Update pom.xml

.github/workflows/cve_checks.yml

@@ -67,6 +67,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Run CVE checks
+        continue-on-error: true
         uses: aquasecurity/[email protected]
         with:
           image-ref: "ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}"

.github/workflows/docker_publish.yml

@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        registry: [ 'docker.io', 'ghcr.io', 'ecr' ]
+        registry: [ 'docker.io', 'ghcr.io', 'public.ecr.aws' ]
 
     runs-on: ubuntu-latest
     steps:
@@ -31,7 +31,8 @@ jobs:
           name: image
           path: /tmp
 
-      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      # setup containerd to preserve provenance attestations:
+      # https://docs.docker.com/build/attestations/#creating-attestations
       - name: Setup docker with containerd
         uses: crazy-max/ghaction-setup-docker@v3
         with:
@@ -63,33 +64,33 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Configure AWS credentials
-        if: matrix.registry == 'ecr'
+        if: matrix.registry == 'public.ecr.aws'
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-east-1 # This region only for public ECR
           role-to-assume: ${{ secrets.AWS_ROLE }}
 
       - name: Login to public ECR
-        if: matrix.registry == 'ecr'
+        if: matrix.registry == 'public.ecr.aws'
         id: login-ecr-public
         uses: aws-actions/amazon-ecr-login@v2
         with:
           registry-type: public
 
-      - name: define env vars
+      - name: Define env vars for container registry URL
         run: |
-          if [ ${{matrix.registry }} == 'docker.io' ]; then
-            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
-            echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          elif [ ${{ matrix.registry }} == 'ghcr.io' ]; then
-            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
-            echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          elif [ ${{ matrix.registry }} == 'ecr' ]; then
+          if [ ${{ matrix.registry }} == 'public.ecr.aws' ]; then
+            # vars.ECR_REGISTRY value is expected to be of the `public.ecr.aws/<public_ecr_id>` form
+            # The `public_ecr_id` must be a *default* alias associated with public regsitry (rather
+            # than a custom alias)
             echo "REGISTRY=${{ vars.ECR_REGISTRY }}" >> $GITHUB_ENV
+            # Trim GH Org name so that resulting Public ECR URL has no duplicate org name
+            # Public ECR default alias: public.ecr.aws/<public_ecr_id>/kafka-ui
+            # Public ECR custom alias:  public.ecr.aws/kafbat/kafka-ui
+            echo "REPOSITORY=$(basename ${{ github.repository }})" >> $GITHUB_ENV
+          else # this covers the case of docker.io and ghcr.io
+            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
             echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          else
-            echo "REGISTRY=" >> $GITHUB_ENV
-            echo "REPOSITORY=notworking" >> $GITHUB_ENV
           fi
 
       - name: Push images to ${{ matrix.registry }}

.github/workflows/frontend_tests.yml

@@ -23,7 +23,7 @@ jobs:
 
       - uses: pnpm/[email protected]
         with:
-          version: 9.15.0
+          version: 9.15.4
 
       - name: Install node
         uses: actions/[email protected]

api/pom.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?> <!--test-->
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

api/src/main/java/io/kafbat/ui/model/rbac/Role.java

@@ -1,6 +1,7 @@
 package io.kafbat.ui.model.rbac;
 
-import com.google.common.base.Preconditions;
+import static com.google.common.base.Preconditions.checkArgument;
+
 import java.util.List;
 import lombok.Data;
 
@@ -13,9 +14,11 @@ public class Role {
   List<Permission> permissions;
 
   public void validate() {
-    Preconditions.checkArgument(!clusters.isEmpty(), "Role clusters cannot be empty");
+    checkArgument(!clusters.isEmpty(), "Role clusters cannot be empty");
+    checkArgument(!subjects.isEmpty(), "Role subjects cannot be empty");
     permissions.forEach(Permission::transform);
     permissions.forEach(Permission::validate);
+    subjects.forEach(Subject::validate);
   }
 
 }

api/src/main/java/io/kafbat/ui/model/rbac/Subject.java

@@ -1,5 +1,8 @@
 package io.kafbat.ui.model.rbac;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import io.kafbat.ui.model.rbac.provider.Provider;
 import lombok.Getter;
 
@@ -21,4 +24,12 @@ public void setType(String type) {
   public void setValue(String value) {
     this.value = value;
   }
+
+  public void validate() {
+    checkNotNull(type, "Subject type cannot be null");
+    checkNotNull(value, "Subject value cannot be null");
+
+    checkArgument(!type.isEmpty(), "Subject type cannot be empty");
+    checkArgument(!value.isEmpty(), "Subject value cannot be empty");
+  }
 }

api/src/main/java/io/kafbat/ui/util/DynamicConfigOperations.java

@@ -38,6 +38,7 @@
 import org.yaml.snakeyaml.nodes.Tag;
 import org.yaml.snakeyaml.representer.Representer;
 import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;
 
