Pomerium is an identity and context-aware reverse proxy that brokers secure access to apps and services at scale. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.
Pomerium can be used in situations where you'd typically reach for a VPN, but, unlike a VPN, does not require a client and uses identity and context, not network locality to determine access.
Pomerium can be used to:
- provide a single-sign-on gateway to internal applications.
- enforce dynamic access policy based on context, identity, and device identity.
- aggregate access logs and telemetry data.
- a VPN alternative.
For comprehensive docs, and tutorials see our documentation.
To run the integration tests locally, first build a local development image:
./scripts/build-dev-docker.bashNext go to the integration/clusters folder and pick a cluster, for example google-single, then use docker-compose to start the cluster. We use an environment variable to specify the dev docker image we built earlier:
cd integration/clusters/google-single
env POMERIUM_TAG=dev docker-compose up -VOnce that's up and running you can run the integration tests from another terminal:
go test -count=1 -v ./integration/...If you need to make a change to the clusters themselves, there's a tpl folder that contains jsonnet files. Make a change and then rebuild the clusters by running:
go run ./integration/cmd/pomerium-integration-tests/ generate-configuration