[pull] master from lumigo-io:master

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.0.39
+current_version = 1.0.49
 commit = True
 tag = True
 
@@ -11,4 +11,6 @@ tag = True
 
 [bumpversion:file:src/main/java/io/lumigo/core/configuration/Configuration.java]
 
+[bumpversion:file:scripts/prepare_layer_files.sh]
+
 [bumpversion:file:src/main/resources/lumigo-version.txt]

.circleci/config.yml

@@ -33,55 +33,47 @@ workflows:
 
     - lumigo-orb/be-deploy:
         context: common
+        save_project_folder: false
         requires:
           - lumigo-orb/is_environment_available
 
-    - lumigo-orb/integration-test-prep:
-        context:
-          - common
-          - java
-        deploy_spec: java
-        install_maven_dependencies: true
-        run_test_cleanup: false
+    - lumigo-orb/prep-it-resources:
+        context: common
         requires:
-          - lumigo-orb/be-deploy
+          - lumigo-orb/is_environment_available
 
-    - lumigo-orb/integration-test-cleanup:
-        name: pre-test-cleanup
+    - lumigo-orb/prep-k8s-and-operator:
         context: common
         requires:
-          - lumigo-orb/integration-test-prep
+          - lumigo-orb/is_environment_available
 
-    - lumigo-orb/integration-test-limited-flows:
+    - lumigo-orb/integration-test-parallel:
         context: common
-        deploy_spec: java
         run_test_cleanup: false
         requires:
-          - pre-test-cleanup
+          - lumigo-orb/be-deploy
+          - lumigo-orb/prep-it-resources
+          - lumigo-orb/prep-k8s-and-operator
 
-    - lumigo-orb/integration-test-parallel:
+    - lumigo-orb/e2e-test:
         context: common
-        deploy_spec: java
-        run_test_cleanup: false
         requires:
-          - lumigo-orb/integration-test-limited-flows
+          - lumigo-orb/be-deploy
+          - lumigo-orb/prep-it-resources
+          - lumigo-orb/prep-k8s-and-operator
 
     - lumigo-orb/integration-test-cleanup:
         name: post-test-cleanup
         context: common
         requires:
           - lumigo-orb/integration-test-parallel
-
-    - lumigo-orb/e2e-test:
-        context: common
-        requires:
-          - lumigo-orb/integration-test-limited-flows
+          - lumigo-orb/e2e-test
 
     - lumigo-orb/workflow-completed-successfully:
         context: common
         requires:
-          - test
           - lumigo-orb/integration-test-parallel
+          - test
           - lumigo-orb/e2e-test
 
     - deploy:
@@ -108,4 +100,5 @@ jobs:
       - lumigo-orb/checkout_code
       - run: mvn clean install
       - run: ../utils/common_bash/defaults/code_cov.sh
+      - run: cd .. && git clone git@github.com:lumigo-io/larn.git
       - run: ./scripts/bd_to_prod.sh

.github/workflows/send-pr-details-on-close.yml

@@ -0,0 +1,45 @@
+name: Send PR close event to the environment manager
+
+on:
+    pull_request:
+        types: [closed]
+
+jobs:
+    send-pr-close-event-to-env-manager:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Send PR Close Event To Env Manager
+              run: |
+                full_repository_name="${{github.repository}}"
+                # the repository name is everything after the slash "lumigo-io/" in the full repository name
+                repository_name="${full_repository_name#lumigo-io/}"
+
+                source_branch_name="${{github.head_ref}}"
+
+                is_merged="${{github.event.pull_request.merged}}"
+                if [ "$is_merged" = "true" ]; then
+                    event="PR_MERGED"
+                else
+                    event="PR_CLOSED"
+                fi
+
+                request_type="POST"
+                route="v1/github_actions_trigger"
+
+                body="{"
+                body+="  \"event\": \"${event}\""
+                body+="  , \"repository_name\": \"${repository_name}\""
+                body+="  , \"source_branch_name\": \"${source_branch_name}\""
+                body+="}"
+
+                params=(\
+                    -s \
+                    --header "x-api-key: ${{secrets.ENV_MANAGER_API_KEY}}" \
+                    --header "Content-Type: application/json" \
+                    --compressed \
+                    --request "$request_type" \
+                    --data "$body")
+
+                # ENV_MANAGER_API_ROOT="https://XXXX.execute-api.us-west-2.amazonaws.com/prod/env-manager/v1"
+                params+=("${{secrets.ENV_MANAGER_API_ROOT}}/${route}")
+                curl "${params[@]}" | tr -d '\r'

