3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-18 11:37:08 +02:00
Code Issues Projects Releases Packages Wiki Activity
1762 commits 160 branches 126 tags 104 MiB
Commit graph

1762 commits

This branch
This branch
All branches
Author SHA1 Message Date
Caleb Doxsey
22f6a2207b
envoy: re-implement recommended defaults (#2123) 2021-04-23 14:54:13 -06:00
Caleb Doxsey
f365b30e02
authorize: remove log (#2122) 2021-04-23 14:00:08 -06:00
Caleb Doxsey
762b565239
authorize: fix empty sub policy arrays (#2119) 2021-04-23 11:00:30 -06:00
Caleb Doxsey
433831fbea
authorize: fix unsigned URL (#2118) 2021-04-22 17:33:46 -06:00
dependabot[bot]
d365771e90
chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 (#2074) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.12.0...v0.13.0)

Signed-off-by: dependabot[bot] <support@github.com>

* autocert: fix for certmagic 0.12 -> 0.13

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-22 15:31:19 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
Hugo Blom
2806b67bee
drop tun.cfg.dstHost from jwtCacheKey (#2115) 2021-04-22 11:50:37 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Travis Groth
e7995954ff
deps: bump envoy to 1.17.2 (#2113) 2021-04-22 10:28:04 -04:00
Travis Groth
2b59db27be
deployment: update get-envoy script and release hooks (#2111) 2021-04-21 16:00:16 -04:00
Travis Groth
3b1e5a9a48
deployment: Publish OS packages to cloudsmith (#2105) 
* deployment: Publish OS packages to cloudsmith
 2021-04-21 07:12:14 -04:00
Caleb Doxsey
3906b70bc5
authorize: support arbitrary jwt claims (#2102) 
* authorize: support arbitrary jwt claims

* remove dead code
 2021-04-19 14:55:08 -06:00
bobby
073c6063db
docs: add threat model to security page (#2097) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-04-19 09:15:41 -07:00
dependabot[bot]
99eaf599c2
chore(deps): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 (#2098) 
Bumps [gopkg.in/auth0.v5](https://github.com/go-auth0/auth0) from 5.14.1 to 5.15.0.
- [Release notes](https://github.com/go-auth0/auth0/releases)
- [Changelog](https://github.com/go-auth0/auth0/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-auth0/auth0/compare/v5.14.1...v5.15.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-19 09:57:06 -06:00
dependabot[bot]
6a64f087ed
chore(deps): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 (#2099) 
Bumps [github.com/go-redis/redis/v8](https://github.com/go-redis/redis) from 8.8.0 to 8.8.2.
- [Release notes](https://github.com/go-redis/redis/releases)
- [Changelog](https://github.com/go-redis/redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-redis/redis/compare/v8.8.0...v8.8.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-19 09:56:41 -06:00
Travis Groth
ebfbdb721b
config: don't change address value on databroker or authorize (#2092) 2021-04-16 10:46:32 -04:00
Caleb Doxsey
7c98e0ae76
xdsmgr: update resource versions on NACK (#2093) 2021-04-16 08:23:40 -06:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00
Caleb Doxsey
f760cdece5
envoyconfig: move most bootstrap config to shared package (#2088) 2021-04-14 12:07:49 -06:00
wasaga
c12c0aab49
metrics_address should be optional parameter (#2087) 2021-04-13 15:56:35 -04:00
Caleb Doxsey
1dcccf2b56
envoy: refactor controlplane xds to new envoyconfig package (#2086) 2021-04-13 13:51:44 -06:00
wasaga
0e66619081
do not require project be in GOPATH/src (#2078) 2021-04-12 09:43:05 -04:00
wasaga
6aa716bc95
propagate changes back from encrypted backend (#2079) 2021-04-12 09:42:45 -04:00
Caleb Doxsey
8924b1a5fc
config: use tls_custom_ca from policy if available (#2077) 2021-04-09 12:26:46 -06:00
Caleb Doxsey
6d1d2bec54
crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075) 
* crypto: use actual bytes of shared secret, not the base64 encoded representation

