3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-22 21:47:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
965 commits 161 branches 127 tags 104 MiB
Commit graph

965 commits

This branch
This branch
All branches
Author SHA1 Message Date
renovate[bot]
adaaed2481
chore(deps): update module yaml to v2.3.0 (#717) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-05-19 09:14:57 -07:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Bobby DeSimone
c85b12a137
envoy: verify helathcheck enpoints (#725) 
* envoy: verify helathcheck enpoints
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:35:19 -07:00
Bobby DeSimone
ca499ac9be
envoy: add jwt-assertion (#727) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-19 08:34:49 -07:00
Caleb Doxsey
1859f6d06b
envoy: switch to STRICT_DNS (#733) 2020-05-19 09:17:05 -06:00
Caleb Doxsey
959c9e8225
envoy: always populate pomerium-authz cluster (#730) 2020-05-19 08:11:12 -06:00
Renovate Bot
0ca5230467 chore(deps): update module caddyserver/certmagic to v0.10.13 2020-05-19 02:45:14 +00:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
14c27974b9
envoy: enable TLS verification for internal services (#726) 2020-05-18 19:22:50 -06:00
Caleb Doxsey
e854cfe83b
envoy: implement policy TLS options (#724) 
* envoy: implement policy TLS options

* fix tests

* log which CAs are being used
 2020-05-18 16:52:51 -06:00
Renovate Bot
e24e026ffc Update golang.org/x/net commit hash to a91f071 2020-05-18 22:26:25 +00:00
Caleb Doxsey
533dc4a96d Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Caleb Doxsey
b4ac3ca8d8 skip failing tests 2020-05-18 17:10:10 -04:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache (#698) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ef399380b7 merge master 2020-05-18 17:10:10 -04:00
Travis Groth
d514ec2ecf Proxy envoy metrics through control plane prometheus endpoint (#709) 
* Proxy metrics requests to envoy control plane
 2020-05-18 17:10:10 -04:00
Travis Groth
5ea1f719a7 Only run testing on master branch pushes and pull requests (#706) 2020-05-18 17:10:10 -04:00
Travis Groth
96a95c5aff Update jwt_claims_headers docs (#705) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
1bee3b0df9 envoy: fix sni/hostname mismatched routing for http2 connection coalescing (#703) 2020-05-18 17:10:10 -04:00
Travis Groth
65bb1501fd deployment: Envoy cross platform improvements (#701) 
* Share processgroup on all platforms

* Fix cross platform release handling
 2020-05-18 17:10:10 -04:00
Travis Groth
d58f68ab15 Update build and release process for envoy embedding (#699) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
dccec1e646 envoy: support autocert (#695) 
* envoy: support autocert

* envoy: fallback to http host routing if sni fails to match

* update comment

* envoy: renew certs when necessary

* fix tests
 2020-05-18 17:10:10 -04:00
Travis Groth
0c1ac5a575 Return an error regardless of envoy's exit status (#694) 2020-05-18 17:10:10 -04:00
Travis Groth
f5a9bad3d6 enable ipv6 grpc routing (#692) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
41855e5419 envoy: use envoy request id for logging across systems with http and gRPC (#691) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
593c47f8ac proxy: remove pomerium cookie and authorization from upstream requests (#687) 
* proxy: remove pomerium cookie and authorization from upstream requests

* fix typo
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
5819bf1408 authorize: return jwt claims in request headers (#688) 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code

* authorize: return jwt claims in request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
af649d3eb0 envoy: implement header and query param session loading (#684) 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
0d9a372182 envoy: implement refresh session (#674) 
* authorize: refresh session WIP

* remove upstream cookie with lua

* only refresh session on expired

* authorize: handle session expiration

* authorize: add refresh test, fix isExpired check

* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers

* authenticate: use id token expiry
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
ae3049baca envoy: implement set_request_headers (#673) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests

* proxy: add request headers
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
98d2f194a0 authorize: allow CORS preflight requests (#672) 
* proxy: implement preserve host header option

* authorize: allow CORS preflight requests
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
d92ee8d2a0 proxy: implement preserve host header option (#671) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
3879fe2f2a proxy: add websocket support (#670) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00
Renovate Bot
8f78497e99 Update module google.golang.org/api to v0.24.0 2020-05-18 14:55:47 +00:00
Renovate Bot
fe35489657 Update module golang/protobuf to v1.4.2 2020-05-18 13:16:44 +00:00
Bjoern Weidlich
1a1a5a11f9
Documentation around Pomerium/Istio/Grafana (#675) 
* Added an example of how to protect Grafana with Pomerium inside of an Istio mesh
* Added relevant documentation links
 2020-05-17 22:26:09 -07:00
Renovate Bot
9ede2be7c5 Update module google/go-cmp to v0.4.1 2020-05-18 01:43:57 +00:00
Caleb Doxsey
49067c8f06
integration-tests: TLS policy configuration options (#708) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* generate additional tls certs

* integration-tests: tls_skip_verify option

* integration-tests: wait for openid to come up before starting authenticate

* add tls_server_name test

* add test for tls_custom_ca

* increase setup timeout to 15 minutes

* fix secret name reference

* mtls wip

* mtls wip

* add test for client_cert
 2020-05-15 16:37:09 -06:00
Caleb Doxsey
397d4a9f51
integration-tests: switch to go for backends to support TLS scenarios (#707) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* fix duplicate port value
 2020-05-15 09:25:27 -06:00
Bobby DeSimone
1cba3d50eb
docs: fixes to v0.8.0 docs (#696) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-13 12:38:01 -07:00
Bobby DeSimone
80166bcc40
deployment: release v0.8.0 (#686) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-05-12 19:10:12 -07:00
Renovate Bot
e5e043ee12 Update module spf13/viper to v1.7.0 2020-05-11 20:39:19 +00:00
Renovate Bot
60c10c6e4e Update golang.org/x/net commit hash to 7e3656a 2020-05-11 19:37:35 +00:00
Renovate Bot
960c07f777 Update module google.golang.org/api to v0.23.0 2020-05-11 17:35:44 +00:00
Renovate Bot
d988fb39eb Update module gorilla/websocket to v1.4.2 2020-05-11 16:32:06 +00:00
Renovate Bot
aef79d62ec Update module go-acme/lego/v3 to v3.7.0 2020-05-11 15:18:04 +00:00
Renovate Bot
425316e8bb Update module golang/protobuf to v1.4.1 2020-05-11 13:33:28 +00:00