KMS

KMS keys Documentation 

What is difference between a Customer Managed Key (CMK) and AWS KMS  

•  AWS KMS replaced the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term.

Keys getting started - Managing keys - AWS Key Management Service (amazon.com)

Managing keys  - creating a KMS key

• symmetric encryption KMS keys - "When you create an AWS KMS key, by default, you get a KMS key for symmetric encryption. This is the basic and most commonly used type of KMS key." 
• asymmetric KMS keys - encryption or signing, as well as generate and validate HMAC tags using HMAC KMS keys

• A logical representation of a cryptographic key is an AWS KMS key. 
• Metadata of a KMS key includes 

• the key ID
• key specification
• key use
• creation date
• description
• key status
• Most crucially, it includes a reference to the key material used when performing cryptographic operations with the KMS key.

• Symmetric KMS keys and asymmetric KMS private keys are never left unprotected in AWS KMS. 

• We must utilize AWS KMS to use or manage the KMS keys.

• AWS KMS generates the key material for a KMS key by default. 
• We are unable to extract, export, see, or handle this critical material. 

• The public key of an asymmetric key pair is the lone exception, which we may export for usage outside of AWS.

More on keys:

The KMS keys that you create customer managed keys

The KMS keys that AWS services create in your AWS account are AWS Managed keys  

- You don't have to create or maintain the key or its key policy, and there's never a monthly fee for an AWS managed key.

- view the aws managed key 

- view the  key policies

- audit the keys use in AWS CloudTrail logs

-AWS managed keys appear on the AWS managed keys page of the AWS Management Console for AWS KMS. 

-You can also identify AWS managed keys by their aliases, which have the format aws/service-name

What is AWS CloudFormation? - AWS CloudFormation (amazon.com)

CloudFormation AWS KMS Key: Explained 

AWS KMS CloudFormation resources are accessible in all Regions that support AWS KMS and AWS CloudFormation. 

We may make advantage of AWS: KMS:: Key resource for creating and managing all KMS key types supported in a Region

Creating a key policy - AWS Key Management Service (amazon.com)

aws-kms-developer-guide/creating-resources-with-cloudformation.md at master · awsdocs/aws-kms-developer-guide · GitHub

(6) Create and Manage AWS KMS - Custom Managed Key using Cloudformation | LinkedIn

AES - advanced encryption standard

CMK - customer master key

- asymetric - has public (encrpyt data) and private key (decrypt data) and must be used together 

- symetric - same key used for encryption and decryption

Customer manages or aws managed keys

KMS Access management : Control access using different AWS approaches including 

• key policy (policy attached to key)
•  iam policy (policy attached to principal user/role), 
• grants [link] (attached programmatically)

KMS policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html)

• administrator - admin actions ... add/enable etc a key
• user - crypt actions... crypt/decypt etc

[link] [link]

principal  who can perform actions is either an  iam user, iam role, root user

KMS requires policy for each customer managed key

can view key policy among other things for a key

Statement Id (SID) : Enable IAM User Permissions

- indicates explicitly that the root user  (or specific user) of this account is allowed which actions on specified resources. By specifying this root user here, allows to  enableIAM policy for all users in this account

. without this statement root user does not have access to key

Statement Id (SID) :  Allow access for key Administrators  

-for an administrator, allows for the administration actions of the key

Statement Id (SID) :  Allow use of the key 

- for a user, allow for cryptographic actions for the key

Statement Id (SID) :  Allow attachment of persistent resources

- for grants, manage who can do what action

Stages and Futures

API:

1. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/CompletionStage.html
2. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/CompletableFuture.html

public class CompletableFuture<T> implements Future<T>, CompletionStage<T> 

- execute on ForkJoinPool.commonPool or pass own pool

runAsync - returns CompletableFuture<Void> ,takes Runnable<T>   

-  i.e. doesn't bring back an result

supplyAsync -  returns CompletableFuture<T>, takes Supplier<T>   

-  i.e.  brings back a result

Methods from CompletableFuture you can call once it is done completing its work:

theApply  :   CompletionStage<U> thenApply​(Function<? super T,​? extends U> fn)

- transform the response you received after Computable Future returns

- specify Function<T,R> as argument

- thenApplyAsync method is for running on different thread pool than the default

thenAccept:   CompletionStage<Void> thenAccept​(Consumer<? super T> action)

- its simply just consumes, it takes response Consumer<T> as argument but does not return anything

- thenAcceptAsync method is for running on different thread pool than the default

thenRun:  CompletionStage<Void> thenRun​(Runnable action)

- takes Runnable as argument, doesn't leverage the response

-  thenRunAsync  method is for running on different thread pool than the default

dependent future-  a stage takes in result of a stage it has dependency on:

thenCompose :  CompletionStage<U> thenCompose​(Function<? super T,​? extends CompletionStage<U>> fn)

