pomerium

module
Version: v0.15.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 15, 2021 License: Apache-2.0

README

pomerium logo

pomerium chat GitHub Actions Go Report Card GoDoc LICENSE Docker Pulls

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium can be used to:

  • provide a single-sign-on gateway to internal applications.
  • enforce dynamic access policy based on context, identity, and device identity.
  • aggregate access logs and telemetry data.
  • a VPN alternative.

Docs

For comprehensive docs, and tutorials see our documentation.

Directories

Path Synopsis
Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).
Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).
Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).
Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).
evaluator
Package evaluator contains rego evaluators for evaluating authorize policy.
Package evaluator contains rego evaluators for evaluating authorize policy.
evaluator/opa
Package opa implements the policy evaluator interface to make authorization decisions.
Package opa implements the policy evaluator interface to make authorization decisions.
cmd
pomerium-cli
Package main implements the pomerium-cli.
Package main implements the pomerium-cli.
Package config is a configuration abstraction that facilitates enabling Pomerium settings forvarious encoding types (JSON/YAML/ENVARS) and methods.
Package config is a configuration abstraction that facilitates enabling Pomerium settings forvarious encoding types (JSON/YAML/ENVARS) and methods.
envoyconfig
Package envoyconfig contains a Builder for building Envoy configuration from Pomerium configuration.
Package envoyconfig contains a Builder for building Envoy configuration from Pomerium configuration.
envoyconfig/filemgr
Package filemgr defines a Manager for managing files for the controlplane.
Package filemgr defines a Manager for managing files for the controlplane.
Package databroker is a pomerium service that handles the storage of user session state.
Package databroker is a pomerium service that handles the storage of user session state.
examples
integration
pkg
cryptutil
Package cryptutil provides cryptographic utility functions, complementing the lower level abstractions found in the standard library.
Package cryptutil provides cryptographic utility functions, complementing the lower level abstractions found in the standard library.
grpc
Package grpc provides gRPC utility functions, complementing the more common ones in the github.com/grpc/grpc-go package
Package grpc provides gRPC utility functions, complementing the more common ones in the github.com/grpc/grpc-go package
grpc/config
Package config contains protobuf definitions for config.
Package config contains protobuf definitions for config.
grpc/crypt
Package crypt contains cryptographic protobuf messages.
Package crypt contains cryptographic protobuf messages.
grpc/databroker
Package databroker contains databroker protobuf definitions.
Package databroker contains databroker protobuf definitions.
grpc/databroker/mock_databroker
Package mock_databroker is a generated GoMock package.
Package mock_databroker is a generated GoMock package.
grpc/directory
Package directory contains protobuf types for directory users.
Package directory contains protobuf types for directory users.
grpc/session
Package session contains protobuf types for sessions.
Package session contains protobuf types for sessions.
grpc/user
Package user contains protobuf types for users.
Package user contains protobuf types for users.
grpcutil
Package grpcutil contains functions for interacting with gRPC.
Package grpcutil contains functions for interacting with gRPC.
logutil
Package logutil contains functionality for working with logs.
Package logutil contains functionality for working with logs.
metrics
Package metrics declares metrics names and labels that pomerium exposes as constants that could be referred to from other projects
Package metrics declares metrics names and labels that pomerium exposes as constants that could be referred to from other projects
policy
Package policy contains an implementation of the Pomerium Policy Language.
Package policy contains an implementation of the Pomerium Policy Language.
policy/criteria
Package criteria contains all the pre-defined criteria as well as a registry to add new criteria.
Package criteria contains all the pre-defined criteria as well as a registry to add new criteria.
policy/generator
Package generator converts Pomerium Policy Language into Rego.
Package generator converts Pomerium Policy Language into Rego.
policy/parser
Package parser contains a parser for Pomerium Policy Language.
Package parser contains a parser for Pomerium Policy Language.
policy/rules
Package rules contains useful pre-defined rego AST rules.
Package rules contains useful pre-defined rego AST rules.
protoutil
Package protoutil contains functions for working with protobuf types.
Package protoutil contains functions for working with protobuf types.
storage
Package storage provide generic interface to interact with storage backend.
Package storage provide generic interface to interact with storage backend.
storage/inmemory
Package inmemory contains an in-memory implementation of the databroker backend.
Package inmemory contains an in-memory implementation of the databroker backend.
storage/redis
Package redis implements the storage.Backend interface for redis.
Package redis implements the storage.Backend interface for redis.
Package proxy is a pomerium service that provides reverse proxying of internal routes.
