3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 12:26:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
965 commits 159 branches 125 tags 104 MiB
Commit graph

965 commits

This branch
This branch
All branches
Author SHA1 Message Date
Travis Groth
6df65fe197
config: fix loading storage client cert from wrong location (#1212) 2020-08-05 12:50:10 -04:00
Cuong Manh Le
ec52412d79
pkg/storage: make Watch returns receive only channel (#1211) 
So the caller can not write to the channel, and insist that the channel
is for notifying only.
 2020-08-05 23:49:28 +07:00
Cuong Manh Le
f4cb5ea6e9
pkg/storage/redis: fix multiple data race (#1210) 
There are two data race in current code:

 - Call to close pub sub conn and renew pub sub conn
 - Call to close notify channel and send data to it

Fixing them by:

 - Moving pub sub conn creation/renew in the doNotifyLoop
 - Add a lock to guard before close/send data to channel, and also add
 another check for context was done at the beginning of notify loop.

Verifying by running:

	for _ in {1..100}; do
	  go test -race -count=1 ./pkg/storage/redis/...
	done

with no failure.
 2020-08-05 22:35:14 +07:00
Cuong Manh Le
73abed0d21
all: update outdated comments about OptionsUpdater interface (#1207) 
In #1088, OptionsUpdater was removed, but current code still mention it.
This commit updates all comments which still mention about that
interface (authorize is exlcuded, and will be updated in #1206).
 2020-08-05 21:39:24 +07:00
Cuong Manh Le
633c25feb7
authorize: store policy evaluator on success only (#1206) 
Currently, when option changes, whether the option is good or bad, we
always store new policy evaluator.

When options is bad, policy evaluator will be nil. That can lead to panic
at runtime if a Check request were called after Authorize.OnConfigChange
ran with bad option.

We already have an error message if new policy evaluator fails, so we
must only update it on success only.
 2020-08-05 21:39:10 +07:00
Travis Groth
3f9a5f8c32
pkg/storage/redis: metrics updates (#1195) 
* pkg/storage/redis: add metric to subscribe

* pkg/storage/redis: fix pool stats nil pointer
 2020-08-05 07:16:53 -04:00
Travis Groth
f538b29a0c
proxy: refactor handler setup code (#1205) 2020-08-05 12:48:44 +07:00
Travis Groth
202b42f307
proxy: avoid second policy validation (#1204) 2020-08-04 15:42:32 -04:00
Travis Groth
7a53e6bb42
proxy: add support for spdy upgrades (#1203) 2020-08-04 13:26:14 -04:00
Cuong Manh Le
5653a398de
authorize/evaluator: add more test cases (#1198) 2020-08-04 22:43:03 +07:00
Cuong Manh Le
351a449023
authorize: add test for denied response (#1197) 2020-08-04 21:20:30 +07:00
Cuong Manh Le
79b5ae7d98
authorize/evaluator: fix wrong custom policies decision (#1199) 
Test will be added in #1198
 2020-08-04 21:11:59 +07:00
Travis Groth
01d0f7de6e
config: additional kubernetes token source support (#1200) 2020-08-04 09:40:51 -04:00
Travis Groth
a555e5fcc3
cmd/pomerium-cli: do not require terminal with cached creds (#1196) 2020-08-04 08:36:14 -04:00
Cuong Manh Le
fa43db80c1
authorize: derive check response message from reply message (#1193) 
* authorize: derive check response message from reply message

While at it, add tests for ok response related functions.

* authorize: more test case for ok reply with k8s svc
 2020-08-04 09:12:30 +07:00
Renovate Bot
280adec8ed chore(deps): update module google.golang.org/grpc to v1.31.0 2020-08-03 15:40:56 +00:00
Travis Groth
e9e691ee82
deployment: fix brew creation for pomerium-cli (#1192) 2020-08-03 10:15:38 -04:00
Renovate Bot
483dc5b232 chore(deps): update module contrib.go.opencensus.io/exporter/zipkin to v0.1.2 2020-08-03 13:20:10 +00:00
Renovate Bot
b25b5b8257 chore(deps): update google.golang.org/genproto commit hash to 8145dea 2020-08-03 12:35:16 +00:00
Renovate Bot
751b5f5663 chore(deps): update module spf13/viper to v1.7.1 2020-08-03 06:10:36 +00:00
Renovate Bot
ae48f7cef9 chore(deps): update module golang/mock to v1.4.4 2020-08-03 04:46:41 +00:00
Renovate Bot
04696daff2 chore(deps): update module contrib.go.opencensus.io/exporter/jaeger to v0.2.1 2020-08-03 03:25:21 +00:00
Renovate Bot
ea99b71de7 chore(deps): update golang.org/x/crypto commit hash to 123391f 2020-08-03 02:02:07 +00:00
Cuong Manh Le
c910196364
docs/docs: update upgrading to mention redis storage backend (#1172) 
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-08-01 11:20:07 -07:00
bobby
8b68079488
docs: rename docs/reference to docs/topics (#1182) 
* docs: rename docs/reference to docs/topics
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-01 10:00:14 -07:00
Cuong Manh Le
4f0d6bee68
internal/urlutil: add tests for GetDomainsForURL (#1183) 
Updates #959
 2020-08-01 09:59:40 -07:00
Caleb Doxsey
4115c67d93
pomerium-cli: kubernetes fixes (#1176) 
* pomerium-cli: fix kubernetes token caching

