pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 01:47:33 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	94aa0b1a48	databroker: implement leases (#2172 ) * databroker: implement leases * return error * handle gRPC errors	2021-05-10 13:30:25 -06:00
Caleb Doxsey	a54d43b937	registry: implement redis backend (#2179 )	2021-05-10 10:33:37 -06:00
wasaga	cbaf33032d	report instance hostname (#2175 )	2021-05-04 15:46:21 -06:00
Caleb Doxsey	aeece76928	databroker: store issued at timestamp with session (#2173 )	2021-05-04 10:09:14 -06:00
wasaga	129df47f9c	xds extended event (#2158 )	2021-05-03 12:28:11 -04:00
Caleb Doxsey	b5b1013947	config: add client_crl (#2157 ) * config: add client_crl * address comments * add ignored file	2021-04-30 14:36:32 -06:00
Travis Groth	dae1836dff	internal/envoy: always extract envoy (#2160 )	2021-04-30 15:30:40 -04:00
Caleb Doxsey	d9cc26a2e0	authenticate,proxy: add same site lax to cookies (#2159 )	2021-04-30 10:24:47 -06:00
Caleb Doxsey	0adbf4f24c	controlplane: save configuration events to databroker (#2153 ) * envoy: save events to databroker * controlplane: add tests for envoy configuration events * format imports	2021-04-29 15:51:46 -06:00
bobby	9215833a0b	control plane: add request id to all error pages (#2149 ) * controlplane: add request id to all error pages - use a single http error handler for both envoy and go control plane - add http lib style status text for our custom statuses. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-04-28 15:04:44 -07:00
Caleb Doxsey	91c7dc742f	databroker: store server version in backend (#2142 )	2021-04-28 09:12:52 -06:00
Caleb Doxsey	636b3d6846	databroker: add options for maximum capacity (#2095 ) * databroker: add options * implement redis * add trace for enforce options	2021-04-26 17:14:54 -06:00
Caleb Doxsey	b3216ae854	httputil: fix SPDY support with reverse proxy (#2134 )	2021-04-26 14:45:07 -06:00
Caleb Doxsey	008bda99e2	envoyconfig: fix metrics ingress listener name (#2124 )	2021-04-26 07:49:48 -06:00
dependabot[bot]	d365771e90	chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 (#2074 ) * chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/caddyserver/certmagic/releases) - [Commits](https://github.com/caddyserver/certmagic/compare/v0.12.0...v0.13.0) Signed-off-by: dependabot[bot] <support@github.com> * autocert: fix for certmagic 0.12 -> 0.13 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-22 15:31:19 -06:00
Caleb Doxsey	b1d62bb541	config: remove validate side effects (#2109 ) * config: default shared key * handle additional errors * update grpc addr and grpc insecure * update google cloud service authentication service account * fix set response headers * fix qps * fix test	2021-04-22 15:10:50 -06:00
Hugo Blom	2806b67bee	drop tun.cfg.dstHost from jwtCacheKey (#2115 )	2021-04-22 11:50:37 -06:00
wasaga	e0c09a0998	log context (#2107 )	2021-04-22 10:58:13 -04:00
Caleb Doxsey	7c98e0ae76	xdsmgr: update resource versions on NACK (#2093 )	2021-04-16 08:23:40 -06:00
Caleb Doxsey	116805acb3	config: rename headers to set_response_headers (#2081 ) * config: rename headers to set_response_headers * Update config/options.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2021-04-14 11:22:21 -07:00
Caleb Doxsey	f760cdece5	envoyconfig: move most bootstrap config to shared package (#2088 )	2021-04-14 12:07:49 -06:00
wasaga	c12c0aab49	metrics_address should be optional parameter (#2087 )	2021-04-13 15:56:35 -04:00
Caleb Doxsey	1dcccf2b56	envoy: refactor controlplane xds to new envoyconfig package (#2086 )	2021-04-13 13:51:44 -06:00
Caleb Doxsey	6d1d2bec54	crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075 ) * crypto: use actual bytes of shared secret, not the base64 encoded representation * return errors * return errors	2021-04-08 20:04:01 -06:00