Package proxy is a pomerium service that provides reverse proxying of internal routes.
internal
authclient
Package authclient contains a CLI authentication client for Pomerium.
Package authclient contains a CLI authentication client for Pomerium.
autocert
Package autocert implements automatic management of TLS certificates.
Package autocert implements automatic management of TLS certificates.
cliutil
Package cliutil contains functionality related to CLI apps.
Package cliutil contains functionality related to CLI apps.
cmd/pomerium
Package pomerium houses the main pomerium CLI command.
Package pomerium houses the main pomerium CLI command.
contextkeys
Package contextkeys defines common context keys shared between packages
Package contextkeys defines common context keys shared between packages
controlplane
Package controlplane contains the HTTP and gRPC base servers and the xDS gRPC implementation for envoy.
Package controlplane contains the HTTP and gRPC base servers and the xDS gRPC implementation for envoy.
controlplane/xdsmgr
Package xdsmgr implements a resource discovery manager for envoy.
Package xdsmgr implements a resource discovery manager for envoy.
databroker
Package databroker contains a data broker implementation.
Package databroker contains a data broker implementation.
directory
Package directory implements the user group directory service.
Package directory implements the user group directory service.
directory/auth0
Package auth0 contains the Auth0 directory provider.
Package auth0 contains the Auth0 directory provider.
directory/auth0/mock_auth0
Package mock_auth0 is a generated GoMock package.
Package mock_auth0 is a generated GoMock package.
directory/azure
Package azure contains an azure active directory directory provider.
Package azure contains an azure active directory directory provider.
directory/github
Package github contains a directory provider for github.
Package github contains a directory provider for github.
directory/gitlab
Package gitlab contains a directory provider for gitlab.
Package gitlab contains a directory provider for gitlab.
directory/google
Package google contains the Google directory provider.
Package google contains the Google directory provider.
directory/okta
Package okta contains the Okta directory provider.
Package okta contains the Okta directory provider.
directory/onelogin
Package onelogin contains the onelogin directory provider.
Package onelogin contains the onelogin directory provider.
directory/ping
Package ping implements a directory provider for Ping.
Package ping implements a directory provider for Ping.
encoding
Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations.
Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations.
encoding/ecjson
Package ecjson represents encrypted and compressed content using JSON-based
Package ecjson represents encrypted and compressed content using JSON-based
encoding/jws
Package jws represents content secured with digitalsignatures using JSON-based data structures as specified by rfc7515
Package jws represents content secured with digitalsignatures using JSON-based data structures as specified by rfc7515
encoding/mock
Package mock implements a mock implementation of MarshalUnmarshaler.
Package mock implements a mock implementation of MarshalUnmarshaler.
envoy
Package envoy creates and configures an envoy server.
Package envoy creates and configures an envoy server.
envoy/files
Package files contains files for use with envoy.
Package files contains files for use with envoy.
fileutil
Package fileutil provides file utility functions, complementing the lower level abstractions found in the standard library.
Package fileutil provides file utility functions, complementing the lower level abstractions found in the standard library.
frontend
Package frontend handles the generation, and instantiation of Pomerium's html templates.
Package frontend handles the generation, and instantiation of Pomerium's html templates.
hashutil
Package hashutil provides NON-CRYPTOGRAPHIC utility functions for hashing.
Package hashutil provides NON-CRYPTOGRAPHIC utility functions for hashing.
httputil
Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package
Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package
httputil/reproxy
Package reproxy contains a handler for re-proxying traffic through the http controlplane.
Package reproxy contains a handler for re-proxying traffic through the http controlplane.
identity
Package identity provides support for making OpenID Connect (OIDC) and OAuth2 authenticated HTTP requests with third party identity providers.
Package identity provides support for making OpenID Connect (OIDC) and OAuth2 authenticated HTTP requests with third party identity providers.
identity/identity
Package identity is a package to avoid a dependency cycle.
Package identity is a package to avoid a dependency cycle.
identity/manager
Package manager contains an identity manager responsible for refreshing sessions and creating users.
Package manager contains an identity manager responsible for refreshing sessions and creating users.
identity/oauth
Package oauth provides support for making OAuth2 authorized and authenticated HTTP requests, as specified in RFC 6749.
Package oauth provides support for making OAuth2 authorized and authenticated HTTP requests, as specified in RFC 6749.
identity/oauth/github
Package github implements OAuth2 based authentication for github https://www.pomerium.io/docs/identity-providers/github.html
Package github implements OAuth2 based authentication for github https://www.pomerium.io/docs/identity-providers/github.html
