3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-08 23:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 159 branches 126 tags 104 MiB
Commit graph

3224 commits

This branch
This branch
All branches
Author SHA1 Message Date
Renovate Bot
44784e98fe chore(deps): update golang.org/x/net commit hash to 3c3fba1 2020-06-01 13:49:57 +00:00
Renovate Bot
c973174d30 chore(deps): update github.com/natefinch/atomic commit hash to 18c0533 2020-06-01 12:33:54 +00:00
Travis Groth
914b952854
envoy: Switch to distroless/base for releases (#810) 2020-05-31 10:18:03 -04:00
Bobby DeSimone
44cf1fba1f
deployment: prepare 0.9.0 (#798) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-30 18:07:57 -07:00
Bobby DeSimone
eae217851a
authenticate: clear session if ctx fails (#806) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-29 17:25:09 -07:00
Caleb Doxsey
b88a619c0d
docs: add mTLS recipe (#807) 
* docs: add mTLS recipe

* add argo and mtls to sidebar
 2020-05-29 16:10:40 -06:00
Travis Groth
f97341dcb8
Fix autocache telemetry labels (#805) 2020-05-29 17:47:45 -04:00
Travis Groth
06e3f5def5
Fix missing/incorrect grpc labels (#804) 2020-05-29 15:57:58 -04:00
Travis Groth
6761cc7a14
telemetry: service label updates (#802) 2020-05-29 15:16:22 -04:00
Caleb Doxsey
49c323ae73
docs: add argo recipe (#803) 2020-05-29 12:05:14 -06:00
Caleb Doxsey
c1e648e0a9
docs: update dockerfiles for v0.9.0 (#801) 
* docs: update dockerfiles for v0.9.0

* docs: use latest tag for docker files
 2020-05-29 08:13:01 -06:00
Joel Bastos
d67bb22342
docs: typo on configuration doc (#800) 
Correct memcached name
 2020-05-28 16:28:55 -07:00
Travis Groth
49db9867d7
docs: Expose config parameters in sidebar (#797) 2020-05-28 16:37:34 -04:00
Caleb Doxsey
df2b09a906
docs: add note about unsupported platforms (#799) 2020-05-28 12:57:03 -06:00
Travis Groth
14432daf26
docs: Update examples (#796) 2020-05-28 10:29:10 -04:00
Caleb Doxsey
c77b2c6876
authenticate: fix insecure gRPC connection string default port (#795) 2020-05-28 07:47:41 -06:00
Caleb Doxsey
988477c90d
authenticate: fix user-info call for AWS cognito (#792) 2020-05-27 15:37:42 -06:00
Caleb Doxsey
b16bc5e090
authorize: reduce log noise for empty jwt (#793) 2020-05-27 15:34:15 -06:00
Caleb Doxsey
748ab836b6
cache: fix closing too early (#791) 
* cache: fix closing too early

* fix test
 2020-05-27 11:28:08 -06:00
Caleb Doxsey
12d90a021c
authenticate: remove authorize url validate check (#790) 
* authenticate: remove authorize url validate check

* fix test
 2020-05-27 09:23:22 -06:00
Caleb Doxsey
f6114c288a
xds: add catch-all for pomerium routes (#789) 2020-05-27 09:12:04 -06:00
Caleb Doxsey
17952e3ac5
xds: disable cluster validation to handle out-of-order updates (#783) 2020-05-27 08:02:29 -06:00
Noah Stride
d85e490640
fix: docs regarding claim headers (#782) 2020-05-27 09:58:48 -04:00
Caleb Doxsey
f03f57980c
docs: update traefik example and add note about forwarded headers (#784) 2020-05-26 18:14:11 -06:00
Caleb Doxsey
268a7067c1
forward-auth: support x-forwarded-uri (#780) 2020-05-26 14:07:20 -06:00
Renovate Bot
57d2656f66 chore(deps): update module open-policy-agent/opa to v0.20.4 2020-05-26 19:50:06 +00:00
Renovate Bot
80597c9459 chore(deps): update module go-redis/redis/v7 to v7.3.0 2020-05-26 18:41:19 +00:00
Caleb Doxsey
8943c7c17d
xds: lazy-load root ca bundle to avoid log in version command (#778) 2020-05-26 12:00:36 -06:00
Bobby DeSimone
829280c73c
authorize: add authN validation, additional tests (#761) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:44:51 -07:00
Bobby DeSimone
9d7ef85687
authenticate: ensure authorize url is set (#760) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:44:20 -07:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Bobby DeSimone
39187eb305
state: infer user from subject (#772) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:31:55 -07:00
Travis Groth
aba549a70f
envoy: ensure command line args reflect the current log level (#779) 2020-05-26 11:37:10 -04:00
Renovate Bot
e8f539e69e chore(deps): update module google/go-jsonnet to v0.16.0 2020-05-26 14:23:45 +00:00
Renovate Bot
ffe8ebe93e chore(deps): update google.golang.org/genproto commit hash to e9a78aa 2020-05-26 12:59:31 +00:00
Renovate Bot
c36748cffb chore(deps): update module google.golang.org/api to v0.25.0 2020-05-25 22:34:47 +00:00
Renovate Bot
c3d63babc8 chore(deps): update golang.org/x/net commit hash to 0ba52f6 2020-05-25 21:40:26 +00:00
Caleb Doxsey
dedf4b1428
controlplane: xds unit tests (#770) 
* xds: use plain functions, add unit tests for control plane routes

* xds: add test for grpc routes

* xds: add test for pomerium http routes

* xds: add test for policy routes

* xds: use plain functions

* xds: test get all routeable domains

* xds: add build downstream tls context test

* more tests

* test for client cert

* more tests
 2020-05-25 11:14:07 -06:00
Caleb Doxsey
7b96d2de66
dashboard: inline svgs + css for better forward auth (#771) 2020-05-25 11:12:40 -06:00
Travis Groth
727d4bed9d
envoy: Tracing config improvements (#754) 2020-05-23 18:40:26 -04:00
Bobby DeSimone
2d02f2dfa0
authenticate: add tests to signing endpoints (#759) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-22 14:21:24 -07:00
Bobby DeSimone
b7f4c0ce2b
config: add some cert tests (#758) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-22 13:32:34 -07:00
Caleb Doxsey
a969f33d88
authorize: refactor and add additional unit tests (#757) 
* authorize: clean up code, add test

* authorize: additional test

* authorize: additional test
 2020-05-22 13:25:59 -06:00
Benoît Knecht
5c3c020508
sessions/state: Add nickname claim (#755) 
GitLab returns the user name in a `nickname` claim instead of `user`, so make
it available in `sessions.State`.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
 2020-05-22 11:38:27 -07:00
Travis Groth
ca5f68e371
telemetry: Refactor GRPC Server Handler (#756) 
* Refactor GRPC server stats handler location
 2020-05-22 13:36:55 -04:00
Travis Groth
e2a7149c36
telemetry: Remove 'accept-encoding' header from proxied metric requests (#750) 2020-05-22 07:47:37 -04:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Caleb Doxsey
9b82954012
envoy: support ports in hosts for routing (#748) 
* envoy: support ports in hosts for routing

* additional domains
 2020-05-21 12:06:50 -06:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00