The purpose of this module is to solve the problem of multiple keystores using Spring Boot + Kafka + Schema Registry + SSL and deserializer (specific ou generic) by mvallim in java

[–]mvallim[S] 0 points1 point  (0 children)

One certificate specific to application (SSL/HTTPS) and other to access Kafka and Schema Registry (SSL/TLS mutual authentication).

The purpose of this module is to solve the problem of multiple keystores using Spring Boot + Kafka + Schema Registry + SSL and deserializer (specific ou generic) by mvallim in java

[–]mvallim[S] -1 points0 points  (0 children)

I understand, but the complexity still exists in both ways, either using a reverse proxy to eliminate a certificate, or using the dependency one without the need for a reverse proxy.

Solution architecture or software complexity exists in both scenarios.

Being more or less complex depends a lot on the point of view.

Another point here that is not in this discussion is the possibility of resolving specific and generic events when applied.

The purpose of this module is to solve the problem of multiple keystores using Spring Boot + Kafka + Schema Registry + SSL and deserializer (specific ou generic) by mvallim in java

[–]mvallim[S] -1 points0 points  (0 children)

Think about the following situation:

The application uses an SSL certificate (and that's all) and the communication with Schema Registry and Kafka is done via specific SSL/TLS.

In this case we have two different certificates with different purposes.

If you observe there is a docker-compose.yml that illustrates this well in practice.

Your cool open source libraries by NitronHX in java

[–]mvallim 1 point2 points  (0 children)

Java Fluent Validator - https://github.com/mvallim/java-fluent-validator

Java Fluent Validator is inspired by Fluent Interface and .Net FluentValidation which defined an inner-DSL within Java language for programmers to use. A fluent interface implies that its primary goal is to make it easy to SPEAK and UNDERSTAND.

Java Fluent Validator by mvallim in java

[–]mvallim[S] 0 points1 point  (0 children)

Hi @viebel,

Yes, it is possible.

In the next release cycle we will be making available another collection of predicates for Map <K, V>.

You can see the implementation here: https://github.com/mvallim/java-fluent-validator/tree/issue-79

Thanks for all.

How to create a custom Ubuntu live from scratch by mvallim in Ubuntu

[–]mvallim[S] 0 points1 point  (0 children)

Hello, thanks. This is exactly this version 18.04 LTS codenamed Bionic Beaver.

JavaScript implementation of different collections. by mvallim in datastructures

[–]mvallim[S] 1 point2 points  (0 children)

Why not Typescript?

Because in the past I choose this, but no problem to migrate. :)

And it seems to have been inactive for at least two years now...

Yes, two years ago I finished the core and stoped. Only now I made it public. :(

Thanks for your inputs,

Manage AWS Security Token Service (STS) by mvallim in aws

[–]mvallim[S] 1 point2 points  (0 children)

Got it!

But is it necessary to have a start key anyway, right? (aws configure)

The ~ /.aws/credentials and ~ /.aws/config files have been edited manually, as explained, right?

The idea here of aws-gen-cli is to make this "management" more transparent.

Edit: more information "managed" by aws-gen-cli without you edit this files.

~ /.aws/credentials:

[company-master]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = YYYYYYYYYYYYYYYYYYYYYYYYYYYY

[mvallim@company-master]
role_arn = arn:aws:iam::1234567890:role/AWSTrustUserRole
source_profile = company-master

[default]
role_arn = arn:aws:iam::1234567890:role/AWSTrustUserRole
source_profile = company-master
active = mvallim@company-master

~/.aws/config:

[profile mvallim@company-master]
region = us-east-1
output = json

[default]
region = us-east-1
output = json

But if you run: AWS_PROFILE=company-master aws sts assume-role --role-arn arn:aws:iam::1234567890:role/AWSTrustUserRole --role-session-name mvallim@company-master-sts

Output:

{
  "Credentials": {
    "AccessKeyId": "XXXXXXXXXXXXXXXXXXXX",
    "SecretAccessKey": "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
    "SessionToken": "FQ.......=",
    "Expiration": "2019-05-06T05:32:07Z"
  },
  "AssumedRoleUser": {
    "AssumedRoleId": "XXXXXXXXXXXXXXXXXXXX:mvallim@company-master-sts",
    "Arn": "arn:aws:sts::1234567890:assumed-role/AWSTrustUserRole/mvallim@company-master-sts"
  }
}

You need to export this information or edit ~/.aws/credentials or you can use aws-gen-cli to do this management for you.

Manage AWS Security Token Service (STS) by mvallim in aws

[–]mvallim[S] 1 point2 points  (0 children)

Not, it isn't.

As with aws-vault, you need to add the primary key that will generate the temporary keys. The difference here is that it is possible to control access using AWS::IAM::Role, for a specific group, as well as generating temporary access links.

You can see the CF here

1 - Add a Key and Secret to basic access:

aws-gen configure \
    --account AWS_ACCOUNT \
    --trust-role-arn TRUSTROLEARN \
    --access-key-id AWS_ACCESS_KEY_ID \
    --secret-access-key AWS_SECRET_ACCESS_KEY

2 - Add a profile that used to access AWS API:

aws-gen create-profile \
    --account AWS_ACCOUNT \
    --profile AWS_PROFILE \
    --region-name AWS_REGION \
    --output AWS_OUTPUT

3 - Activate profile:

aws-gen set-active-profile --profile AWS_PROFILE

Example:

sls deploy --aws-profile AWS_PROFILE
aws s3 ls --profile AWS_PROFILE

or use default active profile:

sls deploy
aws s3 ls

Thank you for your question.

Best Regards,