pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00

Author	SHA1	Message	Date
Denis Mishin	d1037d784a	allow pomerium to be embedded as a library (#3415 )	2022-06-15 20:29:19 -04:00
Denis Mishin	db426072b0	eliminate global events manager (#3422 )	2022-06-14 15:05:16 -04:00
bobby	ebbb6a7ff2	docs: update references, remove docs dir (#3420 ) * docs: update references, remove docs dir Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * Update README.md Co-authored-by: Alex Fornuto <afornuto@pomerium.com> * Update Docs Paths * precommit Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove spellcheck Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * spell the check Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: Alex Fornuto <afornuto@pomerium.com>	2022-06-13 16:52:52 -07:00
cfanbo	3e01b726a3	fix: The built binary file is missing "ui/dist/index.js" and "ui/dist… (#3391 )	2022-06-06 11:20:28 -04:00
Caleb Doxsey	1c2aad2de6	postgres: databroker storage backend (#3370 ) * wip * storage: add filtering to SyncLatest * don't increment the record version, so intermediate changes are requested * databroker: add support for query filtering * fill server and record version * postgres: databroker storage backend * wip * serialize puts * add test * skip tests for macos * add test * return error from protojson * set data * exclude postgres from cover tests	2022-05-25 10:23:58 -06:00
Travis Groth	cbe90fd96d	docs: Add UUID to docs yaml blocks (#3251 )	2022-04-08 08:54:27 -06:00
Travis Groth	0ece090c85	ci: add mui build to release steps (#3023 )	2022-02-09 16:53:36 -05:00
Travis Groth	8f6fddebd1	ci: increase yarn timeout more (#3019 )	2022-02-08 18:35:57 -05:00
Travis Groth	996de1bf07	deps: increase yarn network timeout (#3018 )	2022-02-08 10:17:54 -05:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Denis Mishin	55fec9b51b	add host-rewrite options to config.proto (#2668 )	2021-10-08 11:50:56 -04:00
Denis Mishin	0878315d60	bump protoc-validate (#2606 )	2021-09-16 12:02:55 -04:00
bobby	1565d25d32	ci: use go 1.17.x (#2492 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-08-19 21:13:36 -07:00
wasaga	51ab7e6226	telemetry: add nonce and make explicit ack/nack (#2434 )	2021-08-04 21:08:55 -04:00
Travis Groth	3c658714ac	build: add envoy files to `make clean` (#2411 )	2021-07-30 12:47:22 -06:00
Caleb Doxsey	4ecb43454d	tools: add tools.go to pin go run apps (#2344 ) * tools: add tools.go to pin go run apps * remove deps-lint	2021-07-07 17:34:51 -06:00
Travis Groth	b162307a96	add coveralls (#2279 )	2021-06-24 17:23:04 -04:00
Caleb Doxsey	9bce8314ba	envoy: refactor envoy embedding (#2296 ) * envoy: add full version * remove unused import * envoy: refactor envoy embedding * fix lint * commit ignored files * maybe fix test	2021-06-15 08:18:30 -06:00
Caleb Doxsey	31fa214983	envoy: add full version (#2287 ) * envoy: add full version * remove unused import * get envoy for lint	2021-06-14 13:58:12 -06:00
Caleb Doxsey	d538f1d104	darwin: use gopsutil v3 to fix arm issue (#2245 ) * darwin: use gopsutil v3 to fix arm issue * remove getenvoy	2021-05-28 12:20:46 -06:00
Caleb Doxsey	dad35bcfb0	ppl: refactor authorize to evaluate PPL (#2224 ) * ppl: refactor authorize to evaluate PPL * remove opa test step * add log statement * simplify assignment * deny with forbidden if logged in * add safeEval function * create evaluator-specific config and options * embed the headers rego file directly	2021-05-21 09:50:18 -06:00
Travis Groth	d488b2d626	deployment: fix empty version on master builds (#2193 )	2021-05-11 15:37:04 -07:00
Caleb Doxsey	b6ec01f377	assets: use embed instead of statik (#1960 ) * assets: use embed instead of statik * remove empty line * maybe fix precommit	2021-03-03 18:56:55 -07:00
bobby	cdcb65b77c	ci: go 1.16.x, cached tests (#1937 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-02-23 11:39:52 -08:00
Caleb Doxsey	218acc001b	autocert: remove non-determinism (#1932 ) * autocert: remove non-determinism * try sorting coverage	2021-02-23 08:56:11 -08:00
