pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-07-16 08:16:18 +02:00

Author	SHA1	Message	Date
backport-actions-token[bot]	32eee8c74e	authorize: enforce service account expiration (#3662 ) authorize: enforce service account expiration (#3661) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2022-10-13 09:36:33 -06:00
Caleb Doxsey	c0ca1e1a98	authorize: handle user-unauthenticated response for deny blocks (#3559 ) * authorize: handle user-unauthenticated response for deny blocks * fix test	2022-08-22 17:09:26 -06:00
Caleb Doxsey	46703b9419	config: add branding settings (#3558 )	2022-08-16 14:51:47 -06:00
Caleb Doxsey	3c63b6c028	authorize: add policy error details for custom error messages (#3542 ) * authorize: add policy error details for custom error messages * remove fmt.Println * fix tests * add docs	2022-08-09 14:46:31 -06:00
Caleb Doxsey	b5ac7dbc76	sets: convert set types to generics (#3519 ) * sets: convert set types to generics * sets: use internal sets package	2022-07-29 12:32:17 -06:00
Caleb Doxsey	0ac7e45a21	atomicutil: use atomicutil.Value wherever possible (#3517 ) * atomicutil: use atomicutil.Value wherever possible * fix test * fix mux router	2022-07-28 15:38:38 -06:00
Caleb Doxsey	89a105c8e6	authorize: add request id to context (#3497 ) * authorize: add request id to context * fix context keys	2022-07-26 14:34:48 -06:00
Caleb Doxsey	fe61a74e1b	authorize: fix device synchronization (#3482 )	2022-07-15 17:27:06 -06:00
Caleb Doxsey	bc078f8bd2	authorize: fix x-forwarded-uri (#3479 ) * authorize: fix x-forwarded-uri * fix raw path	2022-07-14 09:32:48 -06:00
Caleb Doxsey	ca8db7b619	authorize: show plain text error page for traefik and nginx (#3477 )	2022-07-13 08:36:18 -06:00
Caleb Doxsey	86625a4ddb	config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453 )	2022-06-29 10:44:08 -06:00
Caleb Doxsey	15e3b3a431	authorize: allow missing user for authorization (#3421 )	2022-06-14 05:44:34 -06:00
Caleb Doxsey	493148b13f	authorize: fix not found check (#3410 )	2022-06-08 09:15:57 -06:00
Caleb Doxsey	f61e7efe73	authorize: use query instead of sync for databroker data (#3377 )	2022-06-01 15:40:07 -06:00
Seena Fallah	a2d2f34e24	fix: close the ticker after opened (#3318 ) This may cause a high cpu usage on each call Signed-off-by: Seena Fallah <seenafallah@gmail.com>	2022-05-04 09:55:25 -06:00
Caleb Doxsey	f73c5c615f	databroker: add support for putting multiple records (#3291 ) * databroker: add support for putting multiple records * add OptimumPutRequestsFromRecords function * replace GetAll with SyncLatest * fix stream when there are no records	2022-04-26 16:41:38 -06:00
Caleb Doxsey	74310b3de3	authorize: pass idp id for webauthn url, allow unauthenticated access to static files (#3282 )	2022-04-20 11:07:09 -06:00
Caleb Doxsey	c19048649a	authorize: add support for cidr lookups (#3277 )	2022-04-19 16:18:34 -06:00
Caleb Doxsey	761c17b8ac	grpc: wait for connect to be ready before making calls (#3253 ) * grpc: wait for connect to be ready before making calls * make sure to stop the ticker	2022-04-08 12:18:52 -06:00
Caleb Doxsey	d299b42509	authorize: add name claim (#3238 )	2022-04-05 12:08:00 -06:00
Caleb Doxsey	36f73fa6c7	authorize: track session and service account access date (#3220 ) * session: add accessed at date * authorize: track session and service account access times * Revert "databroker: add support for field masks on Put (#3210)" This reverts commit `2dc778035d`. * add test * fix data race in test * add deadline for update * track dropped accesses	2022-03-31 09:19:04 -06:00
Caleb Doxsey	a0e64b1cf9	authorize: add request IP to rego evaluation (#3107 )	2022-03-07 15:07:58 -07:00
Caleb Doxsey	99b9a3ee12	authorize: add support for passing access or id token upstream (#3047 ) * authorize: add support for passing access or id token upstream * use an enum	2022-02-17 09:28:31 -07:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	46c4d5fa7e	session: remove unused session state properties (#3022 ) * fix error page * share dashboard code * sessions: remove unused session state properties * remove programmatic * remove version	2022-02-09 10:59:06 -07:00
