fixed naming of latency to response time (#388)

Co-authored-by: Rami Berman <rami.berman@up9.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -12,9 +12,9 @@ A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
-1. Run mizu <command> '...'
-2. Click on '....'
-3. Scroll down to '....'
+1. Run `mizu <command> ...`
+2. Click on '...'
+3. Scroll down to '...'
 4. See error
 
 **Expected behavior**
@@ -22,17 +22,17 @@ A clear and concise description of what you expected to happen.
 
 **Logs**
 Upload logs:
-1. Run the mizu command with `--set dump-logs=true` (e.g `mizu tap --set dump-logs=true`) 
+1. Run the mizu command with `--set dump-logs=true` (e.g `mizu tap --set dump-logs=true`)
 2. Try to reproduce the issue
-3. CNTRL+C on terminal tab which runs mizu
-4. Upload the logs zip file from ~/.mizu/mizu_logs_**.zip
+3. <kbd>CTRL</kbd>+<kbd>C</kbd> on terminal tab which runs `mizu`
+4. Upload the logs zip file from `~/.mizu/mizu_logs_**.zip`
 
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 
 **Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome]
+ - OS: [e.g. macOS]
+ - Web Browser: [e.g. Google Chrome]
 
 **Additional context**
 Add any other context about the problem here.

Dockerfile

@@ -2,8 +2,10 @@ FROM node:14-slim AS site-build
 
 WORKDIR /app/ui-build
 
-COPY ui .
+COPY ui/package.json .
+COPY ui/package-lock.json .
 RUN npm i
+COPY ui .
 RUN npm run build
 
 

README.md

@@ -159,6 +159,13 @@ Such validation may test response for specific JSON fields, headers, etc.
 
 Please see [TRAFFIC RULES](docs/POLICY_RULES.md) page for more details and syntax.
 
+### OpenAPI Specification (OAS) Contract Monitoring
+
+An OAS/Swagger file can contain schemas under `parameters` and `responses` fields. With `--contract catalogue.yaml`
+CLI option, you can pass your API description to Mizu and the traffic will automatically be validated
+against the contracts.
+
+Please see [CONTRACT MONITORING](docs/CONTRACT_MONITORING.md) page for more details and syntax.
 
 ## How to Run local UI
 

acceptanceTests/go.mod

@@ -2,4 +2,9 @@ module github.com/up9inc/mizu/tests
 
 go 1.16
 
-require gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+require (
+	github.com/up9inc/mizu/shared v0.0.0
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+)
+
+replace github.com/up9inc/mizu/shared v0.0.0 => ../shared

acceptanceTests/go.sum

@@ -1,3 +1,7 @@
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=

acceptanceTests/tap_test.go

@@ -66,7 +66,7 @@ func TestTap(t *testing.T) {
 			entriesCheckFunc := func() error {
 				timestamp := time.Now().UnixNano() / int64(time.Millisecond)
 
-				entriesUrl := fmt.Sprintf("%v/api/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, entriesCount, timestamp)
+				entriesUrl := fmt.Sprintf("%v/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, entriesCount, timestamp)
 				requestResult, requestErr := executeHttpGetRequest(entriesUrl)
 				if requestErr != nil {
 					return fmt.Errorf("failed to get entries, err: %v", requestErr)
@@ -79,7 +79,7 @@ func TestTap(t *testing.T) {
 
 				entry :=  entries[0].(map[string]interface{})
 
-				entryUrl := fmt.Sprintf("%v/api/entries/%v", apiServerUrl, entry["id"])
+				entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, entry["id"])
 				requestResult, requestErr = executeHttpGetRequest(entryUrl)
 				if requestErr != nil {
 					return fmt.Errorf("failed to get entry, err: %v", requestErr)
@@ -188,7 +188,7 @@ func TestTapAllNamespaces(t *testing.T) {
 		return
 	}
 
-	podsUrl := fmt.Sprintf("%v/api/tapStatus", apiServerUrl)
+	podsUrl := fmt.Sprintf("%v/status/tap", apiServerUrl)
 	requestResult, requestErr := executeHttpGetRequest(podsUrl)
 	if requestErr != nil {
 		t.Errorf("failed to get tap status, err: %v", requestErr)
@@ -269,7 +269,7 @@ func TestTapMultipleNamespaces(t *testing.T) {
 		return
 	}
 
-	podsUrl := fmt.Sprintf("%v/api/tapStatus", apiServerUrl)
+	podsUrl := fmt.Sprintf("%v/status/tap", apiServerUrl)
 	requestResult, requestErr := executeHttpGetRequest(podsUrl)
 	if requestErr != nil {
 		t.Errorf("failed to get tap status, err: %v", requestErr)
@@ -352,7 +352,7 @@ func TestTapRegex(t *testing.T) {
 		return
 	}
 
-	podsUrl := fmt.Sprintf("%v/api/tapStatus", apiServerUrl)
+	podsUrl := fmt.Sprintf("%v/status/tap", apiServerUrl)
 	requestResult, requestErr := executeHttpGetRequest(podsUrl)
 	if requestErr != nil {
 		t.Errorf("failed to get tap status, err: %v", requestErr)
@@ -486,7 +486,7 @@ func TestTapRedact(t *testing.T) {
 	redactCheckFunc := func() error {
 		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
 
-		entriesUrl := fmt.Sprintf("%v/api/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
+		entriesUrl := fmt.Sprintf("%v/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
 		requestResult, requestErr := executeHttpGetRequest(entriesUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entries, err: %v", requestErr)
@@ -499,7 +499,7 @@ func TestTapRedact(t *testing.T) {
 
 		firstEntry :=  entries[0].(map[string]interface{})
 
-		entryUrl := fmt.Sprintf("%v/api/entries/%v", apiServerUrl, firstEntry["id"])
+		entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, firstEntry["id"])
 		requestResult, requestErr = executeHttpGetRequest(entryUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entry, err: %v", requestErr)
@@ -601,7 +601,7 @@ func TestTapNoRedact(t *testing.T) {
 	redactCheckFunc := func() error {
 		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
 
-		entriesUrl := fmt.Sprintf("%v/api/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
+		entriesUrl := fmt.Sprintf("%v/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
 		requestResult, requestErr := executeHttpGetRequest(entriesUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entries, err: %v", requestErr)
@@ -614,7 +614,7 @@ func TestTapNoRedact(t *testing.T) {
 
 		firstEntry :=  entries[0].(map[string]interface{})
 
-		entryUrl := fmt.Sprintf("%v/api/entries/%v", apiServerUrl, firstEntry["id"])
+		entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, firstEntry["id"])
 		requestResult, requestErr = executeHttpGetRequest(entryUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entry, err: %v", requestErr)
@@ -716,7 +716,7 @@ func TestTapRegexMasking(t *testing.T) {
 	redactCheckFunc := func() error {
 		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
 
-		entriesUrl := fmt.Sprintf("%v/api/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
+		entriesUrl := fmt.Sprintf("%v/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount, timestamp)
 		requestResult, requestErr := executeHttpGetRequest(entriesUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entries, err: %v", requestErr)
@@ -729,7 +729,7 @@ func TestTapRegexMasking(t *testing.T) {
 
 		firstEntry :=  entries[0].(map[string]interface{})
 
-		entryUrl := fmt.Sprintf("%v/api/entries/%v", apiServerUrl, firstEntry["id"])
+		entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, firstEntry["id"])
 		requestResult, requestErr = executeHttpGetRequest(entryUrl)
 		if requestErr != nil {
 			return fmt.Errorf("failed to get entry, err: %v", requestErr)
@@ -762,6 +762,116 @@ func TestTapRegexMasking(t *testing.T) {
 	}
 }
 
+func TestTapIgnoredUserAgents(t *testing.T) {
+	if testing.Short() {
+		t.Skip("ignored acceptance test")
+	}
+
+	cliPath, cliPathErr := getCliPath()
+	if cliPathErr != nil {
+		t.Errorf("failed to get cli path, err: %v", cliPathErr)
+		return
+	}
+
+	tapCmdArgs := getDefaultTapCommandArgs()
+
+	tapNamespace := getDefaultTapNamespace()
+	tapCmdArgs = append(tapCmdArgs, tapNamespace...)
+
+	ignoredUserAgentValue := "ignore"
+	tapCmdArgs = append(tapCmdArgs, "--set", fmt.Sprintf("tap.ignored-user-agents=%v", ignoredUserAgentValue))
+
+	tapCmd := exec.Command(cliPath, tapCmdArgs...)
+	t.Logf("running command: %v", tapCmd.String())
+
+	t.Cleanup(func() {
+		if err := cleanupCommand(tapCmd); err != nil {
+			t.Logf("failed to cleanup tap command, err: %v", err)
+		}
+	})
+
+	if err := tapCmd.Start(); err != nil {
+		t.Errorf("failed to start tap command, err: %v", err)
+		return
+	}
+
+	apiServerUrl := getApiServerUrl(defaultApiServerPort)
+
+	if err := waitTapPodsReady(apiServerUrl); err != nil {
+		t.Errorf("failed to start tap pods on time, err: %v", err)
+		return
+	}
+
+	proxyUrl := getProxyUrl(defaultNamespaceName, defaultServiceName)
+
+	ignoredUserAgentCustomHeader := "Ignored-User-Agent"
+	headers := map[string]string {"User-Agent": ignoredUserAgentValue, ignoredUserAgentCustomHeader: ""}
+	for i := 0; i < defaultEntriesCount; i++ {
+		if _, requestErr := executeHttpGetRequestWithHeaders(fmt.Sprintf("%v/get", proxyUrl), headers); requestErr != nil {
+			t.Errorf("failed to send proxy request, err: %v", requestErr)
+			return
+		}
+	}
+
+	for i := 0; i < defaultEntriesCount; i++ {
+		if _, requestErr := executeHttpGetRequest(fmt.Sprintf("%v/get", proxyUrl)); requestErr != nil {
+			t.Errorf("failed to send proxy request, err: %v", requestErr)
+			return
+		}
+	}
+
+	ignoredUserAgentsCheckFunc := func() error {
+		timestamp := time.Now().UnixNano() / int64(time.Millisecond)
+
+		entriesUrl := fmt.Sprintf("%v/entries?limit=%v&operator=lt&timestamp=%v", apiServerUrl, defaultEntriesCount * 2, timestamp)
+		requestResult, requestErr := executeHttpGetRequest(entriesUrl)
+		if requestErr != nil {
+			return fmt.Errorf("failed to get entries, err: %v", requestErr)
+		}
+
+		entries := requestResult.([]interface{})
+		if len(entries) == 0 {
+			return fmt.Errorf("unexpected entries result - Expected more than 0 entries")
+		}
+
+		for _, entryInterface := range entries {
+			entryUrl := fmt.Sprintf("%v/entries/%v", apiServerUrl, entryInterface.(map[string]interface{})["id"])
+			requestResult, requestErr = executeHttpGetRequest(entryUrl)
+			if requestErr != nil {
+				return fmt.Errorf("failed to get entry, err: %v", requestErr)
+			}
+
+			data := requestResult.(map[string]interface{})["data"].(map[string]interface{})
+			entryJson := data["entry"].(string)
+
+			var entry map[string]interface{}
+			if parseErr := json.Unmarshal([]byte(entryJson), &entry); parseErr != nil {
+				return fmt.Errorf("failed to parse entry, err: %v", parseErr)
+			}
+
+			entryRequest := entry["request"].(map[string]interface{})
+			entryPayload := entryRequest["payload"].(map[string]interface{})
+			entryDetails := entryPayload["details"].(map[string]interface{})
+
+			entryHeaders :=  entryDetails["headers"].([]interface{})
+			for _, headerInterface := range entryHeaders {
+				header := headerInterface.(map[string]interface{})
+				if header["name"].(string) != ignoredUserAgentCustomHeader {
+					continue
+				}
+
+				return fmt.Errorf("unexpected result - user agent is not ignored")
+			}
+		}
+
+		return nil
+	}
+	if err := retriesExecute(shortRetriesCount, ignoredUserAgentsCheckFunc); err != nil {
+		t.Errorf("%v", err)
+		return
+	}
+}
+
 func TestTapDumpLogs(t *testing.T) {
 	if testing.Short() {
 		t.Skip("ignored acceptance test")

acceptanceTests/testsUtils.go

@@ -12,12 +12,14 @@ import (
 	"strings"
 	"syscall"
 	"time"
+
+	"github.com/up9inc/mizu/shared"
 )
 
 const (
 	longRetriesCount     = 100
 	shortRetriesCount    = 10
-	defaultApiServerPort = 8899
+	defaultApiServerPort = shared.DefaultApiServerPort
 	defaultNamespaceName = "mizu-tests"
 	defaultServiceName   = "httpbin"
 	defaultEntriesCount  = 50
@@ -172,6 +174,21 @@ func executeHttpRequest(response *http.Response, requestErr error) (interface{},
 	return jsonBytesToInterface(data)
 }
 
+func executeHttpGetRequestWithHeaders(url string, headers map[string]string) (interface{}, error) {
+	request, err := http.NewRequest(http.MethodGet, url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for headerKey, headerValue := range headers {
+		request.Header.Add(headerKey, headerValue)
+	}
+
+	client := &http.Client{}
+	response, requestErr := client.Do(request)
+	return executeHttpRequest(response, requestErr)
+}
+
 func executeHttpGetRequest(url string) (interface{}, error) {
 	response, requestErr := http.Get(url)
 	return executeHttpRequest(response, requestErr)

agent/README.md

@@ -12,7 +12,8 @@ Basic APIs:
    `docker build . -t  gcr.io/up9-docker-hub/mizu/debug:latest -f debug.Dockerfile && docker push gcr.io/up9-docker-hub/mizu/debug:latest`
 
 ### Connecting
-1. Start mizu using the cli with the debug image `mizu tap --mizu-image gcr.io/up9-docker-hub/mizu/debug:latest {tapped_pod_name}`
+1. Start mizu using the cli with the debug
+   image `mizu tap --set agent-image=gcr.io/up9-docker-hub/mizu/debug:latest {tapped_pod_name}`
 2. Forward the debug port using `kubectl port-forward -n default mizu-api-server 2345:2345`
 3. Run the run/debug configuration you've created earlier in Intellij.
 

agent/go.mod

@@ -5,6 +5,7 @@ go 1.16
 require (
 	github.com/djherbis/atime v1.0.0
 	github.com/fsnotify/fsnotify v1.4.9
+	github.com/getkin/kin-openapi v0.76.0
 	github.com/gin-contrib/static v0.0.1
 	github.com/gin-gonic/gin v1.7.2
 	github.com/go-playground/locales v0.13.0
@@ -12,9 +13,9 @@ require (
 	github.com/go-playground/validator/v10 v10.5.0
 	github.com/google/martian v2.1.0+incompatible
 	github.com/gorilla/websocket v1.4.2
+	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/orcaman/concurrent-map v0.0.0-20210106121528-16402b402231
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7
 	github.com/up9inc/mizu/shared v0.0.0
 	github.com/up9inc/mizu/tap v0.0.0
 	github.com/up9inc/mizu/tap/api v0.0.0

agent/go.sum

@@ -68,6 +68,10 @@ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/getkin/kin-openapi v0.76.0 h1:j77zg3Ec+k+r+GA3d8hBoXpAc6KX9TbBPrwQGBIy2sY=
+github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-contrib/static v0.0.1 h1:JVxuvHPuUfkoul12N7dtQw7KRn/pSMq7Ue1Va9Swm1U=
@@ -75,6 +79,8 @@ github.com/gin-contrib/static v0.0.1/go.mod h1:CSxeF+wep05e0kCOsqWdAWbSszmc31zTI
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.7.2 h1:Tg03T9yM2xa8j6I3Z3oqLaQRSmKvxPd6g/2HJ6zICFA=
 github.com/gin-gonic/gin v1.7.2/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
+github.com/go-errors/errors v1.4.1 h1:IvVlgbzSsaUNudsw5dcXSzF3EWyXTi5XrAdngnuhRyg=
+github.com/go-errors/errors v1.4.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -83,10 +89,13 @@ github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
 github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -125,6 +134,8 @@ github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/V
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -176,6 +187,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -214,6 +227,7 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e h1:hB2xlXdHp/pmPZq0y3QnmWAArdw9PqbmotexnWx/FU8=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
@@ -239,6 +253,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/orcaman/concurrent-map v0.0.0-20210106121528-16402b402231 h1:fa50YL1pzKW+1SsBnJDOHppJN9stOEwS+CRWyUtyYGU=
 github.com/orcaman/concurrent-map v0.0.0-20210106121528-16402b402231/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -254,8 +270,6 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7 h1:jkvpcEatpwuMF5O5LVxTnehj6YZ/aEZN4NWD/Xml4pI=
-github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7/go.mod h1:KTrHyWpO1sevuXPZwyeZc72ddWRFqNSKDFl7uVWKpg0=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -271,6 +285,7 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -529,6 +544,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

agent/main.go

@@ -5,11 +5,11 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"mizuserver/pkg/api"
 	"mizuserver/pkg/controllers"
 	"mizuserver/pkg/models"
 	"mizuserver/pkg/routes"
+	"mizuserver/pkg/up9"
 	"mizuserver/pkg/utils"
 	"net/http"
 	"os"
@@ -18,13 +18,13 @@ import (
 	"path/filepath"
 	"plugin"
 	"sort"
-	"strings"
 
 	"github.com/gin-contrib/static"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
-	"github.com/romana/rlog"
+	"github.com/op/go-logging"
 	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
 	"github.com/up9inc/mizu/tap"
 	tapApi "github.com/up9inc/mizu/tap/api"
 )
@@ -41,30 +41,32 @@ var extensions []*tapApi.Extension             // global
 var extensionsMap map[string]*tapApi.Extension // global
 
 func main() {
+	logLevel := determineLogLevel()
+	logger.InitLoggerStderrOnly(logLevel)
 	flag.Parse()
 	loadExtensions()
-	hostMode := os.Getenv(shared.HostModeEnvVar) == "1"
-	tapOpts := &tap.TapOpts{HostMode: hostMode}
 
 	if !*tapperMode && !*apiServerMode && !*standaloneMode && !*harsReaderMode {
 		panic("One of the flags --tap, --api or --standalone or --hars-read must be provided")
 	}
 
-	filteringOptions := getTrafficFilteringOptions()
-
 	if *standaloneMode {
 		api.StartResolving(*namespace)
 
 		outputItemsChannel := make(chan *tapApi.OutputChannelItem)
 		filteredOutputItemsChannel := make(chan *tapApi.OutputChannelItem)
+
+		filteringOptions := getTrafficFilteringOptions()
+		hostMode := os.Getenv(shared.HostModeEnvVar) == "1"
+		tapOpts := &tap.TapOpts{HostMode: hostMode}
 		tap.StartPassiveTapper(tapOpts, outputItemsChannel, extensions, filteringOptions)
 
-		go filterItems(outputItemsChannel, filteredOutputItemsChannel, filteringOptions)
+		go filterItems(outputItemsChannel, filteredOutputItemsChannel)
 		go api.StartReadingEntries(filteredOutputItemsChannel, nil, extensionsMap)
 
 		hostApi(nil)
 	} else if *tapperMode {
-		rlog.Infof("Starting tapper, websocket address: %s", *apiServerAddress)
+		logger.Log.Infof("Starting tapper, websocket address: %s", *apiServerAddress)
 		if *apiServerAddress == "" {
 			panic("API server address must be provided with --api-server-address when using --tap")
 		}
@@ -72,16 +74,20 @@ func main() {
 		tapTargets := getTapTargets()
 		if tapTargets != nil {
 			tap.SetFilterAuthorities(tapTargets)
-			rlog.Infof("Filtering for the following authorities: %v", tap.GetFilterIPs())
+			logger.Log.Infof("Filtering for the following authorities: %v", tap.GetFilterIPs())
 		}
 
 		filteredOutputItemsChannel := make(chan *tapApi.OutputChannelItem)
+
+		filteringOptions := getTrafficFilteringOptions()
+		hostMode := os.Getenv(shared.HostModeEnvVar) == "1"
+		tapOpts := &tap.TapOpts{HostMode: hostMode}
 		tap.StartPassiveTapper(tapOpts, filteredOutputItemsChannel, extensions, filteringOptions)
-		socketConnection, err := utils.ConnectToSocketServer(*apiServerAddress)
+		socketConnection, _, err := websocket.DefaultDialer.Dial(*apiServerAddress, nil)
 		if err != nil {
 			panic(fmt.Sprintf("Error connecting to socket server at %s %v", *apiServerAddress, err))
 		}
-		rlog.Infof("Connected successfully to websocket %s", *apiServerAddress)
+		logger.Log.Infof("Connected successfully to websocket %s", *apiServerAddress)
 
 		go pipeTapChannelToSocket(socketConnection, filteredOutputItemsChannel)
 	} else if *apiServerMode {
@@ -90,15 +96,22 @@ func main() {
 		outputItemsChannel := make(chan *tapApi.OutputChannelItem)
 		filteredOutputItemsChannel := make(chan *tapApi.OutputChannelItem)
 
-		go filterItems(outputItemsChannel, filteredOutputItemsChannel, filteringOptions)
+		go filterItems(outputItemsChannel, filteredOutputItemsChannel)
 		go api.StartReadingEntries(filteredOutputItemsChannel, nil, extensionsMap)
 
+		syncEntriesConfig := getSyncEntriesConfig()
+		if syncEntriesConfig != nil {
+			if err := up9.SyncEntries(syncEntriesConfig); err != nil {
+				panic(fmt.Sprintf("Error syncing entries, err: %v", err))
+			}
+		}
+
 		hostApi(outputItemsChannel)
 	} else if *harsReaderMode {
 		outputItemsChannel := make(chan *tapApi.OutputChannelItem, 1000)
 		filteredHarChannel := make(chan *tapApi.OutputChannelItem)
 
-		go filterItems(outputItemsChannel, filteredHarChannel, filteringOptions)
+		go filterItems(outputItemsChannel, filteredHarChannel)
 		go api.StartReadingEntries(filteredHarChannel, harsDir, extensionsMap)
 		hostApi(nil)
 	}
@@ -107,7 +120,7 @@ func main() {
 	signal.Notify(signalChan, os.Interrupt)
 	<-signalChan
 
-	rlog.Info("Exiting")
+	logger.Log.Info("Exiting")
 }
 
 func loadExtensions() {
@@ -116,13 +129,13 @@ func loadExtensions() {
 
 	files, err := ioutil.ReadDir(extensionsDir)
 	if err != nil {
-		log.Fatal(err)
+		logger.Log.Fatal(err)
 	}
 	extensions = make([]*tapApi.Extension, len(files))
 	extensionsMap = make(map[string]*tapApi.Extension)
 	for i, file := range files {
 		filename := file.Name()
-		rlog.Infof("Loading extension: %s\n", filename)
+		logger.Log.Infof("Loading extension: %s\n", filename)
 		extension := &tapApi.Extension{
 			Path: path.Join(extensionsDir, filename),
 		}
@@ -147,7 +160,7 @@ func loadExtensions() {
 	})
 
 	for _, extension := range extensions {
-		log.Printf("Extension Properties: %+v\n", extension)
+		logger.Log.Infof("Extension Properties: %+v\n", extension)
 	}
 
 	controllers.InitExtensionsMap(extensionsMap)
@@ -230,7 +243,7 @@ func getTrafficFilteringOptions() *tapApi.TrafficFilteringOptions {
 	filteringOptionsJson := os.Getenv(shared.MizuFilteringOptionsEnvVar)
 	if filteringOptionsJson == "" {
 		return &tapApi.TrafficFilteringOptions{
-			HealthChecksUserAgentHeaders: []string{},
+			IgnoredUserAgents: []string{},
 		}
 	}
 	var filteringOptions tapApi.TrafficFilteringOptions
@@ -242,42 +255,16 @@ func getTrafficFilteringOptions() *tapApi.TrafficFilteringOptions {
 	return &filteringOptions
 }
 
-func filterItems(inChannel <-chan *tapApi.OutputChannelItem, outChannel chan *tapApi.OutputChannelItem, filterOptions *tapApi.TrafficFilteringOptions) {
+func filterItems(inChannel <-chan *tapApi.OutputChannelItem, outChannel chan *tapApi.OutputChannelItem) {
 	for message := range inChannel {
 		if message.ConnectionInfo.IsOutgoing && api.CheckIsServiceIP(message.ConnectionInfo.ServerIP) {
 			continue
 		}
-		// TODO: move this to tappers https://up9.atlassian.net/browse/TRA-3441
-		if isHealthCheckByUserAgent(message, filterOptions.HealthChecksUserAgentHeaders) {
-			continue
-		}
 
 		outChannel <- message
 	}
 }
 
-func isHealthCheckByUserAgent(item *tapApi.OutputChannelItem, userAgentsToIgnore []string) bool {
-	if item.Protocol.Name != "http" {
-		return false
-	}
-
-	request := item.Pair.Request.Payload.(map[string]interface{})
-	reqDetails := request["details"].(map[string]interface{})
-
-	for _, header := range reqDetails["headers"].([]interface{}) {
-		h := header.(map[string]interface{})
-		if strings.ToLower(h["name"].(string)) == "user-agent" {
-			for _, userAgent := range userAgentsToIgnore {
-				if strings.Contains(strings.ToLower(h["value"].(string)), strings.ToLower(userAgent)) {
-					return true
-				}
-			}
-			return false
-		}
-	}
-	return false
-}
-
 func pipeTapChannelToSocket(connection *websocket.Conn, messageDataChannel <-chan *tapApi.OutputChannelItem) {
 	if connection == nil {
 		panic("Websocket connection is nil")
@@ -290,7 +277,7 @@ func pipeTapChannelToSocket(connection *websocket.Conn, messageDataChannel <-cha
 	for messageData := range messageDataChannel {
 		marshaledData, err := models.CreateWebsocketTappedEntryMessage(messageData)
 		if err != nil {
-			rlog.Errorf("error converting message to json %v, err: %s, (%v,%+v)", messageData, err, err, err)
+			logger.Log.Errorf("error converting message to json %v, err: %s, (%v,%+v)", messageData, err, err, err)
 			continue
 		}
 
@@ -298,8 +285,31 @@ func pipeTapChannelToSocket(connection *websocket.Conn, messageDataChannel <-cha
 		// and goes into the intermediate WebSocket.
 		err = connection.WriteMessage(websocket.TextMessage, marshaledData)
 		if err != nil {
-			rlog.Errorf("error sending message through socket server %v, err: %s, (%v,%+v)", messageData, err, err, err)
+			logger.Log.Errorf("error sending message through socket server %v, err: %s, (%v,%+v)", messageData, err, err, err)
 			continue
 		}
 	}
 }
+
+func getSyncEntriesConfig() *shared.SyncEntriesConfig {
+	syncEntriesConfigJson := os.Getenv(shared.SyncEntriesConfigEnvVar)
+	if syncEntriesConfigJson == "" {
+		return nil
+	}
+
+	var syncEntriesConfig = &shared.SyncEntriesConfig{}
+	err := json.Unmarshal([]byte(syncEntriesConfigJson), syncEntriesConfig)
+	if err != nil {
+		panic(fmt.Sprintf("env var %s's value of %s is invalid! json must match the shared.SyncEntriesConfig struct, err: %v", shared.SyncEntriesConfigEnvVar, syncEntriesConfigJson, err))
+	}
+
+	return syncEntriesConfig
+}
+
+func determineLogLevel() (logLevel logging.Level) {
+	logLevel = logging.INFO
+	if os.Getenv(shared.DebugModeEnvVar) == "1" {
+		logLevel = logging.DEBUG
+	}
+	return
+}

agent/pkg/api/contract_validation.go

@@ -0,0 +1,110 @@
+package api
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/getkin/kin-openapi/openapi3filter"
+	"github.com/getkin/kin-openapi/routers"
+	legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
+
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
+	"github.com/up9inc/mizu/tap/api"
+)
+
+const (
+	ContractNotApplicable api.ContractStatus = 0
+	ContractPassed        api.ContractStatus = 1
+	ContractFailed        api.ContractStatus = 2
+)
+
+func loadOAS(ctx context.Context) (doc *openapi3.T, contractContent string, router routers.Router, err error) {
+	path := fmt.Sprintf("%s/%s", shared.RulePolicyPath, shared.ContractFileName)
+	bytes, err := ioutil.ReadFile(path)
+	if err != nil {
+		logger.Log.Error(err.Error())
+		return
+	}
+	contractContent = string(bytes)
+	loader := &openapi3.Loader{Context: ctx}
+	doc, _ = loader.LoadFromData(bytes)
+	err = doc.Validate(ctx)
+	if err != nil {
+		logger.Log.Error(err.Error())
+		return
+	}
+	router, _ = legacyrouter.NewRouter(doc)
+	return
+}
+
+func validateOAS(ctx context.Context, doc *openapi3.T, router routers.Router, req *http.Request, res *http.Response) (isValid bool, reqErr error, resErr error) {
+	isValid = true
+	reqErr = nil
+	resErr = nil
+
+	// Find route
+	route, pathParams, err := router.FindRoute(req)
+	if err != nil {
+		return
+	}
+
+	// Validate request
+	requestValidationInput := &openapi3filter.RequestValidationInput{
+		Request:    req,
+		PathParams: pathParams,
+		Route:      route,
+	}
+	if reqErr = openapi3filter.ValidateRequest(ctx, requestValidationInput); reqErr != nil {
+		isValid = false
+	}
+
+	responseValidationInput := &openapi3filter.ResponseValidationInput{
+		RequestValidationInput: requestValidationInput,
+		Status:                 res.StatusCode,
+		Header:                 res.Header,
+	}
+
+	if res.Body != nil {
+		body, _ := ioutil.ReadAll(res.Body)
+		res.Body = ioutil.NopCloser(bytes.NewBuffer(body))
+		responseValidationInput.SetBodyBytes(body)
+	}
+
+	// Validate response.
+	if resErr = openapi3filter.ValidateResponse(ctx, responseValidationInput); resErr != nil {
+		isValid = false
+	}
+
+	return
+}
+
+func handleOAS(ctx context.Context, doc *openapi3.T, router routers.Router, req *http.Request, res *http.Response, contractContent string) (contract api.Contract) {
+	contract = api.Contract{
+		Content: contractContent,
+		Status:  ContractNotApplicable,
+	}
+
+	isValid, reqErr, resErr := validateOAS(ctx, doc, router, req, res)
+	if isValid {
+		contract.Status = ContractPassed
+	} else {
+		contract.Status = ContractFailed
+		if reqErr != nil {
+			contract.RequestReason = reqErr.Error()
+		} else {
+			contract.RequestReason = ""
+		}
+		if resErr != nil {
+			contract.ResponseReason = resErr.Error()
+		} else {
+			contract.ResponseReason = ""
+		}
+	}
+
+	return
+}

agent/pkg/api/main.go

@@ -17,7 +17,7 @@ import (
 	"go.mongodb.org/mongo-driver/bson/primitive"
 
 	"github.com/google/martian/har"
-	"github.com/romana/rlog"
+	"github.com/up9inc/mizu/shared/logger"
 	tapApi "github.com/up9inc/mizu/tap/api"
 
 	"mizuserver/pkg/models"
@@ -31,7 +31,7 @@ func StartResolving(namespace string) {
 	errOut := make(chan error, 100)
 	res, err := resolver.NewFromInCluster(errOut, namespace)
 	if err != nil {
-		rlog.Infof("error creating k8s resolver %s", err)
+		logger.Log.Infof("error creating k8s resolver %s", err)
 		return
 	}
 	ctx := context.Background()
@@ -40,7 +40,7 @@ func StartResolving(namespace string) {
 		for {
 			select {
 			case err := <-errOut:
-				rlog.Infof("name resolving error %s", err)
+				logger.Log.Infof("name resolving error %s", err)
 			}
 		}
 	}()
@@ -59,7 +59,7 @@ func StartReadingEntries(harChannel <-chan *tapApi.OutputChannelItem, workingDir
 
 func startReadingFiles(workingDir string) {
 	if err := os.MkdirAll(workingDir, os.ModePerm); err != nil {
-		rlog.Errorf("Failed to make dir: %s, err: %v", workingDir, err)
+		logger.Log.Errorf("Failed to make dir: %s, err: %v", workingDir, err)
 		return
 	}
 
@@ -76,7 +76,7 @@ func startReadingFiles(workingDir string) {
 		sort.Sort(utils.ByModTime(harFiles))
 
 		if len(harFiles) == 0 {
-			rlog.Infof("Waiting for new files\n")
+			logger.Log.Infof("Waiting for new files\n")
 			time.Sleep(3 * time.Second)
 			continue
 		}
@@ -99,6 +99,14 @@ func startReadingChannel(outputItems <-chan *tapApi.OutputChannelItem, extension
 		panic("Channel of captured messages is nil")
 	}
 
