d8d59ddded
The debian 'stable' images configure apt to install from the rolling 'stable' repository, rather than a specific Debian release. Thus even though we pin to a specific Docker image digest, the packages installed by 'apt-get' can change when a new Debian release is promoted to stable. Instead, pin to an image where apt is configured to install from repositories for a specific Debian release (in this case, bullseye). |
||
|---|---|---|
| .github | ||
| .vscode | ||
| authenticate | ||
| authorize | ||
| cmd/pomerium | ||
| config | ||
| databroker | ||
| examples | ||
| integration | ||
| internal | ||
| ospkg | ||
| pkg | ||
| proxy | ||
| scripts | ||
| ui | ||
| .codecov.yml | ||
| .dockerignore | ||
| .fossa.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .pre-commit-config.yaml | ||
| .tool-versions | ||
| 3RD-PARTY | ||
| DEBUG.MD | ||
| Dockerfile | ||
| Dockerfile.debug | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| Makefile | ||
| pomerium.go | ||
| README.md | ||
| RELEASING.md | ||
| SECURITY.md | ||
| tools.go | ||
Pomerium is an identity and context-aware reverse proxy that brokers secure access to apps and services at scale. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.
Pomerium can be used in situations where you'd typically reach for a VPN, but, unlike a VPN, does not require a client and uses identity and context, not network locality to determine access.
Pomerium can be used to:
- provide a single-sign-on gateway to internal applications.
- enforce dynamic access policy based on context, identity, and device identity.
- aggregate access logs and telemetry data.
- a VPN alternative.
Docs
For comprehensive docs, and tutorials see our documentation.
Integration Tests
To run the integration tests locally, first build a local development image:
./scripts/build-dev-docker.bash
Next go to the integration/clusters folder and pick a cluster, for example google-single, then use docker-compose to start the cluster. We use an environment variable to specify the dev docker image we built earlier:
cd integration/clusters/google-single
env POMERIUM_TAG=dev docker-compose up -V
Once that's up and running you can run the integration tests from another terminal:
go test -count=1 -v ./integration/...
If you need to make a change to the clusters themselves, there's a tpl folder that contains jsonnet files. Make a change and then rebuild the clusters by running:
go run ./integration/cmd/pomerium-integration-tests/ generate-configuration