The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.
Fix ProtoBuf definition for additional autocert options
Fix PR comments and add ACME EAB configuration
Add configuration option for trusted CAs when talking ACME
Fix linter issues
copy edits
render updated reference to docs
Add test for autocert manager configuration
Add tests for autocert configuration options
Fix CI build issues
Don't set empty acme.EAB struct if configuration not set
Remove required email when setting custom CA
When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.
Update generated docs
Fix failing tests by recreation of a new ACMEManager
The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
* github: use GraphQL API to reduce number of API calls for directory sync
* fix id encoding
* github: use slug instead of id, update upgrading.md
* Update docs/docs/upgrading.md
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
In some instances the cert and key path returned from `mkcert -CAROOT` might contain spaces. If it does the example command fails with the somewhat cryptic error `error: exactly one NAME is required, got 3`. Quoting the values resolves the issue.
* define IdP acronym
* remove 'enable user imporsonation', which was removed
* copy edit recovery token
* integrate SA docs into reference
* rename Prometheus as Metrics
* init original context doc
* copy edit
* init Service Account page
* update and expand user context article
* fix header name
* copy edit
* update response path through Pomerium
* clarify SA name is user in policy creation
* updates to quickstart instructions
* Update docs/enterprise/install/quickstart.md
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* crosslink to databroker reference
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* update azure doc
* add 3d part warning
* Update docs/docs/identity-providers/azure.md
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* clarification and troubleshooting section
* adjust links to not be relative to page location
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Implement partial files
* fix markdown link
* Update Quickstart Doc
This update simplifies the quickstart process by assuming a local test environment without a TLS solution or a FQDN
* add TLS warning
* point to local verify container
* rm empty file
* reference Certificate topic page instructions
* update mkcert instructions
* Update docs/docs/install/readme.md
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update docs/partials/install-mkcert.md
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update examples/config/config.docker.yaml
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update examples/config/config.docker.yaml
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update examples/config/config.docker.yaml
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update examples/config/config.docker.yaml
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* review edits
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
