3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 157 branches 125 tags 103 MiB
Commit graph

178 commits

Author SHA1 Message Date
Caleb Doxsey
8943c7c17d
xds: lazy-load root ca bundle to avoid log in version command (#778) 2020-05-26 12:00:36 -06:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Caleb Doxsey
dedf4b1428
controlplane: xds unit tests (#770) 
* xds: use plain functions, add unit tests for control plane routes

* xds: add test for grpc routes

* xds: add test for pomerium http routes

* xds: add test for policy routes

* xds: use plain functions

* xds: test get all routeable domains

* xds: add build downstream tls context test

* more tests

* test for client cert

* more tests
 2020-05-25 11:14:07 -06:00
Travis Groth
ca5f68e371
telemetry: Refactor GRPC Server Handler (#756) 
* Refactor GRPC server stats handler location
 2020-05-22 13:36:55 -04:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Caleb Doxsey
9b82954012
envoy: support ports in hosts for routing (#748) 
* envoy: support ports in hosts for routing

* additional domains
 2020-05-21 12:06:50 -06:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00
Travis Groth
66e4c7d7ca
envoy: Add GRPC stats handler to control plane service (#744) 
* Add GRPC stats handler to control plane service
 2020-05-20 22:26:34 -04:00
Caleb Doxsey
d2e463e9ef
envoy: add duration and size to access log (#735) 2020-05-19 12:11:48 -06:00
Caleb Doxsey
ae0405f11e
envoy: fix lua warning (#731) 2020-05-19 10:21:50 -06:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Caleb Doxsey
1859f6d06b
envoy: switch to STRICT_DNS (#733) 2020-05-19 09:17:05 -06:00
Caleb Doxsey
959c9e8225
envoy: always populate pomerium-authz cluster (#730) 2020-05-19 08:11:12 -06:00
Caleb Doxsey
14c27974b9
envoy: enable TLS verification for internal services (#726) 2020-05-18 19:22:50 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache (#698) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Travis Groth
f5a9bad3d6 enable ipv6 grpc routing (#692) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
41855e5419 envoy: use envoy request id for logging across systems with http and gRPC (#691) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
593c47f8ac proxy: remove pomerium cookie and authorization from upstream requests (#687) 
* proxy: remove pomerium cookie and authorization from upstream requests

* fix typo
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
0d9a372182 envoy: implement refresh session (#674) 
* authorize: refresh session WIP

* remove upstream cookie with lua

* only refresh session on expired

* authorize: handle session expiration

* authorize: add refresh test, fix isExpired check

* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers

* authenticate: use id token expiry
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ae3049baca envoy: implement set_request_headers (#673) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
d92ee8d2a0 proxy: implement preserve host header option (#671) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
3879fe2f2a proxy: add websocket support (#670) 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00