3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-02 10:52:49 +02:00
Code Issues Projects Releases Packages Wiki Activity
1119 commits 169 branches 127 tags 105 MiB
Commit graph

1119 commits

This branch
This branch
All branches
Author SHA1 Message Date
Renovate Bot
c0e230acbb chore(deps): update google.golang.org/genproto commit hash to f69a880 2020-08-17 15:23:15 +00:00
Cuong Manh Le
6518aa6023 Upgrade zipkin-go to v0.2.3 
Test needs to be changed to use lowercase name, as required by zipkin
JSON API v2 spec.

See: https://github.com/openzipkin/zipkin-go/pull/166
 2020-08-17 16:48:50 +07:00
Caleb Doxsey
d9a224a5e8
proxy: move properties to atomically updated state (#1280) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct

* proxy: allow local state to be updated on configuration changes

* fix test

* return new connection

* use warn, collapse to single line

* address concerns, fix tests
 2020-08-14 11:44:58 -06:00
Cuong Manh Le
23eea09ed0 internal/directory/okta: use okta filter to get updated groups 
Okta API supports filter to get updated groups only, we can adopt that
to reduce number of requests to okta API, hence reduce chance that we
reach the rate limit.

Updates #1256
 2020-08-14 22:01:31 +07:00
Cuong Manh Le
d1c0ae730f internal/directory/okta: honor rate limit reset header 
So we can wait until the rate limit release time to continue query okta
API.

Updates #1256
 2020-08-14 22:01:31 +07:00
Caleb Doxsey
d608526998
authenticate: move properties to atomically updated state (#1277) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00
Cuong Manh Le
598102f587 internal/directory/okta: add limiter to query okta API 
Okta only allows 100 requests per minute, so apply the default rate
limit 1 QPS for it.

Fixes #1256
 2020-08-14 09:50:49 +07:00
Cuong Manh Le
f356ff5581 config: add idp qps config 2020-08-14 09:50:49 +07:00
Caleb Doxsey
045c10edc6
authenticate: support reloading IDP settings (#1273) 
* identity: add name method to provider

* authenticate: support dynamically loading the provider
 2020-08-13 12:14:30 -06:00
bobby
332324fa2d
docs: use .com sitemap hostname (#1274) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-13 10:59:42 -07:00
Caleb Doxsey
fbf5b403b9
config: allow dynamic configuration of cookie settings (#1267) 2020-08-13 08:11:34 -06:00
Travis Groth
0c51ad0e66
docs: fix in-action video (#1268) 2020-08-12 19:34:50 -04:00
Caleb Doxsey
2afd7b6864
envoy: add support for hot-reloading bootstrap configuration (#1259) 
* envoy: add support for hot-reloading bootstrap configuration

* use passed in log level

* fix unnecessary firstNonEmpty

* move process release to after new command start
 2020-08-12 16:13:19 -06:00
Cuong Manh Le
82b1daae50
internal/directory/okta: increase default batch size to 200 (#1264) 
See: https://developer.okta.com/docs/reference/api/groups/#list-groups-with-membership-updated-after-timestamp

Updates #1256
 2020-08-13 02:27:01 +07:00
Travis Groth
6314c43f40
docs: image, sitemap and redirect fixes (#1263) 
* docs: fix image linkes for cdn

* docs: use relative top level redirect

* docs: generate sitemap under /docs/
 2020-08-12 15:22:53 -04:00
Cuong Manh Le
8d7f82de4e Fix broken logo link in README.md 2020-08-13 01:23:48 +07:00
Caleb Doxsey
bd5c784670
config: validate databroker settings (#1260) 
* config: validate databroker settings

* fix test
 2020-08-12 11:32:34 -06:00
Cuong Manh Le
877edde0be .github/workflows: upgrade to go1.15 2020-08-12 22:33:50 +07:00
Cuong Manh Le
9af2226b5b pkg/storage/redis: use SANs cert 
Since go1.15, X.509 CommonName is deprecated, switch to a SANs
certificate for test redis TLS.

While at it, add instruction to genearte cert and build test image.

See: https://golang.org/doc/go1.15#commonname
 2020-08-12 22:20:50 +07:00
Cuong Manh Le
4b3e07c5f5 internal/controlplane: mocking policy name in test 
We don't have to test for exact policy name, as it does not make sense
and force us to change test every new go release.
 2020-08-12 22:20:50 +07:00
Cuong Manh Le
ddcfe7a5e9 config: do not test for exact route id 
Different go version can genearte different route id, due to the fact
that we are relying on xxhash.
 2020-08-12 22:20:50 +07:00
Caleb Doxsey
f822c9a5d2
config: allow reloading of telemetry settings (#1255) 
* metrics: support dynamic configuration settings