+	disableOASValidation := false
+	ctx := context.Background()
+	doc, contractContent, router, err := loadOAS(ctx)
+	if err != nil {
+		logger.Log.Infof("Disabled OAS validation: %s\n", err.Error())
+		disableOASValidation = true
+	}
+
 	for item := range outputItems {
 		providers.EntryAdded()
 
@@ -107,17 +115,28 @@ func startReadingChannel(outputItems <-chan *tapApi.OutputChannelItem, extension
 		mizuEntry := extension.Dissector.Analyze(item, primitive.NewObjectID().Hex(), resolvedSource, resolvedDestionation)
 		baseEntry := extension.Dissector.Summarize(mizuEntry)
 		mizuEntry.EstimatedSizeBytes = getEstimatedEntrySizeBytes(mizuEntry)
-		database.CreateEntry(mizuEntry)
 		if extension.Protocol.Name == "http" {
+			if !disableOASValidation {
+				var httpPair tapApi.HTTPRequestResponsePair
+				json.Unmarshal([]byte(mizuEntry.Entry), &httpPair)
+
+				contract := handleOAS(ctx, doc, router, httpPair.Request.Payload.RawRequest, httpPair.Response.Payload.RawResponse, contractContent)
+				baseEntry.ContractStatus = contract.Status
+				mizuEntry.ContractStatus = contract.Status
+				mizuEntry.ContractRequestReason = contract.RequestReason
+				mizuEntry.ContractResponseReason = contract.ResponseReason
+				mizuEntry.ContractContent = contract.Content
+			}
+
 			var pair tapApi.RequestResponsePair
 			json.Unmarshal([]byte(mizuEntry.Entry), &pair)
 			harEntry, err := utils.NewEntry(&pair)
 			if err == nil {
-				rules, _ := models.RunValidationRulesState(*harEntry, mizuEntry.Service)
+				rules, _, _ := models.RunValidationRulesState(*harEntry, mizuEntry.Service)
 				baseEntry.Rules = rules
-				baseEntry.Latency = mizuEntry.ElapsedTime
 			}
 		}
+		database.CreateEntry(mizuEntry)
 
 		baseEntryBytes, _ := models.CreateBaseEntryWebSocketMessage(baseEntry)
 		BroadcastToBrowserClients(baseEntryBytes)
@@ -129,7 +148,7 @@ func resolveIP(connectionInfo *tapApi.ConnectionInfo) (resolvedSource string, re
 		unresolvedSource := connectionInfo.ClientIP
 		resolvedSource = k8sResolver.Resolve(unresolvedSource)
 		if resolvedSource == "" {
-			rlog.Debugf("Cannot find resolved name to source: %s\n", unresolvedSource)
+			logger.Log.Debugf("Cannot find resolved name to source: %s\n", unresolvedSource)
 			if os.Getenv("SKIP_NOT_RESOLVED_SOURCE") == "1" {
 				return
 			}
@@ -137,7 +156,7 @@ func resolveIP(connectionInfo *tapApi.ConnectionInfo) (resolvedSource string, re
 		unresolvedDestination := fmt.Sprintf("%s:%s", connectionInfo.ServerIP, connectionInfo.ServerPort)
 		resolvedDestination = k8sResolver.Resolve(unresolvedDestination)
 		if resolvedDestination == "" {
-			rlog.Debugf("Cannot find resolved name to dest: %s\n", unresolvedDestination)
+			logger.Log.Debugf("Cannot find resolved name to dest: %s\n", unresolvedDestination)
 			if os.Getenv("SKIP_NOT_RESOLVED_DEST") == "1" {
 				return
 			}

agent/pkg/api/socket_routes.go

@@ -2,13 +2,14 @@ package api
 
 import (
 	"errors"
-	"github.com/gin-gonic/gin"
-	"github.com/gorilla/websocket"
-	"github.com/romana/rlog"
-	"github.com/up9inc/mizu/shared/debounce"
 	"net/http"
 	"sync"
 	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/gorilla/websocket"
+	"github.com/up9inc/mizu/shared/debounce"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 type EventHandlers interface {
@@ -50,7 +51,7 @@ func WebSocketRoutes(app *gin.Engine, eventHandlers EventHandlers) {
 func websocketHandler(w http.ResponseWriter, r *http.Request, eventHandlers EventHandlers, isTapper bool) {
 	conn, err := websocketUpgrader.Upgrade(w, r, nil)
 	if err != nil {
-		rlog.Errorf("Failed to set websocket upgrade: %v", err)
+		logger.Log.Errorf("Failed to set websocket upgrade: %v", err)
 		return
 	}
 
@@ -71,7 +72,7 @@ func websocketHandler(w http.ResponseWriter, r *http.Request, eventHandlers Even
 	for {
 		_, msg, err := conn.ReadMessage()
 		if err != nil {
-			rlog.Errorf("Error reading message, socket id: %d, error: %v", socketId, err)
+			logger.Log.Errorf("Error reading message, socket id: %d, error: %v", socketId, err)
 			break
 		}
 		eventHandlers.WebSocketMessage(socketId, msg)
@@ -81,7 +82,7 @@ func websocketHandler(w http.ResponseWriter, r *http.Request, eventHandlers Even
 func socketCleanup(socketId int, socketConnection *SocketConnection) {
 	err := socketConnection.connection.Close()
 	if err != nil {
-		rlog.Errorf("Error closing socket connection for socket id %d: %v\n", socketId, err)
+		logger.Log.Errorf("Error closing socket connection for socket id %d: %v\n", socketId, err)
 	}
 
 	websocketIdsLock.Lock()
@@ -92,7 +93,7 @@ func socketCleanup(socketId int, socketConnection *SocketConnection) {
 }
 
 var db = debounce.NewDebouncer(time.Second*5, func() {
-	rlog.Error("Successfully sent to socket")
+	logger.Log.Error("Successfully sent to socket")
 })
 
 func SendToSocket(socketId int, message []byte) error {
@@ -104,7 +105,7 @@ func SendToSocket(socketId int, message []byte) error {
 	var sent = false
 	time.AfterFunc(time.Second*5, func() {
 		if !sent {
-			rlog.Error("Socket timed out")
+			logger.Log.Error("Socket timed out")
 			socketCleanup(socketId, socketObj)
 		}
 	})

agent/pkg/api/socket_server_handlers.go

@@ -10,8 +10,8 @@ import (
 
 	tapApi "github.com/up9inc/mizu/tap/api"
 
-	"github.com/romana/rlog"
 	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 var browserClientSocketUUIDs = make([]int, 0)
@@ -28,10 +28,10 @@ func init() {
 
 func (h *RoutesEventHandlers) WebSocketConnect(socketId int, isTapper bool) {
 	if isTapper {
-		rlog.Infof("Websocket event - Tapper connected, socket ID: %d", socketId)
+		logger.Log.Infof("Websocket event - Tapper connected, socket ID: %d", socketId)
 		providers.TapperAdded()
 	} else {
-		rlog.Infof("Websocket event - Browser socket connected, socket ID: %d", socketId)
+		logger.Log.Infof("Websocket event - Browser socket connected, socket ID: %d", socketId)
 		socketListLock.Lock()
 		browserClientSocketUUIDs = append(browserClientSocketUUIDs, socketId)
 		socketListLock.Unlock()
@@ -40,10 +40,10 @@ func (h *RoutesEventHandlers) WebSocketConnect(socketId int, isTapper bool) {
 
 func (h *RoutesEventHandlers) WebSocketDisconnect(socketId int, isTapper bool) {
 	if isTapper {
-		rlog.Infof("Websocket event - Tapper disconnected, socket ID:  %d", socketId)
+		logger.Log.Infof("Websocket event - Tapper disconnected, socket ID:  %d", socketId)
 		providers.TapperRemoved()
 	} else {
-		rlog.Infof("Websocket event - Browser socket disconnected, socket ID:  %d", socketId)
+		logger.Log.Infof("Websocket event - Browser socket disconnected, socket ID:  %d", socketId)
 		socketListLock.Lock()
 		removeSocketUUIDFromBrowserSlice(socketId)
 		socketListLock.Unlock()
@@ -55,7 +55,7 @@ func BroadcastToBrowserClients(message []byte) {
 		go func(socketId int) {
 			err := SendToSocket(socketId, message)
 			if err != nil {
-				rlog.Errorf("error sending message to socket ID %d: %v", socketId, err)
+				logger.Log.Errorf("error sending message to socket ID %d: %v", socketId, err)
 			}
 		}(socketId)
 	}
@@ -65,14 +65,14 @@ func (h *RoutesEventHandlers) WebSocketMessage(_ int, message []byte) {
 	var socketMessageBase shared.WebSocketMessageMetadata
 	err := json.Unmarshal(message, &socketMessageBase)
 	if err != nil {
-		rlog.Infof("Could not unmarshal websocket message %v\n", err)
+		logger.Log.Infof("Could not unmarshal websocket message %v\n", err)
 	} else {
 		switch socketMessageBase.MessageType {
 		case shared.WebSocketMessageTypeTappedEntry:
 			var tappedEntryMessage models.WebSocketTappedEntryMessage
 			err := json.Unmarshal(message, &tappedEntryMessage)
 			if err != nil {
-				rlog.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
+				logger.Log.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
 			} else {
 				// NOTE: This is where the message comes back from the intermediate WebSocket to code.
 				h.SocketOutChannel <- tappedEntryMessage.Data
@@ -81,7 +81,7 @@ func (h *RoutesEventHandlers) WebSocketMessage(_ int, message []byte) {
 			var statusMessage shared.WebSocketStatusMessage
 			err := json.Unmarshal(message, &statusMessage)
 			if err != nil {
-				rlog.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
+				logger.Log.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
 			} else {
 				providers.TapStatus.Pods = statusMessage.TappingStatus.Pods
 				BroadcastToBrowserClients(message)
@@ -90,12 +90,12 @@ func (h *RoutesEventHandlers) WebSocketMessage(_ int, message []byte) {
 			var outboundLinkMessage models.WebsocketOutboundLinkMessage
 			err := json.Unmarshal(message, &outboundLinkMessage)
 			if err != nil {
-				rlog.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
+				logger.Log.Infof("Could not unmarshal message of message type %s %v\n", socketMessageBase.MessageType, err)
 			} else {
 				handleTLSLink(outboundLinkMessage)
 			}
 		default:
-			rlog.Infof("Received socket message of type %s for which no handlers are defined", socketMessageBase.MessageType)
+			logger.Log.Infof("Received socket message of type %s for which no handlers are defined", socketMessageBase.MessageType)
 		}
 	}
 }
@@ -116,9 +116,9 @@ func handleTLSLink(outboundLinkMessage models.WebsocketOutboundLinkMessage) {
 	}
 	marshaledMessage, err := json.Marshal(outboundLinkMessage)
 	if err != nil {
-		rlog.Errorf("Error marshaling outbound link message for broadcasting: %v", err)
+		logger.Log.Errorf("Error marshaling outbound link message for broadcasting: %v", err)
 	} else {
-		rlog.Errorf("Broadcasting outboundlink message %s", string(marshaledMessage))
+		logger.Log.Errorf("Broadcasting outboundlink message %s", string(marshaledMessage))
 		BroadcastToBrowserClients(marshaledMessage)
 	}
 }

agent/pkg/controllers/entries_controller.go

@@ -3,21 +3,13 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/gin-gonic/gin"
+	tapApi "github.com/up9inc/mizu/tap/api"
 	"mizuserver/pkg/database"
 	"mizuserver/pkg/models"
-	"mizuserver/pkg/providers"
-	"mizuserver/pkg/up9"
 	"mizuserver/pkg/utils"
 	"mizuserver/pkg/validation"
 	"net/http"
-	"time"
-
-	"github.com/google/martian/har"
-
-	"github.com/gin-gonic/gin"
-	"github.com/romana/rlog"
-
-	tapApi "github.com/up9inc/mizu/tap/api"
 )
 
 var extensionsMap map[string]*tapApi.Extension // global
@@ -43,7 +35,6 @@ func GetEntries(c *gin.Context) {
 	database.GetEntriesTable().
 		Order(fmt.Sprintf("timestamp %s", order)).
 		Where(fmt.Sprintf("timestamp %s %v", operatorSymbol, entriesFilter.Timestamp)).
-		Omit("entry"). // remove the "big" entry field
 		Limit(entriesFilter.Limit).
 		Find(&entries)
 
@@ -53,86 +44,26 @@ func GetEntries(c *gin.Context) {
 	}
 
 	baseEntries := make([]tapApi.BaseEntryDetails, 0)
-	for _, data := range entries {
-		harEntry := tapApi.BaseEntryDetails{}
-		if err := models.GetEntry(&data, &harEntry); err != nil {
+	for _, entry := range entries {
+		baseEntryDetails := tapApi.BaseEntryDetails{}
+		if err := models.GetEntry(&entry, &baseEntryDetails); err != nil {
 			continue
 		}
-		baseEntries = append(baseEntries, harEntry)
+
+		var pair tapApi.RequestResponsePair
+		json.Unmarshal([]byte(entry.Entry), &pair)
+		harEntry, err := utils.NewEntry(&pair)
+		if err == nil {
+			rules, _, _ := models.RunValidationRulesState(*harEntry, entry.Service)
+			baseEntryDetails.Rules = rules
+		}
+
+		baseEntries = append(baseEntries, baseEntryDetails)
 	}
 
 	c.JSON(http.StatusOK, baseEntries)
 }
 
-func UploadEntries(c *gin.Context) {
-	rlog.Infof("Upload entries - started\n")
-
-	uploadParams := &models.UploadEntriesRequestQuery{}
-	if err := c.BindQuery(uploadParams); err != nil {
-		c.JSON(http.StatusBadRequest, err)
-		return
-	}
-	if err := validation.Validate(uploadParams); err != nil {
-		c.JSON(http.StatusBadRequest, err)
-		return
-	}
-	if up9.GetAnalyzeInfo().IsAnalyzing {
-		c.String(http.StatusBadRequest, "Cannot analyze, mizu is already analyzing")
-		return
-	}
-
-	rlog.Infof("Upload entries - creating token. dest %s\n", uploadParams.Dest)
-	token, err := up9.CreateAnonymousToken(uploadParams.Dest)
-	if err != nil {
-		c.String(http.StatusServiceUnavailable, "Cannot analyze, mizu is already analyzing")
-		return
-	}
-	rlog.Infof("Upload entries - uploading. token: %s model: %s\n", token.Token, token.Model)
-	go up9.UploadEntriesImpl(token.Token, token.Model, uploadParams.Dest, uploadParams.SleepIntervalSec)
-	c.String(http.StatusOK, "OK")
-}
-
-func GetFullEntries(c *gin.Context) {
-	entriesFilter := &models.HarFetchRequestQuery{}
-	if err := c.BindQuery(entriesFilter); err != nil {
-		c.JSON(http.StatusBadRequest, err)
-	}
-	err := validation.Validate(entriesFilter)
-	if err != nil {
-		c.JSON(http.StatusBadRequest, err)
-	}
-
-	var timestampFrom, timestampTo int64
-
-	if entriesFilter.From < 0 {
-		timestampFrom = 0
-	} else {
-		timestampFrom = entriesFilter.From
-	}
-	if entriesFilter.To <= 0 {
-		timestampTo = time.Now().UnixNano() / int64(time.Millisecond)
-	} else {
-		timestampTo = entriesFilter.To
-	}
-
-	entriesArray := database.GetEntriesFromDb(timestampFrom, timestampTo, nil)
-
-	result := make([]har.Entry, 0)
-	for _, data := range entriesArray {
-		var pair tapApi.RequestResponsePair
-		if err := json.Unmarshal([]byte(data.Entry), &pair); err != nil {
-			continue
-		}
-		harEntry, err := utils.NewEntry(&pair)
-		if err != nil {
-			continue
-		}
-		result = append(result, *harEntry)
-	}
-
-	c.JSON(http.StatusOK, result)
-}
-
 func GetEntry(c *gin.Context) {
 	var entryData tapApi.MizuEntry
 	database.GetEntriesTable().
@@ -143,11 +74,13 @@ func GetEntry(c *gin.Context) {
 	protocol, representation, bodySize, _ := extension.Dissector.Represent(&entryData)
 
 	var rules []map[string]interface{}
+	var isRulesEnabled bool
 	if entryData.ProtocolName == "http" {
 		var pair tapApi.RequestResponsePair
 		json.Unmarshal([]byte(entryData.Entry), &pair)
 		harEntry, _ := utils.NewEntry(&pair)
-		_, rulesMatched := models.RunValidationRulesState(*harEntry, entryData.Service)
+		_, rulesMatched, _isRulesEnabled := models.RunValidationRulesState(*harEntry, entryData.Service)
+		isRulesEnabled = _isRulesEnabled
 		inrec, _ := json.Marshal(rulesMatched)
 		json.Unmarshal(inrec, &rules)
 	}
@@ -158,32 +91,6 @@ func GetEntry(c *gin.Context) {
 		BodySize:       bodySize,
 		Data:           entryData,
 		Rules:          rules,
+		IsRulesEnabled: isRulesEnabled,
 	})
 }
-
-func DeleteAllEntries(c *gin.Context) {
-	database.GetEntriesTable().
-		Where("1 = 1").
-		Delete(&tapApi.MizuEntry{})
-
-	c.JSON(http.StatusOK, map[string]string{
-		"msg": "Success",
-	})
-
-}
-
-func GetGeneralStats(c *gin.Context) {
-	c.JSON(http.StatusOK, providers.GetGeneralStats())
-}
-
-func GetTappingStatus(c *gin.Context) {
-	c.JSON(http.StatusOK, providers.TapStatus)
-}
-
-func AnalyzeInformation(c *gin.Context) {
-	c.JSON(http.StatusOK, up9.GetAnalyzeInfo())
-}
-
-func GetRecentTLSLinks(c *gin.Context) {
-	c.JSON(http.StatusOK, providers.GetAllRecentTLSAddresses())
-}

agent/pkg/controllers/resolving_controller.go

@@ -1,12 +0,0 @@
-package controllers
-
-import (
-	"github.com/gin-gonic/gin"
-	"mizuserver/pkg/holder"
-	"net/http"
-)
-
-func GetCurrentResolvingInformation(c *gin.Context) {
-	c.JSON(http.StatusOK, holder.GetResolver().GetMap())
-}
-

agent/pkg/controllers/status_controller.go

@@ -2,13 +2,16 @@ package controllers
 
 import (
 	"encoding/json"
-	"github.com/gin-gonic/gin"
-	"github.com/romana/rlog"
-	"github.com/up9inc/mizu/shared"
 	"mizuserver/pkg/api"
+	"mizuserver/pkg/holder"
 	"mizuserver/pkg/providers"
+	"mizuserver/pkg/up9"
 	"mizuserver/pkg/validation"
 	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func PostTappedPods(c *gin.Context) {
@@ -21,11 +24,11 @@ func PostTappedPods(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, err)
 		return
 	}
-	rlog.Infof("[Status] POST request: %d tapped pods", len(tapStatus.Pods))
+	logger.Log.Infof("[Status] POST request: %d tapped pods", len(tapStatus.Pods))
 	providers.TapStatus.Pods = tapStatus.Pods
 	message := shared.CreateWebSocketStatusMessage(*tapStatus)
 	if jsonBytes, err := json.Marshal(message); err != nil {
-		rlog.Errorf("Could not Marshal message %v\n", err)
+		logger.Log.Errorf("Could not Marshal message %v\n", err)
 	} else {
 		api.BroadcastToBrowserClients(jsonBytes)
 	}
@@ -34,3 +37,33 @@ func PostTappedPods(c *gin.Context) {
 func GetTappersCount(c *gin.Context) {
 	c.JSON(http.StatusOK, providers.TappersCount)
 }
+
+func GetAuthStatus(c *gin.Context) {
+	authStatus, err := providers.GetAuthStatus()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, err)
+		return
+	}
+
+	c.JSON(http.StatusOK, authStatus)
+}
+
+func GetTappingStatus(c *gin.Context) {
+	c.JSON(http.StatusOK, providers.TapStatus)
+}
+
+func AnalyzeInformation(c *gin.Context) {
+	c.JSON(http.StatusOK, up9.GetAnalyzeInfo())
+}
+
+func GetGeneralStats(c *gin.Context) {
+	c.JSON(http.StatusOK, providers.GetGeneralStats())
+}
+
+func GetRecentTLSLinks(c *gin.Context) {
+	c.JSON(http.StatusOK, providers.GetAllRecentTLSAddresses())
+}
+
+func GetCurrentResolvingInformation(c *gin.Context) {
+	c.JSON(http.StatusOK, holder.GetResolver().GetMap())
+}

agent/pkg/database/size_enforcer.go

@@ -1,15 +1,14 @@
 package database
 
 import (
-	"log"
 	"os"
 	"strconv"
 	"time"
 
 	"github.com/fsnotify/fsnotify"
-	"github.com/romana/rlog"
 	"github.com/up9inc/mizu/shared"
 	"github.com/up9inc/mizu/shared/debounce"
+	"github.com/up9inc/mizu/shared/logger"
 	"github.com/up9inc/mizu/shared/units"
 	tapApi "github.com/up9inc/mizu/tap/api"
 )
@@ -20,13 +19,13 @@ const defaultMaxDatabaseSizeBytes int64 = 200 * 1000 * 1000
 func StartEnforcingDatabaseSize() {
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
-		log.Fatalf("Error creating filesystem watcher for db size enforcement: %v\n", err)
+		logger.Log.Fatalf("Error creating filesystem watcher for db size enforcement: %v\n", err)
 		return
 	}
 
 	maxEntriesDBByteSize, err := getMaxEntriesDBByteSize()
 	if err != nil {
-		log.Fatalf("Error parsing max db size: %v\n", err)
+		logger.Log.Fatalf("Error parsing max db size: %v\n", err)
 		return
 	}
 
@@ -48,14 +47,14 @@ func StartEnforcingDatabaseSize() {
 				if !ok {
 					return // closed channel
 				}
-				rlog.Errorf("filesystem watcher encountered error:%v", err)
+				logger.Log.Errorf("filesystem watcher encountered error:%v", err)
 			}
 		}
 	}()
 
 	err = watcher.Add(DBPath)
 	if err != nil {
-		log.Fatalf("Error adding %s to filesystem watcher for db size enforcement: %v\n", DBPath, err)
+		logger.Log.Fatalf("Error adding %s to filesystem watcher for db size enforcement: %v\n", DBPath, err)
 	}
 }
 
@@ -73,7 +72,7 @@ func getMaxEntriesDBByteSize() (int64, error) {
 func checkFileSize(maxSizeBytes int64) {
 	fileStat, err := os.Stat(DBPath)
 	if err != nil {
-		rlog.Errorf("Error checking %s file size: %v", DBPath, err)
+		logger.Log.Errorf("Error checking %s file size: %v", DBPath, err)
 	} else {
 		if fileStat.Size() > maxSizeBytes {
 			pruneOldEntries(fileStat.Size())
@@ -90,7 +89,7 @@ func pruneOldEntries(currentFileSize int64) {
 
 	rows, err := GetEntriesTable().Limit(10000).Order("id").Rows()
 	if err != nil {
-		rlog.Errorf("Error getting 10000 first db rows: %v", err)
+		logger.Log.Errorf("Error getting 10000 first db rows: %v", err)
 		return
 	}
 
@@ -103,7 +102,7 @@ func pruneOldEntries(currentFileSize int64) {
 		var entry tapApi.MizuEntry
 		err = DB.ScanRows(rows, &entry)
 		if err != nil {
-			rlog.Errorf("Error scanning db row: %v", err)
+			logger.Log.Errorf("Error scanning db row: %v", err)
 			continue
 		}
 
@@ -115,8 +114,8 @@ func pruneOldEntries(currentFileSize int64) {
 		GetEntriesTable().Where(entryIdsToRemove).Delete(tapApi.MizuEntry{})
 		// VACUUM causes sqlite to shrink the db file after rows have been deleted, the db file will not shrink without this
 		DB.Exec("VACUUM")
-		rlog.Errorf("Removed %d rows and cleared %s", len(entryIdsToRemove), units.BytesToHumanReadable(bytesToBeRemoved))
+		logger.Log.Errorf("Removed %d rows and cleared %s", len(entryIdsToRemove), units.BytesToHumanReadable(bytesToBeRemoved))
 	} else {
-		rlog.Error("Found no rows to remove when pruning")
+		logger.Log.Error("Found no rows to remove when pruning")
 	}
 }

agent/pkg/models/models.go

@@ -22,16 +22,6 @@ type EntriesFilter struct {
 	Timestamp int64  `form:"timestamp" validate:"required,min=1"`
 }
 
-type UploadEntriesRequestQuery struct {
-	Dest             string `form:"dest"`
-	SleepIntervalSec int    `form:"interval"`
-}
-
-type HarFetchRequestQuery struct {
-	From int64 `form:"from"`
-	To   int64 `form:"to"`
-}
-
 type WebSocketEntryMessage struct {
 	*shared.WebSocketMessageMetadata
 	Data *tapApi.BaseEntryDetails `json:"data,omitempty"`
@@ -47,6 +37,11 @@ type WebsocketOutboundLinkMessage struct {
 	Data *tap.OutboundLink
 }
 
+type AuthStatus struct {
+	Email string `json:"email"`
+	Model string `json:"model"`
+}
+
 func CreateBaseEntryWebSocketMessage(base *tapApi.BaseEntryDetails) ([]byte, error) {
 	message := &WebSocketEntryMessage{
 		WebSocketMessageMetadata: &shared.WebSocketMessageMetadata{
@@ -97,8 +92,8 @@ type ExtendedCreator struct {
 	Source *string `json:"_source"`
 }
 
-func RunValidationRulesState(harEntry har.Entry, service string) (tapApi.ApplicableRules, []rules.RulesMatched) {
-	resultPolicyToSend := rules.MatchRequestPolicy(harEntry, service)
+func RunValidationRulesState(harEntry har.Entry, service string) (tapApi.ApplicableRules, []rules.RulesMatched, bool) {
+	resultPolicyToSend, isEnabled := rules.MatchRequestPolicy(harEntry, service)
 	statusPolicyToSend, latency, numberOfRules := rules.PassedValidationRules(resultPolicyToSend)
-	return tapApi.ApplicableRules{Status: statusPolicyToSend, Latency: latency, NumberOfRules: numberOfRules}, resultPolicyToSend
+	return tapApi.ApplicableRules{Status: statusPolicyToSend, Latency: latency, NumberOfRules: numberOfRules}, resultPolicyToSend, isEnabled
 }

agent/pkg/providers/status_provider.go

@@ -1,9 +1,13 @@
 package providers
 
 import (
+	"encoding/json"
+	"fmt"
 	"github.com/patrickmn/go-cache"
 	"github.com/up9inc/mizu/shared"
 	"github.com/up9inc/mizu/tap"
+	"mizuserver/pkg/models"
+	"os"
 	"sync"
 	"time"
 )
@@ -13,11 +17,45 @@ const tlsLinkRetainmentTime = time.Minute * 15
 var (
 	TappersCount   int
 	TapStatus      shared.TapStatus
+	authStatus     *models.AuthStatus
 	RecentTLSLinks = cache.New(tlsLinkRetainmentTime, tlsLinkRetainmentTime)
 
 	tappersCountLock = sync.Mutex{}
 )
 
+func GetAuthStatus() (*models.AuthStatus, error) {
+	if authStatus == nil {
+		syncEntriesConfigJson := os.Getenv(shared.SyncEntriesConfigEnvVar)
+		if syncEntriesConfigJson == "" {
+			authStatus = &models.AuthStatus{}
+			return authStatus, nil
+		}
+
+		syncEntriesConfig := &shared.SyncEntriesConfig{}
+		err := json.Unmarshal([]byte(syncEntriesConfigJson), syncEntriesConfig)
+		if err != nil {
+			return nil, fmt.Errorf("failed to marshal sync entries config, err: %v", err)
+		}
+
+		if syncEntriesConfig.Token == "" {
+			authStatus = &models.AuthStatus{}
+			return authStatus, nil
+		}
+
+		tokenEmail, err := shared.GetTokenEmail(syncEntriesConfig.Token)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get token email, err: %v", err)
+		}
+
+		authStatus = &models.AuthStatus{
+			Email: tokenEmail,
+			Model: syncEntriesConfig.Workspace,
+		}
+	}
+
+	return authStatus, nil
+}
+
 func GetAllRecentTLSAddresses() []string {
 	recentTLSLinks := make([]string, 0)
 

agent/pkg/resolver/README.md

@@ -32,7 +32,7 @@ Now you will be able to import `github.com/up9inc/mizu/resolver` in any `.go` fi
 errOut := make(chan error, 100)
 k8sResolver, err := resolver.NewFromOutOfCluster("", errOut)
 if err != nil {
-    rlog.Errorf("error creating k8s resolver %s", err)
+    logger.Log.Errorf("error creating k8s resolver %s", err)
 }
 
 ctx, cancel := context.WithCancel(context.Background())
@@ -40,15 +40,15 @@ k8sResolver.Start(ctx)
 
 resolvedName := k8sResolver.Resolve("10.107.251.91") // will always return `nil` in real scenarios as the internal map takes a moment to populate after `Start` is called
 if resolvedName != nil {
-    rlog.Errorf("resolved 10.107.251.91=%s", *resolvedName)
+    logger.Log.Errorf("resolved 10.107.251.91=%s", *resolvedName)
 } else {
-    rlog.Error("Could not find a resolved name for 10.107.251.91")
+    logger.Log.Error("Could not find a resolved name for 10.107.251.91")
 }
 
