3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-04 20:03:18 +02:00
Code Issues Projects Releases Packages Wiki Activity
3495 commits 164 branches 127 tags 105 MiB
Commit graph

179 commits

Author SHA1 Message Date
Caleb Doxsey
0cfb1025db
core/proto: update protoc dependencies (#5218) 
* core/proto: update protoc dependencies

* cleanup

* disable unimplemented forward compatibility check

* fix mock

* add generate make command

* add .0
 2024-08-15 11:12:05 -06:00
Denis Mishin
e2251b2d57
databroker/leaser: set timeout on ReleaseLease (#5208) 2024-08-06 14:47:59 -04:00
Kenneth Jenkins
418ee79e1a
authenticate: rework session ID token handling (#5178) 
Currently, the Session proto id_token field is populated with Pomerium
session data during initial login, but with IdP ID token data after an
IdP session refresh.

Instead, store only IdP ID token data in this field.

Update the existing SetRawIDToken method to populate the structured data
fields based on the contents of the raw ID token. Remove the other code
that sets these fields (in the authenticateflow package and in
manager.sessionUnmarshaler).

Add a test for the identity manager, exercising the combined effect of
session claims unmarshaling and SetRawIDToken(), to verify that the
combined behavior is preserved unchanged.
 2024-07-29 12:43:50 -07:00
Kenneth Jenkins
9fe646f25a
session: do not invalidate based on ID token (#5182) 
Per the OIDC spec, section 2:

> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.

A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
 2024-07-19 16:29:06 -07:00
Caleb Doxsey
e5e6558de6
core/authorize: require new login when authenticate url changes (#5165) 2024-07-12 10:57:41 -06:00
dependabot[bot]
8f8c66e9fd
chore(deps): bump the go group with 21 updates (#5162) 
* chore(deps): bump the go group with 21 updates

Bumps the go group with 21 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.41.0` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.27.0` | `1.30.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.16` | `1.27.23` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.54.3` | `1.57.1` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.2` | `0.21.3` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.8` | `1.3.9` |
| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.3+incompatible` | `27.0.3+incompatible` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.12` | `5.1.0` |
| [github.com/gorilla/websocket](https://github.com/gorilla/websocket) | `1.5.1` | `1.5.3` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.8` | `1.17.9` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.70` | `7.0.72` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.65.0` | `0.66.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.53.0` | `0.55.0` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.18.2` | `1.19.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.23.0` | `0.24.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.25.0` | `0.26.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.20.0` | `0.21.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.20.0` | `0.21.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.178.0` | `0.183.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20240515191416-fc5f0ca64291` | `0.0.0-20240528184218-531527333157` |
| google.golang.org/protobuf | `1.34.1` | `1.34.2` |


Updates `cloud.google.com/go/storage` from 1.41.0 to 1.42.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.41.0...spanner/v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.27.0 to 1.30.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.27.0...v1.30.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.16 to 1.27.23
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.16...config/v1.27.23)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.3 to 1.57.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.3...service/s3/v1.57.1)

Updates `github.com/caddyserver/certmagic` from 0.21.2 to 0.21.3
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.2...v0.21.3)

Updates `github.com/cloudflare/circl` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9)

Updates `github.com/docker/docker` from 26.1.3+incompatible to 27.0.3+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v27.0.3)

Updates `github.com/go-chi/chi/v5` from 5.0.12 to 5.1.0
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.12...v5.1.0)

Updates `github.com/gorilla/websocket` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3)

Updates `github.com/klauspost/compress` from 1.17.8 to 1.17.9
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9)

Updates `github.com/minio/minio-go/v7` from 7.0.70 to 7.0.72
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.70...v7.0.72)

Updates `github.com/open-policy-agent/opa` from 0.65.0 to 0.66.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.65.0...v0.66.0)

Updates `github.com/prometheus/common` from 0.53.0 to 0.55.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.53.0...v0.55.0)

Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0)

Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0)

Updates `golang.org/x/oauth2` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0)

Updates `google.golang.org/api` from 0.178.0 to 0.183.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.183.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240515191416-fc5f0ca64291 to 0.0.0-20240528184218-531527333157
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2024-07-05 13:26:47 -06:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 
* core/lint: upgrade golangci-lint, replace interface{} with any

* regen proto
 2024-05-02 14:33:52 -06:00
Caleb Doxsey
fab2181be4
core/mock: switch to uber mock (#5073) 
* core/mock: switch to uber mock

* merge main
 2024-04-16 12:23:00 -06:00
Denis Mishin
e7b3d3b6e9
config: add runtime flags (#5050) 2024-04-04 17:51:04 -04:00
Caleb Doxsey
4ac06d3bbd
core/logging: less verbose logs (#5040) 2024-03-29 15:26:20 -06:00
Caleb Doxsey
513d8bf615
core/config: implement direct response (#4960) 
* implement direct response

* proto

* fix tests

* update
 2024-02-15 14:33:56 -07:00
Caleb Doxsey
4301da3648
core/telemetry: move requestid to pkg directory (#4911) 2024-01-19 13:18:16 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Caleb Doxsey
d6221c07ce
core/config: remove debug option, always use json logs (#4857) 
* core/config: remove debug option, always use json logs

* go mod tidy
 2023-12-15 11:29:05 -07:00
Caleb Doxsey
a2fd95aae6
core/ci: update linting (#4844) 
* core/ci: update linting

