* WIP update
* init mutual auth topic page
* WIP
* update JWT verification guide
* s/Java/Json/g
* Add mTLS and update some charts
* resummarize
* get my updates in before Bobby gets here
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* finish updates
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* adjust styling for HRs and blockquotes
* mutual auth overhaul
* grammar adjustment
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* remove new blockquote style
* manual review updates
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* clarify upgrade notes and certificate reference
* backport updated reference to source and sort
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* update webauthn link
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* init device identity topic page
* add device options to PPL
* init device enrollment guide
* adjust for #2835 and crosslink
* tooltip in PPL on finding device ID
* sort and link matchers
* adjust terminology and crosslink
* standardize new topic name
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* rewrite device identity topic page
* rebase cleanup
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* add links from review with footer refs
* Apply suggestions from code review
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* rm errant newlines
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* version 0.9 is old enough as to not warrant reference
* copy edits and formatting
* Consolidate 'before you begin' and warn that mkcert is for development.
* update and refresh
* add troubleshooting partial
* standardize img path for partial
* Apply suggestions from code review
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
* clarify all route mtls config
* remove troubleshooting section
This commit requires that the PR **not** be backported, since the fix that negates this workaround will not be backported.
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
* envoy: add support for bind_config bootstrap options
* only add upstream bind config options to individual policy clusters
* update docs for new Envoy keys
Co-authored-by: alexfornuto <alex@fornuto.com>
* update dashboard guide...
This new version takes advantage of the RBAC options the Pomerium Helm chart now makes available
* Update docs/guides/kubernetes-dashboard.md
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
* edit intro para
* Apply suggestions from code review
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
* remvove numbered list of one
* Update docs/guides/kubernetes-dashboard.md
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
* typo correction
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
* WIP update
* init mutual auth topic page
* WIP
* update JWT verification guide
* s/Java/Json/g
* remove Mutual Auth topic page and references
The new page will be reviewed and added as a separate PR
* fix JSON capitalization throughout
* copy edit to jwt-verification.md
Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
* identity: only assign `access_type` uri params to google.
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
* bump upgrading
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.
Fix ProtoBuf definition for additional autocert options
Fix PR comments and add ACME EAB configuration
Add configuration option for trusted CAs when talking ACME
Fix linter issues
copy edits
render updated reference to docs
Add test for autocert manager configuration
Add tests for autocert configuration options
Fix CI build issues
Don't set empty acme.EAB struct if configuration not set
Remove required email when setting custom CA
When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.
Update generated docs
Fix failing tests by recreation of a new ACMEManager
The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
* github: use GraphQL API to reduce number of API calls for directory sync
* fix id encoding
* github: use slug instead of id, update upgrading.md
* Update docs/docs/upgrading.md
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