 for {
     select {
         case err := <- errOut:
-            rlog.Errorf("name resolving error %s", err)
+            logger.Log.Errorf("name resolving error %s", err)
     }
 }
 ```

agent/pkg/resolver/resolver.go

@@ -5,7 +5,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/romana/rlog"
+	"github.com/up9inc/mizu/shared/logger"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 
 	cmap "github.com/orcaman/concurrent-map"
@@ -140,6 +140,13 @@ func (resolver *Resolver) watchServices(ctx context.Context) error {
 			serviceHostname := fmt.Sprintf("%s.%s", service.Name, service.Namespace)
 			if service.Spec.ClusterIP != "" && service.Spec.ClusterIP != kubClientNullString {
 				resolver.saveResolvedName(service.Spec.ClusterIP, serviceHostname, event.Type)
+				if service.Spec.Ports != nil {
+					for _, port := range service.Spec.Ports {
+						if port.Port > 0 {
+							resolver.saveResolvedName(fmt.Sprintf("%s:%d", service.Spec.ClusterIP, port.Port), serviceHostname, event.Type)
+						}
+					}
+				}
 				resolver.saveServiceIP(service.Spec.ClusterIP, serviceHostname, event.Type)
 			}
 			if service.Status.LoadBalancer.Ingress != nil {
@@ -157,10 +164,10 @@ func (resolver *Resolver) watchServices(ctx context.Context) error {
 func (resolver *Resolver) saveResolvedName(key string, resolved string, eventType watch.EventType) {
 	if eventType == watch.Deleted {
 		resolver.nameMap.Remove(key)
-		rlog.Infof("setting %s=nil\n", key)
+		logger.Log.Infof("setting %s=nil\n", key)
 	} else {
 		resolver.nameMap.Set(key, resolved)
-		rlog.Infof("setting %s=%s\n", key, resolved)
+		logger.Log.Infof("setting %s=%s\n", key, resolved)
 	}
 }
 
@@ -181,7 +188,7 @@ func (resolver *Resolver) infiniteErrorHandleRetryFunc(ctx context.Context, fun
 			var statusError *k8serrors.StatusError
 			if errors.As(err, &statusError) {
 				if statusError.ErrStatus.Reason == metav1.StatusReasonForbidden {
-					rlog.Infof("Resolver loop encountered permission error, aborting event listening - %v\n", err)
+					logger.Log.Infof("Resolver loop encountered permission error, aborting event listening - %v\n", err)
 					return
 				}
 			}

agent/pkg/routes/entries_routes.go

@@ -7,18 +7,8 @@ import (
 
 // EntriesRoutes defines the group of har entries routes.
 func EntriesRoutes(ginApp *gin.Engine) {
-	routeGroup := ginApp.Group("/api")
+	routeGroup := ginApp.Group("/entries")
 
-	routeGroup.GET("/entries", controllers.GetEntries)        // get entries (base/thin entries)
-	routeGroup.GET("/entries/:entryId", controllers.GetEntry) // get single (full) entry
-	routeGroup.GET("/exportEntries", controllers.GetFullEntries)
-	routeGroup.GET("/uploadEntries", controllers.UploadEntries)
-	routeGroup.GET("/resolving", controllers.GetCurrentResolvingInformation)
-
-	routeGroup.GET("/resetDB", controllers.DeleteAllEntries)     // get single (full) entry
-	routeGroup.GET("/generalStats", controllers.GetGeneralStats) // get general stats about entries in DB
-
-	routeGroup.GET("/tapStatus", controllers.GetTappingStatus) // get tapping status
-	routeGroup.GET("/analyzeStatus", controllers.AnalyzeInformation)
-	routeGroup.GET("/recentTLSLinks", controllers.GetRecentTLSLinks)
+	routeGroup.GET("/", controllers.GetEntries)        // get entries (base/thin entries)
+	routeGroup.GET("/:entryId", controllers.GetEntry) // get single (full) entry
 }

agent/pkg/routes/status_routes.go

@@ -9,6 +9,16 @@ func StatusRoutes(ginApp *gin.Engine) {
 	routeGroup := ginApp.Group("/status")
 
 	routeGroup.POST("/tappedPods", controllers.PostTappedPods)
-
 	routeGroup.GET("/tappersCount", controllers.GetTappersCount)
+	routeGroup.GET("/tap", controllers.GetTappingStatus)
+
+	routeGroup.GET("/auth", controllers.GetAuthStatus)
+
+	routeGroup.GET("/analyze", controllers.AnalyzeInformation)
+
+	routeGroup.GET("/general", controllers.GetGeneralStats) // get general stats about entries in DB
+
+	routeGroup.GET("/recentTLSLinks", controllers.GetRecentTLSLinks)
+
+	routeGroup.GET("/resolving", controllers.GetCurrentResolvingInformation)
 }

agent/pkg/rules/rulesHTTP.go

@@ -4,11 +4,12 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/romana/rlog"
 	"reflect"
 	"regexp"
 	"strings"
 
+	"github.com/up9inc/mizu/shared/logger"
+
 	"github.com/google/martian/har"
 	"github.com/up9inc/mizu/shared"
 	jsonpath "github.com/yalp/jsonpath"
@@ -43,9 +44,11 @@ func ValidateService(serviceFromRule string, service string) bool {
 	return true
 }
 
-func MatchRequestPolicy(harEntry har.Entry, service string) []RulesMatched {
-	enforcePolicy, _ := shared.DecodeEnforcePolicy(fmt.Sprintf("%s/%s", shared.RulePolicyPath, shared.RulePolicyFileName))
-	var resultPolicyToSend []RulesMatched
+func MatchRequestPolicy(harEntry har.Entry, service string) (resultPolicyToSend []RulesMatched, isEnabled bool) {
+	enforcePolicy, err := shared.DecodeEnforcePolicy(fmt.Sprintf("%s/%s", shared.RulePolicyPath, shared.RulePolicyFileName))
+	if err == nil && len(enforcePolicy.Rules) > 0 {
+		isEnabled = true
+	}
 	for _, rule := range enforcePolicy.Rules {
 		if !ValidatePath(rule.Path, harEntry.Request.URL) || !ValidateService(rule.Service, service) {
 			continue
@@ -66,7 +69,7 @@ func MatchRequestPolicy(harEntry har.Entry, service string) []RulesMatched {
 				if err != nil {
 					continue
 				}
-				rlog.Info(matchValue, rule.Value)
+				logger.Log.Info(matchValue, rule.Value)
 			} else {
 				val := fmt.Sprint(out)
 				matchValue, err = regexp.MatchString(rule.Value, val)
@@ -93,12 +96,12 @@ func MatchRequestPolicy(harEntry har.Entry, service string) []RulesMatched {
 			resultPolicyToSend = appendRulesMatched(resultPolicyToSend, true, rule)
 		}
 	}
-	return resultPolicyToSend
+	return
 }
 
 func PassedValidationRules(rulesMatched []RulesMatched) (bool, int64, int) {
 	var numberOfRulesMatched = len(rulesMatched)
-	var latency int64 = -1
+	var responseTime int64 = -1
 
 	if numberOfRulesMatched == 0 {
 		return false, 0, numberOfRulesMatched
@@ -106,15 +109,15 @@ func PassedValidationRules(rulesMatched []RulesMatched) (bool, int64, int) {
 
 	for _, rule := range rulesMatched {
 		if rule.Matched == false {
-			return false, latency, numberOfRulesMatched
+			return false, responseTime, numberOfRulesMatched
 		} else {
-			if strings.ToLower(rule.Rule.Type) == "latency" {
-				if rule.Rule.Latency < latency || latency == -1 {
-					latency = rule.Rule.Latency
+			if strings.ToLower(rule.Rule.Type) == "slo" {
+				if rule.Rule.ResponseTime < responseTime || responseTime == -1 {
+					responseTime = rule.Rule.ResponseTime
 				}
 			}
 		}
 	}
 
-	return true, latency, numberOfRulesMatched
+	return true, responseTime, numberOfRulesMatched
 }

agent/pkg/up9/main.go

@@ -3,20 +3,22 @@ package up9
 import (
 	"bytes"
 	"compress/zlib"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/google/martian/har"
-	"github.com/romana/rlog"
-	"github.com/up9inc/mizu/shared"
-	tapApi "github.com/up9inc/mizu/tap/api"
 	"io/ioutil"
-	"log"
 	"mizuserver/pkg/database"
 	"mizuserver/pkg/utils"
 	"net/http"
 	"net/url"
+	"regexp"
 	"strings"
 	"time"
+
+	"github.com/google/martian/har"
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
+	tapApi "github.com/up9inc/mizu/tap/api"
 )
 
 const (
@@ -32,41 +34,24 @@ type ModelStatus struct {
 	LastMajorGeneration float64 `json:"lastMajorGeneration"`
 }
 
-func getGuestToken(url string, target *GuestToken) error {
-	resp, err := http.Get(url)
-	if err != nil {
-		return err
+func GetRemoteUrl(analyzeDestination string, analyzeModel string, analyzeToken string, guestMode bool) string {
+	if guestMode {
+		return fmt.Sprintf("https://%s/share/%s", analyzeDestination, analyzeToken)
 	}
-	defer resp.Body.Close()
-	rlog.Infof("Got token from the server, starting to json decode... status code: %v", resp.StatusCode)
-	return json.NewDecoder(resp.Body).Decode(target)
+
+	return fmt.Sprintf("https://%s/app/workspaces/%s", analyzeDestination, analyzeModel)
 }
 
-func CreateAnonymousToken(envPrefix string) (*GuestToken, error) {
-	tokenUrl := fmt.Sprintf("https://trcc.%s/anonymous/token", envPrefix)
-	if strings.HasPrefix(envPrefix, "http") {
-		tokenUrl = fmt.Sprintf("%s/api/token", envPrefix)
-	}
-	token := &GuestToken{}
-	if err := getGuestToken(tokenUrl, token); err != nil {
-		rlog.Infof("Failed to get token, %s", err)
-		return nil, err
-	}
-	return token, nil
-}
-
-func GetRemoteUrl(analyzeDestination string, analyzeToken string) string {
-	return fmt.Sprintf("https://%s/share/%s", analyzeDestination, analyzeToken)
-}
-
-func CheckIfModelReady(analyzeDestination string, analyzeModel string, analyzeToken string) bool {
+func CheckIfModelReady(analyzeDestination string, analyzeModel string, analyzeToken string, guestMode bool) bool {
 	statusUrl, _ := url.Parse(fmt.Sprintf("https://trcc.%s/models/%s/status", analyzeDestination, analyzeModel))
+
+	authHeader := getAuthHeader(guestMode)
 	req := &http.Request{
 		Method: http.MethodGet,
 		URL:    statusUrl,
 		Header: map[string][]string{
 			"Content-Type": {"application/json"},
-			"Guest-Auth":   {analyzeToken},
+			authHeader:     {analyzeToken},
 		},
 	}
 	statusResp, err := http.DefaultClient.Do(req)
@@ -81,17 +66,23 @@ func CheckIfModelReady(analyzeDestination string, analyzeModel string, analyzeTo
 	return target.LastMajorGeneration > 0
 }
 
+func getAuthHeader(guestMode bool) string {
+	if guestMode {
+		return "Guest-Auth"
+	}
+
+	return "Authorization"
+}
+
 func GetTrafficDumpUrl(analyzeDestination string, analyzeModel string) *url.URL {
 	strUrl := fmt.Sprintf("https://traffic.%s/dumpTrafficBulk/%s", analyzeDestination, analyzeModel)
-	if strings.HasPrefix(analyzeDestination, "http") {
-		strUrl = fmt.Sprintf("%s/api/workspace/dumpTrafficBulk", analyzeDestination)
-	}
 	postUrl, _ := url.Parse(strUrl)
 	return postUrl
 }
 
 type AnalyzeInformation struct {
 	IsAnalyzing        bool
+	GuestMode          bool
 	SentCount          int
 	AnalyzedModel      string
 	AnalyzeToken       string
@@ -100,6 +91,7 @@ type AnalyzeInformation struct {
 
 func (info *AnalyzeInformation) Reset() {
 	info.IsAnalyzing = false
+	info.GuestMode = true
 	info.AnalyzedModel = ""
 	info.AnalyzeToken = ""
 	info.AnalyzeDestination = ""
@@ -111,26 +103,114 @@ var analyzeInformation = &AnalyzeInformation{}
 func GetAnalyzeInfo() *shared.AnalyzeStatus {
 	return &shared.AnalyzeStatus{
 		IsAnalyzing:   analyzeInformation.IsAnalyzing,
-		RemoteUrl:     GetRemoteUrl(analyzeInformation.AnalyzeDestination, analyzeInformation.AnalyzeToken),
-		IsRemoteReady: CheckIfModelReady(analyzeInformation.AnalyzeDestination, analyzeInformation.AnalyzedModel, analyzeInformation.AnalyzeToken),
+		RemoteUrl:     GetRemoteUrl(analyzeInformation.AnalyzeDestination, analyzeInformation.AnalyzedModel, analyzeInformation.AnalyzeToken, analyzeInformation.GuestMode),
+		IsRemoteReady: CheckIfModelReady(analyzeInformation.AnalyzeDestination, analyzeInformation.AnalyzedModel, analyzeInformation.AnalyzeToken, analyzeInformation.GuestMode),
 		SentCount:     analyzeInformation.SentCount,
 	}
 }
 
-func UploadEntriesImpl(token string, model string, envPrefix string, sleepIntervalSec int) {
+func SyncEntries(syncEntriesConfig *shared.SyncEntriesConfig) error {
+	logger.Log.Infof("Sync entries - started\n")
+
+	var (
+		token, model string
+		guestMode    bool
+	)
+	if syncEntriesConfig.Token == "" {
+		logger.Log.Infof("Sync entries - creating anonymous token. env %s\n", syncEntriesConfig.Env)
+		guestToken, err := createAnonymousToken(syncEntriesConfig.Env)
+		if err != nil {
+			return fmt.Errorf("failed creating anonymous token, err: %v", err)
+		}
+
+		token = guestToken.Token
+		model = guestToken.Model
+		guestMode = true
+	} else {
+		token = fmt.Sprintf("bearer %s", syncEntriesConfig.Token)
+		model = syncEntriesConfig.Workspace
+		guestMode = false
+
+		logger.Log.Infof("Sync entries - upserting model. env %s, model %s\n", syncEntriesConfig.Env, model)
+		if err := upsertModel(token, model, syncEntriesConfig.Env); err != nil {
+			return fmt.Errorf("failed upserting model, err: %v", err)
+		}
+	}
+
+	modelRegex, _ := regexp.Compile("[A-Za-z0-9][-A-Za-z0-9_.]*[A-Za-z0-9]+$")
+	if len(model) > 63 || !modelRegex.MatchString(model) {
+		return fmt.Errorf("invalid model name, model name: %s", model)
+	}
+
+	logger.Log.Infof("Sync entries - syncing. token: %s, model: %s, guest mode: %v\n", token, model, guestMode)
+	go syncEntriesImpl(token, model, syncEntriesConfig.Env, syncEntriesConfig.UploadIntervalSec, guestMode)
+
+	return nil
+}
+
+func upsertModel(token string, model string, envPrefix string) error {
+	upsertModelUrl, _ := url.Parse(fmt.Sprintf("https://trcc.%s/models/%s", envPrefix, model))
+
+	authHeader := getAuthHeader(false)
+	req := &http.Request{
+		Method: http.MethodPost,
+		URL:    upsertModelUrl,
+		Header: map[string][]string{
+			authHeader: {token},
+		},
+	}
+
+	response, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("failed request to upsert model, err: %v", err)
+	}
+
+	// In case the model is not created (not 201) and doesn't exists (not 409)
+	if response.StatusCode != 201 && response.StatusCode != 409 {
+		return fmt.Errorf("failed request to upsert model, status code: %v", response.StatusCode)
+	}
+
+	return nil
+}
+
+func createAnonymousToken(envPrefix string) (*GuestToken, error) {
+	tokenUrl := fmt.Sprintf("https://trcc.%s/anonymous/token", envPrefix)
+	if strings.HasPrefix(envPrefix, "http") {
+		tokenUrl = fmt.Sprintf("%s/api/token", envPrefix)
+	}
+	token := &GuestToken{}
+	if err := getGuestToken(tokenUrl, token); err != nil {
+		logger.Log.Infof("Failed to get token, %s", err)
+		return nil, err
+	}
+	return token, nil
+}
+
+func getGuestToken(url string, target *GuestToken) error {
+	resp, err := http.Get(url)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	logger.Log.Infof("Got token from the server, starting to json decode... status code: %v", resp.StatusCode)
+	return json.NewDecoder(resp.Body).Decode(target)
+}
+
+func syncEntriesImpl(token string, model string, envPrefix string, uploadIntervalSec int, guestMode bool) {
 	analyzeInformation.IsAnalyzing = true
+	analyzeInformation.GuestMode = guestMode
 	analyzeInformation.AnalyzedModel = model
 	analyzeInformation.AnalyzeToken = token
 	analyzeInformation.AnalyzeDestination = envPrefix
 	analyzeInformation.SentCount = 0
 
-	sleepTime := time.Second * time.Duration(sleepIntervalSec)
+	sleepTime := time.Second * time.Duration(uploadIntervalSec)
 
 	var timestampFrom int64 = 0
 
 	for {
 		timestampTo := time.Now().UnixNano() / int64(time.Millisecond)
-		rlog.Infof("Getting entries from %v, to %v\n", timestampFrom, timestampTo)
+		logger.Log.Infof("Getting entries from %v, to %v\n", timestampFrom, timestampTo)
 		protocolFilter := "http"
 		entriesArray := database.GetEntriesFromDb(timestampFrom, timestampTo, &protocolFilter)
 
@@ -152,16 +232,22 @@ func UploadEntriesImpl(token string, model string, envPrefix string, sleepInterv
 					harEntry.Request.Headers = append(harEntry.Request.Headers, har.Header{Name: "x-mizu-destination", Value: data.ResolvedDestination})
 					harEntry.Request.URL = utils.SetHostname(harEntry.Request.URL, data.ResolvedDestination)
 				}
+
+				// go's default marshal behavior is to encode []byte fields to base64, python's default unmarshal behavior is to not decode []byte fields from base64
+				if harEntry.Response.Content.Text, err = base64.StdEncoding.DecodeString(string(harEntry.Response.Content.Text)); err != nil {
+					continue
+				}
+
 				result = append(result, *harEntry)
 			}
 
-			rlog.Infof("About to upload %v entries\n", len(result))
+			logger.Log.Infof("About to upload %v entries\n", len(result))
 
 			body, jMarshalErr := json.Marshal(result)
 			if jMarshalErr != nil {
 				analyzeInformation.Reset()
-				rlog.Infof("Stopping analyzing")
-				log.Fatal(jMarshalErr)
+				logger.Log.Infof("Stopping sync entries")
+				logger.Log.Fatal(jMarshalErr)
 			}
 
 			var in bytes.Buffer
@@ -170,30 +256,31 @@ func UploadEntriesImpl(token string, model string, envPrefix string, sleepInterv
 			_ = w.Close()
 			reqBody := ioutil.NopCloser(bytes.NewReader(in.Bytes()))
 
+			authHeader := getAuthHeader(guestMode)
 			req := &http.Request{
 				Method: http.MethodPost,
 				URL:    GetTrafficDumpUrl(envPrefix, model),
 				Header: map[string][]string{
 					"Content-Encoding": {"deflate"},
 					"Content-Type":     {"application/octet-stream"},
-					"Guest-Auth":       {token},
+					authHeader:         {token},
 				},
 				Body: reqBody,
 			}
 
 			if _, postErr := http.DefaultClient.Do(req); postErr != nil {
 				analyzeInformation.Reset()
-				rlog.Info("Stopping analyzing")
-				log.Fatal(postErr)
+				logger.Log.Info("Stopping sync entries")
+				logger.Log.Fatal(postErr)
 			}
 			analyzeInformation.SentCount += len(entriesArray)
-			rlog.Infof("Finish uploading %v entries to %s\n", len(entriesArray), GetTrafficDumpUrl(envPrefix, model))
+			logger.Log.Infof("Finish uploading %v entries to %s\n", len(entriesArray), GetTrafficDumpUrl(envPrefix, model))
 
 		} else {
-			rlog.Infof("Nothing to upload")
+			logger.Log.Infof("Nothing to upload")
 		}
 
-		rlog.Infof("Sleeping for %v...\n", sleepTime)
+		logger.Log.Infof("Sleeping for %v...\n", sleepTime)
 		time.Sleep(sleepTime)
 		timestampFrom = timestampTo
 	}

agent/pkg/utils/har.go

@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"github.com/google/martian/har"
-	"github.com/romana/rlog"
-	"github.com/up9inc/mizu/tap/api"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/google/martian/har"
+	"github.com/up9inc/mizu/shared/logger"
+	"github.com/up9inc/mizu/tap/api"
 )
 
 // Keep it because we might want cookies in the future
@@ -203,7 +204,7 @@ func NewResponse(response *api.GenericMessage) (harResponse *har.Response, err e
 	if strings.HasPrefix(mimeType.(string), "application/grpc") {
 		status, err = strconv.Atoi(_status)
 		if err != nil {
-			rlog.Errorf("Failed converting status to int %s (%v,%+v)", err, err, err)
+			logger.Log.Errorf("Failed converting status to int %s (%v,%+v)", err, err, err)
 			return nil, errors.New("failed converting response status to int for HAR")
 		}
 	}
@@ -224,13 +225,13 @@ func NewResponse(response *api.GenericMessage) (harResponse *har.Response, err e
 func NewEntry(pair *api.RequestResponsePair) (*har.Entry, error) {
 	harRequest, err := NewRequest(&pair.Request)
 	if err != nil {
-		rlog.Errorf("Failed converting request to HAR %s (%v,%+v)", err, err, err)
+		logger.Log.Errorf("Failed converting request to HAR %s (%v,%+v)", err, err, err)
 		return nil, errors.New("failed converting request to HAR")
 	}
 
 	harResponse, err := NewResponse(&pair.Response)
 	if err != nil {
-		rlog.Errorf("Failed converting response to HAR %s (%v,%+v)", err, err, err)
+		logger.Log.Errorf("Failed converting response to HAR %s (%v,%+v)", err, err, err)
 		return nil, errors.New("failed converting response to HAR")
 	}
 

agent/pkg/utils/socket_client.go

@@ -1,38 +0,0 @@
-package utils
-
-import (
-	"github.com/gorilla/websocket"
-	"github.com/romana/rlog"
-	"time"
-)
-
-const (
-	DEFAULT_SOCKET_RETRIES          = 3
-	DEFAULT_SOCKET_RETRY_SLEEP_TIME = time.Second * 10
-)
-
-func ConnectToSocketServer(address string) (*websocket.Conn, error) {
-	var err error
-	var connection *websocket.Conn
-	try := 0
-
-	// Connection to server fails if client pod is up before server.
-	// Retries solve this issue.
-	for try < DEFAULT_SOCKET_RETRIES {
-		rlog.Infof("Trying to connect to websocket: %s, attempt: %v/%v", address, try, DEFAULT_SOCKET_RETRIES)
-		connection, _, err = websocket.DefaultDialer.Dial(address, nil)
-		if err != nil {
-			rlog.Warnf("Failed connecting to websocket: %s, attempt: %v/%v, err: %s, (%v,%+v)", address, try, DEFAULT_SOCKET_RETRIES, err, err, err)
-			try++
-		} else {
-			break
-		}
-		time.Sleep(DEFAULT_SOCKET_RETRY_SLEEP_TIME)
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	return connection, nil
-}

agent/pkg/utils/truncating_logger.go

@@ -3,10 +3,11 @@ package utils
 import (
 	"context"
 	"fmt"
-	"github.com/romana/rlog"
+	"time"
+
+	loggerShared "github.com/up9inc/mizu/shared/logger"
 	"gorm.io/gorm/logger"
 	"gorm.io/gorm/utils"
-	"time"
 )
 
 // TruncatingLogger implements the gorm logger.Interface interface. Its purpose is to act as gorm's logger while truncating logs to a max of 50 characters to minimise the performance impact
@@ -24,21 +25,21 @@ func (truncatingLogger *TruncatingLogger) Info(_ context.Context, message string
 	if truncatingLogger.LogLevel < logger.Info {
 		return
 	}
-	rlog.Errorf("gorm info: %.150s", message)
+	loggerShared.Log.Errorf("gorm info: %.150s", message)
 }
 
 func (truncatingLogger *TruncatingLogger) Warn(_ context.Context, message string, __ ...interface{}) {
 	if truncatingLogger.LogLevel < logger.Warn {
 		return
 	}
-	rlog.Errorf("gorm warning: %.150s", message)
+	loggerShared.Log.Errorf("gorm warning: %.150s", message)
 }
 
 func (truncatingLogger *TruncatingLogger) Error(_ context.Context, message string, __ ...interface{}) {
 	if truncatingLogger.LogLevel < logger.Error {
 		return
 	}
-	rlog.Errorf("gorm error: %.150s", message)
+	loggerShared.Log.Errorf("gorm error: %.150s", message)
 }
 
 func (truncatingLogger *TruncatingLogger) Trace(ctx context.Context, begin time.Time, fc func() (string, int64), err error) {

agent/pkg/utils/utils.go

@@ -2,8 +2,7 @@ package utils
 
 import (
 	"context"
-	"github.com/gin-gonic/gin"
-	"github.com/romana/rlog"
+	"fmt"
 	"net/http"
 	"net/url"
 	"os"
@@ -11,6 +10,10 @@ import (
 	"reflect"
 	"syscall"
 	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 // StartServer starts the server with a graceful shutdown
@@ -28,16 +31,16 @@ func StartServer(app *gin.Engine) {
 
 	go func() {
 		_ = <-signals
-		rlog.Infof("Shutting down...")
+		logger.Log.Infof("Shutting down...")
 		ctx, _ := context.WithTimeout(context.Background(), 5*time.Second)
 		_ = srv.Shutdown(ctx)
 		os.Exit(0)
 	}()
 
 	// Run server.
-	rlog.Infof("Starting the server...")
-	if err := app.Run(":8899"); err != nil {
-		rlog.Errorf("Server is not running! Reason: %v", err)
+	logger.Log.Infof("Starting the server...")
+	if err := app.Run(fmt.Sprintf(":%d", shared.DefaultApiServerPort)); err != nil {
+		logger.Log.Errorf("Server is not running! Reason: %v", err)
 	}
 }
 
@@ -54,14 +57,14 @@ func ReverseSlice(data interface{}) {
 
 func CheckErr(e error) {
 	if e != nil {
-		rlog.Errorf("%v", e)
+		logger.Log.Errorf("%v", e)
 	}
 }
 
 func SetHostname(address, newHostname string) string {
 	replacedUrl, err := url.Parse(address)
 	if err != nil {
-		rlog.Errorf("error replacing hostname to %s in address %s, returning original %v", newHostname, address, err)
+		logger.Log.Errorf("error replacing hostname to %s in address %s, returning original %v", newHostname, address, err)
 		return address
 	}
 	replacedUrl.Host = newHostname

cli/apiserver/provider.go

@@ -4,15 +4,15 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/up9inc/mizu/cli/config"
-	"github.com/up9inc/mizu/cli/logger"
-	"github.com/up9inc/mizu/cli/uiUtils"
-	"github.com/up9inc/mizu/shared"
 	"io/ioutil"
-	core "k8s.io/api/core/v1"
 	"net/http"
 	"net/url"
 	"time"
+
+	"github.com/up9inc/mizu/cli/config"
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
+	core "k8s.io/api/core/v1"
 )
 
 type apiServerProvider struct {
@@ -82,32 +82,11 @@ func (provider *apiServerProvider) ReportTappedPods(pods []core.Pod) error {
 	}
 }
 
-func (provider *apiServerProvider) RequestAnalysis(analysisDestination string, sleepIntervalSec int) error {
-	if !provider.isReady {
-		return fmt.Errorf("trying to reach api server when not initialized yet")
-	}
-	urlPath := fmt.Sprintf("%s/api/uploadEntries?dest=%s&interval=%v", provider.url, url.QueryEscape(analysisDestination), sleepIntervalSec)
-	u, parseErr := url.ParseRequestURI(urlPath)
-	if parseErr != nil {
-		logger.Log.Fatal("Failed parsing the URL (consider changing the analysis dest URL), err: %v", parseErr)
-	}
-
-	logger.Log.Debugf("Analysis url %v", u.String())
-	if response, requestErr := http.Get(u.String()); requestErr != nil {
-		return fmt.Errorf("failed to notify agent for analysis, err: %w", requestErr)
-	} else if response.StatusCode != 200 {
-		return fmt.Errorf("failed to notify agent for analysis, status code: %v", response.StatusCode)
-	} else {
-		logger.Log.Infof(uiUtils.Purple, "Traffic is uploading to UP9 for further analysis")
-		return nil
-	}
-}
-
 func (provider *apiServerProvider) GetGeneralStats() (map[string]interface{}, error) {
 	if !provider.isReady {
 		return nil, fmt.Errorf("trying to reach api server when not initialized yet")
 	}
-	generalStatsUrl := fmt.Sprintf("%s/api/generalStats", provider.url)
+	generalStatsUrl := fmt.Sprintf("%s/status/general", provider.url)
 
 	response, requestErr := http.Get(generalStatsUrl)
 	if requestErr != nil {
@@ -130,7 +109,6 @@ func (provider *apiServerProvider) GetGeneralStats() (map[string]interface{}, er
 	return generalStats, nil
 }
 
-
 func (provider *apiServerProvider) GetVersion() (string, error) {
 	if !provider.isReady {
 		return "", fmt.Errorf("trying to reach api server when not initialized yet")

cli/auth/authProvider.go

@@ -0,0 +1,159 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/up9inc/mizu/cli/config"
+	"github.com/up9inc/mizu/cli/config/configStructs"
+	"github.com/up9inc/mizu/cli/uiUtils"
+	"github.com/up9inc/mizu/shared/logger"
+	"golang.org/x/oauth2"
+)
+
+const loginTimeoutInMin = 2
+
+// Ports are configured in keycloak "cli" client as valid redirect URIs. A change here must be reflected there as well.
+var listenPorts = []int{3141, 4001, 5002, 6003, 7004, 8005, 9006, 10007}
+
+func Login() error {
+	token, loginErr := loginInteractively()
+	if loginErr != nil {
+		return fmt.Errorf("failed login interactively, err: %v", loginErr)
+	}
+
+	authConfig := configStructs.AuthConfig{
+		EnvName: config.Config.Auth.EnvName,
+		Token:   token.AccessToken,
+	}
+
+	configFile, defaultConfigErr := config.GetConfigWithDefaults()
+	if defaultConfigErr != nil {
+		return fmt.Errorf("failed getting config with defaults, err: %v", defaultConfigErr)
+	}
+
+	if err := config.LoadConfigFile(config.Config.ConfigFilePath, configFile); err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("failed getting config file, err: %v", err)
+	}
+
+	configFile.Auth = authConfig
+
+	if err := config.WriteConfig(configFile); err != nil {
+		return fmt.Errorf("failed writing config with auth, err: %v", err)
+	}
+
+	config.Config.Auth = authConfig
+
+	logger.Log.Infof("Login successfully, token stored in config path: %s", fmt.Sprintf(uiUtils.Purple, config.Config.ConfigFilePath))
+	return nil
+}
+
+func loginInteractively() (*oauth2.Token, error) {
+	tokenChannel := make(chan *oauth2.Token)
+	errorChannel := make(chan error)
+
+	server := http.Server{}
+	go startLoginServer(tokenChannel, errorChannel, &server)
+
+	defer func() {
+		if err := server.Shutdown(context.Background()); err != nil {
+			logger.Log.Debugf("Error shutting down server, err: %v", err)
+		}
+	}()
+
+	select {
+	case <-time.After(loginTimeoutInMin * time.Minute):
+		return nil, errors.New("auth timed out")
+	case err := <-errorChannel:
+		return nil, err
+	case token := <-tokenChannel:
+		return token, nil
+	}
+}
+
+func startLoginServer(tokenChannel chan *oauth2.Token, errorChannel chan error, server *http.Server) {
+	for _, port := range listenPorts {
+		var authConfig = &oauth2.Config{
+			ClientID:    "cli",
+			RedirectURL: fmt.Sprintf("http://localhost:%v/callback", port),
+			Endpoint: oauth2.Endpoint{
+				AuthURL:  fmt.Sprintf("https://auth.%s/auth/realms/testr/protocol/openid-connect/auth", config.Config.Auth.EnvName),
+				TokenURL: fmt.Sprintf("https://auth.%s/auth/realms/testr/protocol/openid-connect/token", config.Config.Auth.EnvName),
+			},
+		}
+
+		state := uuid.New()
+
+		mux := http.NewServeMux()
+		server.Handler = mux
+		mux.Handle("/callback", loginCallbackHandler(tokenChannel, errorChannel, authConfig, state))
+
+		listener, listenErr := net.Listen("tcp", fmt.Sprintf("%s:%d", "127.0.0.1", port))
+		if listenErr != nil {
+			logger.Log.Debugf("failed to start listening on port %v, err: %v", port, listenErr)
+			continue
+		}
+
+		authorizationUrl := authConfig.AuthCodeURL(state.String())
+		uiUtils.OpenBrowser(authorizationUrl)
+
+		serveErr := server.Serve(listener)
+		if serveErr == http.ErrServerClosed {
+			logger.Log.Debugf("received server shutdown, server on port %v is closed", port)
+			return
+		} else if serveErr != nil {
+			logger.Log.Debugf("failed to start serving on port %v, err: %v", port, serveErr)
+			continue
+		}
+
+		logger.Log.Debugf("didn't receive server closed on port %v", port)
+		return
+	}
+
+	errorChannel <- fmt.Errorf("failed to start serving on all listen ports, ports: %v", listenPorts)
+}
+
+func loginCallbackHandler(tokenChannel chan *oauth2.Token, errorChannel chan error, authConfig *oauth2.Config, state uuid.UUID) http.Handler {
+	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		if err := request.ParseForm(); err != nil {
+			errorMsg := fmt.Sprintf("failed to parse form, err: %v", err)
+			http.Error(writer, errorMsg, http.StatusBadRequest)
+			errorChannel <- fmt.Errorf(errorMsg)
+			return
+		}
+
+		requestState := request.Form.Get("state")
+		if requestState != state.String() {
+			errorMsg := fmt.Sprintf("state invalid, requestState: %v, authState:%v", requestState, state.String())
+			http.Error(writer, errorMsg, http.StatusBadRequest)
+			errorChannel <- fmt.Errorf(errorMsg)
+			return
+		}
+
+		code := request.Form.Get("code")
+		if code == "" {
+			errorMsg := "code not found"
+			http.Error(writer, errorMsg, http.StatusBadRequest)
+			errorChannel <- fmt.Errorf(errorMsg)
+			return
+		}
+
+		token, err := authConfig.Exchange(context.Background(), code)
+		if err != nil {
+			errorMsg := fmt.Sprintf("failed to create token, err: %v", err)
+			http.Error(writer, errorMsg, http.StatusInternalServerError)
+			errorChannel <- fmt.Errorf(errorMsg)
+			return
+		}
+
+		tokenChannel <- token
+
+		http.Redirect(writer, request, fmt.Sprintf("https://%s/CliLogin", config.Config.Auth.EnvName), http.StatusFound)
+	})
+}

cli/cmd/common.go

@@ -4,18 +4,16 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"os/exec"
 	"os/signal"
-	"runtime"
 	"syscall"
 
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/config/configStructs"
 	"github.com/up9inc/mizu/cli/errormessage"
 	"github.com/up9inc/mizu/cli/kubernetes"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
 	"github.com/up9inc/mizu/cli/uiUtils"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func GetApiServerUrl() string {
@@ -48,22 +46,3 @@ func waitForFinish(ctx context.Context, cancel context.CancelFunc) {
 		cancel()
 	}
 }
-
-func openBrowser(url string) {
-	var err error
-
-	switch runtime.GOOS {
-	case "linux":
-		err = exec.Command("xdg-open", url).Start()
-	case "windows":
-		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
-	case "darwin":
-		err = exec.Command("open", url).Start()
-	default:
-		err = fmt.Errorf("unsupported platform")
-	}
-
-	if err != nil {
-		logger.Log.Errorf("error while opening browser, %v", err)
-	}
-}

cli/cmd/config.go

@@ -2,14 +2,14 @@ package cmd
 
 import (
 	"fmt"
+
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/config/configStructs"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/telemetry"
 	"github.com/up9inc/mizu/cli/uiUtils"
-	"io/ioutil"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 var configCmd = &cobra.Command{
@@ -18,22 +18,30 @@ var configCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		go telemetry.ReportRun("config", config.Config.Config)
 
-		template, err := config.GetConfigWithDefaults()
+		configWithDefaults, err := config.GetConfigWithDefaults()
 		if err != nil {
-			logger.Log.Errorf("Failed generating config with defaults %v", err)
+			logger.Log.Errorf("Failed generating config with defaults, err: %v", err)
 			return nil
 		}
+
 		if config.Config.Config.Regenerate {
-			data := []byte(template)
-			if err := ioutil.WriteFile(config.Config.ConfigFilePath, data, 0644); err != nil {
-				logger.Log.Errorf("Failed writing config %v", err)
+			if err := config.WriteConfig(configWithDefaults); err != nil {
+				logger.Log.Errorf("Failed writing config with defaults, err: %v", err)
 				return nil
 			}
+
 			logger.Log.Infof(fmt.Sprintf("Template File written to %s", fmt.Sprintf(uiUtils.Purple, config.Config.ConfigFilePath)))
 		} else {
+			template, err := uiUtils.PrettyYaml(configWithDefaults)
+			if err != nil {
+				logger.Log.Errorf("Failed converting config with defaults to yaml, err: %v", err)
+				return nil
+			}
+
 			logger.Log.Debugf("Writing template config.\n%v", template)
 			fmt.Printf("%v", template)
 		}
+
 		return nil
 	},
 }

cli/cmd/logs.go

@@ -2,15 +2,16 @@ package cmd
 
 import (
 	"context"
+
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/config/configStructs"
 	"github.com/up9inc/mizu/cli/errormessage"
 	"github.com/up9inc/mizu/cli/kubernetes"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu/fsUtils"
 	"github.com/up9inc/mizu/cli/telemetry"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 var logsCmd = &cobra.Command{
@@ -32,7 +33,7 @@ var logsCmd = &cobra.Command{
 
 		logger.Log.Debugf("Using file path %s", config.Config.Logs.FilePath())
 
-		if dumpLogsErr := fsUtils.DumpLogs(kubernetesProvider, ctx, config.Config.Logs.FilePath()); dumpLogsErr != nil {
+		if dumpLogsErr := fsUtils.DumpLogs(ctx, kubernetesProvider, config.Config.Logs.FilePath()); dumpLogsErr != nil {
 			logger.Log.Errorf("Failed dump logs %v", dumpLogsErr)
 		}
 

cli/cmd/root.go

@@ -2,15 +2,16 @@ package cmd
 
 import (
 	"fmt"
+	"time"
+
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
 	"github.com/up9inc/mizu/cli/config"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
 	"github.com/up9inc/mizu/cli/mizu/fsUtils"
 	"github.com/up9inc/mizu/cli/mizu/version"
 	"github.com/up9inc/mizu/cli/uiUtils"
-	"time"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 var rootCmd = &cobra.Command{
@@ -50,7 +51,7 @@ func Execute() {
 	if err := fsUtils.EnsureDir(mizu.GetMizuFolderPath()); err != nil {
 		logger.Log.Errorf("Failed to use mizu folder, %v", err)
 	}
-	logger.InitLogger()
+	logger.InitLogger(fsUtils.GetLogFilePath())
 
 	versionChan := make(chan string)
 	defer printNewVersionIfNeeded(versionChan)

cli/cmd/tap.go

@@ -5,18 +5,19 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/up9inc/mizu/cli/config"
-	"github.com/up9inc/mizu/cli/config/configStructs"
-	"github.com/up9inc/mizu/cli/logger"
-	"github.com/up9inc/mizu/cli/telemetry"
-
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
+	"github.com/up9inc/mizu/cli/auth"
+	"github.com/up9inc/mizu/cli/config"
+	"github.com/up9inc/mizu/cli/config/configStructs"
 	"github.com/up9inc/mizu/cli/errormessage"
+	"github.com/up9inc/mizu/cli/telemetry"
 	"github.com/up9inc/mizu/cli/uiUtils"
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
-const analysisMessageToConfirm = `NOTE: running mizu with --analysis flag will upload recorded traffic for further analysis and enriched presentation options.`
