Merge branch 'IKC-410-data-masking-policy-form' into IKC-412-apply-data-masking-policies

Author: Piotr Belke

docs/.github/img/kouncil_cluster_form.png

@@ -15,56 +15,56 @@ com.consdata.kouncil.KouncilRuntimeException: java.util.concurrent.ExecutionExce
 ```
 follow one of the below fixes.
 
-If you run Kafka in terminal (not using docker) you can:
+If you run Kafka in terminal (not using Docker) you can:
 
-   1. use your host IP address. In that case you would have to modify IP address of listeners and advertised.listeners in server.properties. Kouncil docker run command would look like this (replace <host_ip_address> to yours IP address):
+   1. Use your host IP address - in this case you need to modify the IP address of listeners and advertised.listeners in server.properties. Kouncil Docker run command would look like this (replace <host_ip_address> with yours IP address):
       ```bash
       docker run -p 80:8080 -e bootstrapServers="<host_ip_address>:9092" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
       ```
 
       Kouncil will be available via: http://localhost/login
 
-   2. use IP address of the docker bridge network. To find that IP address you have to run docker network inspect bridge in terminal and under Config use value assigned to Gateway. Also you have to modify IP address of listeners and advertised.listeners in server.properties to the found IP address of the gateway. If you run Kouncil in Windows or Mac you should be able to use host.docker.internal as IP address of bootstrapServer.
+   2. Use the IP address of the Docker bridge network - to find that IP address, run Docker network, inspect the bridge in the terminal,  and under Config, use the value assigned to Gateway. You also need to modify the IP addresses of listeners and advertised.listeners in server.properties to the IP address of the gateway. If you run Kouncil on Windows or Mac, you should be able to use host.docker.internal as the IP address of bootstrapServer. 
       ```bash
       docker run -p 80:8080 -e bootstrapServers="host.docker.internal:9092" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
       ```
-      But if you are using Linux you will have to use --add-host:
+      If you are using Linux, you will have to use --add-host:
       ```bash 
       docker run -p 80:8080 -e bootstrapServers="host.docker.internal:9092" --add-host=host.docker.internal:host-gateway -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
       ```
       Kouncil will be available via: http://localhost/login
 
-   3. add --network host to Kouncil docker command. It will look like this (as you can see I also removed publish flag as this is discarded by docker when using host network mode):
+   3. Add --network host to Kouncil Docker command. It will look like this (as you can see, I removed the publish flag as it is discarded by Docker when using host network mode):
       ```bash
       docker run -e bootstrapServers="localhost:9092" --network host -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
       ```
       Kouncil will be available via: http://localhost:8080/login
 
 
-If you run Kafka using docker container you have to put both containers in the same network, so they can reach out to each other. Firstly create new network using 
+If you run Kafka using a Docker container, you have to put both containers in the same network, so they can communicate with each other. First, create a new network using
 ```bash 
 docker network create --driver bridge <network_name>
 ```
-Then use this network name in run command/docker compose files, for example Kouncil docker run command will look like this:
+Then use this network name in run command/Docker compose files, for example, Kouncil Docker run command will look like this:
 ```bash
 docker run -p 80:8080 -e bootstrapServers="<container_name>:9092" --network="<network_name>" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
 ```
-Also, you should use Kafka docker container name as IP address (see <container_name>)
+Also, you should use Kafka Docker container name as an IP address (see <container_name>)
 
 ## I logged in and I see only brokers and consumer groups.
 
 You logged in as an administrator user, `admin`. In this case we have few possible solutions:
 
-   1. Log in as a user with editor role (in default configuration it will be the `editor` user)
-   2. Pass environment variable, `-e`, `kouncil.authorization.role-editor` in `docker run` command, which will include the group name for the `admin` user. This value will be used instead of the value from default configuration. Docker run command will look like this:
+   1. Log in as a user with the editor’s role (in default configuration, it will be the `editor` user)
+   2. Pass the environment variable, `-e`, `kouncil.authorization.role-editor` in the `docker run` command, with the value of the group name for the admin user. This value will be used instead of the value from default configuration. The Docker run command will look like this:
       ```bash
       docker run -p 80:8080 -e kouncil.authorization.role-editor="editor_group;admin_group" consdata/kouncil:latest
       ```
 
-   3. In docker run command mount volume which will have a custom configuration file. Docker run command will look like this:
+   3. In the Docker run command, mount a volume with a custom configuration file. The command will look like this:
       ```bash