* add test

* trace: update configuration when settings change

* config: allow logging options to be configured when settings change

* envoy: allow changing log settings

* fix unexpected doc change

* fix tests

* pick a port at random

* update based on review
 2020-08-12 08:14:15 -06:00
Cuong Manh Le
0d611c2a40
config: warn if custom scopes set for builtin providers (#1252) 
* config: warn if custom scopes set for builtin providers

Fixes #1144

* config: make warn msg constant
 2020-08-11 23:23:34 +07:00
Caleb Doxsey
1285a9d91d
databroker: add support for config settings (#1253) 2020-08-11 07:50:19 -06:00
Renovate Bot
ab39b628c5 Update module google.golang.org/api to v0.30.0 2020-08-11 04:41:22 +00:00
Cuong Manh Le
32745250d3
docs/docs: fix wrong okta service account field (#1251) 
The okta service account token field should be api_key not api_token

Fixes #1249
 2020-08-11 09:05:36 +07:00
Cuong Manh Le
277e6b56e9 internal/autocert: refactoring updateAutocert 
By factor out obtain and renew certification process, return specific
error for each process if failed to contact with letsencrypt server.
 2020-08-10 23:26:35 +07:00
Cuong Manh Le
3c23164347 internal/autocert: re-use cert if renewing failed but cert not expired 
Fixes #1232
 2020-08-10 23:26:35 +07:00
Renovate Bot
dbfc476013 chore(deps): update google.golang.org/genproto commit hash to a062522 2020-08-10 15:57:48 +00:00
Renovate Bot
14a86202e4 chore(deps): update dependency @vuepress/plugin-google-analytics to v1.5.3 2020-08-10 07:47:40 +00:00
Karel Bilek
27fb46e32f
remove rootDomain from examples (#1244) 2020-08-09 21:36:29 -07:00
bobby
1fd86ccd55
docs: fix redirect loop (#1245) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-09 21:34:30 -07:00
bobby
18a223e1ed
docs: add / redirect (#1241) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-09 21:08:21 -07:00
bobby
07be1e9530
docs: prepare for enterprise / oss split (#1238) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-09 20:45:43 -07:00
Travis Groth
fbb367d393
config: omit empty subpolicies in yaml/json (#1229) 2020-08-07 14:43:28 -04:00
bobby
1b365e52f3
authorize: add databroker url check (#1228) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-07 09:31:27 -07:00
Cuong Manh Le
02edbb7748
internal/databroker: make Sync send data in smaller batches (#1226) 
* internal/databroker: make Sync send data in smaller batches

GRPC streaming is better at sending multiple smaller message instead of
a big one.

Benchmark result for sending 10k messages at once vs multiple batches,
each with 100 messages:

name     old time/op  new time/op  delta
Sync-12  14.5ms ± 3%  12.4ms ± 2%  -14.40%  (p=0.000 n=10+9)

* cache: add test for databroker sync
 2020-08-07 23:12:41 +07:00
Cuong Manh Le
f4a0e9e103 config: add more test cases for options 2020-08-07 23:03:00 +07:00
Cuong Manh Le
a4043eb049 config: add tests for policy 2020-08-07 23:03:00 +07:00
bobby
bfc3fb67da
v0.10.0 (#1225) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-06 21:08:19 -07:00
roulesse
7da513f42c
Update synology.md (#1219) 2020-08-06 15:28:51 -07:00
Travis Groth
8e48ae03a8
cache: only run memberlist for in-memory databroker (#1224) 2020-08-06 17:19:38 -04:00
Travis Groth
4976fe3824
docs: add installation section (#1223) 2020-08-06 16:34:01 -04:00
Travis Groth
1cafba18a5
docs: Kubernetes topic (#1222) 
* docs: kubernetes topic and installation stub
 2020-08-06 15:28:12 -04:00
Travis Groth
28230c7dc5
docs: update architecture diagrams + descriptions (#1218) 
* docs: update architecture diagrams + descriptions

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/docs/topics/production-deployment.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-06 13:40:08 -04:00
Cuong Manh Le
f46f124f13 authorize: add tests for get jwt claim headers 2020-08-06 21:02:20 +07:00
Cuong Manh Le
5d3b551524 authorize: increase test coverage 
- Add test cases for sync functions
 - Add test for valid JWT
 - Add session state to Test_getEvaluatorRequest
 2020-08-06 21:02:20 +07:00
Cuong Manh Le
0624658e4b authorize: move service account normalization to its own function 
This helps testing the code easier, increase coverage.
 2020-08-06 21:02:20 +07:00
Cuong Manh Le
e6c78f10e9 authorize/evaluator: add test for ClearRecords 2020-08-06 21:02:20 +07:00
bobby
8d0cb86098
docs: fix links, fix upgrade guide (#1220) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-05 23:07:49 -07:00