3pp-mirror/pomerium: Pomerium is an identity and context-aware access proxy.

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 18:07:17 +02:00

Pomerium is an identity and context-aware access proxy.

beyondcorp gateway go iam identity identity-aware-proxy pomerium reverse-proxy vpn zero-trust

Find a file

Kenneth Jenkins 74e648630f authorize: remove JWT timestamp format workaround (#4321 ) Update OPA to v0.54.0, which changes the JSON serialization behavior for large integers. Remove the formatting workaround and the unit test that verified that the workaround was still needed.		2023-06-30 11:54:46 -07:00
.github	ci: updates (#4269 )	2023-06-20 09:58:15 -06:00
.vscode	use tlsClientConfig instead of custom dialer (#3830 )	2022-12-27 09:55:36 -07:00
authenticate	authenticate: remove extraneous error log (#4319 )	2023-06-28 11:02:06 -07:00
authorize	authorize: remove JWT timestamp format workaround (#4321 )	2023-06-30 11:54:46 -07:00
cmd/pomerium	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00
config	Allow clearing default Azure and Google auth code options (#4315 )	2023-06-27 09:11:54 -07:00
databroker	config: remove source, remove deadcode, fix linting issues (#4118 )	2023-04-21 17:25:11 -06:00
examples	Update grafana.ini.yml (#4045 )	2023-03-08 09:18:50 -07:00
integration	add downstream mTLS integration test cases (#4234 )	2023-06-13 10:25:21 -07:00
internal	Allow clearing default Azure and Google auth code options (#4315 )	2023-06-27 09:11:54 -07:00
ospkg	move directory providers (#3633 )	2022-11-03 11:33:56 -06:00
pkg	config: update logic for checking overlapping certificates (#4216 )	2023-06-01 09:30:46 -06:00
proxy	config: add cookie_same_site option (#4148 )	2023-05-03 14:36:42 -06:00
scripts	dependencies: upgrade go and envoy (#4116 )	2023-04-17 16:44:58 -06:00
ui	adds success colors for statuses in the 200 range (#4314 )	2023-06-30 16:18:35 +02:00
.codecov.yml	development: change codecov precision	2019-07-18 16:49:37 -07:00
.dockerignore	frontend: react+mui (#3004 )	2022-02-07 08:47:58 -07:00
.fossa.yml	rm cli code (#2824 )	2021-12-15 16:25:21 -05:00
.gitattributes	assets: use embed instead of statik (#1960 )	2021-03-03 18:56:55 -07:00
.gitignore	tls: wildcard catch-all cert must be at the end of cert list (#4119 )	2023-04-21 12:37:32 -04:00
.golangci.yml	config: remove source, remove deadcode, fix linting issues (#4118 )	2023-04-21 17:25:11 -06:00
.pre-commit-config.yaml	integration: add single-cluster integration tests (#2516 )	2021-08-24 15:35:05 -06:00
.tool-versions	dependencies: upgrade go and envoy (#4116 )	2023-04-17 16:44:58 -06:00
3RD-PARTY	dependencies: vendor base58, remove shortuuid (#2739 )	2021-11-02 09:23:15 -06:00
DEBUG.MD	deplyoment: add debug build / container / docs (#1513 )	2020-10-13 16:54:21 -04:00
Dockerfile	chore(deps): bump node from `f658ece` to `05824f7` (#4272 )	2023-06-16 11:57:07 -06:00
Dockerfile.debug	chore(deps): bump node from `f658ece` to `05824f7` (#4272 )	2023-06-16 11:57:07 -06:00
go.mod	authorize: remove JWT timestamp format workaround (#4321 )	2023-06-30 11:54:46 -07:00
go.sum	authorize: remove JWT timestamp format workaround (#4321 )	2023-06-30 11:54:46 -07:00
LICENSE	initial release	2019-01-02 12:13:36 -08:00
Makefile	config: remove source, remove deadcode, fix linting issues (#4118 )	2023-04-21 17:25:11 -06:00
pomerium.go	fix go get, improve redis test (#2450 )	2021-08-06 12:07:20 -06:00
README.md	Update README.md (#4146 )	2023-05-02 08:08:49 -06:00
RELEASING.md	deployment: update RELEASING.md (#3503 )	2022-08-16 10:40:03 -07:00
SECURITY.md	Update SECURITY.md (#4144 )	2023-05-01 15:17:50 -04:00
tools.go	config: remove source, remove deadcode, fix linting issues (#4118 )	2023-04-21 17:25:11 -06:00

README.md

Pomerium is an identity and context-aware reverse proxy that brokers secure access to apps and services at scale. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.

Pomerium can be used in situations where you'd typically reach for a VPN, but, unlike a VPN, does not require a client and uses identity and context, not network locality to determine access.

Pomerium can be used to:

provide a single-sign-on gateway to internal applications.
enforce dynamic access policy based on context, identity, and device identity.
aggregate access logs and telemetry data.
a VPN alternative.

Docs

For comprehensive docs, and tutorials see our documentation.

Integration Tests

To run the integration tests locally, first build a local development image:

./scripts/build-dev-docker.bash

Next go to the integration/clusters folder and pick a cluster, for example google-single, then use docker-compose to start the cluster. We use an environment variable to specify the dev docker image we built earlier:

cd integration/clusters/google-single
env POMERIUM_TAG=dev docker-compose up -V

Once that's up and running you can run the integration tests from another terminal:

go test -count=1 -v ./integration/...

If you need to make a change to the clusters themselves, there's a tpl folder that contains jsonnet files. Make a change and then rebuild the clusters by running:

go run ./integration/cmd/pomerium-integration-tests/ generate-configuration