3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-20 03:32:45 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 168 branches 127 tags 106 MiB
Commit graph

329 commits

Author SHA1 Message Date
Caleb Doxsey
500405512f
dependencies: vendor base58, remove shortuuid (#2739) 
* vendor base58

* remove shortuuid
 2021-11-02 09:23:15 -06:00
Denis Mishin
7a7d5722f8
desktop client api (#2711) 2021-10-29 10:56:48 -06:00
Caleb Doxsey
b2c76c3816
grpc: remove peer field from logs (#2712) 2021-10-26 14:43:59 -06:00
Caleb Doxsey
3497c39b9b
authorize: add support for webauthn device policy enforcement (#2700) 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
 2021-10-25 09:41:03 -06:00
Caleb Doxsey
9d4ebcf871
webauthn: update session to support device credentials per type (#2699) 2021-10-22 14:33:34 -06:00
Caleb Doxsey
6e48627b4d
ppl: add support for additional data (#2696) 
* ppl: add support for additional data

* remove unused NewCriterionDeviceRule
 2021-10-22 12:32:20 -06:00
Denis Mishin
30664cd307
skip configuration updates to the most recent one (#2690) 2021-10-21 11:03:26 -04:00
Caleb Doxsey
3051ad77e0
protoc: add xds repo (#2687) 
* protoc: add xds repo

* fix protoc-gen-validate dependency
 2021-10-19 14:36:23 -06:00
Caleb Doxsey
1c445c426d
webauthnutil: add helpers for webauthn (#2686) 
* devices: add device protobuf types

* webauthnutil: add helpers for webauthn
 2021-10-19 13:39:01 -06:00
Caleb Doxsey
ddccbcf631
devices: add device protobuf types (#2682) 2021-10-19 07:22:26 -06:00
Caleb Doxsey
0f0a5dc7f0
cryptutil: add SecureToken (#2681) 
* cryptutil: add SecureToken

* add parse
 2021-10-14 18:48:41 -06:00
Denis Mishin
55fec9b51b
add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
Caleb Doxsey
efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
 2021-09-20 16:02:26 -06:00
Nathan Hayfield
1f718e4ce1
add description to service accounts (#2611) 2021-09-20 14:10:12 -04:00
Denis Mishin
0878315d60
bump protoc-validate (#2606) 2021-09-16 12:02:55 -04:00
Caleb Doxsey
eca2fc62d8
ppl: use session.user_id instead of user.id for user criterion (#2562) 
* ppl: use session.user_id instead of user.id for user criterion

* fix test
 2021-09-03 07:53:00 -06:00
Caleb Doxsey
33f5190572
config: remove signature_key_algorithm (#2557) 
* config: remove signature_key_algorithm

* typo

* add more tests
 2021-09-02 11:36:43 -06:00
Caleb Doxsey
f5a558d4a0
grpc: disable gRPC connection re-use across services (#2515) 2021-08-24 11:47:16 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
Caleb Doxsey
6af0655206
protoutil: add NewAny method for deterministic serialization (#2462) 2021-08-09 17:51:57 -06:00
Caleb Doxsey
3f8617cd93
fix go get, improve redis test (#2450) 
* add pomerium.go to fix go get

* try to make redis test less flaky
 2021-08-06 12:07:20 -06:00
Caleb Doxsey
63ee30d69c
options: remove refresh_cooldown, add allow_spdy to proto (#2446) 2021-08-06 10:06:57 -06:00
wasaga
51ab7e6226
telemetry: add nonce and make explicit ack/nack (#2434) 2021-08-04 21:08:55 -04:00
Caleb Doxsey
cc9962cca6
config: remove support for ed25519 signing keys (#2430) 2021-08-04 09:30:47 -06:00
Caleb Doxsey
94eb3c1149
config: remove grpc server max connection age options (#2427) 
* config: remove grpc server max connection age options

* remove docs
 2021-08-03 09:39:48 -06:00
Caleb Doxsey
5e2ca68e94
redis: increase timeout on test (#2425) 2021-08-02 17:11:33 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
c34118360d
ppl: remove support for aliases (#2400) 2021-07-27 12:29:42 -06:00
Caleb Doxsey
ac8ae3ef5b
directory: add logging http client to help with debugging outbound http requests (#2385) 2021-07-22 11:58:52 -06:00
Caleb Doxsey
cef08a1c2d
authorize: remove service account impersonate user id, email and groups (#2365) 2021-07-15 09:31:45 -06:00
Caleb Doxsey
21ffe44dff
authorize: support boolean deny results (#2338) 
* authorize: support boolean deny results

* add client certificate test

* handle different array lengths
 2021-07-06 12:52:26 -06:00
Caleb Doxsey
031fa1a91b
storage/inmemory: add tests for close behavior (#2336) 2021-07-06 09:36:04 -06:00
Caleb Doxsey
0bca5c9556
redis: refactor change signal test to be more deterministic (#2335) 2021-07-06 09:14:15 -06:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
Caleb Doxsey
11a619390a
ppl: fix not/nor rules (#2313) 
* ppl: fix not/nor rules

* use set comprehension with count
 2021-06-25 05:41:24 -06:00
wasaga
41a2622736
certs: reject certs from databroker if they conflict with local (#2309) 2021-06-24 18:40:59 -04:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
31fa214983
envoy: add full version (#2287) 
* envoy: add full version

* remove unused import

* get envoy for lint
 2021-06-14 13:58:12 -06:00
Caleb Doxsey
f9675f61cc
deps: upgrade to go-jose v3 (#2284) 2021-06-10 09:35:44 -06:00
dependabot[bot]
0246882f13
chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 (#2273) 
* chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0

Bumps [gopkg.in/square/go-jose.v2](https://github.com/square/go-jose) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/square/go-jose/releases)
- [Commits](https://github.com/square/go-jose/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: gopkg.in/square/go-jose.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update kid

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-06-07 09:15:17 -06:00
wasaga
744e2c7993
xds: only tag contexts used for UpdateRecords (#2269) 2021-06-04 14:01:25 -04:00
Caleb Doxsey
d705b219ea
redis: enforce capacity via ZREVRANGE to avoid race (#2267) 2021-06-04 07:03:55 -06:00
dependabot[bot]
e9ffc5fde3
chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0 (#2231) 
* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* fix UpdateState method

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-05-24 09:33:53 -06:00
Caleb Doxsey
96b9702ee3
ppl: add data type, implement string and list matchers (#2228) 
* ppl: add data type, implement string and list matchers

* update policy converter
 2021-05-21 11:28:41 -06:00
Caleb Doxsey
bdccd4f785
ppl: bubble up values, bug fixes (#2213) 2021-05-18 14:01:36 -06:00
Caleb Doxsey
e138054cb9
Pomerium Policy Language (#2202) 
* policy: add parser and generator for Pomerium Policy Language

* add criteria

* add additional criteria
 2021-05-17 15:30:51 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
wasaga
1ac93c2d3a
telemetry: add hostname tag to metrics (#2191) 2021-05-11 17:58:02 -04:00
Caleb Doxsey
94aa0b1a48
databroker: implement leases (#2172) 
* databroker: implement leases

* return error

* handle gRPC errors
 2021-05-10 13:30:25 -06:00
Caleb Doxsey
a54d43b937
registry: implement redis backend (#2179) 2021-05-10 10:33:37 -06:00