* re-add exportloopref

* re-add gocheckcompilerdirectives

* re-add stylecheck

* re-add usestdlibvars

* upgrade lint

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-12-14 09:07:54 -08:00
Denis Mishin
c4dd965f2d
zero/telemetry: calculate DAU and MAU (#4810) 2023-12-11 13:37:01 -05:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Denis Mishin
15ca641b9c
databroker: changeset: prevent nil data in the deleted records (#4736) 2023-11-10 13:04:22 -07:00
Caleb Doxsey
6de9f12ac1
core/session: fix flaky test (#4730) 2023-11-09 12:36:08 -07:00
Denis Mishin
cc6592b6fd
reconciler: allow custom comparison function (#4726) 2023-11-08 20:11:49 -05:00
Kenneth Jenkins
0238a39f23
session: add unit tests for gRPC wrapper methods (#4713) 2023-11-08 15:22:47 -08:00
Caleb Doxsey
3bdbd56222
core/config: add pass_identity_headers option (#4720) 
* core/config: add pass_identity_headers option

* add to proto

* remove deprecated field
 2023-11-08 13:07:37 -07:00
Denis Mishin
bfcc970839
databroker: build config concurrently, option to bypass validation (#4655) 
* validation: option to bypass

* concurrently build config

* add regex_priority_order and route sorting

* rm mutex
 2023-11-06 13:21:29 -05:00
Kenneth Jenkins
ab104a643a
rework session updates to use new patch method (#4705) 
Update the AccessTracker, WebAuthn handlers, and identity manager
refresh loop to perform their session record updates using the
databroker Patch() method.

This should prevent any of these updates from conflicting.
 2023-11-06 09:43:07 -08:00
Denis Mishin
77bb203276
databroker: add reconciler (#4709) 2023-11-03 15:40:57 -04:00
Denis Mishin
6d5558cb97
databroker: add utility recordset and changeset (#4701) 2023-11-03 11:26:59 -04:00
Denis Mishin
45b72bc9b5
proto: add id to certificate (#4706) 2023-11-02 21:26:30 -04:00
Kenneth Jenkins
d5da872157
databroker: add patch method (#4704) 
Add a Patch() method to the databroker gRPC service.

Update the storage.Backend interface to include the Patch() method now
that all the storage.Backend implementations include it.

Add a test to exercise the patch method under concurrent usage.
 2023-11-02 15:07:37 -07:00
Caleb Doxsey
53573dc046
core/config: remove version (#4653) 
* core/config: remove version

* lint

* fix
 2023-11-01 10:19:55 -06:00
Caleb Doxsey
ae420f01c6
core/config: add config version, additional telemetry (#4645) 
* core/config: add config version, additional telemetry

* typo
 2023-10-27 15:16:40 -06:00
Caleb Doxsey
818f3926bf
core/grpc: fix deprecated protobuf package, remove tools (#4643) 2023-10-26 11:38:54 -06:00
Caleb Doxsey
23ea48815f
core/authorize: check for expired tokens (#4543) 
* core/authorize: check for expired tokens

* Update pkg/grpc/session/session.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

* lint

* fix zero timestamps

* fix

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-09-15 16:06:13 -06:00
Kenneth Jenkins
fd84075af1
config: remove set_authorization_header option (#4489) 
Remove the deprecated set_authorization_header option entirely. Add an
entry to the removedConfigFields map with a link to the relevant
Upgrading page section.
 2023-08-29 09:02:08 -07:00
Kenneth Jenkins
de68e37bc3
config: add new mTLS enforcement setting (#4443) 
Add an "enforcement" option to the new downstream mTLS configuration
settings group.

When not set, or when set to "policy_default_deny", keep the current
behavior of adding an invalid_client_certificate rule to all policies.

When the enforcement mode is set to just "policy", remove the default
invalid_client_certificate rule that would be normally added.

When the enforcement mode is set to "reject_connection", configure the
Envoy listener with the require_client_certificate setting and remove
the ACCEPT_UNTRUSTED option.

Add a corresponding field to the Settings proto.
 2023-08-09 07:53:11 -07:00
Kenneth Jenkins
24b09186a4
config: move mTLS settings to new struct (#4442) 
Move downstream mTLS settings to a nested config file object, under the
key 'downstream_mtls', and add a new DownstreamMTLSSettings struct for
these settings.

Deprecate the existing ClientCA and ClientCAFile fields in the Options
struct, but continue to honor them for now (log a warning if either is
populated).

Delete the ClientCRL and ClientCRLFile fields entirely (in current
releases these cannot be set without causing an Envoy error, so this
should not be a breaking change).

Update the Settings proto to mirror this nested structure.
 2023-08-08 10:22:48 -07:00
Caleb Doxsey
438aecd7bc
config: add customization options for logging (#4383) 
* config: add customization options for logging

* config: validate log fields

* allocate slices once
 2023-07-24 13:17:03 -06:00
Caleb Doxsey
10662d7034
databroker: fix fast forward (#4192) 
* databroker: sort configs

* databroker: fix fast-forward

* newest not oldest
 2023-05-23 15:30:27 -06:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
1e6a483ce9
config: add missing options (#3882) 
* config: add missing options

* remove _file options from protobuf

* fix

* lint
 2023-01-12 10:55:12 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
472370eded
identity: add identity profile (#3777) 2022-12-02 09:40:52 -07:00
Caleb Doxsey
cef6b355ae
config: add option for tls renegotiation (#3773) 
config: add option for tls renogotiation
 2022-11-28 14:34:06 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
2b319822a4
authenticate: update user info dashboard to show group info for enterprise (#3736) 
* authenticate: update user info dashboard to show group info for enterprise

* Update ui/src/components/GroupDetails.tsx

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-09 07:44:35 -07:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
3f9dfbef76
device: add generic methods for working with user+session devices (#3710) 2022-10-28 08:41:12 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00