3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 11:22:45 +02:00
Code Issues Projects Releases Packages Wiki Activity
1110 commits 167 branches 127 tags 105 MiB
Commit graph

337 commits

Author SHA1 Message Date
bobby
5cc65adc48
internal/frontend: resolve authN helper url (#1521) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-18 17:11:47 -07:00
renovate[bot]
847860ba32
chore(deps): update module go.opencensus.io to v0.22.5 (#1510) 
* chore(deps): update module go.opencensus.io to v0.22.5

* internal/telemetry: update tests for opencensus

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-10-17 20:59:12 -04:00
Caleb Doxsey
ac19c5041f
autocert: support certificate renewal (#1516) 2020-10-14 08:24:41 -06:00
Caleb Doxsey
04c582121d
add flag to enable user impersonation (#1514) 
* add flag to enable user impersonation

* fix typo
 2020-10-14 08:17:59 -06:00
Caleb Doxsey
4ed3d84632
debug: add pprof endpoints (#1504) 2020-10-09 12:40:33 -06:00
Caleb Doxsey
eb79cc0957
databroker: require JWT for access (#1503) 2020-10-09 11:08:40 -06:00
Caleb Doxsey
27d0cf180a
authenticate: protect /.pomerium/admin endpoint (#1500) 
* authenticate: protect /.pomerium/admin endpoint

* add integration test
 2020-10-08 15:44:12 -06:00
Caleb Doxsey
aa731ae068
directory: add explicit RefreshUser endpoint for faster sync (#1460) 
* directory: add explicit RefreshUser endpoint for faster sync

* add test

* implement azure

* update api call

* add test for azure User

* implement github

* implement AccessToken, gitlab

* implement okta

* implement onelogin

* fix test

* fix inconsistent test

* implement auth0
 2020-10-05 08:23:15 -06:00
bobby
9b39deabd8
forward-auth: use envoy's ext_authz check (#1482) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-10-04 20:01:06 -07:00
Jon Carl
f1daf336f6
auth0: implement directory provider (#1479) 
* add the auth0 directory provider

Signed-off-by: Jon Carl <jon.carl@auth0.com>

* fix code climate issue: context.Context should be funcs first param

Signed-off-by: Jon Carl <jon.carl@auth0.com>

* remove unused struct field

Signed-off-by: Jon Carl <jon.carl@auth0.com>

* remove vendoring

Signed-off-by: Jon Carl <jon.carl@auth0.com>

* fix auth0 imports and variable name

Signed-off-by: Jon Carl <jon.carl@auth0.com>
 2020-10-02 08:56:05 -06:00
Caleb Doxsey
697be04c6f
azure: incremental sync (#1471) 
* azure: incremental sync

* identity manager: fix directory sync timing

* on unauthorized, reset token

* support querying the user api

* update name

* pull out constants
 2020-09-30 08:18:04 -06:00
Caleb Doxsey
3e86d2f9bf
directory: additional user info (#1467) 
* directory: support additional user information

* implement github

* implement gitlab

* implement onelogin

* implement okta

* rename to display name

* implement google

* fill in properties

* fix azure email parsing

* fix tests, lint

* fix onelogin tests

* fix gitlab/github tests
 2020-09-29 09:38:16 -06:00
Caleb Doxsey
88580cf2fb
auth0: implement identity provider (#1470) 
* auth0: implement identity provider

* add auth0 guide

* fix naming
 2020-09-29 09:06:58 -06:00
Caleb Doxsey
2864859252
dashboard: format timestamps (#1468) 
* format timestamps

* fix test
 2020-09-28 16:00:42 -06:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
29b2fa4e60
proxy: preserve path and query string for http->https redirect (#1456) 2020-09-24 15:12:56 -06:00
Caleb Doxsey
83415ee52f
identity manager: fix directory sync timing (#1455) 2020-09-24 13:23:43 -06:00
Caleb Doxsey
f4c61a0cdc
redis: use pubsub instead of keyspace events (#1450) 2020-09-23 14:40:05 -06:00
Caleb Doxsey
2364da14c8
databroker: add support for querying the databroker (#1443) 
* databroker: add support for querying the databroker

* remove query method, use getall so encryption works

* add test

* return early
 2020-09-22 16:01:37 -06:00
bobby
0c60a9404e
httputil: remove retry button (#1438) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-22 07:53:53 -07:00
Caleb Doxsey
54d37e62e8
config: add dns_lookup_family option to customize DNS IP resolution (#1436) 2020-09-21 15:32:37 -06:00
bobby
bf937f362b
controplane: remove p-521 EC (#1420) 
* controplane: remove p-521 EC

