3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-22 13:37:19 +02:00
Code Issues Projects Releases Packages Wiki Activity
965 commits 161 branches 126 tags 104 MiB
Commit graph

965 commits

This branch
This branch
All branches
Author SHA1 Message Date
Cuong Manh Le
f62bb686d8
internal/controlplane: make sure options.Headers are set for response (#907) 
When switching to envoy, we forgot to adopt the middleware to set
response headers with options.Headers, which causes HSTS header is
missing in v0.9.0 release.

Fixes #901
 2020-06-17 00:56:01 +07:00
Travis Groth
ee2170f5f5
config: add a consistent route ID (#905) 2020-06-16 09:20:18 -04:00
Cuong Manh Le
34d06e521d
internal/telemetry/metrics: document concurrently using (#891) 
Document that metricRegistry is not safe for concurrently use. While at
it, remove t.Parallel() in tests which use metricRegistry, which causes
data race, caught by:

	go test -race ./internal/telemetry/metrics
 2020-06-15 23:08:03 +07:00
Cuong Manh Le
e0bdd906f9
config: change the default logging level to INFO (#902) 
config: change the default logging level to INFO

DEBUG logging level is very verbose and potentially logs sensitive data.
We should set default log level to INFO.

Updates #895
Fixes #896
 2020-06-15 22:55:18 +07:00
Cuong Manh Le
896467c4bf
internal/cmd/pomerium: fix data race in handling context (#890) 
Caught by:

	go test -race ./internal/cmd/pomerium

The ctx in Run is both read (in handle signal goroutine) and write
(when passing to errgroup context in Run), causes data race.

Fixing it, by passing the ctx to goroutine via argument instead of
accessing it directly.
 2020-06-15 22:38:45 +07:00
Bobby DeSimone
e57f92486a
envoy: bump envoy to 1.14.2 (#894) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-15 07:55:44 -07:00
Renovate Bot
97cead4d08 chore(deps): update vuepress monorepo to v1.5.2 2020-06-15 08:29:40 +00:00
Renovate Bot
d5a8fece0c chore(deps): update module caddyserver/certmagic to v0.11.2 2020-06-15 05:45:59 +00:00
Renovate Bot
e51e8c3410 chore(deps): update google.golang.org/genproto commit hash to 7676ae0 2020-06-15 03:51:56 +00:00
Bobby DeSimone
200bc7e836
controlplane: use previous preferred cipher suite (#889) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-14 17:53:18 -07:00
Bobby DeSimone
79d793d122
controlplane: fix missing full cert chain (#888) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-14 17:53:02 -07:00
Bobby DeSimone
3fbcb8ff13
frontend: fix logo fill on chrome (#893) 
- on error, if reason is empty use the status text of the http status code

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-13 13:55:01 -07:00
Travis Groth
fb2930dcc5
git: ignore additional test file types (#883) 2020-06-12 11:06:45 -04:00
Travis Groth
dbbbb2357e
authorize: reduce duplicate evaluations in opa policy (#882) 2020-06-12 11:06:28 -04:00
Travis Groth
42966ab39b
options: ensure viper ignores certificates config field (#876) 2020-06-11 16:38:13 -04:00
Yuchen Ying
b000930914
Remove unnecessary viper.New() (#849) 2020-06-11 10:26:42 -04:00
Renovate Bot
2b6b21739d Update golang.org/x/crypto commit hash to 70a84ac 2020-06-11 10:53:34 +00:00
Renovate Bot
3f359c1f38 Update module go-redis/redis/v7 to v7.4.0 2020-06-11 08:58:42 +00:00
Renovate Bot
24229a8013 Update golang.org/x/net commit hash to 627f964 2020-06-11 05:54:57 +00:00
Renovate Bot
5373a1d637 Update module google.golang.org/api to v0.26.0 2020-06-11 04:26:26 +00:00
Renovate Bot
5a22a0d6f7 Update module stretchr/testify to v1.6.1 2020-06-10 22:59:32 +00:00
Renovate Bot
89ece36d0c Update module rs/zerolog to v1.19.0 2020-06-10 21:42:18 +00:00
Renovate Bot
5baeb4ae94 Update module open-policy-agent/opa to v0.20.5 2020-06-10 20:35:03 +00:00
Renovate Bot
eecf33218a Update module contrib.go.opencensus.io/exporter/prometheus to v0.2.0 2020-06-10 20:25:14 +00:00
Renovate Bot
5aa3cbc5b9 Update module caddyserver/certmagic to v0.11.1 2020-06-10 18:20:19 +00:00
Renovate Bot
36fa986e97 Update google.golang.org/genproto commit hash to a5b850b 2020-06-10 16:40:59 +00:00
Bobby DeSimone
b00acad517
internal/controlplane: set minimum tls version (#854) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-10 09:08:05 -07:00
Bobby DeSimone
b8ccfee499
go.mod: bump required go version to 1.14 (#868) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-10 09:07:39 -07:00
Caleb Doxsey
fe2369400c
proxy: only set validation context if trusted_ca is used (#863) 
* proxy: only set validation context if trusted_ca is used