Caleb Doxsey	b1871b0f2e	envoy: validate binary checksum (#1908 ) * envoy: validate binary checksum * address comments * change to info * fix order	2021-02-18 15:22:46 -07:00
Travis Groth	912fb3532d	remove generated code from code coverage metrics (#1857 )	2021-02-05 16:12:22 -05:00
Travis Groth	5558f81ffc	ci: fix version metadata in non-releases (#1836 )	2021-02-01 10:53:57 -05:00
Caleb Doxsey	4f0ce4bc82	fix coverage (#1741 ) * fix coverage * fix data races	2021-01-06 08:30:38 -07:00
bobby	f837c92741	dev: update linter (#1728 ) - gofumpt everything - fix TLS MinVersion to be at least 1.2 - add octal syntax - remove newlines - fix potential decompression bomb in ecjson - remove implicit memory aliasing in for loops. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-30 09:02:57 -08:00
bobby	e56e7e4b9e	cli: add version command (#1726 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-29 20:04:32 -08:00
Travis Groth	0b14722be4	deplyoment: add debug build / container / docs (#1513 )	2020-10-13 16:54:21 -04:00
Jon Carl	f1daf336f6	auth0: implement directory provider (#1479 ) * add the auth0 directory provider Signed-off-by: Jon Carl <jon.carl@auth0.com> * fix code climate issue: context.Context should be funcs first param Signed-off-by: Jon Carl <jon.carl@auth0.com> * remove unused struct field Signed-off-by: Jon Carl <jon.carl@auth0.com> * remove vendoring Signed-off-by: Jon Carl <jon.carl@auth0.com> * fix auth0 imports and variable name Signed-off-by: Jon Carl <jon.carl@auth0.com>	2020-10-02 08:56:05 -06:00
Cuong Manh Le	53588396ad	Allow specify go executable in Makefile (#1008 )	2020-06-26 23:53:47 +07:00
bobby	7110948296	depedency: bump opa v0.21.0 (#993 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-06-24 08:31:01 -07:00
Caleb Doxsey	dbd7f55b20	feature/databroker: user data and session refactor project (#926 ) * databroker: add databroker, identity manager, update cache (#864) * databroker: add databroker, identity manager, update cache * fix cache tests * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * authorize: use databroker data for rego policy (#904) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix gitlab test * use v4 backoff * authenticate: databroker changes (#914) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove groups and refresh test * databroker: remove dead code, rename cache url, move dashboard (#925) * wip * add directory provider * initialize before sync, upate google provider, remove dead code * fix flaky test * update authorize to use databroker data * implement signed jwt * wait for session and user to appear * fix test * directory service (#885) * directory: add google and okta * add onelogin * add directory provider * initialize before sync, upate google provider, remove dead code * add azure provider * fix azure provider * fix gitlab * add gitlab test, fix azure test * hook up okta * remove dead code * fix tests * fix flaky test * remove log line * only redirect when no session id exists * prepare rego query as part of create * return on ctx done * retry on disconnect for sync * move jwt signing * use != * use parent ctx for wait * remove session state, remove logs * rename function * add log message * pre-allocate slice * use errgroup * return nil on eof for sync * move check * disable timeout on gRPC requests in envoy * fix dashboard * delete session on logout * permanently delete sessions once they are marked as deleted * remove permanent delete * fix tests * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * remove cache service * remove kv * remove refresh docs * remove obsolete cache docs * add databroker url option * cache: use memberlist to detect multiple instances * add databroker service url * wip * remove groups and refresh test * fix redirect, signout * remove databroker client from proxy * remove unused method * remove user dashboard test * handle missing session ids * session: reject sessions with no id * sessions: invalidate old sessions via databroker server version (#930) * session: add a version field tied to the databroker server version that can be used to invalidate sessions * fix tests * add log * authenticate: create user record immediately, call "get" directly in authorize (#931)	2020-06-19 07:52:44 -06:00