.gitignore

@@ -221,3 +221,4 @@ _meta
 .serverless
 package-lock.json
 src/main/resources/lumigo-agent.jar
+.vscode/

README.md

@@ -1,16 +1,16 @@
 # Java Tracer
 
 [![CircleCI](https://dl.circleci.com/status-badge/img/gh/lumigo-io/java-tracer/tree/master.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/lumigo-io/java-tracer/tree/master)
-![Version](https://img.shields.io/badge/version-1.0.39-green.svg)
+![Version](https://img.shields.io/badge/version-1.0.49-green.svg)
 [![codecov](https://codecov.io/gh/lumigo-io/java-tracer/branch/master/graph/badge.svg?token=D3IZ5hQwaQ)](https://codecov.io/gh/lumigo-io/java-tracer)
 
-Supported Runtimes: Java 8, Java 11
+Supported Runtimes: Java 8, Java 11, Java 17, Java 21
 
 ## Building With Lumigo
+Include lumigo java tracer dependency
 
 ### Maven
-
-Include lumigo java tracer dependency, for [Maven](https://maven.apache.org) projects, use:
+For [Maven](https://maven.apache.org) projects, use:
 
 ```xml
 <repositories>
@@ -25,16 +25,34 @@ Include lumigo java tracer dependency, for [Maven](https://maven.apache.org) pro
 <dependency>
   <groupId>io.lumigo</groupId>
   <artifactId>java-tracer</artifactId>
-  <version>1.0.39</version>
+  <version>1.0.49</version>
 </dependency>
 
 <dependency>
   <groupId>io.lumigo</groupId>
   <artifactId>lumigo-agent</artifactId>
-  <version>1.0.39</version>
+  <version>1.0.49</version>
 </dependency>
 ```
 
+### Gradle
+For [Gradle](https://gradle.org) projects, use:
+
+```groovy
+repositories {
+    maven {
+        url 'https://raw.githubusercontent.com/lumigo-io/java-tracer/master/local-repository/'
+    }
+}
+```
+
+```groovy
+dependencies {
+    implementation 'io.lumigo:java-tracer:1.0.49'
+    implementation 'io.lumigo:lumigo-agent:1.0.49'
+}
+```
+
 Find the latest version here (the format of the version will be n.n.n):
 
 ## Wrapping your Lambda
@@ -70,6 +88,13 @@ Find the latest version here (the format of the version will be n.n.n):
             }
         }
     ```
+
+## Lambda Auto tracing with lambda layer
+
+* Add to your lambda a new layer with the arn from here
+* Add environment variable `JAVA_TOOL_OPTIONS` and set it to `-javaagent:/opt/lumigo-java/lumigo-agent.jar` (This is instead of the flag for more than java11 support)
+* Add the `LUMIGO_TRACER_TOKEN` env var.
+
 
