3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-28 08:27:26 +02:00
Code Issues Projects Releases Packages Wiki Activity
1762 commits 164 branches 127 tags 104 MiB
Commit graph

161 commits

Author SHA1 Message Date
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
Caleb Doxsey
6af0655206
protoutil: add NewAny method for deterministic serialization (#2462) 2021-08-09 17:51:57 -06:00
Caleb Doxsey
3f8617cd93
fix go get, improve redis test (#2450) 
* add pomerium.go to fix go get

* try to make redis test less flaky
 2021-08-06 12:07:20 -06:00
Caleb Doxsey
63ee30d69c
options: remove refresh_cooldown, add allow_spdy to proto (#2446) 2021-08-06 10:06:57 -06:00
wasaga
51ab7e6226
telemetry: add nonce and make explicit ack/nack (#2434) 2021-08-04 21:08:55 -04:00
Caleb Doxsey
cc9962cca6
config: remove support for ed25519 signing keys (#2430) 2021-08-04 09:30:47 -06:00
Caleb Doxsey
94eb3c1149
config: remove grpc server max connection age options (#2427) 
* config: remove grpc server max connection age options

* remove docs
 2021-08-03 09:39:48 -06:00
Caleb Doxsey
5e2ca68e94
redis: increase timeout on test (#2425) 2021-08-02 17:11:33 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
c34118360d
ppl: remove support for aliases (#2400) 2021-07-27 12:29:42 -06:00
Caleb Doxsey
ac8ae3ef5b
directory: add logging http client to help with debugging outbound http requests (#2385) 2021-07-22 11:58:52 -06:00
Caleb Doxsey
cef08a1c2d
authorize: remove service account impersonate user id, email and groups (#2365) 2021-07-15 09:31:45 -06:00
Caleb Doxsey
21ffe44dff
authorize: support boolean deny results (#2338) 
* authorize: support boolean deny results

* add client certificate test

* handle different array lengths
 2021-07-06 12:52:26 -06:00
Caleb Doxsey
031fa1a91b
storage/inmemory: add tests for close behavior (#2336) 2021-07-06 09:36:04 -06:00
Caleb Doxsey
0bca5c9556
redis: refactor change signal test to be more deterministic (#2335) 2021-07-06 09:14:15 -06:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
Caleb Doxsey
11a619390a
ppl: fix not/nor rules (#2313) 
* ppl: fix not/nor rules

* use set comprehension with count
 2021-06-25 05:41:24 -06:00
wasaga
41a2622736
certs: reject certs from databroker if they conflict with local (#2309) 2021-06-24 18:40:59 -04:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
31fa214983
envoy: add full version (#2287) 
* envoy: add full version

* remove unused import

* get envoy for lint
 2021-06-14 13:58:12 -06:00
Caleb Doxsey
f9675f61cc
deps: upgrade to go-jose v3 (#2284) 2021-06-10 09:35:44 -06:00
dependabot[bot]
0246882f13
chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 (#2273) 
* chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0

Bumps [gopkg.in/square/go-jose.v2](https://github.com/square/go-jose) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/square/go-jose/releases)
- [Commits](https://github.com/square/go-jose/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: gopkg.in/square/go-jose.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update kid

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-06-07 09:15:17 -06:00
wasaga
744e2c7993
xds: only tag contexts used for UpdateRecords (#2269) 2021-06-04 14:01:25 -04:00
Caleb Doxsey
d705b219ea
redis: enforce capacity via ZREVRANGE to avoid race (#2267) 2021-06-04 07:03:55 -06:00
dependabot[bot]
e9ffc5fde3
chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0 (#2231) 
* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>

* fix UpdateState method

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-05-24 09:33:53 -06:00
Caleb Doxsey
96b9702ee3
ppl: add data type, implement string and list matchers (#2228) 
* ppl: add data type, implement string and list matchers

* update policy converter
 2021-05-21 11:28:41 -06:00
Caleb Doxsey
bdccd4f785
ppl: bubble up values, bug fixes (#2213) 2021-05-18 14:01:36 -06:00
Caleb Doxsey
e138054cb9
Pomerium Policy Language (#2202) 
* policy: add parser and generator for Pomerium Policy Language

* add criteria

* add additional criteria
 2021-05-17 15:30:51 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
wasaga
1ac93c2d3a
telemetry: add hostname tag to metrics (#2191) 2021-05-11 17:58:02 -04:00
Caleb Doxsey
94aa0b1a48
databroker: implement leases (#2172) 
* databroker: implement leases

* return error

* handle gRPC errors
 2021-05-10 13:30:25 -06:00
Caleb Doxsey
a54d43b937
registry: implement redis backend (#2179) 2021-05-10 10:33:37 -06:00
Caleb Doxsey
aeece76928
databroker: store issued at timestamp with session (#2173) 2021-05-04 10:09:14 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
wasaga
129df47f9c
xds extended event (#2158) 2021-05-03 12:28:11 -04:00
Caleb Doxsey
b5b1013947
config: add client_crl (#2157) 
* config: add client_crl

* address comments

* add ignored file
 2021-04-30 14:36:32 -06:00
Caleb Doxsey
699ebf061a
config: add support for codec_type (#2156) 
* config: add support for codec_type

* add comma

* fix warning block

* fix docs
 2021-04-30 07:21:40 -06:00
Caleb Doxsey
0adbf4f24c
controlplane: save configuration events to databroker (#2153) 
* envoy: save events to databroker

* controlplane: add tests for envoy configuration events

* format imports
 2021-04-29 15:51:46 -06:00
Caleb Doxsey
c85c8b0778
authorize: refactor store locking (#2151) 
* authorize: refactor store locking

* fix nil reference panic
 2021-04-29 08:37:27 -06:00
Caleb Doxsey
91c7dc742f
databroker: store server version in backend (#2142) 2021-04-28 09:12:52 -06:00
wasaga
1b698053f6
let pass custom grpc dial opts (#2144) 2021-04-27 18:26:27 -04:00
Caleb Doxsey
636b3d6846
databroker: add options for maximum capacity (#2095) 
* databroker: add options

* implement redis

* add trace for enforce options
 2021-04-26 17:14:54 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00
wasaga
0e66619081
do not require project be in GOPATH/src (#2078) 2021-04-12 09:43:05 -04:00
wasaga
6aa716bc95
propagate changes back from encrypted backend (#2079) 2021-04-12 09:42:45 -04:00
Caleb Doxsey
aeb8aaf9cd
directory: remove provider from user id (#2068) 2021-04-07 15:06:08 -06:00
Caleb Doxsey
a51c7140ea
cryptutil: use bytes for hmac (#2067) 2021-04-07 14:57:24 -06:00
wasaga
a935c1ba30
config related metrics (#2065) 2021-04-07 12:29:36 -07:00
Caleb Doxsey
9de340b48b
cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00