3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-24 22:47:14 +02:00
Code Issues Projects Releases Packages Wiki Activity
1762 commits 162 branches 127 tags 104 MiB
Commit graph

1762 commits

This branch
This branch
All branches
Author SHA1 Message Date
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Caleb Doxsey
f6b622c7dc
proxy: support websocket timeouts (#1362) 2020-09-02 07:55:57 -06:00
Caleb Doxsey
e4e6abfd29
certmagic: improve logging (#1358) 
* certmagic: improve logging

* Update internal/autocert/manager.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-01 09:58:09 -06:00
Travis Groth
c44219b9b3
deps: ensure renovate runs go mod tidy (#1357) 2020-09-01 11:37:28 -04:00
Cuong Manh Le
b8584a3f46
internal/directory/okta: accept non-json service account (#1359) 
Fixes #1354
 2020-09-01 22:33:55 +07:00
Travis Groth
0e27e014be
deps: run go mod tidy (#1356) 2020-09-01 09:47:28 -04:00
Travis Groth
2e714c211e
internal/controlplane: add telemetry http handler (#1353) 2020-09-01 09:22:24 -04:00
Caleb Doxsey
8ab0dcb45b
logs: add new log scrubber (#1346) 2020-08-31 08:12:08 -06:00
Renovate Bot
3caaf29899 Update google.golang.org/genproto commit hash to 2bf3329 2020-08-31 11:21:32 +00:00
Renovate Bot
1cff26e0c9 Update module open-policy-agent/opa to v0.23.2 2020-08-31 06:28:41 +00:00
Renovate Bot
f34ca258f3 Update module google/uuid to v1.1.2 2020-08-31 05:00:12 +00:00
Renovate Bot
1c3323834f Update module google/go-cmp to v0.5.2 2020-08-31 03:37:55 +00:00
Renovate Bot
124ccdce77 Update module google.golang.org/grpc to v1.31.1 2020-08-31 02:39:04 +00:00
Robert
1846c71d94
Include pomerium-cli in the docker image by default. Fixes #1343. (#1345) 
Size increases by 22MB.  (144MB -> 167MB)

This normalizes with expectations (and instructions, see impersonation
docs) that it will be there.
 2020-08-28 15:39:54 -04:00
Robert
99f05e661a
Use apt-get instead of apt to eliminate warning. (#1344) 
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Signed-off-by: Robert <rspier@pobox.com>
 2020-08-28 15:34:13 -04:00
Robert
2dc8879583
Allow setting the shared secret via an environment variable. (#1337) 
This makes it easier to safely pass it in programmatically to a container
without cutting and pasting or putting it on the command line.
 2020-08-27 08:39:07 -06:00
Travis Groth
a69b9957a1
docs: add nginx example (#1329) 
* docs: add nginx example

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-26 17:10:23 -04:00
Caleb Doxsey
51bdf9baae
authorize: add jti to JWT payload (#1328) 2020-08-24 15:35:16 -06:00
bobby
fbd8c8f294
deployment: add goimports with path awareness (#1316) 
Plus fix some spelling

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-24 13:04:55 -07:00
Cuong Manh Le
ffaceadfdd
internal/urlutil: remove un-used constants (#1326) 2020-08-25 02:07:56 +07:00
Cuong Manh Le
9de99d0211
all: add signout redirect url (#1324) 
Fixes #1213
 2020-08-25 01:23:58 +07:00
Renovate Bot
3d7206dc1e chore(deps): update module gorilla/handlers to v1.5.0 2020-08-24 14:23:20 +00:00
Renovate Bot
645e6dfa84 chore(deps): update golang.org/x/net commit hash to c890458 2020-08-24 13:37:29 +00:00
Renovate Bot
c7372cb6b0 chore(deps): update vuepress monorepo to v1.5.4 2020-08-24 05:26:10 +00:00
Renovate Bot
b50dd6e6e1 chore(deps): update module open-policy-agent/opa to v0.23.1 2020-08-24 04:28:33 +00:00
Renovate Bot
cbaf62aad3 chore(deps): update module gorilla/mux to v1.8.0 2020-08-24 03:41:03 +00:00
Renovate Bot
941f65224b chore(deps): update golang.org/x/crypto commit hash to 5c72a88 2020-08-24 02:42:15 +00:00
bobby
c1b3b45d12
proxy: remove unused handlers (#1317) 
proxy: remove unused handlers