Bobby DeSimone	666fd6aa35	authenticate: save oauth2 tokens to cache (#698 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-18 17:10:10 -04:00
Travis Groth	d58f68ab15	Update build and release process for envoy embedding (#699 )	2020-05-18 17:10:10 -04:00
Travis Groth	99e788a9b4	envoy: Initial changes	2020-05-18 17:10:10 -04:00
Caleb Doxsey	33b30a87b1	integration: exclude integration folder from make test	2020-04-28 07:37:39 -06:00
Caleb Doxsey	f979bae194	ci: specify version number for build dependencies, call build-deps before test	2020-04-20 18:24:36 -06:00
Caleb Doxsey	7aa97dee68	ci: install opa from source	2020-04-20 18:24:36 -06:00
Caleb Doxsey	90af23432c	authorize: run opa test in ci	2020-04-20 18:24:36 -06:00
Bobby DeSimone	8d1732582e	authorize: use jwt insead of state struct (#514 ) authenticate: unmarshal and verify state from jwt, instead of middleware authorize: embed opa policy using statik authorize: have IsAuthorized handle authorization for all routes authorize: if no signing key is provided, one is generated authorize: remove IsAdmin grpc endpoint authorize/client: return authorize decision struct cmd/pomerium: main logger no longer contains email and group cryptutil: add ECDSA signing methods dashboard: have impersonate form show up for all users, but have api gated by authz docs: fix typo in signed jwt header encoding/jws: remove unused es256 signer frontend: namespace static web assets internal/sessions: remove leeway to match authz policy proxy: move signing functionality to authz proxy: remove jwt attestation from proxy (authZ does now) proxy: remove non-signed headers from headers proxy: remove special handling of x-forwarded-host sessions: do not verify state in middleware sessions: remove leeway from state to match authz sessions/{all}: store jwt directly instead of state Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-03-10 11:19:26 -07:00
Bobby DeSimone	ebee64b70b	internal/frontend : serve static assets (#392 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-11-22 17:46:01 -08:00
Bobby DeSimone	6743accd74	lint: bump golangci-lint 1.21.0 (#391 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-11-19 19:58:11 -08:00
Bobby DeSimone	b3a1a9a8b8	deployment: staple linter version	2019-09-12 16:02:16 -07:00
Bobby DeSimone	380d314404	authenticate: make service http only - Rename SessionState to State to avoid stutter. - Simplified option validation to use a wrapper function for base64 secrets. - Removed authenticates grpc code. - Abstracted logic to load and validate a user's authenticate session. - Removed instances of url.Parse in favor of urlutil's version. - proxy: replaces grpc refresh logic with forced deadline advancement. - internal/sessions: remove rest store; parse authorize header as part of session store. - proxy: refactor request signer - sessions: remove extend deadline (fixes #294) - remove AuthenticateInternalAddr - remove AuthenticateInternalAddrString - omit type tag.Key from declaration of vars TagKey* it will be inferred from the right-hand side - remove compatibility package xerrors - use cloned http.DefaultTransport as base transport	2019-09-04 16:27:08 -07:00
Bobby DeSimone	7f99671bfa	docs: add contributing guide for docs - merge developers guide and contributing - delete duplicate "from source" - add docs makefile entry - fix "edit in github" link Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-08-12 19:55:51 -07:00
Bobby DeSimone	2c1953b0ec	internal/config: pass urls by value Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2019-08-02 15:46:18 -07:00

1 2

59 commits