3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-05 05:16:04 +02:00
Code Issues Projects Releases Packages Wiki Activity
3353 commits 159 branches 125 tags 104 MiB
Commit graph

168 commits

Author SHA1 Message Date
Caleb Doxsey
513d8bf615
core/config: implement direct response (#4960) 
* implement direct response

* proto

* fix tests

* update
 2024-02-15 14:33:56 -07:00
Caleb Doxsey
4301da3648
core/telemetry: move requestid to pkg directory (#4911) 2024-01-19 13:18:16 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Caleb Doxsey
d6221c07ce
core/config: remove debug option, always use json logs (#4857) 
* core/config: remove debug option, always use json logs

* go mod tidy
 2023-12-15 11:29:05 -07:00
Caleb Doxsey
a2fd95aae6
core/ci: update linting (#4844) 
* core/ci: update linting

* re-add exportloopref

* re-add gocheckcompilerdirectives

* re-add stylecheck

* re-add usestdlibvars

* upgrade lint

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-12-14 09:07:54 -08:00
Denis Mishin
c4dd965f2d
zero/telemetry: calculate DAU and MAU (#4810) 2023-12-11 13:37:01 -05:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Denis Mishin
15ca641b9c
databroker: changeset: prevent nil data in the deleted records (#4736) 2023-11-10 13:04:22 -07:00
Caleb Doxsey
6de9f12ac1
core/session: fix flaky test (#4730) 2023-11-09 12:36:08 -07:00
Denis Mishin
cc6592b6fd
reconciler: allow custom comparison function (#4726) 2023-11-08 20:11:49 -05:00
Kenneth Jenkins
0238a39f23
session: add unit tests for gRPC wrapper methods (#4713) 2023-11-08 15:22:47 -08:00
Caleb Doxsey
3bdbd56222
core/config: add pass_identity_headers option (#4720) 
* core/config: add pass_identity_headers option

* add to proto

* remove deprecated field
 2023-11-08 13:07:37 -07:00
Denis Mishin
bfcc970839
databroker: build config concurrently, option to bypass validation (#4655) 
* validation: option to bypass

* concurrently build config

* add regex_priority_order and route sorting

* rm mutex
 2023-11-06 13:21:29 -05:00
Kenneth Jenkins
ab104a643a
rework session updates to use new patch method (#4705) 
Update the AccessTracker, WebAuthn handlers, and identity manager
refresh loop to perform their session record updates using the
databroker Patch() method.

This should prevent any of these updates from conflicting.
 2023-11-06 09:43:07 -08:00
Denis Mishin
77bb203276
databroker: add reconciler (#4709) 2023-11-03 15:40:57 -04:00
Denis Mishin
6d5558cb97
databroker: add utility recordset and changeset (#4701) 2023-11-03 11:26:59 -04:00
Denis Mishin
45b72bc9b5
proto: add id to certificate (#4706) 2023-11-02 21:26:30 -04:00
Kenneth Jenkins
d5da872157
databroker: add patch method (#4704) 
Add a Patch() method to the databroker gRPC service.

Update the storage.Backend interface to include the Patch() method now
that all the storage.Backend implementations include it.

Add a test to exercise the patch method under concurrent usage.
 2023-11-02 15:07:37 -07:00
Caleb Doxsey
53573dc046
core/config: remove version (#4653) 
* core/config: remove version

* lint

* fix
 2023-11-01 10:19:55 -06:00
Caleb Doxsey
ae420f01c6
core/config: add config version, additional telemetry (#4645) 
* core/config: add config version, additional telemetry

* typo
 2023-10-27 15:16:40 -06:00
Caleb Doxsey
818f3926bf
core/grpc: fix deprecated protobuf package, remove tools (#4643) 2023-10-26 11:38:54 -06:00
Caleb Doxsey
23ea48815f
core/authorize: check for expired tokens (#4543) 
* core/authorize: check for expired tokens

* Update pkg/grpc/session/session.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

* lint

* fix zero timestamps

* fix

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-09-15 16:06:13 -06:00
Kenneth Jenkins
fd84075af1
config: remove set_authorization_header option (#4489) 
Remove the deprecated set_authorization_header option entirely. Add an
entry to the removedConfigFields map with a link to the relevant
Upgrading page section.
 2023-08-29 09:02:08 -07:00
Kenneth Jenkins
de68e37bc3
config: add new mTLS enforcement setting (#4443) 
Add an "enforcement" option to the new downstream mTLS configuration
settings group.