+const uploadTrafficMessageToConfirm = `NOTE: running mizu with --%s flag will upload recorded traffic for further analysis and enriched presentation options.`
 
 var tapCmd = &cobra.Command{
 	Use:   "tap [POD REGEX]",
@@ -39,20 +40,52 @@ Supported protocols are HTTP and gRPC.`,
 			return errormessage.FormatError(err)
 		}
 
-		logger.Log.Infof("Mizu will store up to %s of traffic, old traffic will be cleared once the limit is reached.", config.Config.Tap.HumanMaxEntriesDBSize)
+		if config.Config.Tap.Workspace != "" {
+			askConfirmation(configStructs.WorkspaceTapName)
 
-		if config.Config.Tap.Analysis {
-			logger.Log.Infof(analysisMessageToConfirm)
-			if !uiUtils.AskForConfirmation("Would you like to proceed [Y/n]: ") {
-				logger.Log.Infof("You can always run mizu without analysis, aborting")
-				os.Exit(0)
+			if config.Config.Auth.Token == "" {
+				logger.Log.Infof("This action requires authentication, please log in to continue")
+				if err := auth.Login(); err != nil {
+					logger.Log.Errorf("failed to log in, err: %v", err)
+					return nil
+				}
+			} else {
+				tokenExpired, err := shared.IsTokenExpired(config.Config.Auth.Token)
+				if err != nil {
+					logger.Log.Errorf("failed to check if token is expired, err: %v", err)
+					return nil
+				}
+
+				if tokenExpired {
+					logger.Log.Infof("Token expired, please log in again to continue")
+					if err := auth.Login(); err != nil {
+						logger.Log.Errorf("failed to log in, err: %v", err)
+						return nil
+					}
+				}
 			}
 		}
 
+		if config.Config.Tap.Analysis {
+			askConfirmation(configStructs.AnalysisTapName)
+
+			config.Config.Auth.Token = ""
+		}
+
+		logger.Log.Infof("Mizu will store up to %s of traffic, old traffic will be cleared once the limit is reached.", config.Config.Tap.HumanMaxEntriesDBSize)
+
 		return nil
 	},
 }
 
+func askConfirmation(flagName string) {
+	logger.Log.Infof(fmt.Sprintf(uploadTrafficMessageToConfirm, flagName))
+	if !uiUtils.AskForConfirmation("Would you like to proceed [Y/n]: ") {
+		logger.Log.Infof("You can always run mizu without %s, aborting", flagName)
+		os.Exit(0)
+	}
+}
+
 func init() {
 	rootCmd.AddCommand(tapCmd)
 
@@ -67,8 +100,7 @@ func init() {
 	tapCmd.Flags().Bool(configStructs.DisableRedactionTapName, defaultTapConfig.DisableRedaction, "Disables redaction of potentially sensitive request/response headers and body values")
 	tapCmd.Flags().String(configStructs.HumanMaxEntriesDBSizeTapName, defaultTapConfig.HumanMaxEntriesDBSize, "Override the default max entries db size")
 	tapCmd.Flags().Bool(configStructs.DryRunTapName, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
+	tapCmd.Flags().StringP(configStructs.WorkspaceTapName, "w", defaultTapConfig.Workspace, "Uploads traffic to your UP9 workspace for further analysis (requires auth)")
 	tapCmd.Flags().String(configStructs.EnforcePolicyFile, defaultTapConfig.EnforcePolicyFile, "Yaml file path with policy rules")
-
-	tapCmd.Flags().String(configStructs.EnforcePolicyFileDeprecated, defaultTapConfig.EnforcePolicyFileDeprecated, "Yaml file with policy rules")
-	tapCmd.Flags().MarkDeprecated(configStructs.EnforcePolicyFileDeprecated, fmt.Sprintf("Use --%s instead", configStructs.EnforcePolicyFile))
+	tapCmd.Flags().String(configStructs.ContractFile, defaultTapConfig.ContractFile, "OAS/Swagger file to validate to monitor the contracts")
 }

cli/cmd/tapRunner.go

@@ -3,17 +3,23 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"io/ioutil"
 	"path"
 	"regexp"
 	"strings"
 	"time"
 
+	"gopkg.in/yaml.v3"
+	core "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+
+	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/up9inc/mizu/cli/apiserver"
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/config/configStructs"
 	"github.com/up9inc/mizu/cli/errormessage"
+
 	"github.com/up9inc/mizu/cli/kubernetes"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
 	"github.com/up9inc/mizu/cli/mizu/fsUtils"
 	"github.com/up9inc/mizu/cli/mizu/goUtils"
@@ -21,10 +27,8 @@ import (
 	"github.com/up9inc/mizu/cli/uiUtils"
 	"github.com/up9inc/mizu/shared"
 	"github.com/up9inc/mizu/shared/debounce"
+	"github.com/up9inc/mizu/shared/logger"
 	"github.com/up9inc/mizu/tap/api"
-	yaml "gopkg.in/yaml.v3"
-	core "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
 )
 
 const (
@@ -36,7 +40,6 @@ type tapState struct {
 	apiServerService         *core.Service
 	currentlyTappedPods      []core.Pod
 	mizuServiceAccountExists bool
-	doNotRemoveConfigMap     bool
 }
 
 var state tapState
@@ -49,21 +52,38 @@ func RunMizuTap() {
 	}
 
 	var mizuValidationRules string
-	if config.Config.Tap.EnforcePolicyFile != "" || config.Config.Tap.EnforcePolicyFileDeprecated != "" {
-		var trafficValidation string
-		if config.Config.Tap.EnforcePolicyFile != "" {
-			trafficValidation = config.Config.Tap.EnforcePolicyFile
-		} else {
-			trafficValidation = config.Config.Tap.EnforcePolicyFileDeprecated
-		}
-
-		mizuValidationRules, err = readValidationRules(trafficValidation)
+	if config.Config.Tap.EnforcePolicyFile != "" {
+		mizuValidationRules, err = readValidationRules(config.Config.Tap.EnforcePolicyFile)
 		if err != nil {
 			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error reading policy file: %v", errormessage.FormatError(err)))
 			return
 		}
 	}
 
+	// Read and validate the OAS file
+	var contract string
+	if config.Config.Tap.ContractFile != "" {
+		bytes, err := ioutil.ReadFile(config.Config.Tap.ContractFile)
+		if err != nil {
+			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error reading contract file: %v", errormessage.FormatError(err)))
+			return
+		}
+		contract = string(bytes)
+
+		ctx := context.Background()
+		loader := &openapi3.Loader{Context: ctx}
+		doc, err := loader.LoadFromData(bytes)
+		if err != nil {
+			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error loading contract file: %v", errormessage.FormatError(err)))
+			return
+		}
+		err = doc.Validate(ctx)
+		if err != nil {
+			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error validating contract file: %v", errormessage.FormatError(err)))
+			return
+		}
+	}
+
 	kubernetesProvider, err := kubernetes.NewProvider(config.Config.KubeConfigPath())
 	if err != nil {
 		logger.Log.Error(err)
@@ -76,7 +96,7 @@ func RunMizuTap() {
 	targetNamespaces := getNamespaces(kubernetesProvider)
 
 	if config.Config.IsNsRestrictedMode() {
-		if len(targetNamespaces) != 1 || !mizu.Contains(targetNamespaces, config.Config.MizuResourcesNamespace) {
+		if len(targetNamespaces) != 1 || !shared.Contains(targetNamespaces, config.Config.MizuResourcesNamespace) {
 			logger.Log.Errorf("Not supported mode. Mizu can't resolve IPs in other namespaces when running in namespace restricted mode.\n"+
 				"You can use the same namespace for --%s and --%s", configStructs.NamespacesTapName, config.MizuResourcesNamespaceConfigName)
 			return
@@ -84,7 +104,7 @@ func RunMizuTap() {
 	}
 
 	var namespacesStr string
-	if !mizu.Contains(targetNamespaces, mizu.K8sAllNamespaces) {
+	if !shared.Contains(targetNamespaces, mizu.K8sAllNamespaces) {
 		namespacesStr = fmt.Sprintf("namespaces \"%s\"", strings.Join(targetNamespaces, "\", \""))
 	} else {
 		namespacesStr = "all namespaces"
@@ -99,7 +119,7 @@ func RunMizuTap() {
 
 	if len(state.currentlyTappedPods) == 0 {
 		var suggestionStr string
-		if !mizu.Contains(targetNamespaces, mizu.K8sAllNamespaces) {
+		if !shared.Contains(targetNamespaces, mizu.K8sAllNamespaces) {
 			suggestionStr = ". Select a different namespace with -n or tap all namespaces with -A"
 		}
 		logger.Log.Warningf(uiUtils.Warning, fmt.Sprintf("Did not find any pods matching the regex argument%s", suggestionStr))
@@ -109,18 +129,17 @@ func RunMizuTap() {
 		return
 	}
 
-	nodeToTappedPodIPMap := getNodeHostToTappedPodIpsMap(state.currentlyTappedPods)
-
 	defer finishMizuExecution(kubernetesProvider)
-	if err := createMizuResources(ctx, kubernetesProvider, nodeToTappedPodIPMap, mizuApiFilteringOptions, mizuValidationRules); err != nil {
+	if err := createMizuResources(ctx, kubernetesProvider, mizuValidationRules, contract); err != nil {
 		logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error creating resources: %v", errormessage.FormatError(err)))
 		return
 	}
 
-	go goUtils.HandleExcWrapper(watchApiServerPod, ctx, kubernetesProvider, cancel)
+	go goUtils.HandleExcWrapper(watchApiServerPod, ctx, kubernetesProvider, cancel, mizuApiFilteringOptions)
+	go goUtils.HandleExcWrapper(watchTapperPod, ctx, kubernetesProvider, cancel)
 	go goUtils.HandleExcWrapper(watchPodsForTapping, ctx, kubernetesProvider, targetNamespaces, cancel, mizuApiFilteringOptions)
 
-	//block until exit signal or error
+	// block until exit signal or error
 	waitForFinish(ctx, cancel)
 }
 
@@ -133,33 +152,26 @@ func readValidationRules(file string) (string, error) {
 	return string(newContent), nil
 }
 
-func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, mizuApiFilteringOptions *api.TrafficFilteringOptions, mizuValidationRules string) error {
+func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, mizuValidationRules string, contract string) error {
 	if !config.Config.IsNsRestrictedMode() {
 		if err := createMizuNamespace(ctx, kubernetesProvider); err != nil {
 			return err
 		}
 	}
 
-	if err := createMizuApiServer(ctx, kubernetesProvider, mizuApiFilteringOptions); err != nil {
+	if err := createMizuApiServer(ctx, kubernetesProvider); err != nil {
 		return err
 	}
 
-	if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap, mizuApiFilteringOptions); err != nil {
-		return err
-	}
-
-	if err := createMizuConfigmap(ctx, kubernetesProvider, mizuValidationRules); err != nil {
+	if err := createMizuConfigmap(ctx, kubernetesProvider, mizuValidationRules, contract); err != nil {
 		logger.Log.Warningf(uiUtils.Warning, fmt.Sprintf("Failed to create resources required for policy validation. Mizu will not validate policy rules. error: %v\n", errormessage.FormatError(err)))
-		state.doNotRemoveConfigMap = true
-	} else if mizuValidationRules == "" {
-		state.doNotRemoveConfigMap = true
 	}
 
 	return nil
 }
 
-func createMizuConfigmap(ctx context.Context, kubernetesProvider *kubernetes.Provider, data string) error {
-	err := kubernetesProvider.CreateConfigMap(ctx, config.Config.MizuResourcesNamespace, mizu.ConfigMapName, data)
+func createMizuConfigmap(ctx context.Context, kubernetesProvider *kubernetes.Provider, data string, contract string) error {
+	err := kubernetesProvider.CreateConfigMap(ctx, config.Config.MizuResourcesNamespace, mizu.ConfigMapName, data, contract)
 	return err
 }
 
@@ -168,7 +180,7 @@ func createMizuNamespace(ctx context.Context, kubernetesProvider *kubernetes.Pro
 	return err
 }
 
-func createMizuApiServer(ctx context.Context, kubernetesProvider *kubernetes.Provider, mizuApiFilteringOptions *api.TrafficFilteringOptions) error {
+func createMizuApiServer(ctx context.Context, kubernetesProvider *kubernetes.Provider) error {
 	var err error
 
 	state.mizuServiceAccountExists, err = createRBACIfNecessary(ctx, kubernetesProvider)
@@ -184,15 +196,15 @@ func createMizuApiServer(ctx context.Context, kubernetesProvider *kubernetes.Pro
 	}
 
 	opts := &kubernetes.ApiServerOptions{
-		Namespace:               config.Config.MizuResourcesNamespace,
-		PodName:                 mizu.ApiServerPodName,
-		PodImage:                config.Config.AgentImage,
-		ServiceAccountName:      serviceAccountName,
-		IsNamespaceRestricted:   config.Config.IsNsRestrictedMode(),
-		MizuApiFilteringOptions: mizuApiFilteringOptions,
-		MaxEntriesDBSizeBytes:   config.Config.Tap.MaxEntriesDBSizeBytes(),
-		Resources:               config.Config.Tap.ApiServerResources,
-		ImagePullPolicy:         config.Config.ImagePullPolicy(),
+		Namespace:             config.Config.MizuResourcesNamespace,
+		PodName:               mizu.ApiServerPodName,
+		PodImage:              config.Config.AgentImage,
+		ServiceAccountName:    serviceAccountName,
+		IsNamespaceRestricted: config.Config.IsNsRestrictedMode(),
+		SyncEntriesConfig:     getSyncEntriesConfig(),
+		MaxEntriesDBSizeBytes: config.Config.Tap.MaxEntriesDBSizeBytes(),
+		Resources:             config.Config.Tap.ApiServerResources,
+		ImagePullPolicy:       config.Config.ImagePullPolicy(),
 	}
 	_, err = kubernetesProvider.CreateMizuApiServerPod(ctx, opts)
 	if err != nil {
@@ -224,13 +236,28 @@ func getMizuApiFilteringOptions() (*api.TrafficFilteringOptions, error) {
 	}
 
 	return &api.TrafficFilteringOptions{
-		PlainTextMaskingRegexes:      compiledRegexSlice,
-		HealthChecksUserAgentHeaders: config.Config.Tap.HealthChecksUserAgentHeaders,
-		DisableRedaction:             config.Config.Tap.DisableRedaction,
+		PlainTextMaskingRegexes: compiledRegexSlice,
+		IgnoredUserAgents:       config.Config.Tap.IgnoredUserAgents,
+		DisableRedaction:        config.Config.Tap.DisableRedaction,
 	}, nil
 }
 
-func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, mizuApiFilteringOptions *api.TrafficFilteringOptions) error {
+func getSyncEntriesConfig() *shared.SyncEntriesConfig {
+	if !config.Config.Tap.Analysis && config.Config.Tap.Workspace == "" {
+		return nil
+	}
+
+	return &shared.SyncEntriesConfig{
+		Token:             config.Config.Auth.Token,
+		Env:               config.Config.Auth.EnvName,
+		Workspace:         config.Config.Tap.Workspace,
+		UploadIntervalSec: config.Config.Tap.UploadIntervalSec,
+	}
+}
+
+func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, mizuApiFilteringOptions *api.TrafficFilteringOptions) error {
+	nodeToTappedPodIPMap := getNodeHostToTappedPodIpsMap(state.currentlyTappedPods)
+
 	if len(nodeToTappedPodIPMap) > 0 {
 		var serviceAccountName string
 		if state.mizuServiceAccountExists {
@@ -268,75 +295,108 @@ func finishMizuExecution(kubernetesProvider *kubernetes.Provider) {
 	telemetry.ReportAPICalls()
 	removalCtx, cancel := context.WithTimeout(context.Background(), cleanupTimeout)
 	defer cancel()
-	dumpLogsIfNeeded(kubernetesProvider, removalCtx)
-	cleanUpMizuResources(kubernetesProvider, removalCtx, cancel)
+	dumpLogsIfNeeded(removalCtx, kubernetesProvider)
+	cleanUpMizuResources(removalCtx, cancel, kubernetesProvider)
 }
 
-func dumpLogsIfNeeded(kubernetesProvider *kubernetes.Provider, removalCtx context.Context) {
+func dumpLogsIfNeeded(ctx context.Context, kubernetesProvider *kubernetes.Provider) {
 	if !config.Config.DumpLogs {
 		return
 	}
 	mizuDir := mizu.GetMizuFolderPath()
 	filePath := path.Join(mizuDir, fmt.Sprintf("mizu_logs_%s.zip", time.Now().Format("2006_01_02__15_04_05")))
-	if err := fsUtils.DumpLogs(kubernetesProvider, removalCtx, filePath); err != nil {
+	if err := fsUtils.DumpLogs(ctx, kubernetesProvider, filePath); err != nil {
 		logger.Log.Errorf("Failed dump logs %v", err)
 	}
 }
 
-func cleanUpMizuResources(kubernetesProvider *kubernetes.Provider, removalCtx context.Context, cancel context.CancelFunc) {
+func cleanUpMizuResources(ctx context.Context, cancel context.CancelFunc, kubernetesProvider *kubernetes.Provider) {
 	logger.Log.Infof("\nRemoving mizu resources\n")
 
-	if !config.Config.IsNsRestrictedMode() {
-		if err := kubernetesProvider.RemoveNamespace(removalCtx, config.Config.MizuResourcesNamespace); err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Namespace %s: %v", config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-			return
-		}
+	var leftoverResources []string
+
+	if config.Config.IsNsRestrictedMode() {
+		leftoverResources = cleanUpRestrictedMode(ctx, kubernetesProvider)
 	} else {
-		if err := kubernetesProvider.RemovePod(removalCtx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Pod %s in namespace %s: %v", mizu.ApiServerPodName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-		}
-
-		if err := kubernetesProvider.RemoveService(removalCtx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service %s in namespace %s: %v", mizu.ApiServerPodName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-		}
-
-		if err := kubernetesProvider.RemoveDaemonSet(removalCtx, config.Config.MizuResourcesNamespace, mizu.TapperDaemonSetName); err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing DaemonSet %s in namespace %s: %v", mizu.TapperDaemonSetName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-		}
-
-		if !state.doNotRemoveConfigMap {
-			if err := kubernetesProvider.RemoveConfigMap(removalCtx, config.Config.MizuResourcesNamespace, mizu.ConfigMapName); err != nil {
-				logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing ConfigMap %s in namespace %s: %v", mizu.ConfigMapName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-			}
-		}
-
+		leftoverResources = cleanUpNonRestrictedMode(ctx, cancel, kubernetesProvider)
 	}
 
-	if state.mizuServiceAccountExists {
-		if !config.Config.IsNsRestrictedMode() {
-			if err := kubernetesProvider.RemoveNonNamespacedResources(removalCtx, mizu.ClusterRoleName, mizu.ClusterRoleBindingName); err != nil {
-				logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing non-namespaced resources: %v", errormessage.FormatError(err)))
-				return
-			}
-		} else {
-			if err := kubernetesProvider.RemoveServicAccount(removalCtx, config.Config.MizuResourcesNamespace, mizu.ServiceAccountName); err != nil {
-				logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service Account %s in namespace %s: %v", mizu.ServiceAccountName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-				return
-			}
-
-			if err := kubernetesProvider.RemoveRole(removalCtx, config.Config.MizuResourcesNamespace, mizu.RoleName); err != nil {
-				logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Role %s in namespace %s: %v", mizu.RoleName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-			}
-
-			if err := kubernetesProvider.RemoveRoleBinding(removalCtx, config.Config.MizuResourcesNamespace, mizu.RoleBindingName); err != nil {
-				logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing RoleBinding %s in namespace %s: %v", mizu.RoleBindingName, config.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
-			}
+	if len(leftoverResources) > 0 {
+		errMsg := fmt.Sprintf("Failed to remove the following resources, for more info check logs at %s:", fsUtils.GetLogFilePath())
+		for _, resource := range leftoverResources {
+			errMsg += "\n- " + resource
 		}
+		logger.Log.Errorf(uiUtils.Error, errMsg)
+	}
+}
+
+func cleanUpRestrictedMode(ctx context.Context, kubernetesProvider *kubernetes.Provider) []string {
+	leftoverResources := make([]string, 0)
+
+	if err := kubernetesProvider.RemovePod(ctx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
+		resourceDesc := fmt.Sprintf("Pod %s in namespace %s", mizu.ApiServerPodName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
 	}
 
-	if !config.Config.IsNsRestrictedMode() {
-		waitUntilNamespaceDeleted(removalCtx, cancel, kubernetesProvider)
+	if err := kubernetesProvider.RemoveService(ctx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
+		resourceDesc := fmt.Sprintf("Service %s in namespace %s", mizu.ApiServerPodName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
 	}
+
+	if err := kubernetesProvider.RemoveDaemonSet(ctx, config.Config.MizuResourcesNamespace, mizu.TapperDaemonSetName); err != nil {
+		resourceDesc := fmt.Sprintf("DaemonSet %s in namespace %s", mizu.TapperDaemonSetName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	if err := kubernetesProvider.RemoveConfigMap(ctx, config.Config.MizuResourcesNamespace, mizu.ConfigMapName); err != nil {
+		resourceDesc := fmt.Sprintf("ConfigMap %s in namespace %s", mizu.ConfigMapName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	if err := kubernetesProvider.RemoveServicAccount(ctx, config.Config.MizuResourcesNamespace, mizu.ServiceAccountName); err != nil {
+		resourceDesc := fmt.Sprintf("Service Account %s in namespace %s", mizu.ServiceAccountName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	if err := kubernetesProvider.RemoveRole(ctx, config.Config.MizuResourcesNamespace, mizu.RoleName); err != nil {
+		resourceDesc := fmt.Sprintf("Role %s in namespace %s", mizu.RoleName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	if err := kubernetesProvider.RemoveRoleBinding(ctx, config.Config.MizuResourcesNamespace, mizu.RoleBindingName); err != nil {
+		resourceDesc := fmt.Sprintf("RoleBinding %s in namespace %s", mizu.RoleBindingName, config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	return leftoverResources
+}
+
+func cleanUpNonRestrictedMode(ctx context.Context, cancel context.CancelFunc, kubernetesProvider *kubernetes.Provider) []string {
+	leftoverResources := make([]string, 0)
+
+	if err := kubernetesProvider.RemoveNamespace(ctx, config.Config.MizuResourcesNamespace); err != nil {
+		resourceDesc := fmt.Sprintf("Namespace %s", config.Config.MizuResourcesNamespace)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	} else {
+		defer waitUntilNamespaceDeleted(ctx, cancel, kubernetesProvider)
+	}
+
+	if err := kubernetesProvider.RemoveClusterRole(ctx, mizu.ClusterRoleName); err != nil {
+		resourceDesc := fmt.Sprintf("ClusterRole %s", mizu.ClusterRoleName)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	if err := kubernetesProvider.RemoveClusterRoleBinding(ctx, mizu.ClusterRoleBindingName); err != nil {
+		resourceDesc := fmt.Sprintf("ClusterRoleBinding %s", mizu.ClusterRoleBindingName)
+		handleDeletionError(err, resourceDesc, &leftoverResources)
+	}
+
+	return leftoverResources
+}
+
+func handleDeletionError(err error, resourceDesc string, leftoverResources *[]string) {
+	logger.Log.Debugf("Error removing %s: %v", resourceDesc, errormessage.FormatError(err))
+	*leftoverResources = append(*leftoverResources, resourceDesc)
 }
 
 func waitUntilNamespaceDeleted(ctx context.Context, cancel context.CancelFunc, kubernetesProvider *kubernetes.Provider) {
@@ -376,13 +436,8 @@ func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Pro
 			logger.Log.Debugf("[Error] failed update tapped pods %v", err)
 		}
 
-		nodeToTappedPodIPMap := getNodeHostToTappedPodIpsMap(state.currentlyTappedPods)
-		if err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error building node to ips map: %v", errormessage.FormatError(err)))
-			cancel()
-		}
-		if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap, mizuApiFilteringOptions); err != nil {
-			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error updating daemonset: %v", errormessage.FormatError(err)))
+		if err := updateMizuTappers(ctx, kubernetesProvider, mizuApiFilteringOptions); err != nil {
+			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error updating tappers: %v", errormessage.FormatError(err)))
 			cancel()
 		}
 	}
@@ -500,7 +555,7 @@ func getMissingPods(pods1 []core.Pod, pods2 []core.Pod) []core.Pod {
 	return missingPods
 }
 
-func watchApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
+func watchApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, mizuApiFilteringOptions *api.TrafficFilteringOptions) {
 	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", mizu.ApiServerPodName))
 	added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, []string{config.Config.MizuResourcesNamespace}, podExactRegex)
 	isPodReady := false
@@ -530,30 +585,51 @@ func watchApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provi
 			}
 
 			logger.Log.Debugf("Watching API Server pod loop, modified: %v", modifiedPod.Status.Phase)
+
+			if modifiedPod.Status.Phase == core.PodPending {
+				if modifiedPod.Status.Conditions[0].Type == core.PodScheduled && modifiedPod.Status.Conditions[0].Status != core.ConditionTrue {
+					logger.Log.Debugf("Wasn't able to deploy the API server. Reason: \"%s\"", modifiedPod.Status.Conditions[0].Message)
+					logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Wasn't able to deploy the API server, for more info check logs at %s", fsUtils.GetLogFilePath()))
+					cancel()
+					break
+				}
+
+				if len(modifiedPod.Status.ContainerStatuses) > 0 && modifiedPod.Status.ContainerStatuses[0].State.Waiting != nil && modifiedPod.Status.ContainerStatuses[0].State.Waiting.Reason == "ErrImagePull" {
+					logger.Log.Debugf("Wasn't able to deploy the API server. (ErrImagePull) Reason: \"%s\"", modifiedPod.Status.ContainerStatuses[0].State.Waiting.Message)
+					logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Wasn't able to deploy the API server: failed to pull the image, for more info check logs at %v", fsUtils.GetLogFilePath()))
+					cancel()
+					break
+				}
+			}
+
 			if modifiedPod.Status.Phase == core.PodRunning && !isPodReady {
 				isPodReady = true
 				go startProxyReportErrorIfAny(kubernetesProvider, cancel)
 
 				url := GetApiServerUrl()
 				if err := apiserver.Provider.InitAndTestConnection(url); err != nil {
-					logger.Log.Errorf(uiUtils.Error, "Couldn't connect to API server, check logs")
+					logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Couldn't connect to API server, for more info check logs at %s", fsUtils.GetLogFilePath()))
 					cancel()
 					break
 				}
+				if err := updateMizuTappers(ctx, kubernetesProvider, mizuApiFilteringOptions); err != nil {
+					logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error updating tappers: %v", errormessage.FormatError(err)))
+					cancel()
+				}
+
 				logger.Log.Infof("Mizu is available at %s\n", url)
-				openBrowser(url)
-				requestForAnalysisIfNeeded()
+				uiUtils.OpenBrowser(url)
 				if err := apiserver.Provider.ReportTappedPods(state.currentlyTappedPods); err != nil {
 					logger.Log.Debugf("[Error] failed update tapped pods %v", err)
 				}
 			}
-		case _, ok := <-errorChan:
+		case err, ok := <-errorChan:
 			if !ok {
 				errorChan = nil
 				continue
 			}
 
-			logger.Log.Debugf("[ERROR] Agent creation, watching %v namespace", config.Config.MizuResourcesNamespace)
+			logger.Log.Debugf("[ERROR] Agent creation, watching %v namespace, error: %v", config.Config.MizuResourcesNamespace, err)
 			cancel()
 
 		case <-timeAfter:
@@ -568,12 +644,69 @@ func watchApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provi
 	}
 }
 
-func requestForAnalysisIfNeeded() {
-	if !config.Config.Tap.Analysis {
-		return
-	}
-	if err := apiserver.Provider.RequestAnalysis(config.Config.Tap.AnalysisDestination, config.Config.Tap.SleepIntervalSec); err != nil {
-		logger.Log.Debugf("[Error] failed requesting for analysis %v", err)
+func watchTapperPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
+	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s.*", mizu.TapperDaemonSetName))
+	added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, []string{config.Config.MizuResourcesNamespace}, podExactRegex)
+	var prevPodPhase core.PodPhase
+	for {
+		select {
+		case addedPod, ok := <-added:
+			if !ok {
+				added = nil
+				continue
+			}
+
+			logger.Log.Debugf("Tapper is created [%s]", addedPod.Name)
+		case removedPod, ok := <-removed:
+			if !ok {
+				removed = nil
+				continue
+			}
+
+			logger.Log.Debugf("Tapper is removed [%s]", removedPod.Name)
+		case modifiedPod, ok := <-modified:
+			if !ok {
+				modified = nil
+				continue
+			}
+
+			if modifiedPod.Status.Phase == core.PodPending && modifiedPod.Status.Conditions[0].Type == core.PodScheduled && modifiedPod.Status.Conditions[0].Status != core.ConditionTrue {
+				logger.Log.Infof(uiUtils.Red, fmt.Sprintf("Wasn't able to deploy the tapper %s. Reason: \"%s\"", modifiedPod.Name, modifiedPod.Status.Conditions[0].Message))
+				cancel()
+				break
+			}
+
+			podStatus := modifiedPod.Status
+			if podStatus.Phase == core.PodPending && prevPodPhase == podStatus.Phase {
+				logger.Log.Debugf("Tapper %s is %s", modifiedPod.Name, strings.ToLower(string(podStatus.Phase)))
+				continue
+			}
+			prevPodPhase = podStatus.Phase
+
+			if podStatus.Phase == core.PodRunning {
+				state := podStatus.ContainerStatuses[0].State
+				if state.Terminated != nil {
+					switch state.Terminated.Reason {
+					case "OOMKilled":
+						logger.Log.Infof(uiUtils.Red, fmt.Sprintf("Tapper %s was terminated (reason: OOMKilled). You should consider increasing machine resources.", modifiedPod.Name))
+					}
+				}
+			}
+
+			logger.Log.Debugf("Tapper %s is %s", modifiedPod.Name, strings.ToLower(string(podStatus.Phase)))
+		case err, ok := <-errorChan:
+			if !ok {
+				errorChan = nil
+				continue
+			}
+
+			logger.Log.Debugf("[Error] Error in mizu tapper watch, err: %v", err)
+			cancel()
+
+		case <-ctx.Done():
+			logger.Log.Debugf("Watching tapper pod loop, ctx done")
+			return
+		}
 	}
 }
 
@@ -609,7 +742,7 @@ func getNamespaces(kubernetesProvider *kubernetes.Provider) []string {
 	if config.Config.Tap.AllNamespaces {
 		return []string{mizu.K8sAllNamespaces}
 	} else if len(config.Config.Tap.Namespaces) > 0 {
-		return mizu.Unique(config.Config.Tap.Namespaces)
+		return shared.Unique(config.Config.Tap.Namespaces)
 	} else {
 		return []string{kubernetesProvider.CurrentNamespace()}
 	}

cli/cmd/version.go

@@ -1,13 +1,14 @@
 package cmd
 
 import (
-	"github.com/up9inc/mizu/cli/config"
-	"github.com/up9inc/mizu/cli/config/configStructs"
-	"github.com/up9inc/mizu/cli/logger"
-	"github.com/up9inc/mizu/cli/telemetry"
 	"strconv"
 	"time"
 
+	"github.com/up9inc/mizu/cli/config"
+	"github.com/up9inc/mizu/cli/config/configStructs"
+	"github.com/up9inc/mizu/cli/telemetry"
+	"github.com/up9inc/mizu/shared/logger"
+
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
 	"github.com/up9inc/mizu/cli/mizu"

cli/cmd/view.go

@@ -25,4 +25,7 @@ func init() {
 	defaults.Set(&defaultViewConfig)
 
 	viewCmd.Flags().Uint16P(configStructs.GuiPortViewName, "p", defaultViewConfig.GuiPort, "Provide a custom port for the web interface webserver")
+	viewCmd.Flags().StringP(configStructs.UrlViewName, "u", defaultViewConfig.Url, "Provide a custom host")
+
+	viewCmd.Flags().MarkHidden(configStructs.UrlViewName)
 }

cli/cmd/viewRunner.go

@@ -8,10 +8,11 @@ import (
 	"github.com/up9inc/mizu/cli/apiserver"
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/kubernetes"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
+	"github.com/up9inc/mizu/cli/mizu/fsUtils"
 	"github.com/up9inc/mizu/cli/mizu/version"
 	"github.com/up9inc/mizu/cli/uiUtils"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func runMizuView() {
@@ -24,35 +25,41 @@ func runMizuView() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	exists, err := kubernetesProvider.DoesServicesExist(ctx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName)
-	if err != nil {
-		logger.Log.Errorf("Failed to found mizu service %v", err)
-		cancel()
-		return
-	}
-	if !exists {
-		logger.Log.Infof("%s service not found, you should run `mizu tap` command first", mizu.ApiServerPodName)
-		cancel()
-		return
-	}
+	url := config.Config.View.Url
 
-	url := GetApiServerUrl()
+	if url == "" {
+		exists, err := kubernetesProvider.DoesServicesExist(ctx, config.Config.MizuResourcesNamespace, mizu.ApiServerPodName)
+		if err != nil {
+			logger.Log.Errorf("Failed to found mizu service %v", err)
+			cancel()
+			return
+		}
+		if !exists {
+			logger.Log.Infof("%s service not found, you should run `mizu tap` command first", mizu.ApiServerPodName)
+			cancel()
+			return
+		}
 
-	response, err := http.Get(fmt.Sprintf("%s/", url))
-	if err == nil && response.StatusCode == 200 {
-		logger.Log.Infof("Found a running service %s and open port %d", mizu.ApiServerPodName, config.Config.View.GuiPort)
-		return
-	}
-	logger.Log.Infof("Establishing connection to k8s cluster...")
-	go startProxyReportErrorIfAny(kubernetesProvider, cancel)
+		url = GetApiServerUrl()
 
-	if err := apiserver.Provider.InitAndTestConnection(GetApiServerUrl()); err != nil {
-		logger.Log.Errorf(uiUtils.Error, "Couldn't connect to API server, check logs")
-		return
+		response, err := http.Get(fmt.Sprintf("%s/", url))
+		if err == nil && response.StatusCode == 200 {
+			logger.Log.Infof("Found a running service %s and open port %d", mizu.ApiServerPodName, config.Config.View.GuiPort)
+			return
+		}
+		logger.Log.Infof("Establishing connection to k8s cluster...")
+		go startProxyReportErrorIfAny(kubernetesProvider, cancel)
+
+		if err := apiserver.Provider.InitAndTestConnection(GetApiServerUrl()); err != nil {
+			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Couldn't connect to API server, for more info check logs at %s", fsUtils.GetLogFilePath()))
+			return
+		}
 	}
 
 	logger.Log.Infof("Mizu is available at %s\n", url)
-	openBrowser(url)
+
+	uiUtils.OpenBrowser(url)
+
 	if isCompatible, err := version.CheckVersionCompatibility(); err != nil {
 		logger.Log.Errorf("Failed to check versions compatibility %v", err)
 		cancel()

cli/config/config.go

@@ -3,14 +3,15 @@ package config
 import (
 	"errors"
 	"fmt"
-	"github.com/up9inc/mizu/cli/logger"
-	"github.com/up9inc/mizu/cli/mizu"
 	"io/ioutil"
 	"os"
 	"reflect"
 	"strconv"
 	"strings"
 
+	"github.com/up9inc/mizu/shared"
+	"github.com/up9inc/mizu/shared/logger"
+
 	"github.com/creasty/defaults"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -39,7 +40,7 @@ func InitConfig(cmd *cobra.Command) error {
 
 	configFilePathFlag := cmd.Flags().Lookup(ConfigFilePathCommandName)
 	configFilePath := configFilePathFlag.Value.String()
-	if err := mergeConfigFile(configFilePath); err != nil {
+	if err := LoadConfigFile(configFilePath, &Config); err != nil {
 		if configFilePathFlag.Changed || !os.IsNotExist(err) {
 			return fmt.Errorf("invalid config, %w\n"+
 				"you can regenerate the file by removing it (%v) and using `mizu config -r`", err, configFilePath)
@@ -54,19 +55,33 @@ func InitConfig(cmd *cobra.Command) error {
 	return nil
 }
 
-func GetConfigWithDefaults() (string, error) {
+func GetConfigWithDefaults() (*ConfigStruct, error) {
 	defaultConf := ConfigStruct{}
 	if err := defaults.Set(&defaultConf); err != nil {
-		return "", err
+		return nil, err
 	}
 
 	configElem := reflect.ValueOf(&defaultConf).Elem()
 	setZeroForReadonlyFields(configElem)
 
-	return uiUtils.PrettyYaml(defaultConf)
+	return &defaultConf, nil
 }
 
-func mergeConfigFile(configFilePath string) error {
+func WriteConfig(config *ConfigStruct) error {
+	template, err := uiUtils.PrettyYaml(config)
+	if err != nil {
+		return fmt.Errorf("failed converting config to yaml, err: %v", err)
+	}
+
+	data := []byte(template)
+	if err := ioutil.WriteFile(Config.ConfigFilePath, data, 0644); err != nil {
+		return fmt.Errorf("failed writing config, err: %v", err)
+	}
+
+	return nil
+}
+
+func LoadConfigFile(configFilePath string, config *ConfigStruct) error {
 	reader, openErr := os.Open(configFilePath)
 	if openErr != nil {
 		return openErr
@@ -77,10 +92,11 @@ func mergeConfigFile(configFilePath string) error {
 		return readErr
 	}
 
-	if err := yaml.Unmarshal(buf, &Config); err != nil {
+	if err := yaml.Unmarshal(buf, config); err != nil {
 		return err
 	}
-	logger.Log.Debugf("Found config file, merged to default options")
+
+	logger.Log.Debugf("Found config file, config path: %s", configFilePath)
 
 	return nil
 }
@@ -89,7 +105,7 @@ func initFlag(f *pflag.Flag) {
 	configElemValue := reflect.ValueOf(&Config).Elem()
 
 	var flagPath []string
-	if mizu.Contains([]string{ConfigFilePathCommandName}, f.Name) {
+	if shared.Contains([]string{ConfigFilePathCommandName}, f.Name) {
 		flagPath = []string{f.Name}
 	} else {
 		flagPath = []string{cmdName, f.Name}

cli/config/configStruct.go

@@ -21,6 +21,7 @@ type ConfigStruct struct {
