3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 02:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
1292 commits 165 branches 127 tags 104 MiB
Commit graph

109 commits

Author SHA1 Message Date
Travis Groth
f946d940f5
config: require shared key if using redis backed databroker (#1801) 2021-01-22 16:28:18 -05:00
wasaga
4017e0681a
upstream health check config (#1796) 2021-01-21 15:23:06 -05:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00
Caleb Doxsey
70b4497595
databroker: rename cache service (#1790) 
* rename cache folder

* rename cache service everywhere

* skip yaml in examples

* Update docs/docs/topics/data-storage.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-21 08:41:22 -07:00
Caleb Doxsey
a4c7381eba
config: support multiple destination addresses (#1789) 
* config: support multiple destination addresses

* use constructor for string slice

* add docs

* add test for multiple destinations

* fix name
 2021-01-20 15:18:24 -07:00
wasaga
c6b6141d12
new skip_xff_append option (#1788) 
Added `skip_xff_append` configuration option. When set, proxy would not append it's IP address to `x-forwarded-for` HTTP header.
 2021-01-20 10:56:29 -05:00
Caleb Doxsey
d9699cbcb9
policy: add outlier_detection (#1786) 
* add support for cluster outlier detection

* add docs
 2021-01-20 08:33:48 -07:00
Caleb Doxsey
09747aa3ba
add support for proxy protocol on HTTP listener (#1777) 
* add support for proxy protocol on HTTP listener

* rename option, add doc
 2021-01-19 05:56:58 -07:00
Caleb Doxsey
10912add67
config: detect underlying file changes (#1775) 
* wip

* cleanup

* add test

* use uuid for temp dir, derive root CA path from filemgr for tests

* fix comment

* fix double close

* use latest notify
 2021-01-14 18:06:02 -07:00
Caleb Doxsey
c99994bed8
config: support redirect actions (#1776) 
* add route redirect options

* add xds support for redirect

* add test

* handle nil destinations

* remove unchanged statik files

* remove unchanged statik files

* update docs

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-01-14 16:18:27 -07:00
Caleb Doxsey
ab4a68f56f
remove user impersonation and service account cli (#1768) 
* remove user impersonation and service account cli

* update doc

* remove user impersonation url query params

* fix flaky test
 2021-01-12 09:28:29 -07:00
Caleb Doxsey
00734243b3
telemetry: add support for datadog tracing (#1743) 
* add support for datadog tracing

* omitempty on datadog address

* envoy: add datadog exporter for tracing
 2021-01-06 12:27:23 -07:00
Caleb Doxsey
4f0ce4bc82
fix coverage (#1741) 
* fix coverage

* fix data races
 2021-01-06 08:30:38 -07:00
bobby
f837c92741
dev: update linter (#1728) 
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-12-30 09:02:57 -08:00
Travis Groth
4fbbf28a16
config: fix ignored yaml fields (#1698) 2020-12-17 11:13:09 -05:00
Caleb Doxsey
ad828c6e84
add support for TCP routes (#1695) 2020-12-16 13:09:48 -07:00
bobby
5bbd745934
authorize: add signature algo support (RSA / EdDSA) (#1631) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 17:14:41 -08:00
bobby
652e8bb3d3
deps: update hashstructure v2 (#1632) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-11-30 16:53:21 -08:00
Caleb Doxsey
2d5690dde6
remove deprecated cache_service_url config option (#1614) 
* remove deprecated cache_service_url config option

* remove broken test

* update integration test config

* update nginx example

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-11-23 14:57:29 -07:00
Philip Wassermann
85a5961e5e
authorize: add allow_any_authenticated_user policy (#1515) 2020-11-05 11:20:50 -07:00
Caleb Doxsey
ccdd1e5586
use custom default http transport (#1576) 
* use custom default http transport

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update config/http.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* return early

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-11-04 15:35:10 -07:00
Caleb Doxsey
153e438eb6
authorize: implement allowed_idp_claims (#1542) 
* add arbitrary claims to session

* add support for maps

* update flattened claims

* fix eol

* fix trailing whitespace

* fix tests
 2020-10-23 14:05:37 -06:00
Caleb Doxsey
04c582121d
add flag to enable user impersonation (#1514) 
* add flag to enable user impersonation

* fix typo
 2020-10-14 08:17:59 -06:00
Caleb Doxsey
6e385f800a
config: add support for host header rewriting (#1457) 
* config: add support for host header rewriting