* fix test
 2020-06-09 13:45:03 -06:00
Cuong Manh Le
9e711b4612
internal/httputil: add HTTPStatsRoundTripper to DefaultClient (#828) 2020-06-08 14:34:32 -04:00
Yuchen Ying
7abe3a3b02
Remove additional indirection. (#848) 
o is already a pointer to Options struct.
 2020-06-08 07:36:24 -06:00
Aidan Steele
48912dbc33
Fix small typo (#836) 2020-06-07 07:46:47 -04:00
Travis Groth
6f938562ca
Add backport action (#829) 2020-06-06 16:19:38 -04:00
Cuong Manh Le
4d5edb0d64
Feature/remove request headers (#822) 
* config: add RemoveRequestHeaders

Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.

This is also a preparation for future PRs to implement disable user
identity in request headers feature.

* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
 2020-06-03 07:46:51 -07:00
Caleb Doxsey
b80a419699
xds: use ipv4 address when ipv6 is disabled (#823) 2020-06-02 13:05:44 -06:00
Bobby DeSimone
afe22fd24b
posts: 0-9-0 release notes (#820) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-01 20:29:50 -07:00
Renovate Bot
7e77a2fc9f chore(deps): update module stretchr/testify to v1.6.0 2020-06-01 19:29:46 +00:00
Renovate Bot
db2ca576fd chore(deps): update module caddyserver/certmagic to v0.11.0 2020-06-01 17:54:45 +00:00
Renovate Bot
ab00c68cc8 chore(deps): update google.golang.org/genproto commit hash to 0f60399 2020-06-01 16:47:54 +00:00
Caleb Doxsey
fca17d365a
xds: force ipv4 for localhost to workaround ipv6 issue in docker compose (#819) 2020-06-01 08:58:28 -06:00
Caleb Doxsey
12e373249b
config: strip quotes from http redirect addr (#818) 2020-06-01 08:51:56 -06:00
Renovate Bot
44784e98fe chore(deps): update golang.org/x/net commit hash to 3c3fba1 2020-06-01 13:49:57 +00:00
Renovate Bot
c973174d30 chore(deps): update github.com/natefinch/atomic commit hash to 18c0533 2020-06-01 12:33:54 +00:00
Travis Groth
914b952854
envoy: Switch to distroless/base for releases (#810) 2020-05-31 10:18:03 -04:00
Bobby DeSimone
44cf1fba1f
deployment: prepare 0.9.0 (#798) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-30 18:07:57 -07:00
Bobby DeSimone
eae217851a
authenticate: clear session if ctx fails (#806) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-29 17:25:09 -07:00
Caleb Doxsey
b88a619c0d
docs: add mTLS recipe (#807) 
* docs: add mTLS recipe

* add argo and mtls to sidebar
 2020-05-29 16:10:40 -06:00
Travis Groth
f97341dcb8
Fix autocache telemetry labels (#805) 2020-05-29 17:47:45 -04:00
Travis Groth
06e3f5def5
Fix missing/incorrect grpc labels (#804) 2020-05-29 15:57:58 -04:00
Travis Groth
6761cc7a14
telemetry: service label updates (#802) 2020-05-29 15:16:22 -04:00