10 commits

Author	SHA1	Message	Date
Caleb Doxsey	fca17d365a	xds: force ipv4 for localhost to workaround ipv6 issue in docker compose (#819)	2020-06-01 08:58:28 -06:00
Caleb Doxsey	f770ccfedd	config: add getters for URLs to avoid nils (#777) ... * config: add getters for URLs to avoid nils * allow nil url for cache grpc client connection in authenticate	2020-05-26 11:36:18 -06:00
Caleb Doxsey	dedf4b1428	controlplane: xds unit tests (#770) ... * xds: use plain functions, add unit tests for control plane routes * xds: add test for grpc routes * xds: add test for pomerium http routes * xds: add test for policy routes * xds: use plain functions * xds: test get all routeable domains * xds: add build downstream tls context test * more tests * test for client cert * more tests	2020-05-25 11:14:07 -06:00
Caleb Doxsey	1859f6d06b	envoy: switch to STRICT_DNS (#733)	2020-05-19 09:17:05 -06:00
Caleb Doxsey	959c9e8225	envoy: always populate pomerium-authz cluster (#730)	2020-05-19 08:11:12 -06:00
Caleb Doxsey	14c27974b9	envoy: enable TLS verification for internal services (#726)	2020-05-18 19:22:50 -06:00
Caleb Doxsey	e854cfe83b	envoy: implement policy TLS options (#724) ... * envoy: implement policy TLS options * fix tests * log which CAs are being used	2020-05-18 16:52:51 -06:00
Caleb Doxsey	dccec1e646	envoy: support autocert (#695) ... * envoy: support autocert * envoy: fallback to http host routing if sni fails to match * update comment * envoy: renew certs when necessary * fix tests	2020-05-18 17:10:10 -04:00
Caleb Doxsey	0d9a372182	envoy: implement refresh session (#674) ... * authorize: refresh session WIP * remove upstream cookie with lua * only refresh session on expired * authorize: handle session expiration * authorize: add refresh test, fix isExpired check * proxy: implement preserve host header option * authorize: allow CORS preflight requests * proxy: add request headers * authenticate: use id token expiry	2020-05-18 17:10:10 -04:00
Travis Groth	99e788a9b4	envoy: Initial changes	2020-05-18 17:10:10 -04:00