3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-05 05:16:04 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 159 branches 125 tags 104 MiB
Commit graph

745 commits

Author SHA1 Message Date
Caleb Doxsey
1febaa82ff
envoy: restrict permissions on embedded envoy binary (#1999) 2021-03-19 09:51:14 -06:00
Caleb Doxsey
23bc3f979f
config: add headers to config proto (#1996) 2021-03-19 08:06:01 -06:00
Caleb Doxsey
21d87f8fdc
xds: use ALPN Auto config for upstream protocol when possible (#1995) 2021-03-18 14:25:00 -06:00
Caleb Doxsey
eddabc46c7
envoy: upgrade to v1.17.1 (#1993) 2021-03-17 19:32:58 -06:00
Caleb Doxsey
77fe37c8c0
redis: add redis cluster support (#1992) 
* redis: add redis cluster support

* redis: update docs
 2021-03-17 13:48:41 -06:00
renovate[bot]
0b1e89925a
fix(deps): update module github.com/prometheus/procfs to v0.6.0 (#1969) 2021-03-16 22:03:01 -04:00
Caleb Doxsey
975b56d2d2
redis: add support for redis-sentinel (#1991) 
* redis: add support for redis-sentinel

* try setting hostname

* try using container ips

* try the default network

* use container ip address
 2021-03-16 16:45:08 -06:00
wasaga
816fb60b7c
procStat.CPUTime() is already a sum (#1979) 2021-03-15 11:43:56 -04:00
Caleb Doxsey
a5731f7d92
identity: infer email from mail claim (#1977) 2021-03-12 09:01:21 -07:00
Caleb Doxsey
fd97561ab1
ping: identity and directory providers (#1975) 
* ping: add identity provider

* ping: implement directory provider

* ping, not onelogin

* ping, not onelogin

* escape path params
 2021-03-10 16:25:49 -07:00
Caleb Doxsey
7f6107051f
config: add rewrite_response_headers option (#1961) 
* add lua script to rewrite response headers

* add policy config

* update docs
 2021-03-05 09:40:17 -07:00
Caleb Doxsey
b6ec01f377
assets: use embed instead of statik (#1960) 
* assets: use embed instead of statik

* remove empty line

* maybe fix precommit
 2021-03-03 18:56:55 -07:00
Caleb Doxsey
92c3a4a56c
telemetry: add process collector for envoy (#1948) 
* telemetry: add process collector for envoy

* add test

* maybe fix macos

* address comments
 2021-03-03 16:05:35 -07:00
Caleb Doxsey
f396c2a0f7
config: log config source changes (#1959) 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
664358dfad
config: multiple endpoints for authorize and databroker (#1957) 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
a825b06014
metrics: add TLS options (#1939) 
* move metrics listener to envoy

* add metrics tls options

* add test

* update docs

* update config proto

* add function to validate metric addr

* fix validation
 2021-02-24 09:42:53 -07:00
wasaga
de55199a70
use build_info as liveness gauge metric (#1940) 2021-02-24 10:57:31 -05:00
bobby
cdcb65b77c
ci: go 1.16.x, cached tests (#1937) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-23 11:39:52 -08:00
Caleb Doxsey
138df5ae24
identity: record metric for last refresh (#1936) 2021-02-23 10:08:01 -07:00
Caleb Doxsey
218acc001b
autocert: remove non-determinism (#1932) 
* autocert: remove non-determinism

* try sorting coverage
 2021-02-23 08:56:11 -08:00
bobby
9c7958b66f
middleware: equalize lengths of input (#1934) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-23 08:31:17 -08:00
Caleb Doxsey
8b42eb5ebd
config: add metrics_basic_auth option (#1917) 
* config: add metrics_basic_auth option

* remove println

* use constant time compare
 2021-02-22 13:37:18 -07:00
Caleb Doxsey
03d8ffaee2
google: fix default provider URL (#1928) 2021-02-22 11:21:16 -07:00
Caleb Doxsey
5d60cff21e
databroker: refactor databroker to sync all changes (#1879) 
* refactor backend, implement encrypted store

* refactor in-memory store

* wip

* wip

* wip

* add syncer test

* fix redis expiry

* fix linting issues

* fix test by skipping non-config records

* fix backoff import

* fix init issues

* fix query

* wait for initial sync before starting directory sync

* add type to SyncLatest

* add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest

* update sync types and tests

* add redis tests

* skip macos in github actions

* add comments to proto

* split getBackend into separate methods

* handle errors in initVersion

* return different error for not found vs other errors in get

* use exponential backoff for redis transaction retry

* rename raw to result

* use context instead of close channel

* store type urls as constants in databroker

* use timestampb instead of ptypes

* fix group merging not waiting

* change locked names

* update GetAll to return latest record version

* add method to grpcutil to get the type url for a protobuf type
 2021-02-18 15:24:33 -07:00
Caleb Doxsey
b1871b0f2e
envoy: validate binary checksum (#1908) 
* envoy: validate binary checksum

