3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-08 14:56:01 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 158 branches 125 tags 104 MiB
Commit graph

3224 commits

This branch
This branch
All branches
Author SHA1 Message Date
Renovate Bot
38c1b5ec65 chore(deps): update module google.golang.org/grpc to v1.29.1 2020-05-21 14:47:56 +00:00
Travis Groth
66e4c7d7ca
envoy: Add GRPC stats handler to control plane service (#744) 
* Add GRPC stats handler to control plane service
 2020-05-20 22:26:34 -04:00
Caleb Doxsey
84378440f0
envoy: improvements to logging (#742) 2020-05-20 13:05:41 -06:00
Caleb Doxsey
f40fb3d2ea
envoy: forward claim and assertion headers (#739) 2020-05-20 10:02:12 -06:00
Bobby DeSimone
2275bb8ad4
envoy: test programmatic api endpoint (#736) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-20 08:33:48 -07:00
Caleb Doxsey
d2e463e9ef
envoy: add duration and size to access log (#735) 2020-05-19 12:11:48 -06:00
Caleb Doxsey
e30e717942
main: move pomerium main code to an internal cmd package so that it can be called directly from tests (#734) 
* main: move pomerium main code to an internal cmd package so that it can be called directly from tests

* fix test
 2020-05-19 11:17:40 -06:00
renovate[bot]
095e06294a
chore(deps): update vuepress monorepo to v1.5.0 (#718) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-05-19 09:41:18 -07:00
Caleb Doxsey
ae0405f11e
envoy: fix lua warning (#731) 2020-05-19 10:21:50 -06:00
renovate[bot]
adaaed2481
chore(deps): update module yaml to v2.3.0 (#717) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-05-19 09:14:57 -07:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Bobby DeSimone
c85b12a137
envoy: verify helathcheck enpoints (#725) 
* envoy: verify helathcheck enpoints
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:35:19 -07:00
Bobby DeSimone
ca499ac9be
envoy: add jwt-assertion (#727) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:34:49 -07:00
Caleb Doxsey
1859f6d06b
envoy: switch to STRICT_DNS (#733) 2020-05-19 09:17:05 -06:00
Caleb Doxsey
959c9e8225
envoy: always populate pomerium-authz cluster (#730) 2020-05-19 08:11:12 -06:00
Renovate Bot
0ca5230467 chore(deps): update module caddyserver/certmagic to v0.10.13 2020-05-19 02:45:14 +00:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
14c27974b9
envoy: enable TLS verification for internal services (#726) 2020-05-18 19:22:50 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Renovate Bot
e24e026ffc Update golang.org/x/net commit hash to a91f071 2020-05-18 22:26:25 +00:00
Caleb Doxsey
533dc4a96d Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Caleb Doxsey
b4ac3ca8d8 skip failing tests 2020-05-18 17:10:10 -04:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache (#698) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ef399380b7 merge master 2020-05-18 17:10:10 -04:00
Travis Groth
d514ec2ecf Proxy envoy metrics through control plane prometheus endpoint (#709) 
* Proxy metrics requests to envoy control plane
 2020-05-18 17:10:10 -04:00
Travis Groth
5ea1f719a7 Only run testing on master branch pushes and pull requests (#706) 2020-05-18 17:10:10 -04:00
Travis Groth
96a95c5aff Update jwt_claims_headers docs (#705) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00
Travis Groth
65bb1501fd deployment: Envoy cross platform improvements (#701) 
* Share processgroup on all platforms

* Fix cross platform release handling
 2020-05-18 17:10:10 -04:00
Travis Groth
d58f68ab15 Update build and release process for envoy embedding (#699) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Travis Groth
0c1ac5a575 Return an error regardless of envoy's exit status (#694) 2020-05-18 17:10:10 -04:00
Travis Groth
f5a9bad3d6 enable ipv6 grpc routing (#692) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
41855e5419 envoy: use envoy request id for logging across systems with http and gRPC (#691) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
593c47f8ac proxy: remove pomerium cookie and authorization from upstream requests (#687) 
* proxy: remove pomerium cookie and authorization from upstream requests

* fix typo
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
5819bf1408 authorize: return jwt claims in request headers (#688) 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code

* authorize: return jwt claims in request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
af649d3eb0 envoy: implement header and query param session loading (#684) 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
0d9a372182 envoy: implement refresh session (#674) 
* authorize: refresh session WIP

* remove upstream cookie with lua

* only refresh session on expired

* authorize: handle session expiration

* authorize: add refresh test, fix isExpired check

* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers

* authenticate: use id token expiry
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ae3049baca envoy: implement set_request_headers (#673) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
98d2f194a0 authorize: allow CORS preflight requests (#672) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
d92ee8d2a0 proxy: implement preserve host header option (#671) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
3879fe2f2a proxy: add websocket support (#670) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00
Renovate Bot
8f78497e99 Update module google.golang.org/api to v0.24.0 2020-05-18 14:55:47 +00:00
Renovate Bot
fe35489657 Update module golang/protobuf to v1.4.2 2020-05-18 13:16:44 +00:00
Bjoern Weidlich
1a1a5a11f9
Documentation around Pomerium/Istio/Grafana (#675) 
* Added an example of how to protect Grafana with Pomerium inside of an Istio mesh
* Added relevant documentation links
 2020-05-17 22:26:09 -07:00
Renovate Bot
9ede2be7c5 Update module google/go-cmp to v0.4.1 2020-05-18 01:43:57 +00:00
Caleb Doxsey
49067c8f06
integration-tests: TLS policy configuration options (#708) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* generate additional tls certs

* integration-tests: tls_skip_verify option

* integration-tests: wait for openid to come up before starting authenticate

* add tls_server_name test

* add test for tls_custom_ca

* increase setup timeout to 15 minutes

* fix secret name reference

* mtls wip

* mtls wip

* add test for client_cert
 2020-05-15 16:37:09 -06:00