Caleb Doxsey	0898dd4f34	proxy: fix error page (#3020 ) * fix error page * proxy: fix error page * share dashboard code * fix test	2022-02-09 09:14:24 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	5b9a981191	handle device states in deny block, fix default device type (#2919 ) * handle device states in deny block, fix default device type * fix tests	2022-01-11 11:56:54 -07:00
cfanbo	84dad4c612	remove deprecated ioutil usages (#2877 ) * fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option * DOCS: Remove duplicate configuration items Remove duplicate configuration items of route * remove deprecated ioutil usages	2021-12-30 10:02:12 -08:00
Caleb Doxsey	a3be1b7cc5	devices: switch "default" device type to two built-in default device types (#2835 )	2021-12-20 10:44:29 -07:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00
Caleb Doxsey	2d04106e6d	ppl: add support for http_path and http_method (#2813 ) * ppl: add support for http_path and http_method * fix import ordering	2021-12-10 07:28:51 -07:00
Caleb Doxsey	c97dcf7e0f	envoy: add hash policy and routing key for hash-based load balancers (#2791 ) * envoy: add hash policy and routing key for hash-based load balancers * fix integration test * fix nginx	2021-12-01 13:42:12 -07:00
Caleb Doxsey	a8b76bd623	authorize: support X-Pomerium-Authorization in addition to Authorization (#2780 ) * authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>	2021-11-29 12:19:14 -07:00
Caleb Doxsey	d390e80b30	authenticate: add databroker versions to session cookie (#2709 ) * authenticate: add databroker versions to session cookie authorize: wait for databroker synchronization on updated sessions * fix test	2021-10-26 14:45:53 -06:00
Caleb Doxsey	3497c39b9b	authorize: add support for webauthn device policy enforcement (#2700 ) * authorize: add support for webauthn device policy enforcement * update docs * group statuses	2021-10-25 09:41:03 -06:00
Caleb Doxsey	6e48627b4d	ppl: add support for additional data (#2696 ) * ppl: add support for additional data * remove unused NewCriterionDeviceRule	2021-10-22 12:32:20 -06:00
Caleb Doxsey	efffe57bf0	ppl: pass contextual information through policy (#2612 ) * ppl: pass contextual information through policy * maybe fix nginx * fix nginx * pr comments * go mod tidy	2021-09-20 16:02:26 -06:00
Caleb Doxsey	0786c7fc45	authorize: use session.user_id in headers (#2571 )	2021-09-03 14:51:09 -06:00
Caleb Doxsey	33f5190572	config: remove signature_key_algorithm (#2557 ) * config: remove signature_key_algorithm * typo * add more tests	2021-09-02 11:36:43 -06:00
Caleb Doxsey	de1ed61b9a	authorize: fix google cloudrun header audience (#2558 )	2021-09-02 09:55:06 -06:00
Caleb Doxsey	ef55829cb0	authorize: fix X-Pomerium-Claim-Groups (#2539 )	2021-08-26 20:29:57 -06:00
Caleb Doxsey	f5a558d4a0	grpc: disable gRPC connection re-use across services (#2515 )	2021-08-24 11:47:16 -06:00
Caleb Doxsey	526f946097	fix forward-auth, logging (#2509 ) * fix forward-auth, logging * move error message	2021-08-23 17:50:04 -06:00
Caleb Doxsey	bbec2cae9f	grpc: send client traffic through envoy (#2469 ) * wip * wip * handle wildcards in override name * remove wait for ready, add comment about sync, force initial sync complete in test * address comments	2021-08-16 16:12:22 -06:00
bobby	87c3c675d2	all: remove unused handler code (#2439 ) * - Remove unused middleware Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove unused func weightedStrings Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove unused func getJWTSetCookieHeaders Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * Fix test name	2021-08-16 16:04:39 -04:00
Caleb Doxsey	6af0655206	protoutil: add NewAny method for deterministic serialization (#2462 )	2021-08-09 17:51:57 -06:00
Caleb Doxsey	a64e5b5fa1	authorize: add sid to JWT claims (#2420 ) * authorize: add sid to JWT claims * fix import ordering	2021-08-02 16:11:05 -06:00
Caleb Doxsey	57c0c0a1bc	authorize: log additional session details (#2419 )	2021-08-02 12:08:34 -06:00
Caleb Doxsey	1a95036b8c	sessions: add impersonate_session_id, remove legacy impersonation (#2407 ) * sessions: add impersonate_session_id, remove legacy impersonation * show impersonated user details * fix headers * address feedback * only check impersonate id on non-nil pbSession * Revert "only check impersonate id on non-nil pbSession" This reverts commit `a6f7ca5abd`.	2021-07-30 08:42:36 -06:00

1 2 3 4 5

239 commits