- consumes, it takes  Function<T,R> as argument , and returns a Completable Future

- chains Futures and run them sequentially

- thenComposeAsync  method is for running on different thread pool than the default

 

combining future-  a stage takes in results of independent stage(s)

thenCombine  :  <U,​V> CompletionStage<V> thenCombine​(CompletionStage<? extends U> other, BiFunction<? super T,​? super U,​? extends V> fn)

- takes BiFunction<U,V,R> as argument and used to run multiple stages in parallel

- thenCombineAsync  method is for running on different thread pool than the default

allOf 

-returns CompletableFuture<Void>

anyOf

-returns CompletableFuture<Void>

handle:

-its simply just consumes and returns exception 

exceptionally

- its simply just consumes exception as argument

Reference : https://github.com/tech-recipes/completable-future, https://www.youtube.com/watch?v=217XaErWYJE 

Overview blog :

"CompletableFuture ... it allows you to build a pipeline of steps which can each be executed asynchronously, each step depending on the result of one or more previous steps."

"CompletionStage, the superinterface of CompletableFuture, which declares most of the methods that comprise the functionality of CompletableFuture."

" A stage completes upon termination of its computation, but this may in turn trigger other dependent stages"

"CompletionStage specifies most of the functionality of CompletableFuture. Class CompletableFuture adds a number of extra methods"

reference :

• thenApply: Apply a function to the result of the previous stage 
• thenAccept : Let a consumer deal with the result of the previous stage 
• thenCombine: Apply a function to the results of both of two previous stages 
• thenAcceptBoth: Let a consumer deal with the results of both of two previous stages thenCompose: Similar to thenApply, except that the function returns CompletionStage instead of MyClass
• whenComplete : Handle the outcome of a stage, whether it's a result value or an exception
• exceptionally: When an exception happened, replace the exception with a result value
• handle : Handle the outcome of a stage and return a new value
• toCompletableFuture : Convert the CompletionStage to a CompletableFuture

differences

Kubernetes world

I am learning about containers,  kubernetes, and cloud...

Microservices definition says it's a design approach to break up a monolith application into small independent components. 

containers : 

"A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. "

"A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings."

"Containers are an abstraction at the app layer that packages code and dependencies together."  

"Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers."

Kubernetes :

Kubernetes is an open source technology to manage and orchestrate containers at enterprise scale.  

https://learn.microsoft.com/en-us/training/modules/intro-to-kubernetes

Container management is the process of organizing, adding, removing, or updating a significant number of containers 

For Kubernetes to run containers, it needs a container runtime, like Docker or containerd. The container runtime is the object that's responsible for managing containers

Architecture :

Cluster is a set of computers that you configure to work together and view as a single system. 

The cluster uses centralized software that's responsible for scheduling and controlling these tasks.

For example the cluster software may also respond to to changes in compute resource needs.

Kubernetes abstracts away complex container management tasks, and provides you with declarative configuration to orchestrate containers in different computing environments.

The computers in a cluster that run the tasks are called nodes.

"A node is the smallest unit of computing hardware in Kubernetes." [link]

The control planes  are the computers that run the scheduling software.

Kubernetes cluster contains at least one main plane and one or more nodes. Both the control planes and node instances can be physical devices, virtual machines, or instances in the cloud. The default host OS in Kubernetes is Linux, with default support for Linux-based workloads.

At least 1 master node and couple worker nodes (referred to just nodes)

A node in Kubernetes cluster is where compute workloads run. Each node communicates with control plane via the API serve Tom inform it about state changes in node.

 each node has kublet process running on it 

Kublet is a Kubernetes process that makes it possible for a cluster to communicate to each other and execute tasks on each nodes 

You package the container into a Kubernetes object called a pod. 

A pod is the smallest object that you can create in Kubernetes.

"Although working with individual nodes can be useful, it’s not the Kubernetes way. In general, you should think about the cluster as a whole, instead of worrying about the state of individual nodes" [link]

Resources

• why kubernetes AKA K8
• The first training video i checked out is this Techworld By Nana - its a one hour video:  Crash Course
• learning resources

Java 8 streams

String[] keys = Arrays.stream(ShareModeType.values()).map(ShareModeType::getCode).toArray(String[]::new);