 	Version                configStructs.VersionConfig `yaml:"version"`
 	View                   configStructs.ViewConfig    `yaml:"view"`
 	Logs                   configStructs.LogsConfig    `yaml:"logs"`
+	Auth                   configStructs.AuthConfig    `yaml:"auth"`
 	Config                 configStructs.ConfigConfig  `yaml:"config,omitempty"`
 	AgentImage             string                      `yaml:"agent-image,omitempty" readonly:""`
 	ImagePullPolicyStr     string                      `yaml:"image-pull-policy" default:"Always"`

cli/config/configStructs/authConfig.go

@@ -0,0 +1,6 @@
+package configStructs
+
+type AuthConfig struct {
+	EnvName      string    `yaml:"env-name" default:"up9.app"`
+	Token        string    `yaml:"token"`
+}

cli/config/configStructs/tapConfig.go

@@ -3,8 +3,9 @@ package configStructs
 import (
 	"errors"
 	"fmt"
-	"github.com/up9inc/mizu/shared/units"
 	"regexp"
+
+	"github.com/up9inc/mizu/shared/units"
 )
 
 const (
@@ -16,27 +17,28 @@ const (
 	DisableRedactionTapName       = "no-redact"
 	HumanMaxEntriesDBSizeTapName  = "max-entries-db-size"
 	DryRunTapName                 = "dry-run"
+	WorkspaceTapName              = "workspace"
 	EnforcePolicyFile             = "traffic-validation-file"
-	EnforcePolicyFileDeprecated   = "test-rules"
+	ContractFile                  = "contract"
 )
 
 type TapConfig struct {
-	AnalysisDestination          string    `yaml:"dest" default:"up9.app"`
-	SleepIntervalSec             int       `yaml:"upload-interval" default:"10"`
-	PodRegexStr                  string    `yaml:"regex" default:".*"`
-	GuiPort                      uint16    `yaml:"gui-port" default:"8899"`
-	Namespaces                   []string  `yaml:"namespaces"`
-	Analysis                     bool      `yaml:"analysis" default:"false"`
-	AllNamespaces                bool      `yaml:"all-namespaces" default:"false"`
-	PlainTextFilterRegexes       []string  `yaml:"regex-masking"`
-	HealthChecksUserAgentHeaders []string  `yaml:"ignored-user-agents"`
-	DisableRedaction             bool      `yaml:"no-redact" default:"false"`
-	HumanMaxEntriesDBSize        string    `yaml:"max-entries-db-size" default:"200MB"`
-	DryRun                       bool      `yaml:"dry-run" default:"false"`
-	EnforcePolicyFile            string    `yaml:"traffic-validation-file"`
-	EnforcePolicyFileDeprecated  string    `yaml:"test-rules"`
-	ApiServerResources           Resources `yaml:"api-server-resources"`
-	TapperResources              Resources `yaml:"tapper-resources"`
+	UploadIntervalSec      int       `yaml:"upload-interval" default:"10"`
+	PodRegexStr            string    `yaml:"regex" default:".*"`
+	GuiPort                uint16    `yaml:"gui-port" default:"8899"`
+	Namespaces             []string  `yaml:"namespaces"`
+	Analysis               bool      `yaml:"analysis" default:"false"`
+	AllNamespaces          bool      `yaml:"all-namespaces" default:"false"`
+	PlainTextFilterRegexes []string  `yaml:"regex-masking"`
+	IgnoredUserAgents      []string  `yaml:"ignored-user-agents"`
+	DisableRedaction       bool      `yaml:"no-redact" default:"false"`
+	HumanMaxEntriesDBSize  string    `yaml:"max-entries-db-size" default:"200MB"`
+	DryRun                 bool      `yaml:"dry-run" default:"false"`
+	Workspace              string    `yaml:"workspace"`
+	EnforcePolicyFile      string    `yaml:"traffic-validation-file"`
+	ContractFile           string    `yaml:"contract"`
+	ApiServerResources     Resources `yaml:"api-server-resources"`
+	TapperResources        Resources `yaml:"tapper-resources"`
 }
 
 type Resources struct {
@@ -67,5 +69,16 @@ func (config *TapConfig) Validate() error {
 		return errors.New(fmt.Sprintf("Could not parse --%s value %s", HumanMaxEntriesDBSizeTapName, config.HumanMaxEntriesDBSize))
 	}
 
+	if config.Workspace != "" {
+		workspaceRegex, _ := regexp.Compile("[A-Za-z0-9][-A-Za-z0-9_.]*[A-Za-z0-9]+$")
+		if len(config.Workspace) > 63 || !workspaceRegex.MatchString(config.Workspace) {
+			return errors.New("invalid workspace name")
+		}
+	}
+
+	if config.Analysis && config.Workspace != "" {
+		return errors.New(fmt.Sprintf("Can't run with both --%s and --%s flags", AnalysisTapName, WorkspaceTapName))
+	}
+
 	return nil
 }

cli/config/configStructs/viewConfig.go

@@ -2,8 +2,10 @@ package configStructs
 
 const (
 	GuiPortViewName = "gui-port"
+	UrlViewName     = "url"
 )
 
 type ViewConfig struct {
 	GuiPort uint16 `yaml:"gui-port" default:"8899"`
+	Url     string `yaml:"url,omitempty" readonly:""`
 }

cli/config/config_test.go

@@ -3,6 +3,7 @@ package config_test
 import (
 	"fmt"
 	"github.com/up9inc/mizu/cli/config"
+	"gopkg.in/yaml.v3"
 	"reflect"
 	"strings"
 	"testing"
@@ -15,10 +16,11 @@ func TestConfigWriteIgnoresReadonlyFields(t *testing.T) {
 	getFieldsWithReadonlyTag(configElem, &readonlyFields)
 
 	configWithDefaults, _ := config.GetConfigWithDefaults()
+	configWithDefaultsBytes, _ := yaml.Marshal(configWithDefaults)
 	for _, readonlyField := range readonlyFields {
 		t.Run(readonlyField, func(t *testing.T) {
-			readonlyFieldToCheck := fmt.Sprintf("\n%s:", readonlyField)
-			if strings.Contains(configWithDefaults, readonlyFieldToCheck) {
+			readonlyFieldToCheck := fmt.Sprintf(" %s:", readonlyField)
+			if strings.Contains(string(configWithDefaultsBytes), readonlyFieldToCheck) {
 				t.Errorf("unexpected result - readonly field: %v, config: %v", readonlyField, configWithDefaults)
 			}
 		})

cli/go.mod

@@ -5,13 +5,14 @@ go 1.16
 require (
 	github.com/creasty/defaults v1.5.1
 	github.com/denisbrodbeck/machineid v1.0.1
+	github.com/getkin/kin-openapi v0.79.0
 	github.com/google/go-github/v37 v37.0.0
-	github.com/gorilla/websocket v1.4.2
-	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
+	github.com/google/uuid v1.1.2
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	github.com/up9inc/mizu/shared v0.0.0
 	github.com/up9inc/mizu/tap/api v0.0.0
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	k8s.io/api v0.21.2
 	k8s.io/apimachinery v0.21.2

cli/go.sum

@@ -113,6 +113,9 @@ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/getkin/kin-openapi v0.79.0 h1:YLZIgIhZLq9z5WFHHIK+oWORRfn6jjwr7qN0xak0xbE=
+github.com/getkin/kin-openapi v0.79.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
@@ -140,6 +143,8 @@ github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwds
 github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
@@ -165,6 +170,7 @@ github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
@@ -175,6 +181,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -219,6 +227,7 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -236,8 +245,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m
 github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -298,6 +307,7 @@ github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -404,6 +414,7 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -691,6 +702,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

cli/kubernetes/provider.go

@@ -12,10 +12,11 @@ import (
 	"strconv"
 
 	"github.com/up9inc/mizu/cli/config/configStructs"
-	"github.com/up9inc/mizu/cli/logger"
+	"github.com/up9inc/mizu/shared/logger"
 
 	"io"
 
+	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/mizu"
 	"github.com/up9inc/mizu/shared"
 	"github.com/up9inc/mizu/tap/api"
@@ -146,22 +147,26 @@ func (provider *Provider) CreateNamespace(ctx context.Context, name string) (*co
 }
 
 type ApiServerOptions struct {
-	Namespace               string
-	PodName                 string
-	PodImage                string
-	ServiceAccountName      string
-	IsNamespaceRestricted   bool
-	MizuApiFilteringOptions *api.TrafficFilteringOptions
-	MaxEntriesDBSizeBytes   int64
-	Resources               configStructs.Resources
-	ImagePullPolicy         core.PullPolicy
+	Namespace             string
+	PodName               string
+	PodImage              string
+	ServiceAccountName    string
+	IsNamespaceRestricted bool
+	SyncEntriesConfig     *shared.SyncEntriesConfig
+	MaxEntriesDBSizeBytes int64
+	Resources             configStructs.Resources
+	ImagePullPolicy       core.PullPolicy
 }
 
 func (provider *Provider) CreateMizuApiServerPod(ctx context.Context, opts *ApiServerOptions) (*core.Pod, error) {
-	marshaledFilteringOptions, err := json.Marshal(opts.MizuApiFilteringOptions)
-	if err != nil {
-		return nil, err
+	var marshaledSyncEntriesConfig []byte
+	if opts.SyncEntriesConfig != nil {
+		var err error
+		if marshaledSyncEntriesConfig, err = json.Marshal(opts.SyncEntriesConfig); err != nil {
+			return nil, err
+		}
 	}
+
 	configMapVolumeName := &core.ConfigMapVolumeSource{}
 	configMapVolumeName.Name = mizu.ConfigMapName
 	configMapOptional := true
@@ -189,6 +194,13 @@ func (provider *Provider) CreateMizuApiServerPod(ctx context.Context, opts *ApiS
 		command = append(command, "--namespace", opts.Namespace)
 	}
 
+	port := intstr.FromInt(shared.DefaultApiServerPort)
+
+	debugMode := ""
+	if config.Config.DumpLogs {
+		debugMode = "1"
+	}
+
 	pod := &core.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      opts.PodName,
@@ -210,17 +222,17 @@ func (provider *Provider) CreateMizuApiServerPod(ctx context.Context, opts *ApiS
 					Command: command,
 					Env: []core.EnvVar{
 						{
-							Name:  shared.HostModeEnvVar,
-							Value: "1",
-						},
-						{
-							Name:  shared.MizuFilteringOptionsEnvVar,
-							Value: string(marshaledFilteringOptions),
+							Name:  shared.SyncEntriesConfigEnvVar,
+							Value: string(marshaledSyncEntriesConfig),
 						},
 						{
 							Name:  shared.MaxEntriesDBSizeBytesEnvVar,
 							Value: strconv.FormatInt(opts.MaxEntriesDBSizeBytes, 10),
 						},
+						{
+							Name:  shared.DebugModeEnvVar,
+							Value: debugMode,
+						},
 					},
 					Resources: core.ResourceRequirements{
 						Limits: core.ResourceList{
@@ -232,6 +244,25 @@ func (provider *Provider) CreateMizuApiServerPod(ctx context.Context, opts *ApiS
 							"memory": memRequests,
 						},
 					},
+					ReadinessProbe: &core.Probe{
+						Handler: core.Handler{
+							TCPSocket: &core.TCPSocketAction{
+								Port: port,
+							},
+						},
+						InitialDelaySeconds: 5,
+						PeriodSeconds:       10,
+					},
+					LivenessProbe: &core.Probe{
+						Handler: core.Handler{
+							HTTPGet: &core.HTTPGetAction{
+								Path: "/echo",
+								Port: port,
+							},
+						},
+						InitialDelaySeconds: 5,
+						PeriodSeconds:       10,
+					},
 				},
 			},
 			Volumes: []core.Volume{
@@ -260,7 +291,7 @@ func (provider *Provider) CreateService(ctx context.Context, namespace string, s
 			Namespace: namespace,
 		},
 		Spec: core.ServiceSpec{
-			Ports:    []core.ServicePort{{TargetPort: intstr.FromInt(8899), Port: 80}},
+			Ports:    []core.ServicePort{{TargetPort: intstr.FromInt(shared.DefaultApiServerPort), Port: 80}},
 			Type:     core.ServiceTypeClusterIP,
 			Selector: map[string]string{"app": appLabelValue},
 		},
@@ -268,67 +299,21 @@ func (provider *Provider) CreateService(ctx context.Context, namespace string, s
 	return provider.clientSet.CoreV1().Services(namespace).Create(ctx, &service, metav1.CreateOptions{})
 }
 
-func (provider *Provider) DoesServiceAccountExist(ctx context.Context, namespace string, serviceAccountName string) (bool, error) {
-	serviceAccount, err := provider.clientSet.CoreV1().ServiceAccounts(namespace).Get(ctx, serviceAccountName, metav1.GetOptions{})
-	return provider.doesResourceExist(serviceAccount, err)
-}
-
-func (provider *Provider) DoesConfigMapExist(ctx context.Context, namespace string, name string) (bool, error) {
-	resource, err := provider.clientSet.CoreV1().ConfigMaps(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
 func (provider *Provider) DoesServicesExist(ctx context.Context, namespace string, name string) (bool, error) {
 	resource, err := provider.clientSet.CoreV1().Services(namespace).Get(ctx, name, metav1.GetOptions{})
 	return provider.doesResourceExist(resource, err)
 }
 
-func (provider *Provider) DoesNamespaceExist(ctx context.Context, name string) (bool, error) {
-	resource, err := provider.clientSet.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesClusterRoleExist(ctx context.Context, name string) (bool, error) {
-	resource, err := provider.clientSet.RbacV1().ClusterRoles().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesClusterRoleBindingExist(ctx context.Context, name string) (bool, error) {
-	resource, err := provider.clientSet.RbacV1().ClusterRoleBindings().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesRoleExist(ctx context.Context, namespace string, name string) (bool, error) {
-	resource, err := provider.clientSet.RbacV1().Roles(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesRoleBindingExist(ctx context.Context, namespace string, name string) (bool, error) {
-	resource, err := provider.clientSet.RbacV1().RoleBindings(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesPodExist(ctx context.Context, namespace string, name string) (bool, error) {
-	resource, err := provider.clientSet.CoreV1().Pods(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
-func (provider *Provider) DoesDaemonSetExist(ctx context.Context, namespace string, name string) (bool, error) {
-	resource, err := provider.clientSet.AppsV1().DaemonSets(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(resource, err)
-}
-
 func (provider *Provider) doesResourceExist(resource interface{}, err error) (bool, error) {
-	var statusError *k8serrors.StatusError
-	if errors.As(err, &statusError) {
-		// expected behavior when resource does not exist
-		if statusError.ErrStatus.Reason == metav1.StatusReasonNotFound {
-			return false, nil
-		}
+	// Getting NotFound error is the expected behavior when a resource does not exist.
+	if k8serrors.IsNotFound(err) {
+		return false, nil
 	}
+
 	if err != nil {
 		return false, err
 	}
+
 	return resource != nil, nil
 }
 
@@ -441,124 +426,73 @@ func (provider *Provider) CreateMizuRBACNamespaceRestricted(ctx context.Context,
 }
 
 func (provider *Provider) RemoveNamespace(ctx context.Context, name string) error {
-	if isFound, err := provider.DoesNamespaceExist(ctx, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.CoreV1().Namespaces().Delete(ctx, name, metav1.DeleteOptions{})
-}
-
-func (provider *Provider) RemoveNonNamespacedResources(ctx context.Context, clusterRoleName string, clusterRoleBindingName string) error {
-	if err := provider.RemoveClusterRole(ctx, clusterRoleName); err != nil {
-		return err
-	}
-
-	if err := provider.RemoveClusterRoleBinding(ctx, clusterRoleBindingName); err != nil {
-		return err
-	}
-
-	return nil
+	err := provider.clientSet.CoreV1().Namespaces().Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveClusterRole(ctx context.Context, name string) error {
-	if isFound, err := provider.DoesClusterRoleExist(ctx, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.RbacV1().ClusterRoles().Delete(ctx, name, metav1.DeleteOptions{})
+	err := provider.clientSet.RbacV1().ClusterRoles().Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveClusterRoleBinding(ctx context.Context, name string) error {
-	if isFound, err := provider.DoesClusterRoleBindingExist(ctx, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.RbacV1().ClusterRoleBindings().Delete(ctx, name, metav1.DeleteOptions{})
+	err := provider.clientSet.RbacV1().ClusterRoleBindings().Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveRoleBinding(ctx context.Context, namespace string, name string) error {
-	if isFound, err := provider.DoesRoleBindingExist(ctx, namespace, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.RbacV1().RoleBindings(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	err := provider.clientSet.RbacV1().RoleBindings(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveRole(ctx context.Context, namespace string, name string) error {
-	if isFound, err := provider.DoesRoleExist(ctx, namespace, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.RbacV1().Roles(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	err := provider.clientSet.RbacV1().Roles(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveServicAccount(ctx context.Context, namespace string, name string) error {
-	if isFound, err := provider.DoesServiceAccountExist(ctx, namespace, name); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.CoreV1().ServiceAccounts(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	err := provider.clientSet.CoreV1().ServiceAccounts(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemovePod(ctx context.Context, namespace string, podName string) error {
-	if isFound, err := provider.DoesPodExist(ctx, namespace, podName); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.CoreV1().Pods(namespace).Delete(ctx, podName, metav1.DeleteOptions{})
+	err := provider.clientSet.CoreV1().Pods(namespace).Delete(ctx, podName, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveConfigMap(ctx context.Context, namespace string, configMapName string) error {
-	if isFound, err := provider.DoesConfigMapExist(ctx, namespace, configMapName); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.CoreV1().ConfigMaps(namespace).Delete(ctx, configMapName, metav1.DeleteOptions{})
+	err := provider.clientSet.CoreV1().ConfigMaps(namespace).Delete(ctx, configMapName, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveService(ctx context.Context, namespace string, serviceName string) error {
-	if isFound, err := provider.DoesServicesExist(ctx, namespace, serviceName); err != nil {
-		return err
-	} else if !isFound {
-		return nil
-	}
-
-	return provider.clientSet.CoreV1().Services(namespace).Delete(ctx, serviceName, metav1.DeleteOptions{})
+	err := provider.clientSet.CoreV1().Services(namespace).Delete(ctx, serviceName, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
 }
 
 func (provider *Provider) RemoveDaemonSet(ctx context.Context, namespace string, daemonSetName string) error {
-	if isFound, err := provider.DoesDaemonSetExist(ctx, namespace, daemonSetName); err != nil {
-		return err
-	} else if !isFound {
+	err := provider.clientSet.AppsV1().DaemonSets(namespace).Delete(ctx, daemonSetName, metav1.DeleteOptions{})
+	return provider.handleRemovalError(err)
+}
+
+func (provider *Provider) handleRemovalError(err error) error {
+	// Ignore NotFound - There is nothing to delete.
+	// Ignore Forbidden - Assume that a user could not have created the resource in the first place.
+	if k8serrors.IsNotFound(err) || k8serrors.IsForbidden(err) {
 		return nil
 	}
 
-	return provider.clientSet.AppsV1().DaemonSets(namespace).Delete(ctx, daemonSetName, metav1.DeleteOptions{})
+	return err
 }
 
-func (provider *Provider) CreateConfigMap(ctx context.Context, namespace string, configMapName string, data string) error {
-	if data == "" {
+func (provider *Provider) CreateConfigMap(ctx context.Context, namespace string, configMapName string, data string, contract string) error {
+	if data == "" && contract == "" {
 		return nil
 	}
 
 	configMapData := make(map[string]string, 0)
 	configMapData[shared.RulePolicyFileName] = data
+	configMapData[shared.ContractFileName] = contract
 	configMap := &core.ConfigMap{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "ConfigMap",
@@ -601,6 +535,11 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
 		"--nodefrag",
 	}
 
+	debugMode := ""
+	if config.Config.DumpLogs {
+		debugMode = "1"
+	}
+
 	agentContainer := applyconfcore.Container()
 	agentContainer.WithName(tapperPodName)
 	agentContainer.WithImage(podImage)
@@ -608,6 +547,7 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
 	agentContainer.WithSecurityContext(applyconfcore.SecurityContext().WithPrivileged(true))
 	agentContainer.WithCommand(mizuCmd...)
 	agentContainer.WithEnv(
+		applyconfcore.EnvVar().WithName(shared.DebugModeEnvVar).WithValue(debugMode),
 		applyconfcore.EnvVar().WithName(shared.HostModeEnvVar).WithValue("1"),
 		applyconfcore.EnvVar().WithName(shared.TappedAddressesPerNodeDictEnvVar).WithValue(string(nodeToTappedPodIPMapJsonStr)),
 		applyconfcore.EnvVar().WithName(shared.GoGCEnvVar).WithValue("12800"),
@@ -731,7 +671,7 @@ func (provider *Provider) ListAllRunningPodsMatchingRegex(ctx context.Context, r
 	return matchingPods, nil
 }
 
-func (provider *Provider) GetPodLogs(namespace string, podName string, ctx context.Context) (string, error) {
+func (provider *Provider) GetPodLogs(ctx context.Context, namespace string, podName string) (string, error) {
 	podLogOpts := core.PodLogOptions{}
 	req := provider.clientSet.CoreV1().Pods(namespace).GetLogs(podName, &podLogOpts)
 	podLogs, err := req.Stream(ctx)
@@ -747,7 +687,7 @@ func (provider *Provider) GetPodLogs(namespace string, podName string, ctx conte
 	return str, nil
 }
 
-func (provider *Provider) GetNamespaceEvents(namespace string, ctx context.Context) (string, error) {
+func (provider *Provider) GetNamespaceEvents(ctx context.Context, namespace string) (string, error) {
 	eventsOpts := metav1.ListOptions{}
 	eventList, err := provider.clientSet.CoreV1().Events(namespace).List(ctx, eventsOpts)
 	if err != nil {

cli/kubernetes/proxy.go

@@ -2,12 +2,13 @@ package kubernetes
 
 import (
 	"fmt"
-	"github.com/up9inc/mizu/cli/logger"
-	"k8s.io/kubectl/pkg/proxy"
 	"net"
 	"net/http"
 	"strings"
 	"time"
+
+	"github.com/up9inc/mizu/shared/logger"
+	"k8s.io/kubectl/pkg/proxy"
 )
 
 const k8sProxyApiPrefix = "/"

cli/kubernetes/watch.go

@@ -3,10 +3,15 @@ package kubernetes
 import (
 	"context"
 	"errors"
+	"fmt"
+	"github.com/up9inc/mizu/shared/debounce"
+	"github.com/up9inc/mizu/shared/logger"
 	"regexp"
 	"sync"
+	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/watch"
 )
 
@@ -16,6 +21,7 @@ func FilteredWatch(ctx context.Context, kubernetesProvider *Provider, targetName
 	removedChan := make(chan *corev1.Pod)
 	errorChan := make(chan error)
 
+
 	var wg sync.WaitGroup
 
 	for _, targetNamespace := range targetNamespaces {
@@ -23,33 +29,33 @@ func FilteredWatch(ctx context.Context, kubernetesProvider *Provider, targetName
 
 		go func(targetNamespace string) {
 			defer wg.Done()
-			watcher := kubernetesProvider.GetPodWatcher(ctx, targetNamespace)
+			watchRestartDebouncer := debounce.NewDebouncer(1 * time.Minute, func() {})
 
 			for {
+				watcher := kubernetesProvider.GetPodWatcher(ctx, targetNamespace)
+				err := startWatchLoop(ctx, watcher, podFilter, addedChan, modifiedChan, removedChan) // blocking
+				watcher.Stop()
+
 				select {
-				case e := <-watcher.ResultChan():
-					if e.Object == nil {
-						errorChan <- errors.New("kubernetes pod watch failed")
-						return
-					}
-
-					pod := e.Object.(*corev1.Pod)
-
-					if !podFilter.MatchString(pod.Name) {
-						continue
-					}
-
-					switch e.Type {
-					case watch.Added:
-						addedChan <- pod
-					case watch.Modified:
-						modifiedChan <- pod
-					case watch.Deleted:
-						removedChan <- pod
-					}
-				case <-ctx.Done():
-					watcher.Stop()
+				case <- ctx.Done():
 					return
+				default:
+					break
+				}
+
+				if err != nil {
+					errorChan <- fmt.Errorf("error in k8 watch: %v", err)
+					break
+				} else {
+					if !watchRestartDebouncer.IsOn() {
+						watchRestartDebouncer.SetOn()
+						logger.Log.Debug("k8s watch channel closed, restarting watcher")
+						time.Sleep(time.Second * 5)
+						continue
+					} else {
+						errorChan <- errors.New("k8s watch unstable, closes frequently")
+						break
+					}
 				}
 			}
 		}(targetNamespace)
@@ -66,3 +72,39 @@ func FilteredWatch(ctx context.Context, kubernetesProvider *Provider, targetName
 
 	return addedChan, modifiedChan, removedChan, errorChan
 }
+
+func startWatchLoop(ctx context.Context, watcher watch.Interface, podFilter *regexp.Regexp, addedChan chan *corev1.Pod, modifiedChan chan *corev1.Pod, removedChan chan *corev1.Pod) error {
+	resultChan := watcher.ResultChan()
+	for {
+		select {
+		case e, isChannelOpen := <-resultChan:
+			if !isChannelOpen {
+				return nil
+			}
+
+			if e.Type == watch.Error {
+				return apierrors.FromObject(e.Object)
+			}
+
+			pod, ok := e.Object.(*corev1.Pod)
+			if !ok {
+				continue
+			}
+
+			if !podFilter.MatchString(pod.Name) {
+				continue
+			}
+
+			switch e.Type {
+			case watch.Added:
+				addedChan <- pod
+			case watch.Modified:
+				modifiedChan <- pod
+			case watch.Deleted:
+				removedChan <- pod
+			}
+		case <-ctx.Done():
+			return nil
+		}
+	}
+}

cli/mizu/fsUtils/mizuLogsUtils.go

@@ -4,15 +4,21 @@ import (
 	"archive/zip"
 	"context"
 	"fmt"
+	"os"
+	"path"
+	"regexp"
+
 	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/kubernetes"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
-	"os"
-	"regexp"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
-func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath string) error {
+func GetLogFilePath() string {
+	return path.Join(mizu.GetMizuFolderPath(), "mizu_cli.log")
+}
+
+func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath string) error {
 	podExactRegex := regexp.MustCompile("^" + mizu.MizuResourcesPrefix)
 	pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.MizuResourcesNamespace})
 	if err != nil {
@@ -32,7 +38,7 @@ func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath strin
 	defer zipWriter.Close()
 
 	for _, pod := range pods {
-		logs, err := provider.GetPodLogs(pod.Namespace, pod.Name, ctx)
+		logs, err := provider.GetPodLogs(ctx, pod.Namespace, pod.Name)
 		if err != nil {
 			logger.Log.Errorf("Failed to get logs, %v", err)
 			continue
@@ -47,7 +53,7 @@ func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath strin
 		}
 	}
 
-	events, err := provider.GetNamespaceEvents(config.Config.MizuResourcesNamespace, ctx)
+	events, err := provider.GetNamespaceEvents(ctx, config.Config.MizuResourcesNamespace)
 	if err != nil {
 		logger.Log.Debugf("Failed to get k8b events, %v", err)
 	} else {
@@ -66,10 +72,10 @@ func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath strin
 		logger.Log.Debugf("Successfully added file %s", config.Config.ConfigFilePath)
 	}
 
-	if err := AddFileToZip(zipWriter, logger.GetLogFilePath()); err != nil {
+	if err := AddFileToZip(zipWriter, GetLogFilePath()); err != nil {
 		logger.Log.Debugf("Failed write file, %v", err)
 	} else {
-		logger.Log.Debugf("Successfully added file %s", logger.GetLogFilePath())
+		logger.Log.Debugf("Successfully added file %s", GetLogFilePath())
 	}
 
 	logger.Log.Infof("You can find the zip file with all logs in %s\n", filePath)

cli/mizu/fsUtils/zipUtils.go

@@ -3,11 +3,12 @@ package fsUtils
 import (
 	"archive/zip"
 	"fmt"
-	"github.com/up9inc/mizu/cli/logger"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func AddFileToZip(zipWriter *zip.Writer, filename string) error {

cli/mizu/goUtils/funcWrappers.go

@@ -1,9 +1,10 @@
 package goUtils
 
 import (
-	"github.com/up9inc/mizu/cli/logger"
 	"reflect"
 	"runtime/debug"
+
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func HandleExcWrapper(fn interface{}, params ...interface{}) (result []reflect.Value) {

cli/mizu/version/versionCheck.go

@@ -3,14 +3,16 @@ package version
 import (
 	"context"
 	"fmt"
-	"github.com/up9inc/mizu/cli/apiserver"
-	"github.com/up9inc/mizu/cli/logger"
-	"github.com/up9inc/mizu/cli/mizu"
 	"io/ioutil"
 	"net/http"
 	"runtime"
+	"strings"
 	"time"
 
+	"github.com/up9inc/mizu/cli/apiserver"
+	"github.com/up9inc/mizu/cli/mizu"
+	"github.com/up9inc/mizu/shared/logger"
+
 	"github.com/google/go-github/v37/github"
 	"github.com/up9inc/mizu/cli/uiUtils"
 	"github.com/up9inc/mizu/shared/semver"
@@ -74,10 +76,16 @@ func CheckNewerVersion(versionChan chan string) {
 
 	gitHubVersionSemVer := semver.SemVersion(gitHubVersion)
 	currentSemVer := semver.SemVersion(mizu.SemVer)
+	if !gitHubVersionSemVer.IsValid() || !currentSemVer.IsValid() {
+		logger.Log.Debugf("[ERROR] Semver version is not valid, github version %v, current version %v", gitHubVersion, currentSemVer)
+		versionChan <- ""
+		return
+	}
+
 	logger.Log.Debugf("Finished version validation, github version %v, current version %v, took %v", gitHubVersion, currentSemVer, time.Since(start))
 
 	if gitHubVersionSemVer.GreaterThan(currentSemVer) {
-		versionChan <- fmt.Sprintf("Update available! %v -> %v (curl -Lo mizu %v/mizu_%s_amd64 && chmod 755 mizu)", mizu.SemVer, gitHubVersion, *latestRelease.HTMLURL, runtime.GOOS)
+		versionChan <- fmt.Sprintf("Update available! %v -> %v (curl -Lo mizu %v/mizu_%s_amd64 && chmod 755 mizu)", mizu.SemVer, gitHubVersion, strings.Replace(*latestRelease.HTMLURL, "tag", "download", 1), runtime.GOOS)
 	} else {
 		versionChan <- ""
 	}

cli/telemetry/telemetry.go

@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"net/http"
+
 	"github.com/denisbrodbeck/machineid"
 	"github.com/up9inc/mizu/cli/apiserver"
 	"github.com/up9inc/mizu/cli/config"
-	"github.com/up9inc/mizu/cli/logger"
 	"github.com/up9inc/mizu/cli/mizu"
-	"net/http"
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 const telemetryUrl = "https://us-east4-up9-prod.cloudfunctions.net/mizu-telemetry"

cli/uiUtils/confirmation.go

@@ -3,9 +3,10 @@ package uiUtils
 import (
 	"bufio"
 	"fmt"
-	"log"
 	"os"
 	"strings"
+
+	"github.com/up9inc/mizu/shared/logger"
 )
 
 func AskForConfirmation(s string) bool {
@@ -15,7 +16,7 @@ func AskForConfirmation(s string) bool {
 
 	response, err := reader.ReadString('\n')
 	if err != nil {
-		log.Fatal(err)
+		logger.Log.Fatalf("Error while reading confirmation string, err: %v", err)
 	}
 	response = strings.ToLower(strings.TrimSpace(response))
 	if response == "" || response == "y" || response == "yes" {

cli/uiUtils/openBrowser.go

@@ -0,0 +1,28 @@
+package uiUtils
+
+import (
+	"fmt"
+	"os/exec"
+	"runtime"
+
+	"github.com/up9inc/mizu/shared/logger"
+)
+
+func OpenBrowser(url string) {
+	var err error
+
+	switch runtime.GOOS {
+	case "linux":
+		err = exec.Command("xdg-open", url).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+	case "darwin":
+		err = exec.Command("open", url).Start()
+	default:
+		err = fmt.Errorf("unsupported platform")
+	}
+
+	if err != nil {
+		logger.Log.Errorf("error while opening browser, %v", err)
+	}
+}

docs/CONTRACT_MONITORING.md

@@ -0,0 +1,172 @@
+# OpenAPI Specification (OAS) Contract Monitoring
+
+An OAS/Swagger file can contain schemas under `parameters` and `responses` fields. With `--contract catalogue.yaml`
+CLI option, you can pass your API description to Mizu and the traffic will automatically be validated
+against the contracts.
+
+Below is an example of an OAS/Swagger file from [Sock Shop](https://microservices-demo.github.io/) microservice demo
+that contains a bunch contracts:
+
+```yaml
+openapi: 3.0.1
+info:
+  title: Catalogue resources
+  version: 1.0.0
+  description: ""
+  license:
+    name: MIT
+    url: http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT
+paths:
+  /catalogue:
+    get:
+      description: Catalogue API
+      operationId: List catalogue
+      responses:
+        200:
+          description: ""
+          content:
+            application/json;charset=UTF-8:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Listresponse'
+  /catalogue/{id}:
+    get:
+      operationId: Get an item
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: string
+        example: a0a4f044-b040-410d-8ead-4de0446aec7e
+      responses:
+        200:
+          description: ""
+          content:
+            application/json; charset=UTF-8:
+              schema:
+                $ref: '#/components/schemas/Getanitemresponse'
+  /catalogue/size:
+    get:
+      operationId: Get size
+      responses:
+        200:
+          description: ""
+          content:
+            application/json;charset=UTF-8:
+              schema:
+                $ref: '#/components/schemas/Getsizeresponse'
+  /tags:
+    get:
+      operationId: List_
+      responses:
+        200:
+          description: ""
+          content:
+            application/json;charset=UTF-8:
+              schema:
+                $ref: '#/components/schemas/Listresponse3'
+components:
+  schemas:
+    Listresponse:
+      title: List response
+      required:
+      - count
+      - description
+      - id
+      - imageUrl
+      - name
+      - price
+      - tag
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        description:
+          type: string
+        imageUrl:
+          type: array
+          items:
+            type: string
+        price:
+          type: number
+          format: double
+        count:
+          type: integer
+          format: int32
+        tag:
+          type: array
+          items:
+            type: string
+    Getanitemresponse:
+      title: Get an item response
+      required:
+      - count
+      - description
+      - id
+      - imageUrl
+      - name
+      - price
+      - tag
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        description:
+          type: string
+        imageUrl:
+          type: array
+          items:
+            type: string
+        price:
+          type: number
+          format: double
+        count:
+          type: integer
+          format: int32
+        tag:
+          type: array
+          items:
+            type: string
+    Getsizeresponse:
+      title: Get size response
+      required:
+      - size
+      type: object
+      properties:
+        size:
+          type: integer
+          format: int32
+    Listresponse3:
+      title: List response3
+      required:
+      - tags
+      type: object
+      properties:
+        tags:
+          type: array
+          items:
+            type: string
+```
+
+Pass it to Mizu through the CLI option: `mizu tap -n sock-shop --contract catalogue.yaml`
+
+Now Mizu will monitor the traffic against these contracts.
+
+If an entry fails to comply with the contract, it's marked with `Breach` notice in the UI.
+The reason of the failure can be seen under the `CONTRACT` tab in the details layout.
+
+### Notes
+
+Make sure that you;
+
+- specified the `openapi` version
+- specified the `info.version` version in the YAML
+- and removed `servers` field from the YAML
+
+Otherwise the OAS file cannot be recognized. (see [this issue](https://github.com/getkin/kin-openapi/issues/356))

docs/POLICY_RULES.md

@@ -31,12 +31,12 @@ mizu tap --traffic-validation-file rules.yaml
 The structure of the traffic-validation-file is:
 
 * `name`: string, name of the rule
-* `type`: string, type of the rule, must be `json` or `header` or `latency`
+* `type`: string, type of the rule, must be `json` or `header` or `slo`
 * `key`: string, [jsonpath](https://code.google.com/archive/p/jsonpath/wikis/Javascript.wiki) used only in `json` or `header` type
 * `value`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) used only in `json` or `header` type
 * `service`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) service name to filter
 * `path`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) URL path to filter
-* `latency`: integer, time in ms of the expected latency.
+* `response-time`: integer, time in ms of the expected latency.
 
 
 ### For example:
@@ -54,8 +54,8 @@ rules:
   key: "Content-Le.*"
   value: "(\\d+(?:\\.\\d+)?)"
 - name: latency-test
-  type: latency
-  latency: 1
+  type: slo
+  response-time: 1
   service: "carts.*"
 ```
 