       docker run -p 80:8080 -v <path to kouncil.yaml config file>:/config/ consdata/kouncil:latest
       ```
 
 ## I don't see any resolution to my issue
-Please [reach out to us](mailto:kouncil@consdata.com)
+Please [reach out to us](https://kouncil.io/contact-us/)

docs/.github/img/kouncil_cluster_form_cluster_security.png

@@ -1,10 +1,15 @@
 # Features
 
-Here are some of the main features of Kouncil. This list is not exhaustive, check out our [demo app](https://kouncil-demo.web.app/) or [quickly install Kouncil](README.md#quick-start) to experience them first-hand.
+Here are some of the most important features of Kouncil. This list is not exhaustive. Check out
+our [demo app](https://kouncil-demo.web.app/) or [quickly install Kouncil](README.md#quick-start) to
+experience all features first-hand.
 
 ## Advanced record browsing in table format
 
-Thanks to Kouncil's convenient way of presenting records in table format even large amounts of complex messages can be easily browsed. You can choose between browsing a single partition or a topic as a whole. If you wish to examine any of the messages more closely you can view its source, copy it to clipboard, or even post it again.
+Thanks to Kouncil's convenient way of presenting records in a table format, even large amounts of
+complex messages can be easily browsed. You can choose between browsing a single partition or a
+topic as a whole. If you wish to examine any of the messages more closely, you can view its source,
+copy it to a clipboard, or even post it again.
 
 <p align="left">
   <img src=".github/img/kouncil_topic_details_border.png" width="400">
@@ -16,27 +21,34 @@ Thanks to Kouncil's convenient way of presenting records in table format even la
 
 ## Multiple cluster support
 
-If your config spans across multiple Kafka clusters it's no problem for Kouncil. You can switch between them at any time, without having to restart or reconfigure anything.
+If your config spans across multiple Kafka clusters, it's not a problem for Kouncil. You can switch
+between clusters at any time, without having to restart or reconfigure anything.
 
 ## Consumer monitoring
 
-Monitoring your consumer groups is one of the most important things when dealing with Kafka. Are my consumers even connected to Kafka? Do they process events? If so, how fast? How long until they finish their workload? Kouncil can help you answer all those questions.
+Monitoring your consumer groups is one of the most important things when dealing with Kafka. Are my
+consumers even connected to Kafka? Do they process events? If so, how fast? How long until they
+finish their work? Kouncil can help you answer all those questions.
 
 <p align="left">
   <img src=".github/img/kouncil_consumer_group.png" width="820">
 </p>
 
-
 ## Cluster monitoring
 
-Monitoring your cluster's health can be as important as monitoring your consumer groups. Kouncil shows not only which brokers are currently connected to the cluster, but also their current resource consumption (using Kouncil's [advanced config](installation/DEPLOYMENT.md#docker---advanced-configuration))
+Monitoring your cluster's health can be as important as monitoring your consumer groups.
+Kouncil shows the brokers that are currently connected to the cluster and their current resource
+consumption (using
+Kouncil's [advanced config](installation/DEPLOYMENT.md#docker---advanced-configuration))
 
 <p align="left">
   <img src=".github/img/kouncil_brokers.png" width="820">
 </p>
 
-## Event Tracking
-Event Tracking enables monitoring and visualizing the path of a given event or process by means of Kafka topics.
+## Event tracking
+
+Event tracking enables monitoring and visualizing the path of a given event or process across the
+Kafka topics.
 
 <p align="left">
   <img src=".github/img/kouncil_event_tracking.png" width="820">

docs/.github/img/kouncil_cluster_form_schema_registry.png

@@ -1,8 +1,14 @@
 # Kouncil for Apache Kafka
 
-Kouncil lets you monitor and manage your Apache Kafka clusters using a modern web interface. It's free & open source kafka web UI, [feature-rich](FEATURES.md#features) and [easy to set up](#quick-start)! This simple kafka tool makes your DATA detectible, helps to troubleshoot problems and deliver optimal solutions. Yoy can easily monitor brokers and their condition, consumer groups and their pace along with the current lag or simply view the content of topics in real time.
+Kouncil lets you monitor and manage your Apache Kafka clusters using a modern web interface.It's
+an [easy-to-set-up](#quick-start), [feature-rich](FEATURES.md#features), free and open-source Kafka
+web UI. This simple Kafka tool makes your DATA detectible, helps troubleshoot problems and deliver
+optimal solutions. You can easily monitor brokers and their condition, consumer groups and their
+pace along with the current lag, or view the content of topics in real time.
+
+Here are some of **[Kouncil's](https://kouncil.io) main features**. For a more comprehensive list
+check out the [features section](FEATURES.md#features).
 
-Here are some of **the main features of [Kouncil](https://kouncil.io)**. For a more comprehensive list check out the [features section](FEATURES.md#features).
 * Advanced record browsing in table format
 * Multiple cluster support
 * Cluster monitoring
@@ -11,7 +17,8 @@ Here are some of **the main features of [Kouncil](https://kouncil.io)**. For a m
 
