* Add the ability to set the insertion filter into CLI
* Resolve the conflict
* Upgrade Basenine to `v0.5.0` and check the insertion filter against syntax errors inside CLI
* Upgrade Basenine to `v0.5.1`
* Update the sums
* initial tls tapper commit
* add tls flag to mizu cli
* support ssl_read_ex/ssl_write_ex
* use hostproc to find libssl
* auto discover tls processes
* support libssl1.0
* recompile ebpf with old clang/llvm
* Update tap/passive_tapper.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* upgrade ebpf go lib
* handling big tls messages
* fixing max buffer size in ebpf
* remove unused import
* fix linter issues
* minor pr fixes
* compile with old clang
* fix cgroup file format
* pr fixes + cgroup extract enhance
* fix linter
* adding indirect ebpf dep to agent go.mod
* adding ebpf docker builder
* minor pr fixes
* add req resp matcher to dissect
* rename ssl hooks to ssl hooks structs
* move to alpine, use local copy of mizu instead of git, add readme
* use global req resp mather for tls
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* TRA-4235 Revert "Move Basenine binary into a separate container"
* Deploy the same agent image as a separate container for Basenine
Co-authored-by: Igor Gov <iggvrv@gmail.com>
- Rename --istio flag to the more general --service-mesh
- Rename internal variables, consts and structures to reflect this conceptual change
- Update the docs accordingly
prevPodPhase does not take into account the fact that there may be more
than one tapper pod. Therefore it is not clear what its value
represents. It is only used in a debug print. It is not worth the effort
to fix for that one debug print.
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* discover envoy pids using cluster ips
* add istio flag to cli + rename mtls flag to istio
* add istio.md to docs
* Fixing typos
* Fix minor typos and grammer in docs
Co-authored-by: Nimrod Gilboa Markevich <nimrod@up9.com>
Currently shared/kubernetes/watch.go:FilteredWatch only watches pods.
This PR makes it reusable for other types of resources.
This is done in preparation for watching k8s events.
* WIP
* WIP
* WIP
* WIP
* WIP
* Update tapRunner.go and k8sTapManager.go
* Update cleanRunner.go, common.go, and 8 more files...
* Update common.go, tapConfig.go, and 2 more files...
* Update config.go, config.go, and 5 more files...
* Update tapRunner.go, config.go, and 7 more files...
* Update cleanRunner.go, logs.go, and 2 more files...
* Update k8sTapManager.go, provider.go, and watch.go
* Update go.sum, go.mod, and go.sum
* Update go.mod and go.sum
* Update go.mod, go.sum, and 2 more files...
* Revert "Update go.mod, go.sum, and 2 more files..."
This reverts commit 8140311349.
* Update funcWrappers.go, tapRunner.go, and 4 more files...
* Update main.go, tapRunner.go, and mizuTapperSyncer.go
* Add OAS contract monitoring support
* Pass the contract failure reason to UI
* Fix the issues related to contract validation
* Fix rest of the issues in the UI
* Add documentation related to contract monitoring feature
* Fix a typo in the docs
* Unmarshal to `HTTPRequestResponsePair` only if the OAS validation is enabled
* Fix an issue caused by the merge commit
* Slightly change the logic in the `validateOAS` method
Change the `contractText` value to `No Breaches` or `Breach` and make the text `white-space: nowrap`.
* Retrieve and display the failure reason for both request and response
Also display the content of the contract/OAS file in the UI.
* Display the OAS under `CONTRACT` tab with syntax highlighting
Also fix the styling in the entry feed.
* Remove `EnforcePolicyFileDeprecated` constant
* Log the other errors as well
* Get context from caller instead
* Define a type for the contract status and make its values enum-like
* Remove an unnecessary `if` statement
* Validate OAS in the CLI before passing it to Agent
* Get rid of the `github.com/ghodss/yaml` dependency in `loadOAS` by using `LoadFromData`
* Fix an artifact from the merge conflict