Caleb Doxsey	aeb8aaf9cd	directory: remove provider from user id (#2068 )	2021-04-07 15:06:08 -06:00
Caleb Doxsey	a51c7140ea	cryptutil: use bytes for hmac (#2067 )	2021-04-07 14:57:24 -06:00
wasaga	a935c1ba30	config related metrics (#2065 )	2021-04-07 12:29:36 -07:00
Caleb Doxsey	294addd857	databroker: remove unused installation id, close streams when backend is closed (#2062 )	2021-04-06 13:41:19 -06:00
Caleb Doxsey	d8f11dcb91	proxy: support re-proxying request through control plane for kubernetes (#2051 ) * proxy: support re-proxying request from envoy for kubernetes * encrypt policy id for reproxy, implement tls options * add comment, use hmac * use httputil handler and error * remove reproxy headers on all incoming request * only allow re-proxying for kubernetes, strip headers * fix tests	2021-04-06 12:08:09 -06:00
Travis Groth	c7d243d742	proxy: restrict programmatic URLs to localhost (#2049 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:49 -04:00
Travis Groth	0635c838c9	authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:16 -04:00
contrun	c96ff595e5	fix not obtaining correct gitlab url because of empty string (#2044 )	2021-03-31 11:21:16 -06:00
Caleb Doxsey	d7ab817de7	authorize: add databroker server and record version to result, force sync via polling (#2024 ) * authorize: add databroker server and record version to result, force sync via polling * wrap inmem store to take read lock when grabbing databroker versions * address code review comments * reset max to 0	2021-03-31 10:09:06 -06:00
wasaga	c27cd9030d	support host:port in metrics_address (#2042 )	2021-03-30 18:54:33 -04:00
Caleb Doxsey	76bc7a7e9a	proxy: add nil check for fix-misdirected (#2040 ) * proxy: add nil check for fix-misdirected * fix test	2021-03-30 08:22:38 -06:00
wasaga	80c55dd50c	databroker: return server version in Get (#2039 )	2021-03-29 13:18:38 -04:00
Caleb Doxsey	4cc697ace4	autocert: add metrics for renewal count, total and next expiration (#2019 )	2021-03-25 08:03:04 -06:00
Caleb Doxsey	e2ebef44ef	telemetry: add installation id (#2017 ) * telemetry: add installation id * set installation id globally * remove unneeded changes	2021-03-24 07:22:54 -06:00
Caleb Doxsey	853d2dd478	config: use getters for certificates (#2001 ) * config: use getters for certificates * update log message	2021-03-23 08:02:50 -06:00
ntoofu	fee4979246	Add `xff_num_trusted_hops` config option (#2003 ) * Add `xff_num_trusted_hops` config option * Fix code formatting with gofmt * Update docs for `xff_num_trusted_hops`	2021-03-22 10:30:20 -06:00
Caleb Doxsey	3690a32855	config: use getters for authenticate, signout and forward auth urls (#2000 )	2021-03-19 14:49:25 -06:00
Caleb Doxsey	1febaa82ff	envoy: restrict permissions on embedded envoy binary (#1999 )	2021-03-19 09:51:14 -06:00
Caleb Doxsey	23bc3f979f	config: add headers to config proto (#1996 )	2021-03-19 08:06:01 -06:00
Caleb Doxsey	21d87f8fdc	xds: use ALPN Auto config for upstream protocol when possible (#1995 )	2021-03-18 14:25:00 -06:00
Caleb Doxsey	eddabc46c7	envoy: upgrade to v1.17.1 (#1993 )	2021-03-17 19:32:58 -06:00
Caleb Doxsey	77fe37c8c0	redis: add redis cluster support (#1992 ) * redis: add redis cluster support * redis: update docs	2021-03-17 13:48:41 -06:00
renovate[bot]	0b1e89925a	fix(deps): update module github.com/prometheus/procfs to v0.6.0 (#1969 )	2021-03-16 22:03:01 -04:00
Caleb Doxsey	975b56d2d2	redis: add support for redis-sentinel (#1991 ) * redis: add support for redis-sentinel * try setting hostname * try using container ips * try the default network * use container ip address	2021-03-16 16:45:08 -06:00
wasaga	816fb60b7c	procStat.CPUTime() is already a sum (#1979 )	2021-03-15 11:43:56 -04:00
Caleb Doxsey	a5731f7d92	identity: infer email from mail claim (#1977 )	2021-03-12 09:01:21 -07:00

1 2 3 4 5 ...

586 commits