 ## Demo app
 
-If you wish to simply check out Kouncil in action, without having to install it, we've prepared a demo site showcasing the main features of Kouncil. The demo site can be found [here](https://kouncil-demo.web.app/)
+Check out Kouncil in action without installing it. We've prepared a demo site showcasing the main
+features of Kouncil, which can be found [here]. (https://kouncil-demo.web.app/)
 
 ## Quick start
 
@@ -20,15 +27,25 @@ The easiest way to start working with Kouncil is by using Docker:
 ```bash
 docker run -d -p 80:8080 -e bootstrapServers="kafka1:9092" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest
 ```
-There is only two required environment variables: `bootstrapServers` which should point to one of the brokers in your Kafka cluster and `kouncil.auth.active-provider` which specified authentication mode. For example, if your cluster consists of three brokers - kafka1:9092, kafka2:9092, kafka3:9092 - you only have to specify one of them (`-e bootstrapServers="kafka1:9092"`), and you are good to go, Kouncil will automatically do the rest!
+There are only two required environment variables: `bootstrapServers`, which should point to one of
+the brokers in your Kafka cluster, and `kouncil.auth.active-provider`, which specifies
+authentication mode. For example, if your cluster consists of three brokers - kafka1:9092, kafka2:
+9092, kafka3:9092 - you only have to specify one of them (`-e bootstrapServers="kafka1:9092"`), and
+you are good to go. Kouncil will automatically do the rest.
 
-Additionally, Kouncil supports multiple clusters. Hosts specified in `bootstrapServers` may point to brokers in several clusters, and Kouncil will recognize that properly. Brokers should be separated using comma, i.e.: `docker run -d -p 80:8080 -e bootstrapServers="kafka1:9092,kafka1.another.cluster:8001" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest`
+Additionally, Kouncil supports multiple clusters. Hosts specified in `bootstrapServers` may point to
+brokers in several clusters, and Kouncil will recognize that properly. Brokers should be separated
+using a comma,
+i.e.: `docker run -d -p 80:8080 -e bootstrapServers="kafka1:9092,kafka1.another.cluster:8001" -e kouncil.auth.active-provider="inmemory" consdata/kouncil:latest`
 
-After the `docker run` command head to [http://localhost](http://localhost).
+After the `docker run` command, head to [http://localhost](http://localhost).
 
 Images for Kouncil are hosted here: https://hub.docker.com/r/consdata/kouncil.
 
-For more advanced configuration consult the [Deployment](installation/DEPLOYMENT.md#deployment) section.
+For more advanced configuration, consult the [Deployment](installation/DEPLOYMENT.md#deployment)
+section.
 
 ## Authentication
-Default credentials to log in to Kouncil are admin/admin. For more authentication option head out to [Authentication](configuration/security/AUTHENTICATION.md)
+
+Default credentials to log in to Kouncil are admin/admin. For more authentication options, check
+out [Authentication](configuration/security/AUTHENTICATION.md)

docs/.github/img/kouncil_okta_assignments.png

@@ -7,8 +7,14 @@
   * [Development](installation/DEVELOPMENT.md)
 * Configuration
   * [Authentication](configuration/security/AUTHENTICATION.md)
+    * [Local authentication](configuration/security/LOCAL_AUTHENTICATION.md)
+    * [LDAP, LDAPS and AD authentication](configuration/security/LDAP.md)
+    * SSO
+      * [GitHub](configuration/security/GITHUB.md)
+      * [Okta](configuration/security/OKTA.md)
   * [Authorization](configuration/security/AUTHORIZATION.md)
   * SSL/TLS Configuration
+    * [Configuration](configuration/KAFKA_CLUSTER.md)
     * Kafka
       * [TLS configuration](configuration/kafka/TLS.md)
       * [Broker SSL configuration](configuration/kafka/SASL_PLAIN.md)

docs/.github/img/kouncil_okta_callbacks.png

@@ -1,8 +1,12 @@
 ## Custom context path
 
-If you want to expose Kouncil in custom context path you need to set Spring's `kouncil.context-path` parameter.
-In docker run command it will look like this
+If you want to expose Kouncil in a custom context path, you need to set
+Spring's `kouncil.context-path` parameter.
+In Docker run command it will look like this
+
 ```bash
 docker run -d -p 80:8080 -e bootstrapServers="kafka1:9092" -e kouncil.context-path="/console" consdata/kouncil:latest
 ```
-After that, visit [http://localhost/console](http://localhost/console) in your browser, and you should be greeted by a login screen.
+
+After that, visit [http://localhost/console](http://localhost/console) in your browser, and you
+should see a login screen.

docs/.github/img/kouncil_okta_groups.png

@@ -1,24 +1,27 @@
 ## Database configuration
 
 Currently, Kouncil supports two databases:
+
 * PostgreSQL
 * H2
 
 If no database is specified with below properties, H2 in-memory database will be used.
 
 ### Configuration properties
+
 * `spring.datasource.url` JDBC URL of the database
 * `spring.datasource.username` login username of the database
 * `spring.datasource.password` login password of the database
-* `spring.jpa.hibernate.default_schema` sets default schema 
+* `spring.jpa.hibernate.default_schema` sets default schema
 
 ### Example
+
 ```yaml
 spring:
   datasource:
-      url: jdbc:postgresql://localhost:5432/
-      username: postgres
-      password: password
+    url: jdbc:postgresql://localhost:5432/
+    username: postgres
+    password: password
   jpa:
     hibernate:
       default_schema: kouncil

