pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00

Author	SHA1	Message	Date
Joe Kralicky	a96ab2fe93	move internal/telemetry/trace => pkg/telemetry/trace (#5541 )	2025-03-25 10:43:04 -04:00
Joe Kralicky	396c35b6b4	New tracing system (#5388 ) * update tracing config definitions * new tracing system * performance improvements * only configure tracing in envoy if it is enabled in pomerium * [tracing] refactor to use custom extension for trace id editing (#5420) refactor to use custom extension for trace id editing * set default tracing sample rate to 1.0 * fix proxy service http middleware * improve some existing auth related traces * test fixes * bump envoyproxy/go-control-plane * code cleanup * test fixes * Fix missing spans for well-known endpoints * import extension apis from pomerium/envoy-custom	2025-01-21 13:26:32 -05:00
Joe Kralicky	fe31799eb5	Fix many instances of contexts and loggers not being propagated (#5340 ) This also replaces instances where we manually write "return ctx.Err()" with "return context.Cause(ctx)" which is functionally identical, but will also correctly propagate cause errors if present.	2024-10-25 14:50:56 -04:00
Caleb Doxsey	dad954ae16	core/logging: change log.Error function (#5251 ) * core/logging: change log.Error function * use request id	2024-09-05 15:42:46 -06:00
Kenneth Jenkins	b7896b3153	authenticateflow: move stateless flow logic (#4820 ) Consolidate all logic specific to the stateless authenticate flow into a a new Stateless type in a new package internal/authenticateflow. This is in preparation for adding a new Stateful type implementing the older stateful authenticate flow (from Pomerium v0.20 and previous). This change is intended as a pure refactoring of existing logic, with no changes in functionality.	2023-12-06 16:55:57 -08:00
Denis Mishin	6e39ebc189	store authenticate state on creation (#4064 )	2023-03-17 18:25:29 -04:00
Caleb Doxsey	539fd51579	authenticate: remove databroker dependency (#3820 )	2022-12-17 09:03:46 -07:00
Caleb Doxsey	c1a522cd82	proxy: add userinfo and webauthn endpoints (#3755 ) * proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2022-11-22 10:26:35 -07:00
Caleb Doxsey	0ac7e45a21	atomicutil: use atomicutil.Value wherever possible (#3517 ) * atomicutil: use atomicutil.Value wherever possible * fix test * fix mux router	2022-07-28 15:38:38 -06:00
Caleb Doxsey	86625a4ddb	config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453 )	2022-06-29 10:44:08 -06:00
Caleb Doxsey	35f697e491	userinfo: add webauthn buttons to user info page (#3075 ) * userinfo: add webauthn buttons to user info page * use new buttons on original page * fix test	2022-02-23 10:08:24 -07:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	2f328e7de0	authenticate: fix expiring user info endpoint (#2976 ) * authenticate: fix expiring user info endpoint * add test	2022-01-27 16:10:47 -07:00
Caleb Doxsey	9330f6b0ac	authenticate: add device-enrolled page (#2892 ) * authenticate: add device-enrolled page * remove device credential id from page	2022-01-06 10:01:12 -07:00
Caleb Doxsey	a3be1b7cc5	devices: switch "default" device type to two built-in default device types (#2835 )	2021-12-20 10:44:29 -07:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00
Caleb Doxsey	1162585471	authenticate: add support for webauthn (#2688 ) * authenticate: add support for webauthn * remove rfc4648 library due to missing LICENSE * fix test * put state function in separate function	2021-10-20 13:18:34 -06:00
Caleb Doxsey	b1d62bb541	config: remove validate side effects (#2109 ) * config: default shared key * handle additional errors * update grpc addr and grpc insecure * update google cloud service authentication service account * fix set response headers * fix qps * fix test	2021-04-22 15:10:50 -06:00
wasaga	e0c09a0998	log context (#2107 )	2021-04-22 10:58:13 -04:00
Caleb Doxsey	3690a32855	config: use getters for authenticate, signout and forward auth urls (#2000 )	2021-03-19 14:49:25 -06:00
Caleb Doxsey	f396c2a0f7	config: log config source changes (#1959 ) * config: log config source changes * use internal log import	2021-03-03 09:54:08 -07:00
Caleb Doxsey	664358dfad	config: multiple endpoints for authorize and databroker (#1957 ) * wip * update docs * remove dead code	2021-03-03 09:53:19 -07:00
Caleb Doxsey	882b6b54ee	authenticate: move databroker connection to state (#1292 ) * authenticate: move databroker connection to state * re-use err * just return * remove nil checks	2020-08-18 09:33:43 -06:00
Caleb Doxsey	d608526998	authenticate: move properties to atomically updated state (#1277 ) * authenticate: remove cookie options * authenticate: remove shared key field * authenticate: remove shared cipher property * authenticate: move properties to separate state struct	2020-08-14 07:53:11 -06:00
Caleb Doxsey	045c10edc6	authenticate: support reloading IDP settings (#1273 ) * identity: add name method to provider * authenticate: support dynamically loading the provider	2020-08-13 12:14:30 -06:00
Caleb Doxsey	fbf5b403b9	config: allow dynamic configuration of cookie settings (#1267 )	2020-08-13 08:11:34 -06:00
