3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 10:22:43 +02:00
Code Issues Projects Releases Packages Wiki Activity
1910 commits 165 branches 127 tags 104 MiB
Commit graph

205 commits

Author SHA1 Message Date
Caleb Doxsey
6e48627b4d
ppl: add support for additional data (#2696) 
* ppl: add support for additional data

* remove unused NewCriterionDeviceRule
 2021-10-22 12:32:20 -06:00
Denis Mishin
55fec9b51b
add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
bobby
45ce2027b2
config/envoyconfig: better duplicate message (#2661) 
Fixes #2655
 2021-10-04 19:37:03 -04:00
Caleb Doxsey
efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
 2021-09-20 16:02:26 -06:00
Caleb Doxsey
eca2fc62d8
ppl: use session.user_id instead of user.id for user criterion (#2562) 
* ppl: use session.user_id instead of user.id for user criterion

* fix test
 2021-09-03 07:53:00 -06:00
Caleb Doxsey
33f5190572
config: remove signature_key_algorithm (#2557) 
* config: remove signature_key_algorithm

* typo

* add more tests
 2021-09-02 11:36:43 -06:00
Denis Mishin
951d20ad52
fix: allow pomerium to start without certs (#2555) 2021-08-31 11:06:48 -04:00
Caleb Doxsey
1cbcb8335d
config: remove headers (#2522) 
* config: remove headers

* Update docs/docs/upgrading.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2021-08-25 09:20:17 -06:00
Caleb Doxsey
db43014d78
envoy: remove deprecated access_log_path (#2523) 2021-08-25 09:19:35 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
bobby
87c3c675d2
all: remove unused handler code (#2439) 
* - Remove unused middleware

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* remove unused func weightedStrings

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* remove unused func getJWTSetCookieHeaders

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* Fix test name
 2021-08-16 16:04:39 -04:00
Caleb Doxsey
6af0655206
protoutil: add NewAny method for deterministic serialization (#2462) 2021-08-09 17:51:57 -06:00
Caleb Doxsey
63ee30d69c
options: remove refresh_cooldown, add allow_spdy to proto (#2446) 2021-08-06 10:06:57 -06:00
Caleb Doxsey
94eb3c1149
config: remove grpc server max connection age options (#2427) 
* config: remove grpc server max connection age options

* remove docs
 2021-08-03 09:39:48 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
3026efb5af
envoyconfig: improvements (#2402) 
* add alpn function

* add comment

* address PR feedback
 2021-07-27 16:44:15 -06:00
Caleb Doxsey
0620cfdc50
config: add support for embedded PPL policy (#2401) 2021-07-27 13:44:10 -06:00
Caleb Doxsey
c34118360d
ppl: remove support for aliases (#2400) 2021-07-27 12:29:42 -06:00
Caleb Doxsey
1c627e5724
disable http/2 for websockets (#2399) 2021-07-26 20:09:18 -06:00
Caleb Doxsey
8a74fae2e7
urlutil: improve error message for urls with port in path (#2377) 2021-07-20 11:08:50 -06:00
Caleb Doxsey
ca8205f0b4
config: add warning about http URLs (#2358) 2021-07-13 11:12:03 -06:00
Caleb Doxsey
a9ba3ffff5
envoyconfig: default zipkin path to / when empty (#2359) 2021-07-13 11:11:49 -06:00
Caleb Doxsey
23552cfc1c
envoyconfig: only delete cached files, ignore noisy error (#2356) 2021-07-13 09:58:25 -06:00
Caleb Doxsey
cb09aa4199
envoyconfig: add bootstrap layered runtime configuration (#2343) 2021-07-07 15:18:02 -06:00
wasaga
3073146ff2
fix: timeout field in protobuf, add websocket tests 2021-07-07 12:06:56 -04:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
wasaga
41a2622736
certs: reject certs from databroker if they conflict with local (#2309) 2021-06-24 18:40:59 -04:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
9bce8314ba
envoy: refactor envoy embedding (#2296) 
* envoy: add full version

* remove unused import

* envoy: refactor envoy embedding

* fix lint

* commit ignored files

* maybe fix test
 2021-06-15 08:18:30 -06:00
Caleb Doxsey
02d9460765
envoy: fix usage of codec_type with alpn (#2277) 2021-06-07 14:26:20 -06:00
Caleb Doxsey
2156dbc553
envoy: always set jwt claim headers even if no value is available (#2261) 
* envoy: always set jwt claim headers even if no value is available

* add test
 2021-06-04 10:01:00 -07:00
Caleb Doxsey
c3286aa355
envoyconfig: use zipkin tracer (#2265) 2021-06-03 09:28:00 -06:00
Caleb Doxsey
513859665a
tracing: support dynamic reloading, more aggressive envoy restart (#2262) 
* tracing: support dynamic reloading, more aggressive envoy restart

* set exporter to nil

* actually register tracer
 2021-06-02 09:58:07 -06:00
wasaga
12c8bb2da4
authorize: preserve original context (#2247) 2021-06-01 11:10:35 -04:00
wasaga
96d6005639
config: warn about unrecognized keys (#2256) 2021-05-31 23:35:38 -04:00
bobby
c5f90e40f3
options: s/shared-key/shared secret (#2257) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-05-31 12:55:11 -07:00
Caleb Doxsey
9b61d04dd8
envoyconfig: fallback to global custom ca when no policy ca is defined (#2235) 
* envoyconfig: fallback to global custom ca when no policy ca is defined

* update upgrading

* combine custom ca with root cas
 2021-05-28 09:36:15 -06:00
Caleb Doxsey
91dd937468
policy: fix allowed idp claims PPL generation (#2243) 2021-05-27 15:12:12 -06:00
Caleb Doxsey
96b9702ee3
ppl: add data type, implement string and list matchers (#2228) 
* ppl: add data type, implement string and list matchers

* update policy converter
 2021-05-21 11:28:41 -06:00
Caleb Doxsey
a1061c5c03
envoy: add global response headers to local replies (#2217) 2021-05-20 08:56:43 -06:00
Caleb Doxsey
c489391bbf
ppl: convert config policy to ppl (#2218) 2021-05-19 12:42:36 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
bobby
27c8cd9bd8
proxy / controplane: use old upstream cipher suite (#2196) 2021-05-12 15:37:20 -07:00
Caleb Doxsey
da01082797
envoy: disable timeouts for kubernetes (#2189) 2021-05-11 14:42:49 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
Caleb Doxsey
b5b1013947
config: add client_crl (#2157) 
* config: add client_crl

* address comments

* add ignored file
 2021-04-30 14:36:32 -06:00
Caleb Doxsey
699ebf061a
config: add support for codec_type (#2156) 
* config: add support for codec_type

* add comma

* fix warning block

* fix docs
 2021-04-30 07:21:40 -06:00
Caleb Doxsey
636b3d6846
databroker: add options for maximum capacity (#2095) 
* databroker: add options

* implement redis

* add trace for enforce options
 2021-04-26 17:14:54 -06:00
Caleb Doxsey
b3216ae854
httputil: fix SPDY support with reverse proxy (#2134) 2021-04-26 14:45:07 -06:00
Caleb Doxsey
008bda99e2
envoyconfig: fix metrics ingress listener name (#2124) 2021-04-26 07:49:48 -06:00