Merge branch 'main' into fix/conf_dirs

Author: Haarolean

.github/ISSUE_TEMPLATE/bug.yml

@@ -23,7 +23,7 @@ body:
           required: true
         - label: I've tried running `main`-labeled docker image and the issue still persists there
           required: true
-        - label: I'm running a supported version of the application which is listed [here](https://github.com/kafbat/kafka-ui/blob/main/SECURITY.md)
+        - label: I'm running a supported version of the application which is listed [here](https://github.com/kafbat/kafka-ui/blob/main/.github/SECURITY.md)
           required: true
 
   - type: textarea

.github/ISSUE_TEMPLATE/feature.yml

@@ -19,7 +19,7 @@ body:
       options:
         - label: I've searched for an already existing issues [here](https://github.com/kafbat/kafka-ui/issues)
           required: true
-        - label: I'm running a supported version of the application which is listed [here](https://github.com/kafbat/kafka-ui/blob/main/SECURITY.md) and the feature is not present there
+        - label: I'm running a supported version of the application which is listed [here](https://github.com/kafbat/kafka-ui/blob/main/.github/SECURITY.md) and the feature is not present there
           required: true
 
   - type: textarea

.github/workflows/branch-deploy.yml

@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: read
+  statuses: write
 
 jobs:
   build:

.github/workflows/e2e-manual.yml

@@ -0,0 +1,26 @@
+name: "E2E: Suite run"
+on:
+  workflow_dispatch:
+    inputs:
+      test_suite:
+        description: 'Select test suite to run'
+        default: 'regression'
+        required: true
+        type: choice
+        options:
+          - regression
+          - sanity
+          - smoke
+
+permissions:
+  contents: read
+  checks: write
+  statuses: write
+
+jobs:
+  build-and-test:
+    uses: ./.github/workflows/e2e-run.yml
+    secrets: inherit
+    with:
+      suite_name: ${{ github.event.inputs.test_suite }}
+      sha: ${{ github.sha }}

.github/workflows/e2e-pr.yml

@@ -0,0 +1,24 @@
+name: "E2E: PR smoke tests"
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+    paths:
+      - "pom.xml"
+      - "contract/**"
+      - "api/**"
+      - "serde-api/**"
+      - "frontend/**"
+      - "e2e-tests/**"
+
+permissions:
+  contents: read
+  checks: write
+  statuses: write
+
+jobs:
+  build-and-test:
+    uses: ./.github/workflows/e2e-run.yml
+    secrets: inherit
+    with:
+      suite_name: "smoke"
+      sha: ${{ github.event.pull_request.head.sha }}

.github/workflows/e2e-run.yml

@@ -0,0 +1,164 @@
+name: "E2E: Run tests"
+
+on:
+  workflow_call:
+    inputs:
+      suite_name:
+        description: 'Test suite name to run'
+        default: 'regression'
+        required: true
+        type: string
+      sha:
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  checks: write
+  statuses: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ github.token }}
+          ref: ${{ inputs.sha }}
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'zulu'
+          cache: 'maven'
+
+      - name: Build with Maven
+        id: build_app
+        run: |
+          ./mvnw -B -ntp versions:set -DnewVersion=${{ inputs.sha }}
+          ./mvnw -B -V -ntp clean install -Pprod -Dmaven.test.skip=true
+
+      - name: Upload maven artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts
+          path: ~/.m2/repository/io/kafbat/ui/**/*
+          retention-days: 7
+
+      - name: Dump docker image
+        run: |
+          docker image save ghcr.io/kafbat/kafka-ui:latest > /tmp/image.tar
+
+      - name: Upload docker image
+        uses: actions/upload-artifact@v4
+        with:
+          name: image
+          path: /tmp/image.tar
+          retention-days: 7
+
+  tests:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ github.token }}
+          ref: ${{ inputs.sha }}
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'zulu'
+          cache: 'maven'
+
+      - name: Download maven artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: artifacts
+          path: ~/.m2/repository/io/kafbat/ui
+
+      - name: Download docker image
+        uses: actions/download-artifact@v4
+        with:
+          name: image
+          path: /tmp
+
+      - name: Load Docker image
+        run: |
+          docker load --input /tmp/image.tar
+
+      - name: Cache Docker images.
+        uses: ScribeMD/docker-cache@0.5.0
+        with:
+          key: docker-${{ runner.os }}-${{ hashFiles('./e2e-tests/selenoid/selenoid-ci.yaml', './documentation/compose/e2e-tests.yaml') }}
+
+      - name: Compose up
+        id: compose_app
+        # use the following command until #819 will be fixed # TODO recheck 819
+        run: |
+          mkdir -p ./e2e-tests/target/selenoid-results/video
+          mkdir -p ./e2e-tests/target/selenoid-results/logs
+          docker-compose -f ./e2e-tests/selenoid/selenoid-ci.yaml up -d
+          docker-compose -f ./documentation/compose/e2e-tests.yaml up -d
+
+      - name: Dump Docker logs on failure
+        if: failure()
+        uses: jwalton/gh-docker-logs@v2.2.2
+
+      - name: Run test suite
+        run: |
+          ./mvnw -B -ntp versions:set -DnewVersion=${{ inputs.sha }}
+          ./mvnw -B -V -ntp -Dsurefire.suiteXmlFiles='src/test/resources/${{ inputs.suite_name }}.xml' -f 'e2e-tests' test -Pprod
+
+      - name: Upload allure reports artifact
+        if: '!cancelled()'
+        uses: actions/upload-artifact@v4
+        with:
+          name: reports
+          path: ./e2e-tests/target/allure-results
+          retention-days: 7
+
+  reports:
+    runs-on: ubuntu-latest
+    needs: tests
+    if: ${{ !cancelled() && github.repository == 'kafbat/kafka-ui' }}
+    steps:
+      - name: Download allure reports artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: reports
+          path: ./e2e-tests/target/allure-results
+
+      - name: Generate Allure report
+        uses: simple-elf/allure-report-action@v1.9
+        id: allure-report
+        with:
+          allure_results: ./e2e-tests/target/allure-results
+          gh_pages: allure-results
+          allure_report: allure-report
+          subfolder: allure-results
+          report_url: "https://reports.kafbat.dev"
+
+      - name: Upload allure report to R2
+        uses: ryand56/r2-upload-action@latest
+        with:
+          source-dir: allure-history/allure-results
+          destination-dir: .
+          r2-bucket: "reports"
+          r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
+          r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }}
+          r2-secret-access-key: ${{ secrets.R2_ACCESS_SECRET_KEY }}
+
+      - name: Add allure link status check
+        uses: Sibz/github-status-action@v1.1.6
+        with:
+          authToken: ${{secrets.GITHUB_TOKEN}}
+          context: "Click Details button to view Allure report"
+          state: "success"
+          sha: ${{ inputs.sha }}
+          target_url: https://reports.kafbat.dev/${{ github.run_number }}