* pomerium-cli: fix error hanging

* add options for TLS
 2020-07-31 13:51:48 -06:00
Travis Groth
c8d3baccff
ci: pass release secret to goreleaser (#1181) 2020-07-31 15:35:37 -04:00
Travis Groth
f1934969fb
deploy: ensure pomerium-cli is built correctly (#1180) 2020-07-31 14:38:03 -04:00
Travis Groth
a81b3a4353
deploy: add pomerium/homebrew-tap publishing (#1179) 2020-07-31 14:32:19 -04:00
bobby
8c9ca05209
deployment: cut separate archive for cli (#1177) 
* deployment: cut separate archive for cli
* enable pre-release detection

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-07-31 10:12:23 -07:00
Travis Groth
aa0352d1b6
ci: re-add arm64 docker image builds (#1178) 2020-07-31 12:36:39 -04:00
Travis Groth
417c2f4890
docs: Redis and stateful storage docs (#1173) 2020-07-31 11:56:01 -04:00
Caleb Doxsey
b1d72c829b
pomerium-cli: fix kubernetes token caching (#1169) 
* pomerium-cli: fix kubernetes token caching

* switch to jose v2
 2020-07-31 09:50:06 -06:00
Cuong Manh Le
fabf773e8b
pkg/storage/redis: handling connection to redis backend failure (#1174) 
In case of connection to backend failure, we try reconnecting with
backoff, to re-subscribe to the notification channel.

Fixes #1167
 2020-07-31 22:17:11 +07:00
Cuong Manh Le
f7ebf54305
authorize: strip port from host header if necessary (#1175) 
After #1153, envoy can handle routes for `example.com` and `example.com:443`.
Authorize service should be updated to handle this case, too.

Fixes #959
 2020-07-31 21:41:58 +07:00
Cuong Manh Le
bc61206b78
pkg/storage/redis: add redis TLS support (#1163) 
Fixes #1156
 2020-07-31 19:37:23 +07:00
Travis Groth
aab9ec413e
fix lint errors (#1171) 2020-07-31 00:00:06 -04:00
Travis Groth
aa8ba35332
config: default to google idp credentials for serverless (#1170) 2020-07-30 20:21:41 -04:00
Travis Groth
3c4513a91e
telmetry: add databroker storage metrics and tracing (#1161) 
* telmetry: add databroker storage metrics and tracing
 2020-07-30 18:19:23 -04:00
Caleb Doxsey
29fb96a955
databroker: add encryption for records (#1168) 2020-07-30 14:04:31 -06:00
bobby
8cae3f27bb
docs: refactor sections, consolidate examples (#1164) 2020-07-30 11:02:14 -07:00
Diep Pham
f41eeaf138
docs: add recipe for TiddlyWiki on Node.js (#1143) 2020-07-30 08:59:04 -07:00
Caleb Doxsey
97f85481f8
fix redirect loop, remove user/session services, remove duplicate deleted_at fields (#1162) 
* fix redirect loop, remove user/session services, remove duplicate deleted_at fields

* change loop

* reuse err variable

* wrap errors, use cookie timeout

* wrap error, duplicate if
 2020-07-30 09:41:57 -06:00
Caleb Doxsey
714363fb07
grpcutil: add functions for JWTs in gRPC metadata (#1165) 2020-07-30 09:40:55 -06:00
Cuong Manh Le
3039407597
pkg/storage/redis: add authentication support (#1159) 
Fixes #1157
 2020-07-29 23:08:38 +07:00
Cuong Manh Le
05545b3e1d
pkg/storage/redis: do not use timeout to signal redis conn to stop (#1155) 
Instead, we run the loop in goroutine, and when context was done,
closing the underlying connection of PubSubConn, so the Receive will
return.

Fixes #1154
 2020-07-29 21:48:50 +07:00
Caleb Doxsey
557aef2a33
fix databroker restart versioning, handle missing sessions (#1145) 
* fix databroker restart versioning, handle missing sessions

* send empty server version to detect change

* only rebuild if there are updated records
 2020-07-29 08:45:41 -06:00
Caleb Doxsey
a5e8abd6af
handle example.com and example.com:443 (#1153) 
* handle example.com and example.com:443

* fix domain comparisons
 2020-07-28 15:30:41 -06:00
Travis Groth
996f0251b2
Add kubectl config commands (#1152) 2020-07-28 17:14:22 -04:00