identity/oidc
Package oidc implements a generic OpenID Connect provider.
Package oidc implements a generic OpenID Connect provider.
identity/oidc/auth0
Package auth0 implements OpenID Connect for auth0 https://www.pomerium.io/docs/identity-providers/auth0.html
Package auth0 implements OpenID Connect for auth0 https://www.pomerium.io/docs/identity-providers/auth0.html
identity/oidc/azure
Package azure implements OpenID Connect for Microsoft Azure https://www.pomerium.io/docs/identity-providers/azure.html
Package azure implements OpenID Connect for Microsoft Azure https://www.pomerium.io/docs/identity-providers/azure.html
identity/oidc/gitlab
Package gitlab implements OpenID Connect for Gitlab https://www.pomerium.io/docs/identity-providers/gitlab.html
Package gitlab implements OpenID Connect for Gitlab https://www.pomerium.io/docs/identity-providers/gitlab.html
identity/oidc/google
Package google implements OpenID Connect for Google and GSuite.
Package google implements OpenID Connect for Google and GSuite.
identity/oidc/okta
Package okta implements OpenID Connect for okta https://www.pomerium.io/docs/identity-providers/okta.html
Package okta implements OpenID Connect for okta https://www.pomerium.io/docs/identity-providers/okta.html
identity/oidc/onelogin
Package onelogin implements OpenID Connect for OneLogin https://www.pomerium.io/docs/identity-providers/one-login.html
Package onelogin implements OpenID Connect for OneLogin https://www.pomerium.io/docs/identity-providers/one-login.html
identity/oidc/ping
Package ping implements OpenID Connect for Ping https://www.pomerium.io/docs/identity-providers/ping.html
Package ping implements OpenID Connect for Ping https://www.pomerium.io/docs/identity-providers/ping.html
log
Package log provides a global logger for zerolog.
Package log provides a global logger for zerolog.
middleware
Package middleware provides a standard set of middleware for pomerium.
Package middleware provides a standard set of middleware for pomerium.
middleware/responsewriter
Package responsewriter contains helper functions that useful for hooking into various parts of a response.
Package responsewriter contains helper functions that useful for hooking into various parts of a response.
redisutil
Package redisutil contains functions for working with redis.
Package redisutil contains functions for working with redis.
registry
Package registry implements a service registry server.
Package registry implements a service registry server.
registry/inmemory
Package inmemory implements an in-memory registry.
Package inmemory implements an in-memory registry.
registry/redis
Package redis implements a registry in redis.
Package redis implements a registry in redis.
registry/redis/lua
Package lua contains lua source code.
Package lua contains lua source code.
scheduler
Package scheduler contains a priority queue based on time.
Package scheduler contains a priority queue based on time.
sessions
Package sessions handles the storage, management, and validation of pomerium user sessions.
Package sessions handles the storage, management, and validation of pomerium user sessions.
sessions/cookie
Package cookie provides a cookie based implementation of session store and loader.
Package cookie provides a cookie based implementation of session store and loader.
sessions/header
Package header provides a request header based implementation of a session loader.
Package header provides a request header based implementation of a session loader.
sessions/mock
Package mock provides a mock implementation of session store and loader.
Package mock provides a mock implementation of session store and loader.
sessions/queryparam
Package queryparam provides a query param based implementation of a both as session store and loader.
Package queryparam provides a query param based implementation of a both as session store and loader.
signal
Package signal provides mechanism for notifying multiple listeners when something happened.
Package signal provides mechanism for notifying multiple listeners when something happened.
tcptunnel
Package tcptunnel contains an implementation of a TCP tunnel via HTTP Connect.
Package tcptunnel contains an implementation of a TCP tunnel via HTTP Connect.
telemetry
Package telemetry contains metrics and tracing constructs
Package telemetry contains metrics and tracing constructs
telemetry/metrics
Package metrics contains support for OpenCensus distributed metrics.
Package metrics contains support for OpenCensus distributed metrics.
telemetry/requestid
Package requestid has functions for working with x-request-id in http/gRPC requests.
Package requestid has functions for working with x-request-id in http/gRPC requests.
telemetry/trace
Package trace contains support for OpenCensus distributed tracing.
Package trace contains support for OpenCensus distributed tracing.
tests/xdserr
Package xdserr to load test configuration updates
Package xdserr to load test configuration updates
testutil
Package testutil contains helper functions for unit tests.
Package testutil contains helper functions for unit tests.
tripper
Package tripper provides utility functions for working with the http.RoundTripper interface.
Package tripper provides utility functions for working with the http.RoundTripper interface.
urlutil
Package urlutil provides utility functions for working with go urls.
Package urlutil provides utility functions for working with go urls.
version
Package version enables setting build-time version using ldflags.
Package version enables setting build-time version using ldflags.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL