added CHANGELOG and updated release README template (#650)

* Show HTTP path segments as a list of strings in the right pane

* Use better variable names

acceptanceTests/cypress.json

@@ -4,10 +4,13 @@
   "viewportHeight": 1080,
   "video": false,
   "screenshotOnRunFailure": false,
+
   "testFiles":
   ["tests/GuiPort.js",
   "tests/MultipleNamespaces.js",
+  "tests/RedactTests.js",
   "tests/Regex.js"],
+
   "env": {
     "testUrl": "http://localhost:8899/"
   }

acceptanceTests/cypress/integration/tests/RedactTests.js

@@ -0,0 +1,23 @@
+const inHeader = 'User-Header[REDACTED]';
+const inBody = '{ "User": "[REDACTED]" }';
+const shouldExist = Cypress.env('shouldExist');
+
+it('Loading Mizu', function () {
+    cy.visit(Cypress.env('testUrl'));
+})
+
+it(`should ${shouldExist ? '' : 'not'} include ${inHeader}`, function () {
+    cy.get('.CollapsibleContainer', { timeout : 15 * 1000}).first().next().then(headerElements => { //TODO change the path and refactor the body and head functions
+        const allText = headerElements.text();
+        if (allText.includes(inHeader) !== shouldExist)
+            throw new Error(`The headers panel doesnt include ${inHeader}`);
+    });
+});
+
+it(`should ${shouldExist ? '' : 'not'} include ${inBody}`, function () {
+    cy.get('.hljs').then(bodyElement => {
+        const line = bodyElement.text();
+        if (line.includes(inBody) !== shouldExist)
+            throw new Error(`The body panel doesnt include ${inBody}`);
+    });
+});

acceptanceTests/tap_test.go

@@ -3,7 +3,6 @@ package acceptanceTests
 import (
 	"archive/zip"
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -378,59 +377,7 @@ func TestTapRedact(t *testing.T) {
 		}
 	}
 
-	redactCheckFunc := func() error {
-		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
-
-		entries, err := getDBEntries(timestamp, defaultEntriesCount, 1*time.Second)
-		if err != nil {
-			return err
-		}
-		err = checkEntriesAtLeast(entries, 1)
-		if err != nil {
-			return err
-		}
-		firstEntry := entries[0]
-
-		entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, firstEntry["id"])
-		requestResult, requestErr := executeHttpGetRequest(entryUrl)
-		if requestErr != nil {
-			return fmt.Errorf("failed to get entry, err: %v", requestErr)
-		}
-
-		entry := requestResult.(map[string]interface{})["data"].(map[string]interface{})
-		request := entry["request"].(map[string]interface{})
-
-		headers := request["_headers"].([]interface{})
-		for _, headerInterface := range headers {
-			header := headerInterface.(map[string]interface{})
-			if header["name"].(string) != "User-Header" {
-				continue
-			}
-
-			userHeader := header["value"].(string)
-			if userHeader != "[REDACTED]" {
-				return fmt.Errorf("unexpected result - user agent is not redacted")
-			}
-		}
-
-		postData := request["postData"].(map[string]interface{})
-		textDataStr := postData["text"].(string)
-
-		var textData map[string]string
-		if parseErr := json.Unmarshal([]byte(textDataStr), &textData); parseErr != nil {
-			return fmt.Errorf("failed to parse text data, err: %v", parseErr)
-		}
-
-		if textData["User"] != "[REDACTED]" {
-			return fmt.Errorf("unexpected result - user in body is not redacted")
-		}
-
-		return nil
-	}
-	if err := retriesExecute(shortRetriesCount, redactCheckFunc); err != nil {
-		t.Errorf("%v", err)
-		return
-	}
+	runCypressTests(t, fmt.Sprintf("npx cypress run --spec  \"cypress/integration/tests/RedactTests.js\" --env shouldExist=true"))
 }
 
 func TestTapNoRedact(t *testing.T) {
@@ -482,59 +429,7 @@ func TestTapNoRedact(t *testing.T) {
 		}
 	}
 
