Caleb Doxsey	bbed421cd8	config: remove source, remove deadcode, fix linting issues (#4118 ) * remove source, remove deadcode, fix linting issues * use github action for lint * fix missing envoy	2023-04-21 17:25:11 -06:00
Caleb Doxsey	271b0787a8	config: add support for extended TCP route URLs (#3845 ) * config: add support for extended TCP route URLs * nevermind, add duplicate names	2022-12-27 12:50:33 -07:00
Caleb Doxsey	cef6b355ae	config: add option for tls renegotiation (#3773 ) config: add option for tls renogotiation	2022-11-28 14:34:06 -07:00
Caleb Doxsey	c178819875	move directory providers (#3633 ) * remove directory providers and support for groups * idp: remove directory providers * better error messages * fix errors * restore postgres * fix test	2022-11-03 11:33:56 -06:00
Caleb Doxsey	3c63b6c028	authorize: add policy error details for custom error messages (#3542 ) * authorize: add policy error details for custom error messages * remove fmt.Println * fix tests * add docs	2022-08-09 14:46:31 -06:00
Caleb Doxsey	b79f1e379f	config: add support for downstream TLS server name (#3243 ) * config: add support for downstream TLS server name * fix whitespace * fix whitespace * add docs * add tls_upstream_server_name and tls_downstream_server_name to config * Update docs/reference/settings.yaml Co-authored-by: Alex Fornuto <afornuto@pomerium.com> * Update docs/reference/readme.md Co-authored-by: Alex Fornuto <afornuto@pomerium.com> * add deprecation notice Co-authored-by: Alex Fornuto <afornuto@pomerium.com>	2022-04-06 06:48:45 -07:00
Caleb Doxsey	efd609f6ce	config: add idp_client_id and idp_client_secret to protobuf (#3060 )	2022-02-18 08:55:31 -07:00
Caleb Doxsey	99b9a3ee12	authorize: add support for passing access or id token upstream (#3047 ) * authorize: add support for passing access or id token upstream * use an enum	2022-02-17 09:28:31 -07:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	ace5bbb89a	config: fix policy matching for regular expressions (#2966 ) * config: fix policy matching for regular expressions * compile regex in validate, add test * fix test	2022-01-25 08:48:40 -07:00
cfanbo	84dad4c612	remove deprecated ioutil usages (#2877 ) * fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option * DOCS: Remove duplicate configuration items Remove duplicate configuration items of route * remove deprecated ioutil usages	2021-12-30 10:02:12 -08:00
Denis Mishin	55fec9b51b	add host-rewrite options to config.proto (#2668 )	2021-10-08 11:50:56 -04:00
Caleb Doxsey	63ee30d69c	options: remove refresh_cooldown, add allow_spdy to proto (#2446 )	2021-08-06 10:06:57 -06:00
Caleb Doxsey	0620cfdc50	config: add support for embedded PPL policy (#2401 )	2021-07-27 13:44:10 -06:00
Caleb Doxsey	ca8205f0b4	config: add warning about http URLs (#2358 )	2021-07-13 11:12:03 -06:00
wasaga	3073146ff2	fix: timeout field in protobuf, add websocket tests	2021-07-07 12:06:56 -04:00
wasaga	134ca74ec9	proxy: add idle timeout (#2319 )	2021-07-02 10:29:53 -04:00
Caleb Doxsey	fcb33966e2	config: add enable_google_cloud_serverless_authentication to config protobuf (#2306 ) * config: add enable_google_cloud_serverless_authentication to config protobuf * use dependency injection for embedded envoy provider * Revert "use dependency injection for embedded envoy provider" This reverts commit `5c08990501`. * config: attach envoy version to Config to avoid metrics depending on envoy/files	2021-06-21 18:00:29 -06:00
Caleb Doxsey	c489391bbf	ppl: convert config policy to ppl (#2218 )	2021-05-19 12:42:36 -06:00
Caleb Doxsey	69576cffe4	config: add support for set_response_headers in a policy (#2171 ) * config: add support for set_response_headers in a policy * docs: add note about precedence	2021-05-04 09:43:52 -06:00