* fix lint
 2020-09-25 09:36:39 -06:00
Caleb Doxsey
54d37e62e8
config: add dns_lookup_family option to customize DNS IP resolution (#1436) 2020-09-21 15:32:37 -06:00
Caleb Doxsey
4fb90fabe8
config: support explicit prefix and regex path rewriting (#1363) 
* config: support explicity prefix and regex path rewriting

* add rewrite tests
 2020-09-02 13:48:19 -06:00
Caleb Doxsey
a269441c34
proxy: disable control-plane robots.txt for public unauthenticated routes (#1361) 2020-09-02 07:56:15 -06:00
Cuong Manh Le
9de99d0211
all: add signout redirect url (#1324) 
Fixes #1213
 2020-08-25 01:23:58 +07:00
Caleb Doxsey
c4c8ef8e53
azure: support deriving credentials from client id, client secret and provider url (#1300) 2020-08-18 10:17:28 -06:00
Cuong Manh Le
6518aa6023 Upgrade zipkin-go to v0.2.3 
Test needs to be changed to use lowercase name, as required by zipkin
JSON API v2 spec.

See: https://github.com/openzipkin/zipkin-go/pull/166
 2020-08-17 16:48:50 +07:00
Cuong Manh Le
f356ff5581 config: add idp qps config 2020-08-14 09:50:49 +07:00
Caleb Doxsey
fbf5b403b9
config: allow dynamic configuration of cookie settings (#1267) 2020-08-13 08:11:34 -06:00
Cuong Manh Le
ddcfe7a5e9 config: do not test for exact route id 
Different go version can genearte different route id, due to the fact
that we are relying on xxhash.
 2020-08-12 22:20:50 +07:00
Caleb Doxsey
f822c9a5d2
config: allow reloading of telemetry settings (#1255) 
* metrics: support dynamic configuration settings

* add test

* trace: update configuration when settings change

* config: allow logging options to be configured when settings change

* envoy: allow changing log settings

* fix unexpected doc change

* fix tests

* pick a port at random

* update based on review
 2020-08-12 08:14:15 -06:00
Cuong Manh Le
0d611c2a40
config: warn if custom scopes set for builtin providers (#1252) 
* config: warn if custom scopes set for builtin providers

Fixes #1144

* config: make warn msg constant
 2020-08-11 23:23:34 +07:00
Caleb Doxsey
1285a9d91d
databroker: add support for config settings (#1253) 2020-08-11 07:50:19 -06:00
Travis Groth
fbb367d393
config: omit empty subpolicies in yaml/json (#1229) 2020-08-07 14:43:28 -04:00
Cuong Manh Le
f4a0e9e103 config: add more test cases for options 2020-08-07 23:03:00 +07:00
Cuong Manh Le
a4043eb049 config: add tests for policy 2020-08-07 23:03:00 +07:00
Travis Groth
6df65fe197
config: fix loading storage client cert from wrong location (#1212) 2020-08-05 12:50:10 -04:00
Cuong Manh Le
73abed0d21
all: update outdated comments about OptionsUpdater interface (#1207) 
In #1088, OptionsUpdater was removed, but current code still mention it.
This commit updates all comments which still mention about that
interface (authorize is exlcuded, and will be updated in #1206).
 2020-08-05 21:39:24 +07:00
Travis Groth
7a53e6bb42
proxy: add support for spdy upgrades (#1203) 2020-08-04 13:26:14 -04:00
Travis Groth
01d0f7de6e
config: additional kubernetes token source support (#1200) 2020-08-04 09:40:51 -04:00
Cuong Manh Le
bc61206b78
pkg/storage/redis: add redis TLS support (#1163) 
Fixes #1156
 2020-07-31 19:37:23 +07:00
Travis Groth
aab9ec413e
fix lint errors (#1171) 2020-07-31 00:00:06 -04:00
Travis Groth
aa8ba35332
config: default to google idp credentials for serverless (#1170) 2020-07-30 20:21:41 -04:00
Travis Groth
3c4513a91e
telmetry: add databroker storage metrics and tracing (#1161) 
* telmetry: add databroker storage metrics and tracing
 2020-07-30 18:19:23 -04:00
Cuong Manh Le
1640151bc1
databroker server backend config (#1127) 
* config,docs: add databroker storage backend configuration

* cache: allow configuring which backend storage to use

Currently supported types are "memory", "redis".
 2020-07-23 10:42:43 +07:00
Caleb Doxsey
504197d83b
custom rego in databroker (#1124) 
* add support for sub policies

* add support for sub policies

* update authz rego policy to support sub policies
 2020-07-22 10:44:05 -06:00
Travis Groth
75f2ed93ea
Set loopback address by ipv4 IP (#1116) 2020-07-20 22:31:48 -04:00