When not set, or when set to "policy_default_deny", keep the current
behavior of adding an invalid_client_certificate rule to all policies.

When the enforcement mode is set to just "policy", remove the default
invalid_client_certificate rule that would be normally added.

When the enforcement mode is set to "reject_connection", configure the
Envoy listener with the require_client_certificate setting and remove
the ACCEPT_UNTRUSTED option.

Add a corresponding field to the Settings proto.
 2023-08-09 07:53:11 -07:00
Kenneth Jenkins
24b09186a4
config: move mTLS settings to new struct (#4442) 
Move downstream mTLS settings to a nested config file object, under the
key 'downstream_mtls', and add a new DownstreamMTLSSettings struct for
these settings.

Deprecate the existing ClientCA and ClientCAFile fields in the Options
struct, but continue to honor them for now (log a warning if either is
populated).

Delete the ClientCRL and ClientCRLFile fields entirely (in current
releases these cannot be set without causing an Envoy error, so this
should not be a breaking change).

Update the Settings proto to mirror this nested structure.
 2023-08-08 10:22:48 -07:00
Caleb Doxsey
438aecd7bc
config: add customization options for logging (#4383) 
* config: add customization options for logging

* config: validate log fields

* allocate slices once
 2023-07-24 13:17:03 -06:00
Caleb Doxsey
10662d7034
databroker: fix fast forward (#4192) 
* databroker: sort configs

* databroker: fix fast-forward

* newest not oldest
 2023-05-23 15:30:27 -06:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
1e6a483ce9
config: add missing options (#3882) 
* config: add missing options

* remove _file options from protobuf

* fix

* lint
 2023-01-12 10:55:12 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
472370eded
identity: add identity profile (#3777) 2022-12-02 09:40:52 -07:00
Caleb Doxsey
cef6b355ae
config: add option for tls renegotiation (#3773) 
config: add option for tls renogotiation
 2022-11-28 14:34:06 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
2b319822a4
authenticate: update user info dashboard to show group info for enterprise (#3736) 
* authenticate: update user info dashboard to show group info for enterprise

* Update ui/src/components/GroupDetails.tsx

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-09 07:44:35 -07:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
3f9dfbef76
device: add generic methods for working with user+session devices (#3710) 2022-10-28 08:41:12 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00
Denis Mishin
2917f07dac
bump protoc to 3.21.7 (#3646) 2022-10-03 13:01:42 -04:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
3c63b6c028
authorize: add policy error details for custom error messages (#3542) 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
 2022-08-09 14:46:31 -06:00
Caleb Doxsey
0b48da1e2f
databroker: support rotating shared secret (#3502) 
* databroker: support rotating shared secret

* fix test

* run tests on linux

* fix tests

* fix typo

* increase timeout
 2022-07-26 10:59:54 -06:00
Denis Mishin
a7483bd035
add lease name to the log (#3498) 2022-07-25 16:04:41 -04:00
Caleb Doxsey
45a29ea879
databroker: add support for syncing by type (#3412) 
* databroker: add support for syncing by type

* add type url, fix query
 2022-06-13 09:52:13 -06:00
Caleb Doxsey
a2d5d8062b
postgres: use CTE and GENERATED version number instead of serialized transaction (#3408) 
* postgres: use CTE and GENERATED version number instead of serialized transaction

* update server version

* fix indexing CIDRs
 2022-06-09 12:18:20 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Caleb Doxsey
994faba0c8
databroker: add support for query filtering (#3369) 
* wip

* storage: add filtering to SyncLatest

* don't increment the record version, so intermediate changes are requested

* databroker: add support for query filtering

* fill server and record version

* add test checks

* add explanation to query filter error
 2022-05-19 09:07:32 -06:00
Caleb Doxsey
f73c5c615f
databroker: add support for putting multiple records (#3291) 
* databroker: add support for putting multiple records

* add OptimumPutRequestsFromRecords function

* replace GetAll with SyncLatest

* fix stream when there are no records
 2022-04-26 16:41:38 -06:00
Caleb Doxsey
761c17b8ac
grpc: wait for connect to be ready before making calls (#3253) 
* grpc: wait for connect to be ready before making calls

* make sure to stop the ticker
 2022-04-08 12:18:52 -06:00