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-18 08:18:21 -07:00
Caleb Doxsey
0860ec3a5c
okta: handle deleted groups (#1418) 
* okta: handle deleted groups

* limit api error body read
 2020-09-18 08:10:32 -06:00
Caleb Doxsey
3b6c617784
redirect-server: add config headers to responses (#1416) 2020-09-17 13:01:45 -06:00
Caleb Doxsey
665f0f9a74
azure: add support for nested groups (#1408) 
* azure: add support for nested groups

* fix test
 2020-09-17 08:25:10 -06:00
bobby
79a01bcfbb
controlplane: support P-384 / P-512 EC curves (#1409) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-16 17:35:00 -07:00
Caleb Doxsey
a19e45334b
proxy: remove impersonate headers for kubernetes (#1394) 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
 2020-09-09 15:24:39 -06:00
bobby
05d9fbb4b3
Desimone/authenticate default logout (#1390) 
* authenticate: fix unset post_logout_redirect_uri
* don't show url if does not exist
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-09 11:53:12 -07:00
Caleb Doxsey
1fcd86120b
proxy: for filter matches only include bare domain name (#1389) 2020-09-09 08:56:15 -06:00
Travis Groth
145c2cf8f5
internal/envoy: start epoch from 0 (#1387) 2020-09-09 10:25:21 -04:00
Caleb Doxsey
0a6796ff71
authorize: add support for service accounts (#1374) 2020-09-04 10:37:00 -06:00
Cuong Manh Le
eaf0dd4e67 internal/identity/manager: increase default refresh groups timeout 2020-09-04 23:17:56 +07:00
Cuong Manh Le
5895331768 internal/identity/manager: improve timeout error message 
By pointing user to configuration docs.
 2020-09-04 23:17:56 +07:00
bobby
43d37ace94
proxy/controlplane: make health checks debug level (#1368) 
- proxy: remove version from ping handler

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-09-04 07:31:12 -07:00
Cuong Manh Le
08a094ae93
internal/directory/okta: remove rate limiter (#1370) 
We did honor the rate limit header from okta, so don't bother to add our
rate limiter there.
 2020-09-04 18:23:14 +07:00
Caleb Doxsey
49d1a71ff2
databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source (#1367) 2020-09-03 08:11:34 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Caleb Doxsey
f6b622c7dc
proxy: support websocket timeouts (#1362) 2020-09-02 07:55:57 -06:00
Caleb Doxsey
e4e6abfd29
certmagic: improve logging (#1358) 
* certmagic: improve logging

* Update internal/autocert/manager.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-01 09:58:09 -06:00
Cuong Manh Le
b8584a3f46
internal/directory/okta: accept non-json service account (#1359) 
Fixes #1354
 2020-09-01 22:33:55 +07:00
Travis Groth
2e714c211e
internal/controlplane: add telemetry http handler (#1353) 2020-09-01 09:22:24 -04:00
bobby
fbd8c8f294
deployment: add goimports with path awareness (#1316) 
Plus fix some spelling

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-24 13:04:55 -07:00
Cuong Manh Le
ffaceadfdd
internal/urlutil: remove un-used constants (#1326) 2020-08-25 02:07:56 +07:00
bobby
c1b3b45d12
proxy: remove unused handlers (#1317) 
proxy: remove unused handlers

authenticate: remove unused references to refresh_token

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-22 10:02:12 -07:00
Caleb Doxsey
79741d5345
autocert: fix locking issue (#1310) 2020-08-20 14:08:52 -06:00
Caleb Doxsey
c4c8ef8e53
azure: support deriving credentials from client id, client secret and provider url (#1300) 2020-08-18 10:17:28 -06:00
Caleb Doxsey
a1378c81f8
cache: support databroker option changes (#1294) 2020-08-18 07:27:20 -06:00
Cuong Manh Le
a4408ab6cf internal/directory/okta: fix wrong API query filter 
Okta uses space " " instead of plus sign "+" in query filter.
See https://developer.okta.com/docs/reference/api-overview/#filtering
 2020-08-18 20:24:15 +07:00
bobby
8a384985f0
autocert: fix bootstrapped cache store path (#1283) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-17 13:27:11 -07:00