-	redactCheckFunc := func() error {
-		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
-
-		entries, err := getDBEntries(timestamp, defaultEntriesCount, 1*time.Second)
-		if err != nil {
-			return err
-		}
-		err = checkEntriesAtLeast(entries, 1)
-		if err != nil {
-			return err
-		}
-		firstEntry := entries[0]
-
-		entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, firstEntry["id"])
-		requestResult, requestErr := executeHttpGetRequest(entryUrl)
-		if requestErr != nil {
-			return fmt.Errorf("failed to get entry, err: %v", requestErr)
-		}
-
-		entry := requestResult.(map[string]interface{})["data"].(map[string]interface{})
-		request := entry["request"].(map[string]interface{})
-
-		headers := request["_headers"].([]interface{})
-		for _, headerInterface := range headers {
-			header := headerInterface.(map[string]interface{})
-			if header["name"].(string) != "User-Header" {
-				continue
-			}
-
-			userHeader := header["value"].(string)
-			if userHeader == "[REDACTED]" {
-				return fmt.Errorf("unexpected result - user agent is redacted")
-			}
-		}
-
-		postData := request["postData"].(map[string]interface{})
-		textDataStr := postData["text"].(string)
-
-		var textData map[string]string
-		if parseErr := json.Unmarshal([]byte(textDataStr), &textData); parseErr != nil {
-			return fmt.Errorf("failed to parse text data, err: %v", parseErr)
-		}
-
-		if textData["User"] == "[REDACTED]" {
-			return fmt.Errorf("unexpected result - user in body is redacted")
-		}
-
-		return nil
-	}
-	if err := retriesExecute(shortRetriesCount, redactCheckFunc); err != nil {
-		t.Errorf("%v", err)
-		return
-	}
+	runCypressTests(t, "npx cypress run --spec  \"cypress/integration/tests/RedactTests.js\" --env shouldExist=false")
 }
 
 func TestTapRegexMasking(t *testing.T) {

agent/main.go

@@ -128,7 +128,7 @@ func main() {
 		syncEntriesConfig := getSyncEntriesConfig()
 		if syncEntriesConfig != nil {
 			if err := up9.SyncEntries(syncEntriesConfig); err != nil {
-				panic(fmt.Sprintf("Error syncing entries, err: %v", err))
+				logger.Log.Error("Error syncing entries, err: %v", err)
 			}
 		}
 

cli/README.md.TEMPLATE

@@ -1,6 +1,7 @@
 # Mizu release _SEM_VER_
+Full changelog for stable release see in [docs](https://github.com/up9inc/mizu/blob/main/docs/CHANGELOG.md)
 