shared/consts.go

@@ -2,11 +2,15 @@ package shared
 
 const (
 	MizuFilteringOptionsEnvVar       = "SENSITIVE_DATA_FILTERING_OPTIONS"
+	SyncEntriesConfigEnvVar          = "SYNC_ENTRIES_CONFIG"
 	HostModeEnvVar                   = "HOST_MODE"
 	NodeNameEnvVar                   = "NODE_NAME"
 	TappedAddressesPerNodeDictEnvVar = "TAPPED_ADDRESSES_PER_HOST"
 	MaxEntriesDBSizeBytesEnvVar      = "MAX_ENTRIES_DB_BYTES"
 	RulePolicyPath                   = "/app/enforce-policy/"
 	RulePolicyFileName               = "enforce-policy.yaml"
+	ContractFileName                 = "contract-oas.yaml"
 	GoGCEnvVar                       = "GOGC"
+	DefaultApiServerPort             = 8899
+	DebugModeEnvVar                  = "MIZU_DEBUG"
 )

shared/debounce/debounce.go

@@ -52,3 +52,7 @@ func (d *Debouncer) SetOn() error {
 	d.timer = time.AfterFunc(d.timeout, d.callback)
 	return nil
 }
+
+func (d *Debouncer) IsOn() bool {
+	return d.running
+}

shared/go.mod

@@ -4,6 +4,7 @@ go 1.16
 
 require (
 	github.com/docker/go-units v0.4.0
-	github.com/gorilla/websocket v1.4.2
+	github.com/golang-jwt/jwt/v4 v4.1.0
+	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )

shared/go.sum

@@ -1,7 +1,9 @@
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=

shared/logger/logger.go

@@ -1,24 +1,18 @@
 package logger
 
 import (
-	"github.com/op/go-logging"
-	"github.com/up9inc/mizu/cli/mizu"
 	"os"
-	"path"
+
+	"github.com/op/go-logging"
 )
 
-var Log = logging.MustGetLogger("mizu_cli")
+var Log = logging.MustGetLogger("mizu")
 
 var format = logging.MustStringFormatter(
 	`%{time} %{level:.5s} ▶ %{pid} %{shortfile} %{shortfunc} ▶ %{message}`,
 )
 
-func GetLogFilePath() string {
-	return path.Join(mizu.GetMizuFolderPath(), "mizu_cli.log")
-}
-
-func InitLogger() {
-	logPath := GetLogFilePath()
+func InitLogger(logPath string) {
 	f, err := os.OpenFile(logPath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
 	if err != nil {
 		Log.Infof("Failed to open mizu log file: %v, err %v", logPath, err)
@@ -33,7 +27,12 @@ func InitLogger() {
 	backend1Leveled.SetLevel(logging.INFO, "")
 
 	logging.SetBackend(backend1Leveled, backend2Formatter)
-
-	Log.Debugf("\n\n\n")
-	Log.Debugf("Running mizu version %v", mizu.SemVer)
+}
+
+func InitLoggerStderrOnly(level logging.Level) {
+	backend := logging.NewLogBackend(os.Stderr, "", 0)
+	backendFormatter := logging.NewBackendFormatter(backend, format)
+
+	logging.SetBackend(backendFormatter)
+	logging.SetLevel(level, "")
 }

shared/models.go

@@ -1,8 +1,8 @@
 package shared
 
 import (
-	"fmt"
 	"io/ioutil"
+	"log"
 	"strings"
 
 	"gopkg.in/yaml.v3"
@@ -56,6 +56,13 @@ type TLSLinkInfo struct {
 	ResolvedSourceName      string `json:"resolvedSourceName"`
 }
 
+type SyncEntriesConfig struct {
+	Token             string `json:"token"`
+	Env               string `json:"env"`
+	Workspace         string `json:"workspace"`
+	UploadIntervalSec int    `json:"interval"`
+}
+
 func CreateWebSocketStatusMessage(tappingStatus TapStatus) WebSocketStatusMessage {
 	return WebSocketStatusMessage{
 		WebSocketMessageMetadata: &WebSocketMessageMetadata{
@@ -83,14 +90,14 @@ type RulesPolicy struct {
 }
 
 type RulePolicy struct {
-	Type    string `yaml:"type"`
-	Service string `yaml:"service"`
-	Path    string `yaml:"path"`
-	Method  string `yaml:"method"`
-	Key     string `yaml:"key"`
-	Value   string `yaml:"value"`
-	Latency int64  `yaml:"latency"`
-	Name    string `yaml:"name"`
+	Type         string `yaml:"type"`
+	Service      string `yaml:"service"`
+	Path         string `yaml:"path"`
+	Method       string `yaml:"method"`
+	Key          string `yaml:"key"`
+	Value        string `yaml:"value"`
+	ResponseTime int64  `yaml:"response-time"`
+	Name         string `yaml:"name"`
 }
 
 type RulesMatched struct {
@@ -99,14 +106,17 @@ type RulesMatched struct {
 }
 
 func (r *RulePolicy) validateType() bool {
-	permitedTypes := []string{"json", "header", "latency"}
+	permitedTypes := []string{"json", "header", "slo"}
 	_, found := Find(permitedTypes, r.Type)
 	if !found {
-		fmt.Printf("\nRule with name %s will be ignored. Err: only json, header and latency types are supported on rule definition.\n", r.Name)
+		log.Printf("Error: %s. ", r.Name)
+		log.Printf("Only json, header and slo types are supported on rule definition. This rule will be ignored\n")
+		found = false
 	}
-	if strings.ToLower(r.Type) == "latency" {
-		if r.Latency == 0 {
-			fmt.Printf("\nRule with name %s will be ignored. Err: when type=latency, the field Latency should be specified and have a value >= 1\n\n", r.Name)
+	if strings.ToLower(r.Type) == "slo" {
+		if r.ResponseTime <= 0 {
+			log.Printf("Error: %s. ", r.Name)
+			log.Printf("When type=slo, the field response-time should be specified and have a value >= 1\n\n")
 			found = false
 		}
 	}
@@ -124,10 +134,6 @@ func (rules *RulesPolicy) ValidateRulesPolicy() []int {
 	return invalidIndex
 }
 
-func (rules *RulesPolicy) RemoveRule(idx int) {
-	rules.Rules = append(rules.Rules[:idx], rules.Rules[idx+1:]...)
-}
-
 func Find(slice []string, val string) (int, bool) {
 	for i, item := range slice {
 		if item == val {
@@ -148,10 +154,15 @@ func DecodeEnforcePolicy(path string) (RulesPolicy, error) {
 		return enforcePolicy, err
 	}
 	invalidIndex := enforcePolicy.ValidateRulesPolicy()
+	var k = 0
 	if len(invalidIndex) != 0 {
-		for i := range invalidIndex {
-			enforcePolicy.RemoveRule(invalidIndex[i])
+		for i, rule := range enforcePolicy.Rules {
+			if !ContainsInt(invalidIndex, i) {
+				enforcePolicy.Rules[k] = rule
+				k++
+			}
 		}
+		enforcePolicy.Rules = enforcePolicy.Rules[:k]
 	}
 	return enforcePolicy, nil
 }

shared/semver/semver.go

@@ -6,9 +6,17 @@ import (
 
 type SemVersion string
 
+func (v SemVersion) IsValid() bool {
+	re := regexp.MustCompile(`\d+`)
+	breakdown := re.FindAllString(string(v), 3)
+
+	return len(breakdown) == 3
+}
+
 func (v SemVersion) Breakdown() (string, string, string) {
 	re := regexp.MustCompile(`\d+`)
 	breakdown := re.FindAllString(string(v), 3)
+
 	return breakdown[0], breakdown[1], breakdown[2]
 }
 

shared/sliceUtils.go

@@ -1,4 +1,4 @@
-package mizu
+package shared
 
 func Contains(slice []string, containsValue string) bool {
 	for _, sliceValue := range slice {
@@ -10,6 +10,16 @@ func Contains(slice []string, containsValue string) bool {
 	return false
 }
 
+func ContainsInt(slice []int, containsValue int) bool {
+	for _, sliceValue := range slice {
+		if sliceValue == containsValue {
+			return true
+		}
+	}
+	return false
+}
+
+
 func Unique(slice []string) []string {
 	keys := make(map[string]bool)
 	var list []string

shared/sliceUtils_test.go

@@ -1,8 +1,8 @@
-package mizu_test
+package shared_test
 
 import (
 	"fmt"
-	"github.com/up9inc/mizu/cli/mizu"
+	"github.com/up9inc/mizu/shared"
 	"reflect"
 	"testing"
 )
@@ -21,7 +21,7 @@ func TestContainsExists(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.ContainsValue, func(t *testing.T) {
-			actual := mizu.Contains(test.Slice, test.ContainsValue)
+			actual := shared.Contains(test.Slice, test.ContainsValue)
 			if actual != test.Expected {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}
@@ -43,7 +43,7 @@ func TestContainsNotExists(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.ContainsValue, func(t *testing.T) {
-			actual := mizu.Contains(test.Slice, test.ContainsValue)
+			actual := shared.Contains(test.Slice, test.ContainsValue)
 			if actual != test.Expected {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}
@@ -63,7 +63,7 @@ func TestContainsEmptySlice(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.ContainsValue, func(t *testing.T) {
-			actual := mizu.Contains(test.Slice, test.ContainsValue)
+			actual := shared.Contains(test.Slice, test.ContainsValue)
 			if actual != test.Expected {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}
@@ -83,7 +83,7 @@ func TestContainsNilSlice(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.ContainsValue, func(t *testing.T) {
-			actual := mizu.Contains(test.Slice, test.ContainsValue)
+			actual := shared.Contains(test.Slice, test.ContainsValue)
 			if actual != test.Expected {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}
@@ -102,7 +102,7 @@ func TestUniqueNoDuplicateValues(t *testing.T) {
 
 	for index, test := range tests {
 		t.Run(fmt.Sprintf("%v", index), func(t *testing.T) {
-			actual := mizu.Unique(test.Slice)
+			actual := shared.Unique(test.Slice)
 			if !reflect.DeepEqual(test.Expected, actual) {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}
@@ -121,7 +121,7 @@ func TestUniqueDuplicateValues(t *testing.T) {
 
 	for index, test := range tests {
 		t.Run(fmt.Sprintf("%v", index), func(t *testing.T) {
-			actual := mizu.Unique(test.Slice)
+			actual := shared.Unique(test.Slice)
 			if !reflect.DeepEqual(test.Expected, actual) {
 				t.Errorf("unexpected result - Expected: %v, actual: %v", test.Expected, actual)
 			}

shared/tokenUtils.go

@@ -0,0 +1,41 @@
+package shared
+
+import (
+	"fmt"
+	"github.com/golang-jwt/jwt/v4"
+	"time"
+)
+
+func IsTokenExpired(tokenString string) (bool, error) {
+	claims, err := getTokenClaims(tokenString)
+	if err != nil {
+		return true, err
+	}
+
+	expiry := time.Unix(int64(claims["exp"].(float64)), 0)
+
+	return time.Now().After(expiry), nil
+}
+
+func GetTokenEmail(tokenString string) (string, error) {
+	claims, err := getTokenClaims(tokenString)
+	if err != nil {
+		return "", err
+	}
+
+	return claims["email"].(string), nil
+}
+
+func getTokenClaims(tokenString string) (jwt.MapClaims, error) {
+	token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse token, err: %v", err)
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil, fmt.Errorf("can't convert token's claims to standard claims")
+	}
+
+	return claims, nil
+}

tap/api/api.go

@@ -2,9 +2,17 @@ package api
 
 import (
 	"bufio"
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
 	"plugin"
 	"sync"
 	"time"
+
+	"github.com/google/martian/har"
 )
 
 type Protocol struct {
@@ -104,32 +112,36 @@ type MizuEntry struct {
 	ID                      uint `gorm:"primarykey"`
 	CreatedAt               time.Time
 	UpdatedAt               time.Time
-	ProtocolName            string `json:"protocolName" gorm:"column:protocolName"`
-	ProtocolLongName        string `json:"protocolLongName" gorm:"column:protocolLongName"`
-	ProtocolAbbreviation    string `json:"protocolAbbreviation" gorm:"column:protocolVersion"`
-	ProtocolVersion         string `json:"protocolVersion" gorm:"column:protocolVersion"`
-	ProtocolBackgroundColor string `json:"protocolBackgroundColor" gorm:"column:protocolBackgroundColor"`
-	ProtocolForegroundColor string `json:"protocolForegroundColor" gorm:"column:protocolForegroundColor"`
-	ProtocolFontSize        int8   `json:"protocolFontSize" gorm:"column:protocolFontSize"`
-	ProtocolReferenceLink   string `json:"protocolReferenceLink" gorm:"column:protocolReferenceLink"`
-	Entry                   string `json:"entry,omitempty" gorm:"column:entry"`
-	EntryId                 string `json:"entryId" gorm:"column:entryId"`
-	Url                     string `json:"url" gorm:"column:url"`
-	Method                  string `json:"method" gorm:"column:method"`
-	Status                  int    `json:"status" gorm:"column:status"`
-	RequestSenderIp         string `json:"requestSenderIp" gorm:"column:requestSenderIp"`
-	Service                 string `json:"service" gorm:"column:service"`
-	Timestamp               int64  `json:"timestamp" gorm:"column:timestamp"`
-	ElapsedTime             int64  `json:"elapsedTime" gorm:"column:elapsedTime"`
-	Path                    string `json:"path" gorm:"column:path"`
-	ResolvedSource          string `json:"resolvedSource,omitempty" gorm:"column:resolvedSource"`
-	ResolvedDestination     string `json:"resolvedDestination,omitempty" gorm:"column:resolvedDestination"`
-	SourceIp                string `json:"sourceIp,omitempty" gorm:"column:sourceIp"`
-	DestinationIp           string `json:"destinationIp,omitempty" gorm:"column:destinationIp"`
-	SourcePort              string `json:"sourcePort,omitempty" gorm:"column:sourcePort"`
-	DestinationPort         string `json:"destinationPort,omitempty" gorm:"column:destinationPort"`
-	IsOutgoing              bool   `json:"isOutgoing,omitempty" gorm:"column:isOutgoing"`
-	EstimatedSizeBytes      int    `json:"-" gorm:"column:estimatedSizeBytes"`
+	ProtocolName            string         `json:"protocolName" gorm:"column:protocolName"`
+	ProtocolLongName        string         `json:"protocolLongName" gorm:"column:protocolLongName"`
+	ProtocolAbbreviation    string         `json:"protocolAbbreviation" gorm:"column:protocolAbbreviation"`
+	ProtocolVersion         string         `json:"protocolVersion" gorm:"column:protocolVersion"`
+	ProtocolBackgroundColor string         `json:"protocolBackgroundColor" gorm:"column:protocolBackgroundColor"`
+	ProtocolForegroundColor string         `json:"protocolForegroundColor" gorm:"column:protocolForegroundColor"`
+	ProtocolFontSize        int8           `json:"protocolFontSize" gorm:"column:protocolFontSize"`
+	ProtocolReferenceLink   string         `json:"protocolReferenceLink" gorm:"column:protocolReferenceLink"`
+	Entry                   string         `json:"entry,omitempty" gorm:"column:entry"`
+	EntryId                 string         `json:"entryId" gorm:"column:entryId"`
+	Url                     string         `json:"url" gorm:"column:url"`
+	Method                  string         `json:"method" gorm:"column:method"`
+	Status                  int            `json:"status" gorm:"column:status"`
+	RequestSenderIp         string         `json:"requestSenderIp" gorm:"column:requestSenderIp"`
+	Service                 string         `json:"service" gorm:"column:service"`
+	Timestamp               int64          `json:"timestamp" gorm:"column:timestamp"`
+	ElapsedTime             int64          `json:"elapsedTime" gorm:"column:elapsedTime"`
+	Path                    string         `json:"path" gorm:"column:path"`
+	ResolvedSource          string         `json:"resolvedSource,omitempty" gorm:"column:resolvedSource"`
+	ResolvedDestination     string         `json:"resolvedDestination,omitempty" gorm:"column:resolvedDestination"`
+	SourceIp                string         `json:"sourceIp,omitempty" gorm:"column:sourceIp"`
+	DestinationIp           string         `json:"destinationIp,omitempty" gorm:"column:destinationIp"`
+	SourcePort              string         `json:"sourcePort,omitempty" gorm:"column:sourcePort"`
+	DestinationPort         string         `json:"destinationPort,omitempty" gorm:"column:destinationPort"`
+	IsOutgoing              bool           `json:"isOutgoing,omitempty" gorm:"column:isOutgoing"`
+	ContractStatus          ContractStatus `json:"contractStatus,omitempty" gorm:"column:contractStatus"`
+	ContractRequestReason   string         `json:"contractRequestReason,omitempty" gorm:"column:contractRequestReason"`
+	ContractResponseReason  string         `json:"contractResponseReason,omitempty" gorm:"column:contractResponseReason"`
+	ContractContent         string         `json:"contractContent,omitempty" gorm:"column:contractContent"`
+	EstimatedSizeBytes      int            `json:"-" gorm:"column:estimatedSizeBytes"`
 }
 
 type MizuEntryWrapper struct {
@@ -138,6 +150,7 @@ type MizuEntryWrapper struct {
 	BodySize       int64                    `json:"bodySize"`
 	Data           MizuEntry                `json:"data"`
 	Rules          []map[string]interface{} `json:"rulesMatched,omitempty"`
+	IsRulesEnabled bool                     `json:"isRulesEnabled"`
 }
 
 type BaseEntryDetails struct {
@@ -156,8 +169,9 @@ type BaseEntryDetails struct {
 	SourcePort      string          `json:"sourcePort,omitempty"`
 	DestinationPort string          `json:"destinationPort,omitempty"`
 	IsOutgoing      bool            `json:"isOutgoing,omitempty"`
-	Latency         int64           `json:"latency,omitempty"`
+	Latency         int64           `json:"latency"`
 	Rules           ApplicableRules `json:"rules,omitempty"`
+	ContractStatus  ContractStatus  `json:"contractStatus"`
 }
 
 type ApplicableRules struct {
@@ -166,6 +180,15 @@ type ApplicableRules struct {
 	NumberOfRules int   `json:"numberOfRules,omitempty"`
 }
 