docs/.github/img/kouncil_okta_new_app.png

@@ -1,6 +1,8 @@
 ## Advanced config - JMX monitoring
 
-If your Kafka brokers expose JMX metrics Kouncil can take advantage of that, displaying additional metrics. This is done using advanced config, where you can specify JMX parameters for each broker, like so:
+If your Kafka brokers expose JMX metrics, Kouncil can leverage them to display additional metrics.
+This is done using advanced config, where you can specify JMX parameters for each broker, as
+follows:
 
 ```yaml
 kouncil:
@@ -17,7 +19,10 @@ kouncil:
           port: 9094
           jmxPort: 5090
 ```
-This example assumes that broker does not require any kind of authentication to access JMX metrics - you only need to specify JMX port. If that's not the case, and JMX authentication is turned on, you can also specify JMX user and password:
+
+This example assumes that the broker does not require authentication to access JMX metrics - you
+only need to specify the JMX port. If JMX authentication is enabled, you can also specify the JMX
+username and password:
 
 ```yaml
 kouncil:
@@ -40,7 +45,10 @@ kouncil:
           jmxUser: jmxAdmin
           jmxPassword: jmxPassword
 ```
-It quickly becomes clear, that in many cases those properties (`jmxPort`, `jmxUser`, `jmxPassword`) will be identical for each of the brokers inside the cluster. For that reason, you can also specify them on a cluster level, and they will propagate to each broker:
+
+It quickly becomes clear that, in many cases, the properties (`jmxPort`, `jmxUser`, `jmxPassword`)
+will be identical for all brokers within the cluster. For that reason, you can specify them at the
+cluster level, and they will be propagated to each broker:
 
 ```yaml
 kouncil:
@@ -51,15 +59,18 @@ kouncil:
       jmxPassword: jmxPassword
       brokers:
         - host: 192.10.0.1
-          port: 9092    
+          port: 9092
         - host: 192.10.0.2
           port: 9093
         - host: 192.10.0.3
           port: 9094
 ```
-All brokers inside `transaction-cluster` will share the same JMX configuration (`jmxPort` = `5088`, `jmxUser` = `jmxAdmin`, `jmxPassword` = `jmxPassword`).
 
-Propagation of JMX parameters works independently for each of those parameters. For example, each of the brokers may have the same JMX user and password, but different port:
+All brokers within the `transaction-cluster` will share the same JMX
+configuration (`jmxPort` = `5088`, `jmxUser` = `jmxAdmin`, `jmxPassword` = `jmxPassword`).
+
+Propagation of JMX parameters works independently for each parameter. For example, while all brokers
+may share the same JMX user and password, they can have different ports.
 
 ```yaml
 kouncil:
@@ -79,4 +90,3 @@ kouncil:
           jmxPort: 5090
 ```
 
-In the case of both simple and advanced configuration being present, the advanced configuration takes precedence.

docs/.github/img/kouncil_user_groups_permissions.png

@@ -0,0 +1,29 @@
+## Managing Kafka clusters
+
+Starting from version 1.9 you will be able to configure and secure your Kafka clusters from UI. To
+do it log in to the app and select Clusters menu item. You will see your clusters list. To add new
+cluster click `Add new cluster` button and cluster form will be opened.
+
+<p align="left">
+    <img src="../.github/img/kouncil_cluster_form.png" width="820">
+</p>
+
+### Cluster SSL/TLS configuration
+
+If your Kafka cluster requires any authentication you are able to configure `SASL`, `SSL`
+or `AWS MSK` authentication.
+
+<p align="left">
+    <img src="../.github/img/kouncil_cluster_form_cluster_security.png" width="820">
+</p>
+
+### Schema registry
+
+Within this form you are able to add Schema Registry to your cluster.
+
+<p align="left">
+    <img src="../.github/img/kouncil_cluster_form_schema_registry.png" width="820">
+</p>
+
+If your Schema Registry requires any authentication you are able to configure `SSL`
+or `SSL with basic authentication` security.