-Download Mizu for your platform
+## Download Mizu for your platform
 
 **Mac** (Intel)
 ```

cli/cmd/installRunner.go

@@ -101,7 +101,8 @@ func watchApiServerPodReady(ctx context.Context, kubernetesProvider *kubernetes.
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
 	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.MizuResourcesNamespace}, podWatchHelper)
 
-	timeAfter := time.After(1 * time.Minute)
+	apiServerTimeoutSec := config.GetIntEnvConfig(config.ApiServerTimeoutSec, 120)
+	timeAfter := time.After(time.Duration(apiServerTimeoutSec) * time.Second)
 	for {
 		select {
 		case wEvent, ok := <-eventChan:

cli/cmd/tapRunner.go

@@ -306,7 +306,9 @@ func watchApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provi
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
 	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.MizuResourcesNamespace}, podWatchHelper)
 	isPodReady := false
-	timeAfter := time.After(25 * time.Second)
+
+	apiServerTimeoutSec := config.GetIntEnvConfig(config.ApiServerTimeoutSec, 120)
+	timeAfter := time.After(time.Duration(apiServerTimeoutSec) * time.Second)
 	for {
 		select {
 		case wEvent, ok := <-eventChan:

cli/config/envConfig.go

@@ -7,6 +7,7 @@ import (
 
 const (
 	ApiServerRetries = "API_SERVER_RETRIES"
+	ApiServerTimeoutSec = "API_SERVER_TIMEOUT_SEC"
 )
 
 func GetIntEnvConfig(key string, defaultValue int) int {

docs/CHANGELOG.md

@@ -0,0 +1,43 @@
+# CHANGELOG
+This document summarizes main and fixes changes published in stable (aka `main`) branch of this project.
+Ongoing work and development releases are under `develop` branch.
+
+## 0.22.0
+
+### main features
+* Service Mesh support -- mizu is now capable to tap mTLS traffic between pods connected by Istio service mesh
+  * Use `--service-mesh` option to enable this feature
+* New installation option - have the same Mizu functionality as long living pods in your cluster, with password protection
+  * To install use `mizu install` command
+  * To access use `mizu view` or `kubectl -n mizu port-forward svc/mizu-api-server`
+  * To uninstall run `mizu clean`
+* At first login
+  * Set admin password as prompted, use it to login to mizu later on.
+  * After login, user should select cluster namespaces to tap: by default all namespaces in the cluster are selected, user can select/unselect according to their needs. These settings are retained and can be modified at any time via Settings menu (cog icon on the top-right)
+
+
+### improvements
+* improved Mizu permissions/roles logic to support clusters with strict PodSecurityPolicy (PSP) -- see [PERMISSIONS](PERMISSIONS.md) doc for more details
+ 
+### notable bug fixes
+* mizu now works properly when API service is exposed via HTTPS url
+* mizu now properly displays KAFKA message body 
+
+
+
+
+## 0.21.0
+
+### main features
+* New traffic search & stream exprience
+* Rich query language with full-text search capabilities on headers & body
+* Distinct live-streaming vs paging/browsing modes, all with filter applied
+
+### improvements
+* GUI - source and destination IP addresses & service names for each traffic item
+* GUI - Mizu health - display warning sign in top bar when not all requested pods are successfully tapped
+* GUI - pod tapping status reflected in the list (ok or problem)
+* Mizu telemetry - report platform type
+
+### fixes
+* Request duration and body size properly shown in GUI (instead of -1)

tap/extensions/http/helpers.go

@@ -3,14 +3,15 @@ package main
 import (
 	"encoding/json"
 	"fmt"
+	"strconv"
 
 	"github.com/up9inc/mizu/tap/api"
 )
 
 func mapSliceRebuildAsMap(mapSlice []interface{}) (newMap map[string]interface{}) {
 	newMap = make(map[string]interface{})
-	for _, header := range mapSlice {
-		h := header.(map[string]interface{})
+	for _, item := range mapSlice {
+		h := item.(map[string]interface{})
 		newMap[h["name"].(string)] = h["value"]
 	}
 
@@ -19,8 +20,8 @@ func mapSliceRebuildAsMap(mapSlice []interface{}) (newMap map[string]interface{}
 
 func representMapSliceAsTable(mapSlice []interface{}, selectorPrefix string) (representation string) {
 	var table []api.TableData
-	for _, header := range mapSlice {
-		h := header.(map[string]interface{})
+	for _, item := range mapSlice {
+		h := item.(map[string]interface{})
 		selector := fmt.Sprintf("%s[\"%s\"]", selectorPrefix, h["name"].(string))
 		table = append(table, api.TableData{
 			Name:     h["name"].(string),
@@ -33,3 +34,19 @@ func representMapSliceAsTable(mapSlice []interface{}, selectorPrefix string) (re
 	representation = string(obj)
 	return
 }
+
+func representSliceAsTable(slice []interface{}, selectorPrefix string) (representation string) {
+	var table []api.TableData
+	for i, item := range slice {
+		selector := fmt.Sprintf("%s[%d]", selectorPrefix, i)
+		table = append(table, api.TableData{
+			Name:     strconv.Itoa(i),
+			Value:    item.(interface{}),
+			Selector: selector,
+		})
+	}
+
+	obj, _ := json.Marshal(table)
+	representation = string(obj)
+	return
+}

tap/extensions/http/main.go

@@ -9,6 +9,7 @@ import (
 	"log"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/up9inc/mizu/tap/api"
@@ -209,6 +210,7 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 	request["url"] = reqDetails["url"].(string)
 	reqDetails["targetUri"] = reqDetails["url"]
 	reqDetails["path"] = path
+	reqDetails["pathSegments"] = strings.Split(path, "/")[1:]
 	reqDetails["summary"] = path
 
 	// Rearrange the maps for the querying
@@ -296,6 +298,15 @@ func representRequest(request map[string]interface{}) (repRequest []interface{})
 		Data:  string(details),
 	})
 
+	pathSegments := request["pathSegments"].([]interface{})
+	if len(pathSegments) > 1 {
+		repRequest = append(repRequest, api.SectionData{
+			Type:  api.TABLE,
+			Title: "Path Segments",
+			Data:  representSliceAsTable(pathSegments, `request.pathSegments`),
+		})
+	}
+
 	repRequest = append(repRequest, api.SectionData{
 		Type:  api.TABLE,
 		Title: "Headers",