+type ContractStatus int
+
+type Contract struct {
+	Status         ContractStatus `json:"status"`
+	RequestReason  string         `json:"requestReason"`
+	ResponseReason string         `json:"responseReason"`
+	Content        string         `json:"content"`
+}
+
 type DataUnmarshaler interface {
 	UnmarshalData(*MizuEntry) error
 }
@@ -183,13 +206,20 @@ func (bed *BaseEntryDetails) UnmarshalData(entry *MizuEntry) error {
 	}
 	bed.Id = entry.EntryId
 	bed.Url = entry.Url
+	bed.RequestSenderIp = entry.RequestSenderIp
 	bed.Service = entry.Service
+	bed.Path = entry.Path
 	bed.Summary = entry.Path
 	bed.StatusCode = entry.Status
 	bed.Method = entry.Method
 	bed.Timestamp = entry.Timestamp
-	bed.RequestSenderIp = entry.RequestSenderIp
+	bed.SourceIp = entry.SourceIp
+	bed.DestinationIp = entry.DestinationIp
+	bed.SourcePort = entry.SourcePort
+	bed.DestinationPort = entry.DestinationPort
 	bed.IsOutgoing = entry.IsOutgoing
+	bed.Latency = entry.ElapsedTime
+	bed.ContractStatus = entry.ContractStatus
 	return nil
 }
 
@@ -197,3 +227,109 @@ const (
 	TABLE string = "table"
 	BODY  string = "body"
 )
+
+const (
+	TypeHttpRequest = iota
+	TypeHttpResponse
+)
+
+type HTTPPayload struct {
+	Type uint8
+	Data interface{}
+}
+
+type HTTPPayloader interface {
+	MarshalJSON() ([]byte, error)
+}
+
+type HTTPWrapper struct {
+	Method      string               `json:"method"`
+	Url         string               `json:"url"`
+	Details     interface{}          `json:"details"`
+	RawRequest  *HTTPRequestWrapper  `json:"rawRequest"`
+	RawResponse *HTTPResponseWrapper `json:"rawResponse"`
+}
+
+func (h HTTPPayload) MarshalJSON() ([]byte, error) {
+	switch h.Type {
+	case TypeHttpRequest:
+		harRequest, err := har.NewRequest(h.Data.(*http.Request), true)
+		if err != nil {
+			return nil, errors.New("Failed converting request to HAR")
+		}
+		return json.Marshal(&HTTPWrapper{
+			Method:     harRequest.Method,
+			Url:        "",
+			Details:    harRequest,
+			RawRequest: &HTTPRequestWrapper{Request: h.Data.(*http.Request)},
+		})
+	case TypeHttpResponse:
+		harResponse, err := har.NewResponse(h.Data.(*http.Response), true)
+		if err != nil {
+			return nil, errors.New("Failed converting response to HAR")
+		}
+		return json.Marshal(&HTTPWrapper{
+			Method:      "",
+			Url:         "",
+			Details:     harResponse,
+			RawResponse: &HTTPResponseWrapper{Response: h.Data.(*http.Response)},
+		})
+	default:
+		panic(fmt.Sprintf("HTTP payload cannot be marshaled: %s\n", h.Type))
+	}
+}
+
+type HTTPWrapperTricky struct {
+	Method      string         `json:"method"`
+	Url         string         `json:"url"`
+	Details     interface{}    `json:"details"`
+	RawRequest  *http.Request  `json:"rawRequest"`
+	RawResponse *http.Response `json:"rawResponse"`
+}
+
+type HTTPMessage struct {
+	IsRequest   bool              `json:"isRequest"`
+	CaptureTime time.Time         `json:"captureTime"`
+	Payload     HTTPWrapperTricky `json:"payload"`
+}
+
+type HTTPRequestResponsePair struct {
+	Request  HTTPMessage `json:"request"`
+	Response HTTPMessage `json:"response"`
+}
+
+type HTTPRequestWrapper struct {
+	*http.Request
+}
+
+func (r *HTTPRequestWrapper) MarshalJSON() ([]byte, error) {
+	body, _ := ioutil.ReadAll(r.Request.Body)
+	r.Request.Body = ioutil.NopCloser(bytes.NewBuffer(body))
+	return json.Marshal(&struct {
+		Body    string `json:"Body,omitempty"`
+		GetBody string `json:"GetBody,omitempty"`
+		Cancel  string `json:"Cancel,omitempty"`
+		*http.Request
+	}{
+		Body:    string(body),
+		Request: r.Request,
+	})
+}
+
+type HTTPResponseWrapper struct {
+	*http.Response
+}
+
+func (r *HTTPResponseWrapper) MarshalJSON() ([]byte, error) {
+	body, _ := ioutil.ReadAll(r.Response.Body)
+	r.Response.Body = ioutil.NopCloser(bytes.NewBuffer(body))
+	return json.Marshal(&struct {
+		Body    string `json:"Body,omitempty"`
+		GetBody string `json:"GetBody,omitempty"`
+		Cancel  string `json:"Cancel,omitempty"`
+		*http.Response
+	}{
+		Body:     string(body),
+		Response: r.Response,
+	})
+}

tap/api/go.mod

@@ -1,3 +1,5 @@
 module github.com/up9inc/mizu/tap/api
 
 go 1.16
+
+require github.com/google/martian v2.1.0+incompatible

tap/api/go.sum

@@ -0,0 +1,2 @@
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=

tap/api/options.go

@@ -1,7 +1,7 @@
 package api
 
 type TrafficFilteringOptions struct {
-	HealthChecksUserAgentHeaders []string
-	PlainTextMaskingRegexes      []*SerializableRegexp
-	DisableRedaction             bool
+	IgnoredUserAgents       []string
+	PlainTextMaskingRegexes []*SerializableRegexp
+	DisableRedaction        bool
 }

tap/cleaner.go

@@ -5,7 +5,7 @@ import (
 	"time"
 
 	"github.com/google/gopacket/reassembly"
-	"github.com/romana/rlog"
+	"github.com/up9inc/mizu/shared/logger"
 	"github.com/up9inc/mizu/tap/api"
 )
 
@@ -28,7 +28,7 @@ func (cl *Cleaner) clean() {
 	startCleanTime := time.Now()
 
 	cl.assemblerMutex.Lock()
-	rlog.Debugf("Assembler Stats before cleaning %s", cl.assembler.Dump())
+	logger.Log.Debugf("Assembler Stats before cleaning %s", cl.assembler.Dump())
 	flushed, closed := cl.assembler.FlushCloseOlderThan(startCleanTime.Add(-cl.connectionTimeout))
 	cl.assemblerMutex.Unlock()
 
@@ -38,7 +38,7 @@ func (cl *Cleaner) clean() {
 	}
 
 	cl.statsMutex.Lock()
-	rlog.Debugf("Assembler Stats after cleaning %s", cl.assembler.Dump())
+	logger.Log.Debugf("Assembler Stats after cleaning %s", cl.assembler.Dump())
 	cl.stats.flushed += flushed
 	cl.stats.closed += closed
 	cl.statsMutex.Unlock()
@@ -48,7 +48,7 @@ func (cl *Cleaner) start() {
 	go func() {
 		ticker := time.NewTicker(cl.cleanPeriod)
 
-		for true {
+		for {
 			<-ticker.C
 			cl.clean()
 		}

tap/errors_map.go

@@ -0,0 +1,60 @@
+package tap
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/up9inc/mizu/shared/logger"
+)
+
+type errorsMap struct {
+	errorsMap      map[string]uint
+	outputLevel    int
+	nErrors        uint
+	errorsMapMutex sync.Mutex
+}
+
+func NewErrorsMap(outputLevel int) *errorsMap {
+	return &errorsMap{
+		errorsMap:   make(map[string]uint),
+		outputLevel: outputLevel,
+	}
+}
+
+/* minOutputLevel: Error will be printed only if outputLevel is above this value
+ * t:              key for errorsMap (counting errors)
+ * s, a:           arguments logger.Log.Infof
+ * Note:           Too bad for perf that a... is evaluated
+ */
+func (e *errorsMap) logError(minOutputLevel int, t string, s string, a ...interface{}) {
+	e.errorsMapMutex.Lock()
+	e.nErrors++
+	nb := e.errorsMap[t]
+	e.errorsMap[t] = nb + 1
+	e.errorsMapMutex.Unlock()
+
+	if e.outputLevel >= minOutputLevel {
+		formatStr := fmt.Sprintf("%s: %s", t, s)
+		logger.Log.Errorf(formatStr, a...)
+	}
+}
+
+func (e *errorsMap) Error(t string, s string, a ...interface{}) {
+	e.logError(0, t, s, a...)
+}
+
+func (e *errorsMap) SilentError(t string, s string, a ...interface{}) {
+	e.logError(2, t, s, a...)
+}
+
+func (e *errorsMap) Debug(s string, a ...interface{}) {
+	logger.Log.Debugf(s, a...)
+}
+
+func (e *errorsMap) getErrorsSummary() (int, string) {
+	e.errorsMapMutex.Lock()
+	errorMapLen := len(e.errorsMap)
+	errorsSummery := fmt.Sprintf("%v", e.errorsMap)
+	e.errorsMapMutex.Unlock()
+	return errorMapLen, errorsSummery
+}

tap/extensions/amqp/go.mod

@@ -2,8 +2,6 @@ module github.com/up9inc/mizu/tap/extensions/amqp
 
 go 1.16
 
-require (
-    github.com/up9inc/mizu/tap/api v0.0.0
-)
+require github.com/up9inc/mizu/tap/api v0.0.0
 
 replace github.com/up9inc/mizu/tap/api v0.0.0 => ../../api

tap/extensions/amqp/go.sum

@@ -0,0 +1,2 @@
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=

tap/extensions/amqp/main.go

@@ -312,7 +312,7 @@ func (d dissecting) Summarize(entry *api.MizuEntry) *api.BaseEntryDetails {
 		SourcePort:      entry.SourcePort,
 		DestinationPort: entry.DestinationPort,
 		IsOutgoing:      entry.IsOutgoing,
-		Latency:         0,
+		Latency:         entry.ElapsedTime,
 		Rules: api.ApplicableRules{
 			Latency: 0,
 			Status:  false,

tap/extensions/http/go.mod

@@ -3,9 +3,7 @@ module github.com/up9inc/mizu/tap/extensions/http
 go 1.16
 
 require (
-	github.com/beevik/etree v1.1.0 // indirect
-	github.com/google/martian v2.1.0+incompatible
-	github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7
+	github.com/beevik/etree v1.1.0
 	github.com/up9inc/mizu/tap/api v0.0.0
 	golang.org/x/net v0.0.0-20210224082022-3d97a244fca7
 	golang.org/x/text v0.3.5 // indirect

tap/extensions/http/go.sum

@@ -2,8 +2,6 @@ github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7 h1:jkvpcEatpwuMF5O5LVxTnehj6YZ/aEZN4NWD/Xml4pI=
-github.com/romana/rlog v0.0.0-20171115192701-f018bc92e7d7/go.mod h1:KTrHyWpO1sevuXPZwyeZc72ddWRFqNSKDFl7uVWKpg0=
 golang.org/x/net v0.0.0-20210224082022-3d97a244fca7 h1:OgUuv8lsRpBibGNbSizVwKWlysjaNzmC9gYMhPVfqFM=
 golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

tap/extensions/http/handlers.go

@@ -8,15 +8,18 @@ import (
 	"io/ioutil"
 	"net/http"
 
-	"github.com/romana/rlog"
-
 	"github.com/up9inc/mizu/tap/api"
 )
 
 func filterAndEmit(item *api.OutputChannelItem, emitter api.Emitter, options *api.TrafficFilteringOptions) {
+	if IsIgnoredUserAgent(item, options) {
+		return
+	}
+
 	if !options.DisableRedaction {
 		FilterSensitiveData(item, options)
 	}
+
 	emitter.Emit(item)
 }
 
@@ -80,22 +83,12 @@ func handleHTTP2Stream(grpcAssembler *GrpcAssembler, tcpID *api.TcpID, superTime
 func handleHTTP1ClientStream(b *bufio.Reader, tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, emitter api.Emitter, options *api.TrafficFilteringOptions) error {
 	req, err := http.ReadRequest(b)
 	if err != nil {
-		// log.Println("Error reading stream:", err)
 		return err
 	}
 	counterPair.Request++
 
 	body, err := ioutil.ReadAll(req.Body)
 	req.Body = io.NopCloser(bytes.NewBuffer(body)) // rewind
-	s := len(body)
-	if err != nil {
-		rlog.Debugf("[HTTP-request-body] stream %s Got body err: %s", tcpID.Ident, err)
-	}
-	if err := req.Body.Close(); err != nil {
-		rlog.Debugf("[HTTP-request-body-close] stream %s Failed to close request body: %s", tcpID.Ident, err)
-	}
-	encoding := req.Header["Content-Encoding"]
-	rlog.Tracef(1, "HTTP/1 Request: %s %s %s (Body:%d) -> %s", tcpID.Ident, req.Method, req.URL, s, encoding)
 
 	ident := fmt.Sprintf(
 		"%s->%s %s->%s %d",
@@ -122,30 +115,12 @@ func handleHTTP1ClientStream(b *bufio.Reader, tcpID *api.TcpID, counterPair *api
 func handleHTTP1ServerStream(b *bufio.Reader, tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, emitter api.Emitter, options *api.TrafficFilteringOptions) error {
 	res, err := http.ReadResponse(b, nil)
 	if err != nil {
-		// log.Println("Error reading stream:", err)
 		return err
 	}
 	counterPair.Response++
 
 	body, err := ioutil.ReadAll(res.Body)
 	res.Body = io.NopCloser(bytes.NewBuffer(body)) // rewind
-	s := len(body)
-	if err != nil {
-		rlog.Debugf("[HTTP-response-body] HTTP/%s: failed to get body(parsed len:%d): %s", tcpID.Ident, s, err)
-	}
-	if err := res.Body.Close(); err != nil {
-		rlog.Debugf("[HTTP-response-body-close] HTTP/%s: failed to close body(parsed len:%d): %s", tcpID.Ident, s, err)
-	}
-	sym := ","
-	if res.ContentLength > 0 && res.ContentLength != int64(s) {
-		sym = "!="
-	}
-	contentType, ok := res.Header["Content-Type"]
-	if !ok {
-		contentType = []string{http.DetectContentType(body)}
-	}
-	encoding := res.Header["Content-Encoding"]
-	rlog.Tracef(1, "HTTP/1 Response: %s %s (%d%s%d%s) -> %s", tcpID.Ident, res.Status, res.ContentLength, sym, s, contentType, encoding)
 
 	ident := fmt.Sprintf(
 		"%s->%s %s->%s %d",

tap/extensions/http/main.go

@@ -10,8 +10,6 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/romana/rlog"
-
 	"github.com/up9inc/mizu/tap/api"
 )
 
@@ -62,19 +60,11 @@ func (d dissecting) Ping() {
 }
 
 func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, superIdentifier *api.SuperIdentifier, emitter api.Emitter, options *api.TrafficFilteringOptions) error {
-	ident := fmt.Sprintf("%s->%s:%s->%s", tcpID.SrcIP, tcpID.DstIP, tcpID.SrcPort, tcpID.DstPort)
 	isHTTP2, err := checkIsHTTP2Connection(b, isClient)
-	if err != nil {
-		rlog.Debugf("[HTTP/2-Prepare-Connection] stream %s Failed to check if client is HTTP/2: %s (%v,%+v)", ident, err, err, err)
-		// Do something?
-	}
 
 	var grpcAssembler *GrpcAssembler
 	if isHTTP2 {
-		err := prepareHTTP2Connection(b, isClient)
-		if err != nil {
-			rlog.Debugf("[HTTP/2-Prepare-Connection-After-Check] stream %s error: %s (%v,%+v)", ident, err, err, err)
-		}
+		prepareHTTP2Connection(b, isClient)
 		grpcAssembler = createGrpcAssembler(b)
 	}
 
@@ -89,7 +79,6 @@ func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, co
 			if err == io.EOF || err == io.ErrUnexpectedEOF {
 				break
 			} else if err != nil {
-				rlog.Debugf("[HTTP/2] stream %s error: %s (%v,%+v)", ident, err, err, err)
 				continue
 			}
 			dissected = true
@@ -98,7 +87,6 @@ func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, co
 			if err == io.EOF || err == io.ErrUnexpectedEOF {
 				break
 			} else if err != nil {
-				rlog.Debugf("[HTTP-request] stream %s Request error: %s (%v,%+v)", ident, err, err, err)
 				continue
 			}
 			dissected = true
@@ -107,7 +95,6 @@ func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, co
 			if err == io.EOF || err == io.ErrUnexpectedEOF {
 				break
 			} else if err != nil {
-				rlog.Debugf("[HTTP-response], stream %s Response error: %s (%v,%+v)", ident, err, err, err)
 				continue
 			}
 			dissected = true
@@ -124,7 +111,6 @@ func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, co
 func SetHostname(address, newHostname string) string {
 	replacedUrl, err := url.Parse(address)
 	if err != nil {
-		log.Printf("error replacing hostname to %s in address %s, returning original %v", newHostname, address, err)
 		return address
 	}
 	replacedUrl.Host = newHostname
@@ -223,7 +209,7 @@ func (d dissecting) Summarize(entry *api.MizuEntry) *api.BaseEntryDetails {
 		SourcePort:      entry.SourcePort,
 		DestinationPort: entry.DestinationPort,
 		IsOutgoing:      entry.IsOutgoing,
-		Latency:         0,
+		Latency:         entry.ElapsedTime,
 		Rules: api.ApplicableRules{
 			Latency: 0,
 			Status:  false,

tap/extensions/http/matcher.go

@@ -7,8 +7,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/romana/rlog"
-
 	"github.com/up9inc/mizu/tap/api"
 )
 
@@ -31,7 +29,7 @@ func (matcher *requestResponseMatcher) registerRequest(ident string, request *ht
 	requestHTTPMessage := api.GenericMessage{
 		IsRequest:   true,
 		CaptureTime: captureTime,
-		Payload: HTTPPayload{
+		Payload: api.HTTPPayload{
 			Type: TypeHttpRequest,
 			Data: request,
 		},
@@ -41,15 +39,12 @@ func (matcher *requestResponseMatcher) registerRequest(ident string, request *ht
 		// Type assertion always succeeds because all of the map's values are of api.GenericMessage type
 		responseHTTPMessage := response.(*api.GenericMessage)
 		if responseHTTPMessage.IsRequest {
-			rlog.Debugf("[Request-Duplicate] Got duplicate request with same identifier")
 			return nil
 		}
-		rlog.Tracef(1, "Matched open Response for %s", key)
 		return matcher.preparePair(&requestHTTPMessage, responseHTTPMessage)
 	}
 
 	matcher.openMessagesMap.Store(key, &requestHTTPMessage)
-	rlog.Tracef(1, "Registered open Request for %s", key)
 	return nil
 }
 
@@ -60,7 +55,7 @@ func (matcher *requestResponseMatcher) registerResponse(ident string, response *
 	responseHTTPMessage := api.GenericMessage{
 		IsRequest:   false,
 		CaptureTime: captureTime,
-		Payload: HTTPPayload{
+		Payload: api.HTTPPayload{
 			Type: TypeHttpResponse,
 			Data: response,
 		},
@@ -70,15 +65,12 @@ func (matcher *requestResponseMatcher) registerResponse(ident string, response *
 		// Type assertion always succeeds because all of the map's values are of api.GenericMessage type
 		requestHTTPMessage := request.(*api.GenericMessage)
 		if !requestHTTPMessage.IsRequest {
-			rlog.Debugf("[Response-Duplicate] Got duplicate response with same identifier")
 			return nil
 		}
-		rlog.Tracef(1, "Matched open Request for %s", key)
 		return matcher.preparePair(requestHTTPMessage, &responseHTTPMessage)
 	}
 
 	matcher.openMessagesMap.Store(key, &responseHTTPMessage)
-	rlog.Tracef(1, "Registered open Response for %s", key)
 	return nil
 }
 

tap/extensions/http/sensitive_data_cleaner.go

@@ -12,7 +12,6 @@ import (
 	"strings"
 
 	"github.com/beevik/etree"
-	"github.com/romana/rlog"
 	"github.com/up9inc/mizu/tap/api"
 )
 
@@ -25,9 +24,33 @@ var personallyIdentifiableDataFields = []string{"token", "authorization", "authe
 	"zip", "zipcode", "address", "country", "firstname", "lastname",
 	"middlename", "fname", "lname", "birthdate"}
 
+func IsIgnoredUserAgent(item *api.OutputChannelItem, options *api.TrafficFilteringOptions) bool {
+	if item.Protocol.Name != "http" {
+		return false
+	}
+
+	request := item.Pair.Request.Payload.(api.HTTPPayload).Data.(*http.Request)
+
+	for headerKey, headerValues := range request.Header {
+		if strings.ToLower(headerKey) == "user-agent" {
+			for _, userAgent := range options.IgnoredUserAgents {
+				for _, headerValue := range headerValues {
+					if strings.Contains(strings.ToLower(headerValue), strings.ToLower(userAgent)) {
+						return true
+					}
+				}
+			}
+
+			return false
+		}
+	}
+
+	return false
+}
+
 func FilterSensitiveData(item *api.OutputChannelItem, options *api.TrafficFilteringOptions) {
-	request := item.Pair.Request.Payload.(HTTPPayload).Data.(*http.Request)
-	response := item.Pair.Response.Payload.(HTTPPayload).Data.(*http.Response)
+	request := item.Pair.Request.Payload.(api.HTTPPayload).Data.(*http.Request)
+	response := item.Pair.Response.Payload.(api.HTTPPayload).Data.(*http.Response)
 
 	filterHeaders(&request.Header)
 	filterHeaders(&response.Header)
@@ -40,7 +63,6 @@ func filterRequestBody(request *http.Request, options *api.TrafficFilteringOptio
 	contenType := getContentTypeHeaderValue(request.Header)
 	body, err := ioutil.ReadAll(request.Body)
 	if err != nil {
-		rlog.Debugf("Filtering error reading body: %v", err)
 		return
 	}
 	filteredBody, err := filterHttpBody([]byte(body), contenType, options)
@@ -55,7 +77,6 @@ func filterResponseBody(response *http.Response, options *api.TrafficFilteringOp
 	contentType := getContentTypeHeaderValue(response.Header)
 	body, err := ioutil.ReadAll(response.Body)
 	if err != nil {
-		rlog.Debugf("Filtering error reading body: %v", err)
 		return
 	}
 	filteredBody, err := filterHttpBody([]byte(body), contentType, options)
@@ -86,6 +107,10 @@ func getContentTypeHeaderValue(headers http.Header) string {
 }
 
 func isFieldNameSensitive(fieldName string) bool {
+	if fieldName == ":authority" {
+		return false
+	}
+
 	name := strings.ToLower(fieldName)
 	name = strings.ReplaceAll(name, "_", "")
 	name = strings.ReplaceAll(name, "-", "")

tap/extensions/http/structs.go

@@ -1,55 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/google/martian/har"
-	"github.com/romana/rlog"
-)
-
-type HTTPPayload struct {
-	Type uint8
-	Data interface{}
-}
-
-type HTTPPayloader interface {
-	MarshalJSON() ([]byte, error)
-}
-
-type HTTPWrapper struct {
-	Method  string      `json:"method"`
-	Url     string      `json:"url"`
-	Details interface{} `json:"details"`
-}
-
-func (h HTTPPayload) MarshalJSON() ([]byte, error) {
-	switch h.Type {
-	case TypeHttpRequest:
-		harRequest, err := har.NewRequest(h.Data.(*http.Request), true)
-		if err != nil {
-			rlog.Debugf("convert-request-to-har", "Failed converting request to HAR %s (%v,%+v)", err, err, err)
-			return nil, errors.New("Failed converting request to HAR")
-		}
-		return json.Marshal(&HTTPWrapper{
-			Method:  harRequest.Method,
-			Url:     "",
-			Details: harRequest,
-		})
-	case TypeHttpResponse:
-		harResponse, err := har.NewResponse(h.Data.(*http.Response), true)
-		if err != nil {
-			rlog.Debugf("convert-response-to-har", "Failed converting response to HAR %s (%v,%+v)", err, err, err)
-			return nil, errors.New("Failed converting response to HAR")
-		}
-		return json.Marshal(&HTTPWrapper{
-			Method:  "",
-			Url:     "",
-			Details: harResponse,
-		})
-	default:
-		panic(fmt.Sprintf("HTTP payload cannot be marshaled: %s\n", h.Type))
-	}
-}

tap/extensions/kafka/go.sum

@@ -7,6 +7,8 @@ github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/klauspost/compress v1.9.8 h1:VMAMUUOh+gaxKTMk+zqbjsSjsIcUcL/LF4o63i82QyA=
 github.com/klauspost/compress v1.9.8/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=

tap/extensions/kafka/helpers.go

@@ -130,8 +130,16 @@ func representMetadataResponse(data map[string]interface{}) []interface{} {
 	rep = representResponseHeader(data, rep)
 
 	payload := data["Payload"].(map[string]interface{})
-	topics, _ := json.Marshal(payload["Topics"].([]interface{}))
-	brokers, _ := json.Marshal(payload["Brokers"].([]interface{}))
+	topics := ""
+	if payload["Topics"] != nil {
+		_topics, _ := json.Marshal(payload["Topics"].([]interface{}))
+		topics = string(_topics)
+	}
+	brokers := ""
+	if payload["Brokers"] != nil {
+		_brokers, _ := json.Marshal(payload["Brokers"].([]interface{}))
+		brokers = string(_brokers)
+	}
 	controllerID := ""
 	clusterID := ""
 	throttleTimeMs := ""
@@ -155,7 +163,7 @@ func representMetadataResponse(data map[string]interface{}) []interface{} {
 		},
 		{
 			"name":  "Brokers",
-			"value": string(brokers),
+			"value": brokers,
 		},
 		{
 			"name":  "Cluster ID",
@@ -167,7 +175,7 @@ func representMetadataResponse(data map[string]interface{}) []interface{} {
 		},
 		{
 			"name":  "Topics",
-			"value": string(topics),
+			"value": topics,
 		},
 		{
 			"name":  "Cluster Authorized Operations",
@@ -303,7 +311,11 @@ func representProduceResponse(data map[string]interface{}) []interface{} {
 	rep = representResponseHeader(data, rep)
 
 	payload := data["Payload"].(map[string]interface{})
-	responses, _ := json.Marshal(payload["Responses"].([]interface{}))
+	responses := ""
+	if payload["Responses"] != nil {
+		_responses, _ := json.Marshal(payload["Responses"].([]interface{}))
+		responses = string(_responses)
+	}
 	throttleTimeMs := ""
 	if payload["ThrottleTimeMs"] != nil {
 		throttleTimeMs = fmt.Sprintf("%d", int(payload["ThrottleTimeMs"].(float64)))
@@ -333,7 +345,11 @@ func representFetchRequest(data map[string]interface{}) []interface{} {
 	rep = representRequestHeader(data, rep)
 
 	payload := data["Payload"].(map[string]interface{})
-	topics, _ := json.Marshal(payload["Topics"].([]interface{}))
+	topics := ""
+	if payload["Topics"] != nil {
+		_topics, _ := json.Marshal(payload["Topics"].([]interface{}))
+		topics = string(_topics)
+	}
 	replicaId := ""
 	if payload["ReplicaId"] != nil {
 		replicaId = fmt.Sprintf("%d", int(payload["ReplicaId"].(float64)))
@@ -361,7 +377,7 @@ func representFetchRequest(data map[string]interface{}) []interface{} {
 	}
 	rackId := ""
 	if payload["RackId"] != nil {
-		rackId = fmt.Sprintf("%d", int(payload["RackId"].(float64)))
+		rackId = payload["RackId"].(string)
 	}
 	repPayload, _ := json.Marshal([]map[string]string{
 		{
@@ -394,7 +410,7 @@ func representFetchRequest(data map[string]interface{}) []interface{} {
 		},
 		{
 			"name":  "Topics",
-			"value": string(topics),
+			"value": topics,
 		},
 		{
 			"name":  "Forgotten Topics Data",
@@ -420,7 +436,11 @@ func representFetchResponse(data map[string]interface{}) []interface{} {
 	rep = representResponseHeader(data, rep)
 
 	payload := data["Payload"].(map[string]interface{})
-	responses, _ := json.Marshal(payload["Responses"].([]interface{}))
+	responses := ""
+	if payload["Responses"] != nil {
+		_responses, _ := json.Marshal(payload["Responses"].([]interface{}))
+		responses = string(_responses)
+	}
 	throttleTimeMs := ""
 	if payload["ThrottleTimeMs"] != nil {
 		throttleTimeMs = fmt.Sprintf("%d", int(payload["ThrottleTimeMs"].(float64)))
@@ -448,7 +468,7 @@ func representFetchResponse(data map[string]interface{}) []interface{} {
 		},
 		{
 			"name":  "Responses",
-			"value": string(responses),
+			"value": responses,
 		},
 	})
 	rep = append(rep, map[string]string{
@@ -466,7 +486,11 @@ func representListOffsetsRequest(data map[string]interface{}) []interface{} {
 	rep = representRequestHeader(data, rep)
 
 	payload := data["Payload"].(map[string]interface{})
-	topics, _ := json.Marshal(payload["Topics"].([]interface{}))
+	topics := ""
+	if payload["Topics"] != nil {
+		_topics, _ := json.Marshal(payload["Topics"].([]interface{}))
+		topics = string(_topics)
+	}
 	repPayload, _ := json.Marshal([]map[string]string{
 		{
 			"name":  "Replica ID",
@@ -474,7 +498,7 @@ func representListOffsetsRequest(data map[string]interface{}) []interface{} {
 		},
 		{
 			"name":  "Topics",
-			"value": string(topics),
+			"value": topics,
 		},
 	})
 	rep = append(rep, map[string]string{

tap/extensions/kafka/main.go

@@ -104,7 +104,11 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, entryId string, resolve
 		}
 		break
 	case Fetch:
-		topics := reqDetails["Payload"].(map[string]interface{})["Topics"].([]interface{})
+		_topics := reqDetails["Payload"].(map[string]interface{})["Topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
 		for _, topic := range topics {
 			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["Topic"].(string))
 		}
@@ -113,7 +117,11 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, entryId string, resolve
 		}
 		break
 	case ListOffsets:
-		topics := reqDetails["Payload"].(map[string]interface{})["Topics"].([]interface{})
+		_topics := reqDetails["Payload"].(map[string]interface{})["Topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
 		for _, topic := range topics {
 			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["Name"].(string))
 		}
@@ -186,7 +194,7 @@ func (d dissecting) Summarize(entry *api.MizuEntry) *api.BaseEntryDetails {
 		SourcePort:      entry.SourcePort,
 		DestinationPort: entry.DestinationPort,
 		IsOutgoing:      entry.IsOutgoing,
-		Latency:         0,
+		Latency:         entry.ElapsedTime,
 		Rules: api.ApplicableRules{
 			Latency: 0,
 			Status:  false,

tap/extensions/redis/errors.go

@@ -0,0 +1,14 @@
+package main
+
+//ConnectError redis connection error,such as io timeout
+type ConnectError struct {
+	Message string
+}
+
+func newConnectError(message string) *ConnectError {
+	return &ConnectError{Message: message}
+}
+
+func (e *ConnectError) Error() string {
+	return e.Message
+}

tap/extensions/redis/go.mod

@@ -0,0 +1,7 @@
+module github.com/up9inc/mizu/tap/extensions/redis
+
+go 1.16
+
+require github.com/up9inc/mizu/tap/api v0.0.0
+
+replace github.com/up9inc/mizu/tap/api v0.0.0 => ../../api

tap/extensions/redis/go.sum

@@ -0,0 +1,2 @@
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=

tap/extensions/redis/handlers.go

@@ -0,0 +1,55 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/up9inc/mizu/tap/api"
+)
+
+func handleClientStream(tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, emitter api.Emitter, request *RedisPacket) error {
+	counterPair.Request++
+	ident := fmt.Sprintf(
+		"%s->%s %s->%s %d",
+		tcpID.SrcIP,
+		tcpID.DstIP,
+		tcpID.SrcPort,
+		tcpID.DstPort,
+		counterPair.Request,
+	)
+	item := reqResMatcher.registerRequest(ident, request, superTimer.CaptureTime)
+	if item != nil {
+		item.ConnectionInfo = &api.ConnectionInfo{
+			ClientIP:   tcpID.SrcIP,
+			ClientPort: tcpID.SrcPort,
+			ServerIP:   tcpID.DstIP,
+			ServerPort: tcpID.DstPort,
+			IsOutgoing: true,
+		}
+		emitter.Emit(item)
+	}
+	return nil
+}
+
+func handleServerStream(tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, emitter api.Emitter, response *RedisPacket) error {
+	counterPair.Response++
+	ident := fmt.Sprintf(
+		"%s->%s %s->%s %d",
+		tcpID.DstIP,
+		tcpID.SrcIP,
+		tcpID.DstPort,
+		tcpID.SrcPort,
+		counterPair.Response,
+	)
+	item := reqResMatcher.registerResponse(ident, response, superTimer.CaptureTime)
+	if item != nil {
+		item.ConnectionInfo = &api.ConnectionInfo{
+			ClientIP:   tcpID.DstIP,
+			ClientPort: tcpID.DstPort,
+			ServerIP:   tcpID.SrcIP,
+			ServerPort: tcpID.SrcPort,
+			IsOutgoing: false,
+		}
+		emitter.Emit(item)
+	}
+	return nil
+}

tap/extensions/redis/helpers.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	"encoding/json"
+
+	"github.com/up9inc/mizu/tap/api"
+)
+
+type RedisPayload struct {
+	Data interface{}
+}
+
+type RedisPayloader interface {
+	MarshalJSON() ([]byte, error)
+}
+
+func (h RedisPayload) MarshalJSON() ([]byte, error) {
+	return json.Marshal(h.Data)
+}
+
+type RedisWrapper struct {
+	Method  string      `json:"method"`
+	Url     string      `json:"url"`
+	Details interface{} `json:"details"`
+}
+
+func representGeneric(generic map[string]interface{}) (representation []interface{}) {
+	details, _ := json.Marshal([]map[string]string{
+		{
+			"name":  "Type",
+			"value": generic["type"].(string),
+		},
+		{
+			"name":  "Command",
+			"value": generic["command"].(string),
+		},
+		{
+			"name":  "Key",
+			"value": generic["key"].(string),
+		},
+		{
+			"name":  "Value",
+			"value": generic["value"].(string),
+		},
+		{
+			"name":  "Keyword",
+			"value": generic["keyword"].(string),
+		},
+	})
+	representation = append(representation, map[string]string{
+		"type":  api.TABLE,
+		"title": "Details",
+		"data":  string(details),
+	})
+
+	return
+}

tap/extensions/redis/main.go

@@ -0,0 +1,154 @@
+package main
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"log"
+
+	"github.com/up9inc/mizu/tap/api"
+)
+
+var protocol api.Protocol = api.Protocol{
+	Name:            "redis",
+	LongName:        "Redis Serialization Protocol",
+	Abbreviation:    "REDIS",
+	Version:         "3.x",
+	BackgroundColor: "#a41e11",
+	ForegroundColor: "#ffffff",
+	FontSize:        11,
+	ReferenceLink:   "https://redis.io/topics/protocol",
+	Ports:           []string{"6379"},
+	Priority:        3,
+}
+
+func init() {
+	log.Println("Initializing Redis extension...")
+}
+
+type dissecting string
+
+func (d dissecting) Register(extension *api.Extension) {
+	extension.Protocol = &protocol
+	extension.MatcherMap = reqResMatcher.openMessagesMap
+}
+
+func (d dissecting) Ping() {
+	log.Printf("pong %s\n", protocol.Name)
+}
+
+func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, counterPair *api.CounterPair, superTimer *api.SuperTimer, superIdentifier *api.SuperIdentifier, emitter api.Emitter, options *api.TrafficFilteringOptions) error {
+	is := &RedisInputStream{
+		Reader: b,
+		Buf:    make([]byte, 8192),
+	}
+	proto := NewProtocol(is)
+	for {
+		redisPacket, err := proto.Read()
+		if err != nil {
+			return err
+		}
+
+		if isClient {
+			handleClientStream(tcpID, counterPair, superTimer, emitter, redisPacket)
+		} else {
+			handleServerStream(tcpID, counterPair, superTimer, emitter, redisPacket)
+		}
+	}
+}
+
+func (d dissecting) Analyze(item *api.OutputChannelItem, entryId string, resolvedSource string, resolvedDestination string) *api.MizuEntry {
+	request := item.Pair.Request.Payload.(map[string]interface{})
+	reqDetails := request["details"].(map[string]interface{})
+	service := "redis"
+	if resolvedDestination != "" {
+		service = resolvedDestination
+	} else if resolvedSource != "" {
+		service = resolvedSource
+	}
+
+	method := ""
+	if reqDetails["command"] != nil {
+		method = reqDetails["command"].(string)
+	}
+
+	summary := ""
+	if reqDetails["key"] != nil {
+		summary = reqDetails["key"].(string)
+	}
+
+	request["url"] = summary
+	entryBytes, _ := json.Marshal(item.Pair)
+	return &api.MizuEntry{
+		ProtocolName:            protocol.Name,
+		ProtocolLongName:        protocol.LongName,
+		ProtocolAbbreviation:    protocol.Abbreviation,
+		ProtocolVersion:         protocol.Version,
+		ProtocolBackgroundColor: protocol.BackgroundColor,
+		ProtocolForegroundColor: protocol.ForegroundColor,
+		ProtocolFontSize:        protocol.FontSize,
+		ProtocolReferenceLink:   protocol.ReferenceLink,
+		EntryId:                 entryId,
+		Entry:                   string(entryBytes),
+		Url:                     fmt.Sprintf("%s%s", service, summary),
+		Method:                  method,
+		Status:                  0,
+		RequestSenderIp:         item.ConnectionInfo.ClientIP,
+		Service:                 service,
+		Timestamp:               item.Timestamp,
+		ElapsedTime:             0,
+		Path:                    summary,
+		ResolvedSource:          resolvedSource,
+		ResolvedDestination:     resolvedDestination,
+		SourceIp:                item.ConnectionInfo.ClientIP,
+		DestinationIp:           item.ConnectionInfo.ServerIP,
+		SourcePort:              item.ConnectionInfo.ClientPort,
+		DestinationPort:         item.ConnectionInfo.ServerPort,
+		IsOutgoing:              item.ConnectionInfo.IsOutgoing,
+	}
+
+}
+
+func (d dissecting) Summarize(entry *api.MizuEntry) *api.BaseEntryDetails {
+	return &api.BaseEntryDetails{
+		Id:              entry.EntryId,
+		Protocol:        protocol,
+		Url:             entry.Url,
+		RequestSenderIp: entry.RequestSenderIp,
+		Service:         entry.Service,
+		Summary:         entry.Path,
+		StatusCode:      entry.Status,
+		Method:          entry.Method,
+		Timestamp:       entry.Timestamp,
+		SourceIp:        entry.SourceIp,
+		DestinationIp:   entry.DestinationIp,
+		SourcePort:      entry.SourcePort,
+		DestinationPort: entry.DestinationPort,
+		IsOutgoing:      entry.IsOutgoing,
+		Latency:         entry.ElapsedTime,
+		Rules: api.ApplicableRules{
+			Latency: 0,
+			Status:  false,
+		},
+	}
+}
+
+func (d dissecting) Represent(entry *api.MizuEntry) (p api.Protocol, object []byte, bodySize int64, err error) {
+	p = protocol
+	bodySize = 0
+	var root map[string]interface{}
+	json.Unmarshal([]byte(entry.Entry), &root)
+	representation := make(map[string]interface{}, 0)
+	request := root["request"].(map[string]interface{})["payload"].(map[string]interface{})
+	response := root["response"].(map[string]interface{})["payload"].(map[string]interface{})
+	reqDetails := request["details"].(map[string]interface{})
+	resDetails := response["details"].(map[string]interface{})
+	repRequest := representGeneric(reqDetails)
+	repResponse := representGeneric(resDetails)
+	representation["request"] = repRequest
+	representation["response"] = repResponse
+	object, err = json.Marshal(representation)
+	return
+}
+
+var Dissector dissecting

tap/extensions/redis/matcher.go

@@ -0,0 +1,102 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/up9inc/mizu/tap/api"
+)
+
+var reqResMatcher = createResponseRequestMatcher() // global
+
+// Key is {client_addr}:{client_port}->{dest_addr}:{dest_port}_{incremental_counter}
+type requestResponseMatcher struct {
+	openMessagesMap *sync.Map
+}
+
+func createResponseRequestMatcher() requestResponseMatcher {
+	newMatcher := &requestResponseMatcher{openMessagesMap: &sync.Map{}}
+	return *newMatcher
+}
+
+func (matcher *requestResponseMatcher) registerRequest(ident string, request *RedisPacket, captureTime time.Time) *api.OutputChannelItem {
+	split := splitIdent(ident)
+	key := genKey(split)
+
+	requestRedisMessage := api.GenericMessage{
+		IsRequest:   true,
+		CaptureTime: captureTime,
+		Payload: RedisPayload{
+			Data: &RedisWrapper{
+				Method:  string(request.Command),
+				Url:     "",
+				Details: request,
+			},
+		},
+	}
+
+	if response, found := matcher.openMessagesMap.LoadAndDelete(key); found {
+		// Type assertion always succeeds because all of the map's values are of api.GenericMessage type
+		responseRedisMessage := response.(*api.GenericMessage)
+		if responseRedisMessage.IsRequest {
+			return nil
+		}
+		return matcher.preparePair(&requestRedisMessage, responseRedisMessage)
+	}
+
+	matcher.openMessagesMap.Store(key, &requestRedisMessage)
+	return nil
+}
+
+func (matcher *requestResponseMatcher) registerResponse(ident string, response *RedisPacket, captureTime time.Time) *api.OutputChannelItem {
+	split := splitIdent(ident)
+	key := genKey(split)
+
+	responseRedisMessage := api.GenericMessage{
+		IsRequest:   false,
+		CaptureTime: captureTime,
+		Payload: RedisPayload{
+			Data: &RedisWrapper{
+				Method:  string(response.Command),
+				Url:     "",
+				Details: response,
+			},
+		},
+	}
+
+	if request, found := matcher.openMessagesMap.LoadAndDelete(key); found {
+		// Type assertion always succeeds because all of the map's values are of api.GenericMessage type
+		requestRedisMessage := request.(*api.GenericMessage)
+		if !requestRedisMessage.IsRequest {
+			return nil
+		}
+		return matcher.preparePair(requestRedisMessage, &responseRedisMessage)
+	}
+
+	matcher.openMessagesMap.Store(key, &responseRedisMessage)
+	return nil
+}
+
+func (matcher *requestResponseMatcher) preparePair(requestRedisMessage *api.GenericMessage, responseRedisMessage *api.GenericMessage) *api.OutputChannelItem {
+	return &api.OutputChannelItem{
+		Protocol:       protocol,
+		Timestamp:      requestRedisMessage.CaptureTime.UnixNano() / int64(time.Millisecond),
+		ConnectionInfo: nil,
+		Pair: &api.RequestResponsePair{
+			Request:  *requestRedisMessage,
+			Response: *responseRedisMessage,
+		},
+	}
+}
+
+func splitIdent(ident string) []string {
+	ident = strings.Replace(ident, "->", " ", -1)
+	return strings.Split(ident, " ")
+}
+
+func genKey(split []string) string {
+	key := fmt.Sprintf("%s:%s->%s:%s,%s", split[0], split[2], split[1], split[3], split[4])
+	return key
+}

tap/extensions/redis/read.go

@@ -0,0 +1,489 @@
+package main
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	askPrefix         = "ASK "
+	movedPrefix       = "MOVED "
+	clusterDownPrefix = "CLUSTERDOWN "
+	busyPrefix        = "BUSY "
+	noscriptPrefix    = "NOSCRIPT "
+
+	defaultHost         = "localhost"
+	defaultPort         = 6379
+	defaultSentinelPort = 26379
+	defaultTimeout      = 5 * time.Second
+	defaultDatabase     = 2 * time.Second
+
+	dollarByte        = '$'
+	asteriskByte      = '*'
+	plusByte          = '+'
+	minusByte         = '-'
+	colonByte         = ':'
+	notApplicableByte = '0'
+
+	sentinelMasters             = "masters"
+	sentinelGetMasterAddrByName = "get-master-addr-by-name"
+	sentinelReset               = "reset"
+	sentinelSlaves              = "slaves"
+	sentinelFailOver            = "failover"
+	sentinelMonitor             = "monitor"
+	sentinelRemove              = "remove"
+	sentinelSet                 = "set"
+
+	clusterNodes            = "nodes"
+	clusterMeet             = "meet"
+	clusterReset            = "reset"
+	clusterAddSlots         = "addslots"
+	clusterDelSlots         = "delslots"
+	clusterInfo             = "info"
+	clusterGetKeysInSlot    = "getkeysinslot"
+	clusterSetSlot          = "setslot"
+	clusterSetSlotNode      = "node"
+	clusterSetSlotMigrating = "migrating"
+	clusterSetSlotImporting = "importing"
+	clusterSetSlotStable    = "stable"
+	clusterForget           = "forget"
+	clusterFlushSlot        = "flushslots"
+	clusterKeySlot          = "keyslot"
+	clusterCountKeyInSlot   = "countkeysinslot"
+	clusterSaveConfig       = "saveconfig"
+	clusterReplicate        = "replicate"
+	clusterSlaves           = "slaves"
+	clusterFailOver         = "failover"
+	clusterSlots            = "slots"
+	pubSubChannels          = "channels"
+	pubSubNumSub            = "numsub"
+	pubSubNumPat            = "numpat"
+)
+
+//intToByteArr convert int to byte array
+func intToByteArr(a int) []byte {
+	buf := make([]byte, 0)
+	return strconv.AppendInt(buf, int64(a), 10)
+}
+
+var (
+	bytesTrue  = intToByteArr(1)
+	bytesFalse = intToByteArr(0)
+	bytesTilde = []byte("~")
+
+	positiveInfinityBytes = []byte("+inf")
+	negativeInfinityBytes = []byte("-inf")
+)
+
+var (
+	sizeTable = []int{9, 99, 999, 9999, 99999, 999999, 9999999, 99999999,
+		999999999, math.MaxInt32}
+
+	digitTens = []byte{'0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1',
+		'1', '1', '1', '1', '1', '1', '1', '1', '1', '2', '2', '2', '2', '2', '2', '2', '2', '2',
+		'2', '3', '3', '3', '3', '3', '3', '3', '3', '3', '3', '4', '4', '4', '4', '4', '4', '4',
+		'4', '4', '4', '5', '5', '5', '5', '5', '5', '5', '5', '5', '5', '6', '6', '6', '6', '6',
+		'6', '6', '6', '6', '6', '7', '7', '7', '7', '7', '7', '7', '7', '7', '7', '8', '8', '8',
+		'8', '8', '8', '8', '8', '8', '8', '9', '9', '9', '9', '9', '9', '9', '9', '9', '9'}
+
+	digitOnes = []byte{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0',
+		'1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5', '6', '7', '8',
+		'9', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5', '6',
+		'7', '8', '9', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4',
+		'5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2',
+		'3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'}
+
+	digits = []byte{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a',
+		'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
+		't', 'u', 'v', 'w', 'x', 'y', 'z'}
+)
+
+// receive message from redis
+type RedisInputStream struct {
+	*bufio.Reader
+	Buf   []byte
+	count int
+	limit int
+}
+
+func (r *RedisInputStream) readByte() (byte, error) {
+	err := r.ensureFill()
+	if err != nil {
+		return 0, err
+	}
+	ret := r.Buf[r.count]
+	r.count++
+	return ret, nil
+}
+
+func (r *RedisInputStream) ensureFill() error {
+	if r.count < r.limit {
+		return nil
+	}
+	var err error
+	r.limit, err = r.Read(r.Buf)
+	if err != nil {
+		return newConnectError(err.Error())
+	}
+	r.count = 0
+	if r.limit == -1 {
+		return newConnectError("Unexpected end of stream")
+	}
+	return nil
+}
+
+func (r *RedisInputStream) readLine() (string, error) {
+	buf := ""
+	for {
+		err := r.ensureFill()
+		if err != nil {
+			return "", err
+		}
+		b := r.Buf[r.count]
+		r.count++
+		if b == '\r' {
+			err := r.ensureFill()
+			if err != nil {
+				return "", err
+			}
+			c := r.Buf[r.count]
+			r.count++
+			if c == '\n' {
+				break
+			}
+			buf += string(b)
+			buf += string(c)
+		} else {
+			buf += string(b)
+		}
+	}
+	if buf == "" {
+		return "", newConnectError("It seems like server has closed the connection.")
+	}
+	return buf, nil
+}
+
+func (r *RedisInputStream) readLineBytes() ([]byte, error) {
+	err := r.ensureFill()
+	if err != nil {
+		return nil, err
+	}
+	pos := r.count
+	buf := r.Buf
+	for {
+		if pos == r.limit {
+			return r.readLineBytesSlowly()
+		}
+		p := buf[pos]
+		pos++
+		if p == '\r' {
+			if pos == r.limit {
+				return r.readLineBytesSlowly()
+			}
+			p := buf[pos]
+			pos++
+			if p == '\n' {
+				break
+			}
+		}
+	}
+	N := pos - r.count - 2
+	line := make([]byte, N)
+	j := 0
+	for i := r.count; i <= N; i++ {
+		line[j] = buf[i]
+		j++
+	}
+	r.count = pos
+	return line, nil
+}
+
+func (r *RedisInputStream) readLineBytesSlowly() ([]byte, error) {
+	buf := make([]byte, 0)
+	for {
+		err := r.ensureFill()
+		if err != nil {
+			return nil, err
+		}
+		b := r.Buf[r.count]
+		r.count++
+		if b == 'r' {
+			err := r.ensureFill()
+			if err != nil {
+				return nil, err
+			}
+			c := r.Buf[r.count]
+			r.count++
+			if c == '\n' {
+				break
+			}
+			buf = append(buf, b)
+			buf = append(buf, c)
+		} else {
+			buf = append(buf, b)
+		}
+	}
+	return buf, nil
+}
+
+func (r *RedisInputStream) readIntCrLf() (int64, error) {
+	err := r.ensureFill()
+	if err != nil {
+		return 0, err
+	}
+	buf := r.Buf
+	isNeg := false
+	if buf[r.count] == '-' {
+		isNeg = true
+	}
+	if isNeg {
+		r.count++
+	}
+	value := int64(0)
+	for {
+		err := r.ensureFill()
+		if err != nil {
+			return 0, err
+		}
+		b := buf[r.count]
+		r.count++
+		if b == '\r' {
+			err := r.ensureFill()
+			if err != nil {
+				return 0, err
+			}
+			c := buf[r.count]
+			r.count++
+			if c != '\n' {
+				return 0, newConnectError("Unexpected character!")
+			}
+			break
+		} else {
+			value = value*10 + int64(b) - int64('0')
+		}
+	}
+	if isNeg {
+		return -value, nil
+	}
+	return value, nil
+}
+
+type RedisProtocol struct {
+	is *RedisInputStream
+}
+
+func NewProtocol(is *RedisInputStream) *RedisProtocol {
+	return &RedisProtocol{
+		is: is,
+	}
+}
+
+func (p *RedisProtocol) Read() (packet *RedisPacket, err error) {
+	x, r, err := p.process()
+	if err != nil {
+		return
+	}
+	packet = &RedisPacket{}
+	packet.Type = r
+
+	switch x.(type) {
+	case []interface{}:
+		array := x.([]interface{})
+		switch array[0].(type) {
+		case []uint8:
+			packet.Command = RedisCommand(strings.ToUpper(string(array[0].([]uint8))))
+			if len(array) > 1 {
+				packet.Key = string(array[1].([]uint8))
+			}
+			if len(array) > 2 {
+				packet.Value = string(array[2].([]uint8))
+			}
+			if len(array) > 3 {
+				packet.Value = fmt.Sprintf("[%s", packet.Value)
+				for _, item := range array[3:] {
+					packet.Value = fmt.Sprintf("%s, %s", packet.Value, item.([]uint8))
+				}
+				packet.Value = strings.TrimSuffix(packet.Value, ", ")
+				packet.Value = fmt.Sprintf("%s]", packet.Value)
+			}
+		default:
+			msg := fmt.Sprintf("Unrecognized element in Redis array: %v\n", reflect.TypeOf(array[0]))
+			err = errors.New(msg)
+			return
+		}
+	case []uint8:
+		val := string(x.([]uint8))
+		if packet.Type == types[plusByte] {
+			packet.Keyword = RedisKeyword(strings.ToUpper(val))
+			if !isValidRedisKeyword(keywords, packet.Keyword) {
+				err = errors.New(fmt.Sprintf("Unrecognized keyword: %s", string(packet.Command)))
+				return
+			}
+		} else {
+			packet.Value = val
+		}
+	case string:
+		packet.Value = x.(string)
+	case int64:
+		packet.Value = fmt.Sprintf("%d", x.(int64))
+	default:
+		msg := fmt.Sprintf("Unrecognized Redis data type: %v\n", reflect.TypeOf(x))
+		err = errors.New(msg)
+		return
+	}
+
+	if packet.Command != "" {
+		if !isValidRedisCommand(commands, packet.Command) {
+			err = errors.New(fmt.Sprintf("Unrecognized command: %s", string(packet.Command)))
+			return
+		}
+	}
+
+	return
+}
+
+func (p *RedisProtocol) process() (v interface{}, r RedisType, err error) {
+	b, err := p.is.readByte()
+	if err != nil {
+		return nil, types[notApplicableByte], newConnectError(err.Error())
+	}
+	switch b {
+	case plusByte:
+		v, err = p.processSimpleString()
+		r = types[plusByte]
+		return
+	case dollarByte:
+		v, err = p.processBulkString()
+		r = types[dollarByte]
+		return
+	case asteriskByte:
+		v, err = p.processArray()
+		r = types[asteriskByte]
+		return
+	case colonByte:
+		v, err = p.processInteger()
+		r = types[colonByte]
+		return
+	case minusByte:
+		v, err = p.processError()
+		r = types[minusByte]
+		return
+	default:
+		return nil, types[notApplicableByte], newConnectError(fmt.Sprintf("Unknown reply: %b", b))
+	}
+}
+
+func (p *RedisProtocol) processSimpleString() ([]byte, error) {
+	return p.is.readLineBytes()
+}
+
+func (p *RedisProtocol) processBulkString() ([]byte, error) {
+	l, err := p.is.readIntCrLf()
+	if err != nil {
+		return nil, newConnectError(err.Error())
+	}
+	if l == -1 {
+		return nil, nil
+	}
+	line := make([]byte, 0)
+	for {
+		err := p.is.ensureFill()
+		if err != nil {
+			return nil, err
+		}
+		b := p.is.Buf[p.is.count]
+		p.is.count++
+		if b == '\r' {
+			err := p.is.ensureFill()
+			if err != nil {
+				return nil, err
+			}
+			c := p.is.Buf[p.is.count]
+			p.is.count++
+			if c != '\n' {
+				return nil, newConnectError("Unexpected character!")
+			}
+			break
+		} else {
+			line = append(line, b)
+		}
+	}
+	return line, nil
+}
+
+func (p *RedisProtocol) processArray() ([]interface{}, error) {
+	l, err := p.is.readIntCrLf()
+	if err != nil {
+		return nil, newConnectError(err.Error())
+	}
+	if l == -1 {
+		return nil, nil
+	}
+	ret := make([]interface{}, 0)
+	for i := 0; i < int(l); i++ {
+		if obj, _, err := p.process(); err != nil {
+			ret = append(ret, err)
+		} else {
+			ret = append(ret, obj)
+		}
+	}
+	return ret, nil
+}
+
+func (p *RedisProtocol) processInteger() (int64, error) {
+	return p.is.readIntCrLf()
+}
+
+func (p *RedisProtocol) processError() (interface{}, error) {
+	msg, err := p.is.readLine()
+	if err != nil {
+		return nil, newConnectError(err.Error())
+	}
+	if strings.HasPrefix(msg, movedPrefix) {
+		host, port, slot, err := p.parseTargetHostAndSlot(msg)
+		if err != nil {
+			return nil, err
+		}
+		return fmt.Sprintf("MovedDataError: %s host: %s port: %d slot: %d", msg, host, port, slot), nil
+	} else if strings.HasPrefix(msg, askPrefix) {
+		host, port, slot, err := p.parseTargetHostAndSlot(msg)
+		if err != nil {
+			return nil, err
+		}
+		return fmt.Sprintf("AskDataError: %s host: %s port: %d slot: %d", msg, host, port, slot), nil
+	} else if strings.HasPrefix(msg, clusterDownPrefix) {
+		return fmt.Sprintf("ClusterError: %s", msg), nil
+	} else if strings.HasPrefix(msg, busyPrefix) {
+		return fmt.Sprintf("BusyError: %s", msg), nil
+	} else if strings.HasPrefix(msg, noscriptPrefix) {
+		return fmt.Sprintf("NoScriptError: %s", msg), nil
+	}
+	return fmt.Sprintf("DataError: %s", msg), nil
+}
+
+func (p *RedisProtocol) parseTargetHostAndSlot(clusterRedirectResponse string) (host string, po int, slot int, err error) {
+	arr := strings.Split(clusterRedirectResponse, " ")
+	host, port := p.extractParts(arr[2])
+	slot, err = strconv.Atoi(arr[1])
+	po, err = strconv.Atoi(port)
+	return
+}
+
+func (p *RedisProtocol) extractParts(from string) (string, string) {
+	idx := strings.LastIndex(from, ":")
+	host := from
+	if idx != -1 {
+		host = from[0:idx]
+	}
+	port := ""
+	if idx != -1 {
+		port = from[idx+1:]
+	}
+	return host, port
+}

tap/extensions/redis/structs.go

@@ -0,0 +1,290 @@
+package main
+
+type RedisType string
+type RedisCommand string
+type RedisKeyword string
+
+var types map[rune]RedisType = map[rune]RedisType{
+	plusByte:          "Simple String",
+	dollarByte:        "Bulk String",
+	asteriskByte:      "Array",
+	colonByte:         "Integer",
+	minusByte:         "Error",
+	notApplicableByte: "N/A",
+}
+
+var commands []RedisCommand = []RedisCommand{
+	"PING",
+	"SET",
+	"GET",
+	"QUIT",
+	"EXISTS",
+	"DEL",
+	"UNLINK",
+	"TYPE",
+	"FLUSHDB",
+	"KEYS",
+	"RANDOMKEY",
+	"RENAME",
+	"RENAMENX",
+	"RENAMEX",
+	"DBSIZE",
+	"EXPIRE",
+	"EXPIREAT",
+	"TTL",
+	"SELECT",
+	"MOVE",
+	"FLUSHALL",
+	"GETSET",
+	"MGET",
+	"SETNX",
+	"SETEX",
+	"MSET",
+	"MSETNX",
+	"DECRBY",
+	"DECR",
+	"INCRBY",
+	"INCR",
+	"APPEND",
+	"SUBSTR",
+	"HSET",
+	"HGET",
+	"HSETNX",
+	"HMSET",
+	"HMGET",
+	"HINCRBY",
+	"HEXISTS",
+	"HDEL",
+	"HLEN",
+	"HKEYS",
+	"HVALS",
+	"HGETALL",
+	"RPUSH",
+	"LPUSH",
+	"LLEN",
+	"LRANGE",
+	"LTRIM",
+	"LINDEX",
+	"LSET",
+	"LREM",
+	"LPOP",
+	"RPOP",
+	"RPOPLPUSH",
+	"SADD",
+	"SMEMBERS",
+	"SREM",
+	"SPOP",
+	"SMOVE",
+	"SCARD",
+	"SISMEMBER",
+	"SINTER",
+	"SINTERSTORE",
+	"SUNION",
+	"SUNIONSTORE",
+	"SDIFF",
+	"SDIFFSTORE",
+	"SRANDMEMBER",
+	"ZADD",
+	"ZRANGE",
+	"ZREM",
+	"ZINCRBY",
+	"ZRANK",
+	"ZREVRANK",
+	"ZREVRANGE",
+	"ZCARD",
+	"ZSCORE",
+	"MULTI",
+	"DISCARD",
+	"EXEC",
+	"WATCH",
+	"UNWATCH",
+	"SORT",
+	"BLPOP",
+	"BRPOP",
+	"AUTH",
+	"SUBSCRIBE",
+	"PUBLISH",
+	"UNSUBSCRIBE",
+	"PSUBSCRIBE",
+	"PUNSUBSCRIBE",
+	"PUBSUB",
+	"ZCOUNT",
+	"ZRANGEBYSCORE",
+	"ZREVRANGEBYSCORE",
+	"ZREMRANGEBYRANK",
+	"ZREMRANGEBYSCORE",
+	"ZUNIONSTORE",
+	"ZINTERSTORE",
+	"ZLEXCOUNT",
+	"ZRANGEBYLEX",
+	"ZREVRANGEBYLEX",
+	"ZREMRANGEBYLEX",
+	"SAVE",
+	"BGSAVE",
+	"BGREWRITEAOF",
+	"LASTSAVE",
+	"SHUTDOWN",
+	"INFO",
+	"MONITOR",
+	"SLAVEOF",
+	"CONFIG",
+	"STRLEN",
+	"SYNC",
+	"LPUSHX",
+	"PERSIST",
+	"RPUSHX",
+	"ECHO",
+	"LINSERT",
+	"DEBUG",
+	"BRPOPLPUSH",
+	"SETBIT",
+	"GETBIT",
+	"BITPOS",
+	"SETRANGE",
+	"GETRANGE",
+	"EVAL",
+	"EVALSHA",
+	"SCRIPT",
+	"SLOWLOG",
+	"OBJECT",
+	"BITCOUNT",
+	"BITOP",
+	"SENTINEL",
+	"DUMP",
+	"RESTORE",
+	"PEXPIRE",
+	"PEXPIREAT",
+	"PTTL",
+	"INCRBYFLOAT",
+	"PSETEX",
+	"CLIENT",
+	"TIME",
+	"MIGRATE",
+	"HINCRBYFLOAT",
+	"SCAN",
+	"HSCAN",
+	"SSCAN",
+	"ZSCAN",
+	"WAIT",
+	"CLUSTER",
+	"ASKING",
+	"PFADD",
+	"PFCOUNT",
+	"PFMERGE",
+	"READONLY",
+	"GEOADD",
+	"GEODIST",
+	"GEOHASH",
+	"GEOPOS",
+	"GEORADIUS",
+	"GEORADIUS_RO",
+	"GEORADIUSBYMEMBER",
+	"GEORADIUSBYMEMBER_RO",
+	"MODULE",
+	"BITFIELD",
+	"HSTRLEN",
+	"TOUCH",
+	"SWAPDB",
+	"MEMORY",
+	"XADD",
+	"XLEN",
+	"XDEL",
+	"XTRIM",
+	"XRANGE",
+	"XREVRANGE",
+	"XREAD",
+	"XACK",
+	"XGROUP",
+	"XREADGROUP",
+	"XPENDING",
+	"XCLAIM",
+}
+
+var keywords []RedisKeyword = []RedisKeyword{
+	"AGGREGATE",
+	"ALPHA",
+	"ASC",
+	"BY",
+	"DESC",
+	"GET",
+	"LIMIT",
+	"MESSAGE",
+	"NO",
+	"NOSORT",
+	"PMESSAGE",
+	"PSUBSCRIBE",
+	"PUNSUBSCRIBE",
+	"OK",
+	"ONE",
+	"QUEUED",
+	"SET",
+	"STORE",
+	"SUBSCRIBE",
+	"UNSUBSCRIBE",
+	"WEIGHTS",
+	"WITHSCORES",
+	"RESETSTAT",
+	"REWRITE",
+	"RESET",
+	"FLUSH",
+	"EXISTS",
+	"LOAD",
+	"KILL",
+	"LEN",
+	"REFCOUNT",
+	"ENCODING",
+	"IDLETIME",
+	"GETNAME",
+	"SETNAME",
+	"LIST",
+	"MATCH",
+	"COUNT",
+	"PING",
+	"PONG",
+	"UNLOAD",
+	"REPLACE",
+	"KEYS",
+	"PAUSE",
+	"DOCTOR",
+	"BLOCK",
+	"NOACK",
+	"STREAMS",
+	"KEY",
+	"CREATE",
+	"MKSTREAM",
+	"SETID",
+	"DESTROY",
+	"DELCONSUMER",
+	"MAXLEN",
+	"GROUP",
+	"IDLE",
+	"TIME",
+	"RETRYCOUNT",
+	"FORCE",
+}
+
+type RedisPacket struct {
+	Type    RedisType    `json:"type"`
+	Command RedisCommand `json:"command"`
+	Key     string       `json:"key"`
+	Value   string       `json:"value"`
+	Keyword RedisKeyword `json:"keyword"`
+}
+
+func isValidRedisCommand(s []RedisCommand, c RedisCommand) bool {
+	for _, v := range s {
+		if v == c {
+			return true
+		}
+	}
+	return false
+}
+
+func isValidRedisKeyword(s []RedisKeyword, c RedisKeyword) bool {
+	for _, v := range s {
+		if v == c {
+			return true
+		}
+	}
+	return false
+}