* return errors

* return errors
 2021-04-08 20:04:01 -06:00
dependabot[bot]
7a04b16163
chore(deps): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 (#2071) 
Bumps [gopkg.in/auth0.v5](https://github.com/go-auth0/auth0) from 5.13.0 to 5.14.1.
- [Release notes](https://github.com/go-auth0/auth0/releases)
- [Changelog](https://github.com/go-auth0/auth0/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-auth0/auth0/compare/v5.13.0...v5.14.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:15:38 -06:00
dependabot[bot]
9359ae6deb
chore(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0 (#2072) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.36.1 to 1.37.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.36.1...v1.37.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:10:52 -06:00
dependabot[bot]
f72fa85f89
chore(deps): bump google.golang.org/api from 0.43.0 to 0.44.0 (#2073) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.43.0 to 0.44.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.43.0...v0.44.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-08 09:09:49 -06:00
Travis Groth
f59f31410a
deps: switch from renovate to dependabot (#2069) 2021-04-08 10:29:48 -04:00
Caleb Doxsey
aeb8aaf9cd
directory: remove provider from user id (#2068) 2021-04-07 15:06:08 -06:00
Caleb Doxsey
a51c7140ea
cryptutil: use bytes for hmac (#2067) 2021-04-07 14:57:24 -06:00
wasaga
a935c1ba30
config related metrics (#2065) 2021-04-07 12:29:36 -07:00
Caleb Doxsey
9de340b48b
cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00
Caleb Doxsey
294addd857
databroker: remove unused installation id, close streams when backend is closed (#2062) 2021-04-06 13:41:19 -06:00
Travis Groth
187d0a0195
docs: update community slack link (#2063) 2021-04-06 14:57:59 -04:00
Caleb Doxsey
d8f11dcb91
proxy: support re-proxying request through control plane for kubernetes (#2051) 
* proxy: support re-proxying request from envoy for kubernetes

* encrypt policy id for reproxy, implement tls options

* add comment, use hmac

* use httputil handler and error

* remove reproxy headers on all incoming request

* only allow re-proxying for kubernetes, strip headers

* fix tests
 2021-04-06 12:08:09 -06:00
Caleb Doxsey
f84f7551d0
authenticate: fix default sign out url (#2061) 2021-04-06 10:35:08 -06:00
Caleb Doxsey
8a2af8029b
authorize: additional tracing, add benchmark for encryptor (#2059) 2021-04-05 12:55:16 -06:00
Caleb Doxsey
f4c4fe314a
authorize: audit logging (#2050) 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
 2021-04-05 09:58:55 -06:00
Renovate Bot
00e56212ec fix(deps): update module github.com/golang/protobuf to v1.5.2 2021-04-05 10:37:13 +00:00
Renovate Bot
7f3093f60f fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 2021-04-05 09:50:57 +00:00
Renovate Bot
4c85d3b3d8 fix(deps): update google.golang.org/genproto commit hash to 6c239bb 2021-04-05 09:04:12 +00:00
Renovate Bot
5469caeb6c fix(deps): update golang.org/x/oauth2 commit hash to 2e8d934 2021-04-05 05:08:34 +00:00
Renovate Bot
ecfd29d4f0 fix(deps): update golang.org/x/net commit hash to 0fccb6f 2021-04-05 03:42:02 +00:00
Travis Groth
c7d243d742
proxy: restrict programmatic URLs to localhost (#2049) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-01 10:04:49 -04:00
Travis Groth
0635c838c9
authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-01 10:04:16 -04:00
contrun
c96ff595e5
fix not obtaining correct gitlab url because of empty string (#2044) 2021-03-31 11:21:16 -06:00
Caleb Doxsey
d7ab817de7
authorize: add databroker server and record version to result, force sync via polling (#2024) 
* authorize: add databroker server and record version to result, force sync via polling

* wrap inmem store to take read lock when grabbing databroker versions

* address code review comments

* reset max to 0
 2021-03-31 10:09:06 -06:00
wasaga
8f97b0d6ee
skip redis cluster on non-linux systems (#2045) 2021-03-31 10:42:49 -04:00
contrun
9980206073
change require_proxy_protocol to use_proxy_protocol (#2043) 
I set `use_proxy_protocol` to be true in my yaml config. Envoy didn't use proxy protocol albeit. Both the documents and https://github.com/pomerium/pomerium/pull/1777 hint the name should be use_proxy_protocol.
 2021-03-31 07:40:31 -06:00