.github/workflows/e2e-weekly.yml

@@ -0,0 +1,17 @@
+name: "E2E: Weekly suite"
+on:
+  schedule:
+    - cron: '0 1 * * 1'
+
+permissions:
+  contents: read
+  checks: write
+  statuses: write
+
+jobs:
+  build-and-test:
+    uses: ./.github/workflows/e2e-run.yml
+    secrets: inherit
+    with:
+      suite_name: "sanity"
+      sha: ${{ github.sha }}

.github/workflows/welcome-first-time-contributors.yml

@@ -18,15 +18,22 @@ jobs:
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           issue-message: |
-            Hello there ${{ github.actor }}! 👋
+            Hi ${{ github.actor }}! 👋
 
-            Thank you and congratulations 🎉 for opening your very first issue in this project! 💖
+            Welcome, and thank you for opening your first issue in the repo!
 
-            In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀
+            Please wait for triaging by our maintainers.
+
+            As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues.
+            [Sponsorship link](https://github.com/kafbat)
+
+            If you plan to raise a PR for this issue, please take a look at our [contributing guide](https://ui.docs.kafbat.io/development/contributing).
 
           pr-message: |
-            Hello there ${{ github.actor }}! 👋
+            Hi ${{ github.actor }}! 👋
+
+            Welcome, and thank you for opening your first PR in the repo!
 
-            Thank you and congrats 🎉 for opening your first PR on this project! ✨ 💖
+            Please wait for triaging by our maintainers.
 
-            We will try to review it soon!
+            Please take a look at our [contributing guide](https://ui.docs.kafbat.io/development/contributing).

api/src/main/java/io/kafbat/ui/KafkaUiApplication.java

@@ -8,7 +8,7 @@
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
-@SpringBootApplication(exclude = LdapAutoConfiguration.class)
+@SpringBootApplication
 @EnableScheduling
 @EnableAsync
 public class KafkaUiApplication {

api/src/main/java/io/kafbat/ui/config/ReadOnlyModeFilter.java

@@ -5,6 +5,7 @@
 import io.kafbat.ui.service.ClustersStorage;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
+import java.util.Set;
 import java.util.regex.Pattern;
 import lombok.RequiredArgsConstructor;
 import org.jetbrains.annotations.NotNull;
@@ -23,6 +24,10 @@ public class ReadOnlyModeFilter implements WebFilter {
   private static final Pattern CLUSTER_NAME_REGEX =
       Pattern.compile("/api/clusters/(?<clusterName>[^/]++)");
 
+  private static final Set<Pattern> SAFE_ENDPOINTS = Set.of(
+      Pattern.compile("/api/clusters/[^/]+/topics/[^/]+/(smartfilters)$")
+  );
+
   private final ClustersStorage clustersStorage;
 
   @NotNull
@@ -35,10 +40,12 @@ public Mono<Void> filter(ServerWebExchange exchange, @NotNull WebFilterChain cha
 
     var path = exchange.getRequest().getPath().pathWithinApplication().value();
     var decodedPath = URLDecoder.decode(path, StandardCharsets.UTF_8);
+
     var matcher = CLUSTER_NAME_REGEX.matcher(decodedPath);
     if (!matcher.find()) {
       return chain.filter(exchange);
     }
+
     var clusterName = matcher.group("clusterName");
     var kafkaCluster = clustersStorage.getClusterByName(clusterName)
         .orElseThrow(
@@ -49,6 +56,15 @@ public Mono<Void> filter(ServerWebExchange exchange, @NotNull WebFilterChain cha
       return chain.filter(exchange);
     }
 
+    var isSafeEndpoint = SAFE_ENDPOINTS
+        .stream()
+        .parallel()
+        .anyMatch(endpoint -> endpoint.matcher(decodedPath).matches());
+
+    if (isSafeEndpoint) {
+      return chain.filter(exchange);
+    }
+
     return Mono.error(ReadOnlyModeException::new);
   }
 }

api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java

@@ -20,7 +20,7 @@ public class LdapProperties {
 
   @Value("${oauth2.ldap.activeDirectory:false}")
   private boolean isActiveDirectory;
-  @Value("${oauth2.ldap.aсtiveDirectory.domain:@null}")
+  @Value("${oauth2.ldap.activeDirectory.domain:@null}")
   private String activeDirectoryDomain;
 
 }