pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 19:36:32 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	ad828c6e84	add support for TCP routes (#1695 )	2020-12-16 13:09:48 -07:00
bobby	652e8bb3d3	deps: update hashstructure v2 (#1632 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-11-30 16:53:21 -08:00
Philip Wassermann	85a5961e5e	authorize: add allow_any_authenticated_user policy (#1515 )	2020-11-05 11:20:50 -07:00
Caleb Doxsey	153e438eb6	authorize: implement allowed_idp_claims (#1542 ) * add arbitrary claims to session * add support for maps * update flattened claims * fix eol * fix trailing whitespace * fix tests	2020-10-23 14:05:37 -06:00
Caleb Doxsey	6e385f800a	config: add support for host header rewriting (#1457 ) * config: add support for host header rewriting * fix lint	2020-09-25 09:36:39 -06:00
Caleb Doxsey	4fb90fabe8	config: support explicit prefix and regex path rewriting (#1363 ) * config: support explicity prefix and regex path rewriting * add rewrite tests	2020-09-02 13:48:19 -06:00
Caleb Doxsey	a269441c34	proxy: disable control-plane robots.txt for public unauthenticated routes (#1361 )	2020-09-02 07:56:15 -06:00
Travis Groth	fbb367d393	config: omit empty subpolicies in yaml/json (#1229 )	2020-08-07 14:43:28 -04:00
Travis Groth	7a53e6bb42	proxy: add support for spdy upgrades (#1203 )	2020-08-04 13:26:14 -04:00
Travis Groth	01d0f7de6e	config: additional kubernetes token source support (#1200 )	2020-08-04 09:40:51 -04:00
Caleb Doxsey	504197d83b	custom rego in databroker (#1124 ) * add support for sub policies * add support for sub policies * update authz rego policy to support sub policies	2020-07-22 10:44:05 -06:00
Caleb Doxsey	b79e73b8b8	config: add support for policies stored in the databroker (#1099 ) * wip * always use databroker config source * add test * valid policy, remove debug lines	2020-07-17 10:35:29 -06:00
Caleb Doxsey	96424dac0f	implement google cloud serverless authentication (#1080 ) * add google cloud serverless support * force ipv4 for google cloud serverless * disable long line linting * fix destination hostname * add test * add support for service accounts * fix utc time in test	2020-07-16 08:25:14 -06:00
Caleb Doxsey	a70254ab76	kubernetes apiserver integration (#1063 ) * sessions: support bearer tokens in authorization * wip * remove dead code * refactor signed jwt code * use function * update per comments * fix test	2020-07-14 08:33:24 -06:00
Caleb Doxsey	fae02791f5	cryptutil: move to pkg dir, add token generator (#1029 ) * cryptutil: move to pkg dir, add token generator * add gitignored files * add tests	2020-06-30 15:55:33 -06:00
Cuong Manh Le	65150f2c3d	docs: document preserve_host_header with policy routes to static ip (#1024 ) Fixes #1012	2020-06-30 14:26:08 +07:00
Cuong Manh Le	8d0deb0732	config: add PassIdentityHeaders option (#903 ) Currently, user's identity headers are always inserted to downstream request. For privacy reason, it would be better to not insert these headers by default, and let user chose whether to include these headers per=policy basis. Fixes #702	2020-06-22 10:29:44 +07:00
Travis Groth	ee2170f5f5	config: add a consistent route ID (#905 )	2020-06-16 09:20:18 -04:00
Cuong Manh Le	4d5edb0d64	Feature/remove request headers (#822 ) * config: add RemoveRequestHeaders Currently, we have "set_request_headers" config, which reflects envoy route.Route.RequestHeadersToAdd. This commit add new config "remove_request_headers", which reflects envoy RequestHeadersToRemove. This is also a preparation for future PRs to implement disable user identity in request headers feature. * integration: add test for remove_request_headers * docs: add documentation/changelog for remove_request_headers	2020-06-03 07:46:51 -07:00
Caleb Doxsey	e854cfe83b	envoy: implement policy TLS options (#724 ) * envoy: implement policy TLS options * fix tests * log which CAs are being used	2020-05-18 16:52:51 -06:00
Caleb Doxsey	dccec1e646	envoy: support autocert (#695 ) * envoy: support autocert * envoy: fallback to http host routing if sni fails to match * update comment * envoy: renew certs when necessary * fix tests	2020-05-18 17:10:10 -04:00
Ogundele Olumide	75f4dadad6	identity/provider: implement generic revoke method (#595 ) Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-04-21 14:40:33 -07:00
Caleb Doxsey	e1d2501a94	proxy: move warning message to config validation	2020-04-20 18:24:36 -06:00
Caleb Doxsey	e8c8e7c688	config: use full string url instead of just the hostname for the policy options	2020-04-20 18:24:11 -06:00
Caleb Doxsey	5ecfa34361	config: gofmt	2020-04-20 18:23:35 -06:00
Caleb Doxsey	7027f458dd	config: add prefix, path and regex options proxy: support prefix, path and regex options	2020-04-20 18:23:34 -06:00
Bobby DeSimone	ba14ea246d	*: remove import path comments (#545 ) - import path comments are obsoleted by the go.mod file's module statement Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-03-16 10:13:47 -07:00
Bobby DeSimone	2f13488598	authorize: use opa for policy engine (#474 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-02-02 11:18:22 -08:00
Bobby DeSimone	8956bf4411	proxy: add preserve host header (#463 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-01-22 21:03:22 -08:00
Bobby DeSimone	12bae5cc43	errors: use %w verb directive (#419 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-12-03 20:02:43 -08:00
Travis Groth	e5b13a9bf6	add yaml tags to all pointers in config (#397 )	2019-11-24 16:45:21 -05:00
Travis Groth	8164cfd85a	config: Update yaml tags (#394 ) * Add/update yaml tags for Options and Policy	2019-11-20 22:37:44 -05:00
Travis Groth	f3c62c10cc	Rename `internal/config` to `config` (#380 )	2019-11-09 19:53:11 -05:00

33 commits