Caleb Doxsey	d8f11dcb91	proxy: support re-proxying request through control plane for kubernetes (#2051 ) * proxy: support re-proxying request from envoy for kubernetes * encrypt policy id for reproxy, implement tls options * add comment, use hmac * use httputil handler and error * remove reproxy headers on all incoming request * only allow re-proxying for kubernetes, strip headers * fix tests	2021-04-06 12:08:09 -06:00
Caleb Doxsey	46ae3cf358	add rewrite_response_headers to protobuf (#1962 )	2021-03-05 13:57:27 -07:00
Caleb Doxsey	7f6107051f	config: add rewrite_response_headers option (#1961 ) * add lua script to rewrite response headers * add policy config * update docs	2021-03-05 09:40:17 -07:00
Travis Groth	e56fb38cb5	config: fix redirect routes from protobuf (#1930 )	2021-02-22 18:10:50 -05:00
Caleb Doxsey	25b697a13d	authorize: allow access by user id (#1850 )	2021-02-03 07:15:44 -07:00
Caleb Doxsey	cc85ea601d	policy: add new certificate-authority option for downstream mTLS client certificates (#1835 ) * policy: add new certificate-authority option for downstream mTLS client certificates * update proto, docs	2021-02-01 08:10:32 -07:00
wasaga	66ff2cdaba	cluster name (#1834 )	2021-01-29 16:55:38 -05:00
wasaga	67f6030e1e	upstream endpoints load balancer weights (#1830 )	2021-01-28 09:11:14 -05:00
wasaga	19d78cb844	include envoy's proto specs into config.proto (#1817 )	2021-01-25 13:15:50 -05:00
wasaga	3a505d5573	expose envoy cluster options in policy (#1804 )	2021-01-25 09:49:03 -05:00
wasaga	4017e0681a	upstream health check config (#1796 )	2021-01-21 15:23:06 -05:00
Caleb Doxsey	a4c7381eba	config: support multiple destination addresses (#1789 ) * config: support multiple destination addresses * use constructor for string slice * add docs * add test for multiple destinations * fix name	2021-01-20 15:18:24 -07:00
Caleb Doxsey	d9699cbcb9	policy: add outlier_detection (#1786 ) * add support for cluster outlier detection * add docs	2021-01-20 08:33:48 -07:00
Caleb Doxsey	c99994bed8	config: support redirect actions (#1776 ) * add route redirect options * add xds support for redirect * add test * handle nil destinations * remove unchanged statik files * remove unchanged statik files * update docs * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-01-14 16:18:27 -07:00
Caleb Doxsey	ad828c6e84	add support for TCP routes (#1695 )	2020-12-16 13:09:48 -07:00
bobby	652e8bb3d3	deps: update hashstructure v2 (#1632 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-11-30 16:53:21 -08:00
Philip Wassermann	85a5961e5e	authorize: add allow_any_authenticated_user policy (#1515 )	2020-11-05 11:20:50 -07:00
Caleb Doxsey	153e438eb6	authorize: implement allowed_idp_claims (#1542 ) * add arbitrary claims to session * add support for maps * update flattened claims * fix eol * fix trailing whitespace * fix tests	2020-10-23 14:05:37 -06:00
Caleb Doxsey	6e385f800a	config: add support for host header rewriting (#1457 ) * config: add support for host header rewriting * fix lint	2020-09-25 09:36:39 -06:00
Caleb Doxsey	4fb90fabe8	config: support explicit prefix and regex path rewriting (#1363 ) * config: support explicity prefix and regex path rewriting * add rewrite tests	2020-09-02 13:48:19 -06:00
Caleb Doxsey	a269441c34	proxy: disable control-plane robots.txt for public unauthenticated routes (#1361 )	2020-09-02 07:56:15 -06:00
Travis Groth	fbb367d393	config: omit empty subpolicies in yaml/json (#1229 )	2020-08-07 14:43:28 -04:00
Travis Groth	7a53e6bb42	proxy: add support for spdy upgrades (#1203 )	2020-08-04 13:26:14 -04:00

1 2

74 commits