* address comments

* change to info

* fix order
 2021-02-18 15:22:46 -07:00
wasaga
c02223a8f0
fix flaky registry test (#1911) 2021-02-17 20:17:42 -05:00
wasaga
d04416a5fd
in-memory service registry (#1892) 2021-02-17 14:28:54 -05:00
Caleb Doxsey
64d247cfeb
onelogin: fix default scopes for v2 (#1896) 2021-02-17 08:51:13 -07:00
Caleb Doxsey
5be71b8e07
xds: fix misdirected script (#1895) 2021-02-16 14:57:21 -07:00
Yuchen Ying
51be8ffd76
remove unused internal/protoutil (#1893) 2021-02-16 13:54:38 -08:00
Caleb Doxsey
eb08658cfc
logs: strip query string (#1894) 2021-02-16 14:23:52 -07:00
bobby
c3e3ed9b50
authenticate: validate origin of signout (#1876) 
* authenticate: validate origin of signout

- add a debug task to kill envoy
- improve various function docs
- userinfo: return "error" page if user is logged out without redirect uri set
- remove front channel logout. There's little difference between it, and the signout function.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-11 21:37:54 -08:00
Caleb Doxsey
963399b53d
proxy: implement pass-through for authenticate backend (#1870) 
* proxy: implement pass-through for authenticate backend

* address comments
 2021-02-09 14:03:54 -07:00
Caleb Doxsey
4bf5179bb6
controlplane: maybe fix flaky test (#1873) 2021-02-09 13:52:20 -07:00
Caleb Doxsey
9f6dc78798
config: allow customization of envoy boostrap admin options (#1872) 2021-02-09 11:29:58 -07:00
bobby
a38913925d
controlplane: add global headers to virtualhost (#1861) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 12:30:45 -08:00
bobby
fcd8c3644f
options: header only applies to routes and authN (#1862) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 11:05:33 -08:00
wasaga
7b06d37913
unique envoy cluster ids (#1858) 2021-02-08 13:52:09 -05:00
renovate[bot]
2dc0be2ec9
chore(deps): update module auth0 to v5 (#1868) 
* chore(deps): update module auth0 to v5

* fix v4->v5

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-02-08 08:50:15 -07:00
Caleb Doxsey
b7f0242090
authorize: remove admin (#1833) 
* authorize: remove admin

* regen rego

* add note to upgrading
 2021-02-01 15:22:02 -07:00
Caleb Doxsey
a5a3ab55fc
xds: fix always requiring client certificates (#1844) 
* xds: fix always requiring client certificates

* break early
 2021-02-01 12:44:22 -07:00
Caleb Doxsey
cc85ea601d
policy: add new certificate-authority option for downstream mTLS client certificates (#1835) 
* policy: add new certificate-authority option for downstream mTLS client certificates

* update proto, docs
 2021-02-01 08:10:32 -07:00
renovate[bot]
9cee50a12c
chore(deps): update module google.golang.org/api to v0.38.0 (#1656) 
* chore(deps): update module google.golang.org/api to v0.38.0

* fix google api tests

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-02-01 07:18:56 -07:00
wasaga
66ff2cdaba
cluster name (#1834) 2021-01-29 16:55:38 -05:00
wasaga
67f6030e1e
upstream endpoints load balancer weights (#1830) 2021-01-28 09:11:14 -05:00
Caleb Doxsey
bec98051ae
config: return errors on invalid URLs, fix linting (#1829) 2021-01-27 07:58:30 -07:00
Caleb Doxsey
a8a703218f
return errors in xds build methods (#1827) 2021-01-26 14:40:39 -07:00
Caleb Doxsey
5e3aa91f23
authenticate: delay evaluation of OIDC provider (#1802) 
* authenticate: delay evaluation of OIDC provider

* add additional error message

* address comments
 2021-01-26 09:20:56 -07:00
Caleb Doxsey
a14b65ec3f
controlplane: only add listener virtual domains for addresses matching the current TLS domain (#1823) 2021-01-26 09:01:24 -07:00
Caleb Doxsey
84e8f6cc05
config: fix databroker policies (#1821) 2021-01-25 17:18:50 -07:00