Optional<String> match = Arrays.stream(keys).filter(shareMode::equals).findAny();

actionTypeList = Stream.of(ActionType.values()).map(ActionType::getId).collect(Collectors.toSet());

public enum ResultStatusCode {
SUCCESS("I-FCP-REGREPO-0000", "Success", "Success"),
FAIL("F-FCP-REGREPO-0001", "Failed", "Failed"),
CUSIP_INVALID("F-FCP-REGREPO-0002", "Validation Error", "Invalid CUSIP"),
CUSIP_EMPTY("F-FCP-REGREPO-0003", "Validation Error", "Missing CUSIP"),
E_IND("F-FCP-REGREPO-0004", "Validation Error", "Invalid eIndicator"),
SRC_SYS_IND("F-FCP-REGREPO-0005", "Validation Error", "Invalid srcSysIndicator"),
FUND_TY("F-FCP-REGREPO-0006", "Validation Error", "Invalid Fund Type"),
CORE_TY("F-FCP-REGREPO-0007", "Validation Error", "Invalid Core Type"),
EFF_DATE("F-FCP-REGREPO-0008", "Validation Error", "Invalid date range"),
VER_DATE("F-FCP-REGREPO-0009", "Validation Error", "Invalid version date range"),
ORDER_BY("F-FCP-REGREPO-0010", "Validation Error", "Invalid Orderby"),
ORDER_DIR("F-FCP-REGREPO-0011", "Validation Error", "Invalid Order Direction"),
LIMIT_VAL("F-FCP-REGREPO-0012", "Validation Error", "Invalid limit"),
OFFSET_VAL("F-FCP-REGREPO-0013", "Validation Error", "Invalid offset value"),
DOC_EVENT_IND("F-FCP-REGREPO-0014", "Validation Error", "Invalid docEventIndicator"),
DOC_TY("F-FCP-REGREPO-0015", "Validation Error", "Invalid Document Type"),

PROCESSDATE_INVALID("F-FCP-REGREPO-0016", "Validation Error", "Invalid Process Date"),
PROCESSDATE_EMPTY("F-FCP-REGREPO-0017", "Validation Error", "Missing Process Date"),
GENERIC_ERR_MSG("F-FCP-REGREPO-0018", "System unavailable", "System unavailable");
//DB_EXC_ERR("F-FCP-REGREPO-0019", "Database Exception", "Database Exception"),


private final String code;
private final String title;
private final String detail;

private static Map<String, ResultStatusCode> map = new HashMap<String, ResultStatusCode>();

private ResultStatusCode(String code, String title, String detail) {
    this.code = code;
    this.title = title;
    this.detail = detail;
}

public String getTitle() {
return title;
}

public String getCode() {
return code;
}

public String getDetail() {
return detail;
}

static {
        for (ResultStatusCode resultStatusCode : ResultStatusCode.values()) {
            map.put(resultStatusCode.code, resultStatusCode);
        }
    }

public static ResultStatusCode valueOfGivenCode(String code) {
        return map.get(code);
    }

@Override
public String toString() {
return code + ": " + title;
}
}




https://howtodoinjava.com/swagger2/swagger-spring-mvc-rest-example/




List <ResultStatusCode> filteredList = errorList.stream().filter(x -> x.getTitle().equalsIgnoreCase("Validation Error")).collect(Collectors.toList());


static final String[] ORDERBY_ARRAY = { "CUSIP", "FUND_IND", "EFF_D", "VERSION_D", "E_FUND_IND", "DOC_TY_C",
"CORE_FUND_IND", "ACCESSKEY", "SRC_SYS_IND", "DOC_UPD_IND", "EXP_D" };



if (StringUtils.isNotEmpty(cusipParameters.getOrderBy())) {
if (!Arrays.stream(ORDERBY_ARRAY).anyMatch(cusipParameters.getOrderBy()::equals))
return ErrorCode.ORDER_BY;
}



public boolean RegexValidation(String cusip) {
String regex = "^[a-zA-Z0-9]{9}";
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(cusip);

return matcher.matches();
}

public boolean DateValidation(String date) {
String rgx = "^((?:(?:1[6-9]|[2-9]\\d)?\\d{4})(-)(?:(?:(?:0[13578]|1[02])(-)31)|((0[1,3-9]|1[0-2])(-)(29|30))))$|^(?:(?:(?:(?:1[6-9]|[2-9]\\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00)))(-)02(-)29)$|^(?:(?:1[6-9]|[2-9]\\d)?\\d{4})(-)(?:(?:0[1-9])|(?:1[0-2]))(-)(?:0[1-9]|1\\d|2[0-8])$";
Pattern pattern = Pattern.compile(rgx);
Matcher matcher = pattern.matcher(date);
return matcher.matches();
}



public boolean DateRangeValidation(String fromDate, String toDate) {
try {
// SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date date1 = new SimpleDateFormat("yyyy-MM-dd").parse(fromDate);
Date date2 = new SimpleDateFormat("yyyy-MM-dd").parse(toDate);

if (date1.equals(date2))
return true;
else
return date1.before(date2);
} catch (Exception e) {
return false;
}
}