 ### Configuration
 
@@ -99,7 +124,75 @@ class MyFunction implements RequestHandler<String, String> {
     }
 ```
 
-### Java 11 Support
+### Support Java 11 and Above
 
 Add the environment variable `JAVA_TOOL_OPTIONS` to your Lambda functions and set it to
-`-Djdk.attach.allowAttachSelf=true` in addition to the manual code mentioned above.
+`-Djdk.attach.allowAttachSelf=true` in addition to the manual code mentioned above (This is not needed for the auto trace with lambda layer).
+
+### Supported Instrumentation Libraries
+
+- Aws SDK V1
+- Aws SDK V2
+- Apache HTTP Client
+- Apache Kafka
+
+### Secret scrubbing
+
+The tracer will automatically scrub values for keys in payload objects such as HTTP request / response body,  Lambda events, return value etc. that match (case-sensitively) the following regex patterns at any depth:
+- `.*pass.*`
+- `.*key.*`
+- `.*secret.*`
+- `.*credential.*`
+- `.*passphrase.*`
+- `SessionToken`
+- `x-amz-security-token`
+- `Signature`
+- `Authorization`
+
+This behavior can be overridden by setting the `LUMIGO_SECRET_MASKING_REGEX` environment variable to a JSON array of regex patterns to match, e.g.: `[".+top.secret.+", ".+pazzword.+"]`.
+
+#### Notes
+1. providing a bad regex pattern (e.g., invalid JSON string) will result in an error and fallback to the default patterns.
+2. Only values that are strings are redacted - objects, numbers etc. will stay intact even though their keys match the patterns.
+
+#### Escaping special characters
+When the patterns contain special characters such as double quotes (`"`) or backslashes (`\`), those should be escaped with a backslash (`\`).
+
+For example, the pattern for keys with whitespaces and quotes like `"key\s+spaced"` becomes `\"key\\\\s+spaced\"`. That's because each double quotes turns into `\"`, and the `\s+` expression requires the backslash character to be escaped both in the string context (`\s+` => `\\s+`) and again in a JSON string context (`\\s+` => `\\\\s+`). When placed into the env-var as an array-item, this becomes:
+```
+["\\"key\\\\s+spaced\\""]
+```
+
+#### Examples
+
+`LUMIGO_SECRET_MASKING_REGEX` set to `[".*top\\\\s+secret.*", ".*password.*"]` for a payload object like:
+```json
+{
+    "top    secret": {
+        "password": "123456"
+    },
+    "top secret object": {
+        "this will not be scrubbed since the parent is an object": "123456"
+    },
+    "password": "123456",
+    "top secret:": "123456",
+    "not so secret": "value",
+    "ToP sEcReT": "is case sensitive"
+}
+```
+will result in the following payload shown in the Lumigo platform:
+```json
+{
+    "top    secret": {
+        "password": "****"
+    },
+    "top secret object": {
+        "this will not be scrubbed since the parent is an object": "123456"
+    },
+    "password": "****",
+    "top secret:": "****",
+    "not so secret": "value",
+    "ToP sEcReT": "is case sensitive"
+}
+```
+

agent/pom.xml

@@ -12,7 +12,7 @@
     </properties>
     <groupId>io.lumigo</groupId>
     <artifactId>lumigo-agent</artifactId>
-    <version>1.0.39</version>
+    <version>1.0.49</version>
 
     <name>Lumigo java tracer agent</name>
     <description>The Lumigo java tracer for serverless functions</description>
@@ -22,7 +22,7 @@
         <url>https://github.com/lumigo-io/java-tracer</url>
         <connection>scm:git:https://github.com:lumigo-io/java-tracer.git</connection>
         <developerConnection>scm:git:https://github.com:lumigo-io/java-tracer.git</developerConnection>
-        <tag>1.0.39</tag>
+        <tag>1.0.49</tag>
     </scm>
 
     <developers>
@@ -32,12 +32,6 @@
             <organization>Lumigo</organization>
             <organizationUrl>https://lumigo.io/</organizationUrl>
         </developer>
-        <developer>
-            <name>Uri Parush</name>
-            <email>uri@lumigo.io</email>
-            <organization>Lumigo</organization>
-            <organizationUrl>https://lumigo.io</organizationUrl>
-        </developer>
     </developers>
 
     <organization>
@@ -104,9 +98,12 @@
                     <archive>
                         <manifestEntries>
                             <Agent-Class>io.lumigo.agent.Agent</Agent-Class>
-                            <Can-Redefine-Classes>false</Can-Redefine-Classes>
+                            <Main-Class>io.lumigo.agent.Agent</Main-Class>
+                            <Premain-Class>io.lumigo.agent.Agent</Premain-Class>
+                            <Can-Redefine-Classes>true</Can-Redefine-Classes>
                             <Can-Retransform-Classes>true</Can-Retransform-Classes>
                             <Can-Set-Native-Method-Prefix>false</Can-Set-Native-Method-Prefix>
+                            <Implementation-Vendor>Lumigo</Implementation-Vendor>
                         </manifestEntries>
                     </archive>
                 </configuration>