 @Slf4j
 @RequiredArgsConstructor
@@ -125,26 +126,30 @@ public Mono<Path> uploadConfigRelatedFile(FilePart file) {
     String targetDirStr = ctx.getEnvironment()
         .getProperty(CONFIG_RELATED_UPLOADS_DIR_PROPERTY, CONFIG_RELATED_UPLOADS_DIR_DEFAULT);
 
-    Path targetDir = Path.of(targetDirStr);
-    if (!Files.exists(targetDir)) {
-      try {
-        Files.createDirectories(targetDir);
-      } catch (IOException e) {
-        return Mono.error(
-            new FileUploadException("Error creating directory for uploads %s".formatted(targetDir), e));
+    Mono<Path> directoryCreationMono = Mono.fromCallable(() -> {
+      Path targetDir = Path.of(targetDirStr);
+      if (!Files.exists(targetDir)) {
+        try {
+          Files.createDirectories(targetDir);
+        } catch (IOException e) {
+          throw new FileUploadException("Error creating directory for uploads %s".formatted(targetDir), e);
+        }
+      }
+      return targetDir;
+    }).subscribeOn(Schedulers.boundedElastic());
+
+    return directoryCreationMono.flatMap(dir -> {
+      Path targetFilePath = dir.resolve(file.filename() + "-" + Instant.now().getEpochSecond());
+      log.info("Uploading config-related file {}", targetFilePath);
+      if (Files.exists(targetFilePath)) {
+        log.info("File {} already exists, it will be overwritten", targetFilePath);
       }
-    }
-
-    Path targetFilePath = targetDir.resolve(file.filename() + "-" + Instant.now().getEpochSecond());
-    log.info("Uploading config-related file {}", targetFilePath);
-    if (Files.exists(targetFilePath)) {
-      log.info("File {} already exists, it will be overwritten", targetFilePath);
-    }
 
-    return file.transferTo(targetFilePath)
-        .thenReturn(targetFilePath)
-        .doOnError(th -> log.error("Error uploading file {}", targetFilePath, th))
-        .onErrorMap(th -> new FileUploadException(targetFilePath, th));
+      return file.transferTo(targetFilePath)
+          .thenReturn(targetFilePath)
+          .doOnError(th -> log.error("Error uploading file {}", targetFilePath, th))
+          .onErrorMap(th -> new FileUploadException(targetFilePath, th));
+    });
   }
 
   private void checkIfDynamicConfigEnabled() {
@@ -163,8 +168,8 @@ private void writeYamlToFile(String yaml, Path path) {
     if (!Files.exists(path.getParent())) {
       Files.createDirectories(path.getParent());
     }
-    if (Files.exists(path) && !Files.isWritable(path)) {
-      throw new ValidationException("File already exists and is not writable");
+    if (Files.exists(path) && (!Files.isReadable(path) || !Files.isWritable(path))) {
+      throw new ValidationException("File already exists and is not readable or writable");
     }
     try {
       Files.writeString(

contract/src/main/resources/swagger/kafka-sr-api.yaml

@@ -165,7 +165,7 @@ paths:
                             schema:
                                 $ref: '#/components/schemas/SubjectId'
 
-    /config/:
+    /config:
         get:
             tags:
                 - KafkaSrClient

e2e-tests/src/test/java/io/kafbat/ui/smokesuite/brokers/BrokersTest.java

@@ -139,7 +139,7 @@ public void brokersSourceInfoCheck() {
     Assert.assertEquals(sourceInfoTooltip, Common.BROKER_SOURCE_INFO_TOOLTIP, "getSourceInfoTooltipText()");
   }
 
-  @Test
+  @Test(enabled = false) // flaky, TODO issues/322
   public void brokersConfigEditCheck() {
     navigateToBrokersAndOpenDetails(DEFAULT_BROKER_ID);
     brokersDetails

pom.xml

@@ -34,7 +34,7 @@
         <apache.commons.version>2.12.0</apache.commons.version>
         <assertj.version>3.25.3</assertj.version>
         <avro.version>1.11.4</avro.version>
-        <byte-buddy.version>1.14.19</byte-buddy.version>
+        <byte-buddy.version>1.15.11</byte-buddy.version>
         <confluent.version>7.8.0</confluent.version>
         <datasketches-java.version>3.1.0</datasketches-java.version>
         <groovy.version>3.0.13</groovy.version>
@@ -59,7 +59,7 @@
 
         <!-- Frontend dependency versions -->
         <node.version>v22.12.0</node.version>
-        <pnpm.version>v9.15.0</pnpm.version>
+        <pnpm.version>v9.15.4</pnpm.version>
 
         <!-- Plugin versions -->
         <fabric8-maven-plugin.version>0.45.1</fabric8-maven-plugin.version>