authenticate: remove unused references to refresh_token

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-22 10:02:12 -07:00
Cuong Manh Le
82deafee63 integration: add forward auth test 2020-08-21 14:01:54 +07:00
Caleb Doxsey
79741d5345
autocert: fix locking issue (#1310) 2020-08-20 14:08:52 -06:00
Travis Groth
d81cfb6e99
pkg/storage/redis: update tests to use local certs + upstream image (#1306) 2020-08-20 12:44:15 -04:00
bobby
45fc4ec3cc
authorize: log users and groups (#1303) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-19 08:07:30 -07:00
Renovate Bot
66d43b6d27 chore(deps): update golang.org/x/time commit hash to 3af7569 2020-08-18 23:50:49 +00:00
Renovate Bot
9c3b0ad146 chore(deps): update golang.org/x/net commit hash to 3edf25e 2020-08-18 22:20:09 +00:00
Caleb Doxsey
c4c8ef8e53
azure: support deriving credentials from client id, client secret and provider url (#1300) 2020-08-18 10:17:28 -06:00
Caleb Doxsey
882b6b54ee
authenticate: move databroker connection to state (#1292) 
* authenticate: move databroker connection to state

* re-use err

* just return

* remove nil checks
 2020-08-18 09:33:43 -06:00
Caleb Doxsey
a1378c81f8
cache: support databroker option changes (#1294) 2020-08-18 07:27:20 -06:00
Cuong Manh Le
31205c0c29 proxy: fix wrong applied middleware 
Validate signature middleware must be applied for the callback
sub-router, not the whole dashboard router.

Fixes #1297
 2020-08-18 20:25:11 +07:00
Cuong Manh Le
afec38e5cb .github/workflows: skip running lint in pre-commit 
We did run lint in tests already.
 2020-08-18 20:24:15 +07:00
Cuong Manh Le
a4408ab6cf internal/directory/okta: fix wrong API query filter 
Okta uses space " " instead of plus sign "+" in query filter.
See https://developer.okta.com/docs/reference/api-overview/#filtering
 2020-08-18 20:24:15 +07:00
Travis Groth
9289de9140
ci: add precommit to test workflow (#669) 2020-08-17 18:34:38 -04:00
bobby
8a384985f0
autocert: fix bootstrapped cache store path (#1283) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-17 13:27:11 -07:00
Caleb Doxsey
6dee647a16
authorize: use atomic state for properties (#1290) 2020-08-17 14:24:06 -06:00
Renovate Bot
c0e230acbb chore(deps): update google.golang.org/genproto commit hash to f69a880 2020-08-17 15:23:15 +00:00
Cuong Manh Le
6518aa6023 Upgrade zipkin-go to v0.2.3 
Test needs to be changed to use lowercase name, as required by zipkin
JSON API v2 spec.

See: https://github.com/openzipkin/zipkin-go/pull/166
 2020-08-17 16:48:50 +07:00
Caleb Doxsey
d9a224a5e8
proxy: move properties to atomically updated state (#1280) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct

* proxy: allow local state to be updated on configuration changes

* fix test

* return new connection

* use warn, collapse to single line

* address concerns, fix tests
 2020-08-14 11:44:58 -06:00
Cuong Manh Le
23eea09ed0 internal/directory/okta: use okta filter to get updated groups 
Okta API supports filter to get updated groups only, we can adopt that
to reduce number of requests to okta API, hence reduce chance that we
reach the rate limit.

Updates #1256
 2020-08-14 22:01:31 +07:00
Cuong Manh Le
d1c0ae730f internal/directory/okta: honor rate limit reset header 
So we can wait until the rate limit release time to continue query okta
API.

Updates #1256
 2020-08-14 22:01:31 +07:00
Caleb Doxsey
d608526998
authenticate: move properties to atomically updated state (#1277) 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00
Cuong Manh Le
598102f587 internal/directory/okta: add limiter to query okta API 
Okta only allows 100 requests per minute, so apply the default rate
limit 1 QPS for it.

Fixes #1256
 2020-08-14 09:50:49 +07:00