3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-29 17:07:24 +02:00
Code Issues Projects Releases Packages Wiki Activity
2396 commits 164 branches 127 tags 104 MiB
Commit graph

2396 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bobby DeSimone
829280c73c
authorize: add authN validation, additional tests (#761) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:44:51 -07:00
Bobby DeSimone
9d7ef85687
authenticate: ensure authorize url is set (#760) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:44:20 -07:00
Caleb Doxsey
f770ccfedd
config: add getters for URLs to avoid nils (#777) 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Bobby DeSimone
39187eb305
state: infer user from subject (#772) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:31:55 -07:00
Travis Groth
aba549a70f
envoy: ensure command line args reflect the current log level (#779) 2020-05-26 11:37:10 -04:00
Renovate Bot
e8f539e69e chore(deps): update module google/go-jsonnet to v0.16.0 2020-05-26 14:23:45 +00:00
Renovate Bot
ffe8ebe93e chore(deps): update google.golang.org/genproto commit hash to e9a78aa 2020-05-26 12:59:31 +00:00
Renovate Bot
c36748cffb chore(deps): update module google.golang.org/api to v0.25.0 2020-05-25 22:34:47 +00:00
Renovate Bot
c3d63babc8 chore(deps): update golang.org/x/net commit hash to 0ba52f6 2020-05-25 21:40:26 +00:00
Caleb Doxsey
dedf4b1428
controlplane: xds unit tests (#770) 
* xds: use plain functions, add unit tests for control plane routes

* xds: add test for grpc routes

* xds: add test for pomerium http routes

* xds: add test for policy routes

* xds: use plain functions

* xds: test get all routeable domains

* xds: add build downstream tls context test

* more tests

* test for client cert

* more tests
 2020-05-25 11:14:07 -06:00
Caleb Doxsey
7b96d2de66
dashboard: inline svgs + css for better forward auth (#771) 2020-05-25 11:12:40 -06:00
Travis Groth
727d4bed9d
envoy: Tracing config improvements (#754) 2020-05-23 18:40:26 -04:00
Bobby DeSimone
2d02f2dfa0
authenticate: add tests to signing endpoints (#759) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-22 14:21:24 -07:00
Bobby DeSimone
b7f4c0ce2b
config: add some cert tests (#758) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-22 13:32:34 -07:00
Caleb Doxsey
a969f33d88
authorize: refactor and add additional unit tests (#757) 
* authorize: clean up code, add test

* authorize: additional test

* authorize: additional test
 2020-05-22 13:25:59 -06:00
Benoît Knecht
5c3c020508
sessions/state: Add nickname claim (#755) 
GitLab returns the user name in a `nickname` claim instead of `user`, so make
it available in `sessions.State`.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
 2020-05-22 11:38:27 -07:00
Travis Groth
ca5f68e371
telemetry: Refactor GRPC Server Handler (#756) 
* Refactor GRPC server stats handler location
 2020-05-22 13:36:55 -04:00
Travis Groth
e2a7149c36
telemetry: Remove 'accept-encoding' header from proxied metric requests (#750) 2020-05-22 07:47:37 -04:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Caleb Doxsey
9b82954012
envoy: support ports in hosts for routing (#748) 
* envoy: support ports in hosts for routing

* additional domains
 2020-05-21 12:06:50 -06:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00
Renovate Bot
38c1b5ec65 chore(deps): update module google.golang.org/grpc to v1.29.1 2020-05-21 14:47:56 +00:00
Travis Groth
66e4c7d7ca
envoy: Add GRPC stats handler to control plane service (#744) 
* Add GRPC stats handler to control plane service
 2020-05-20 22:26:34 -04:00
Caleb Doxsey
84378440f0
envoy: improvements to logging (#742) 2020-05-20 13:05:41 -06:00
Caleb Doxsey
f40fb3d2ea
envoy: forward claim and assertion headers (#739) 2020-05-20 10:02:12 -06:00
Bobby DeSimone
2275bb8ad4
envoy: test programmatic api endpoint (#736) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-20 08:33:48 -07:00
Caleb Doxsey
d2e463e9ef
envoy: add duration and size to access log (#735) 2020-05-19 12:11:48 -06:00
Caleb Doxsey
e30e717942
main: move pomerium main code to an internal cmd package so that it can be called directly from tests (#734) 
* main: move pomerium main code to an internal cmd package so that it can be called directly from tests

* fix test
 2020-05-19 11:17:40 -06:00
renovate[bot]
095e06294a
chore(deps): update vuepress monorepo to v1.5.0 (#718) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-05-19 09:41:18 -07:00
Caleb Doxsey
ae0405f11e
envoy: fix lua warning (#731) 2020-05-19 10:21:50 -06:00
renovate[bot]
adaaed2481
chore(deps): update module yaml to v2.3.0 (#717) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-05-19 09:14:57 -07:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Bobby DeSimone
c85b12a137
envoy: verify helathcheck enpoints (#725) 
* envoy: verify helathcheck enpoints
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:35:19 -07:00
Bobby DeSimone
ca499ac9be
envoy: add jwt-assertion (#727) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:34:49 -07:00
Caleb Doxsey
1859f6d06b
envoy: switch to STRICT_DNS (#733) 2020-05-19 09:17:05 -06:00
Caleb Doxsey
959c9e8225
envoy: always populate pomerium-authz cluster (#730) 2020-05-19 08:11:12 -06:00
Renovate Bot
0ca5230467 chore(deps): update module caddyserver/certmagic to v0.10.13 2020-05-19 02:45:14 +00:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
14c27974b9
envoy: enable TLS verification for internal services (#726) 2020-05-18 19:22:50 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Renovate Bot
e24e026ffc Update golang.org/x/net commit hash to a91f071 2020-05-18 22:26:25 +00:00
Caleb Doxsey
533dc4a96d Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Caleb Doxsey
b4ac3ca8d8 skip failing tests 2020-05-18 17:10:10 -04:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache (#698) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ef399380b7 merge master 2020-05-18 17:10:10 -04:00
Travis Groth
d514ec2ecf Proxy envoy metrics through control plane prometheus endpoint (#709) 
* Proxy metrics requests to envoy control plane
 2020-05-18 17:10:10 -04:00
Travis Groth
5ea1f719a7 Only run testing on master branch pushes and pull requests (#706) 2020-05-18 17:10:10 -04:00
Travis Groth
96a95c5aff Update jwt_claims_headers docs (#705) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00