bobby	1b365e52f3	authorize: add databroker url check (#1228 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-07 09:31:27 -07:00
Cuong Manh Le	73abed0d21	all: update outdated comments about OptionsUpdater interface (#1207 ) In #1088, OptionsUpdater was removed, but current code still mention it. This commit updates all comments which still mention about that interface (authorize is exlcuded, and will be updated in #1206).	2020-08-05 21:39:24 +07:00
Caleb Doxsey	97f85481f8	fix redirect loop, remove user/session services, remove duplicate deleted_at fields (#1162 ) * fix redirect loop, remove user/session services, remove duplicate deleted_at fields * change loop * reuse err variable * wrap errors, use cookie timeout * wrap error, duplicate if	2020-07-30 09:41:57 -06:00
Caleb Doxsey	d3a7ee38be	options refactor (#1088 ) * refactor config loading * wip * move autocert to its own config source * refactor options updaters * fix stuttering * fix autocert validate check	2020-07-16 14:30:15 -06:00
Caleb Doxsey	fae02791f5	cryptutil: move to pkg dir, add token generator (#1029 ) * cryptutil: move to pkg dir, add token generator * add gitignored files * add tests	2020-06-30 15:55:33 -06:00
Caleb Doxsey	091b71f12e	grpc: rename internal/grpc to pkg/grpc (#1010 ) * grpc: rename internal/grpc to pkg/grpc * don't ignore pkg dir * remove debug line	2020-06-26 09:17:02 -06:00
bobby	dbd1eac97f	identity: support custom code flow request params (#998 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-06-25 08:28:46 -07:00
Cuong Manh Le	17ba595ced	authenticate: support hot reloaded config (#984 ) By implementinng OptionsUpdater interface. Fixes #982	2020-06-24 00:18:20 +07:00
Cuong Manh Le	fb4dfaea44	authenticate: hide impersonation form from non-admin users (#979 ) Fixes #881	2020-06-23 22:09:33 +07:00
Travis Groth	88a77c42bb	cache: add client telemetry (#975 )	2020-06-22 18:18:44 -04:00
Caleb Doxsey	f7760c413e	directory: generate user/directory.User ID in a consistent way (#944 )	2020-06-22 07:42:57 -06:00
Caleb Doxsey	dbd7f55b20	feature/databroker: user data and session refactor project (#926 ) * databroker: add databroker, identity manager, update cache (#864) * databroker: add databroker, identity manager, update cache * fix cache tests * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * authorize: use databroker data for rego policy (#904) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix gitlab test * use v4 backoff * authenticate: databroker changes (#914) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove groups and refresh test * databroker: remove dead code, rename cache url, move dashboard (#925) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * wip * remove groups and refresh test * fix redirect, signout * remove databroker client from proxy * remove unused method * remove user dashboard test * handle missing session ids * session: reject sessions with no id * sessions: invalidate old sessions via databroker server version (#930) * session: add a version field tied to the databroker server version that can be used to invalidate sessions * fix tests * add log * authenticate: create user record immediately, call "get" directly in authorize (#931)	2020-06-19 07:52:44 -06:00
Caleb Doxsey	12d90a021c	authenticate: remove authorize url validate check (#790 ) * authenticate: remove authorize url validate check * fix test	2020-05-27 09:23:22 -06:00
Bobby DeSimone	9d7ef85687	authenticate: ensure authorize url is set (#760 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-26 10:44:20 -07:00
Caleb Doxsey	f770ccfedd	config: add getters for URLs to avoid nils (#777 ) * config: add getters for URLs to avoid nils * allow nil url for cache grpc client connection in authenticate	2020-05-26 11:36:18 -06:00
Bobby DeSimone	3f1faf2e9e	authenticate: add jwks and .well-known endpoint (#745 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-21 11:46:29 -07:00
Bobby DeSimone	666fd6aa35	authenticate: save oauth2 tokens to cache (#698 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-18 17:10:10 -04:00
Caleb Doxsey	af649d3eb0	envoy: implement header and query param session loading (#684 ) * authorize: refactor session loading, implement headers and query params * authorize: fix http recorder header, use constant for pomerium authorization header * fix compile * remove dead code	2020-05-18 17:10:10 -04:00
Bobby DeSimone	627a591824	identity: abstract identity providers by type (#560 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-04-23 10:36:24 -07:00
Bobby DeSimone	ba14ea246d	*: remove import path comments (#545 ) - import path comments are obsoleted by the go.mod file's module statement Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-03-16 10:13:47 -07:00
Mihai Todor	c14e3d8b34	Make IDP_PROVIDER env var mandatory (#536 )	2020-03-15 19:00:23 -07:00
Bobby DeSimone	5716113c2a	authenticate: make callback path configurable (#493 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-02-08 09:06:23 -08:00
Bobby DeSimone	e82477ea5c	deployment: throw away golanglint-ci defaults (#439 ) * deployment: throw away golanglint-ci defaults Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-01-26 12:33:45 -08:00

1 2

92 commits