policy-engine/docs/images/ape/storage_node_ape.svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="755px" preserveAspectRatio="none" style="width:1131px;height:755px;" version="1.1" viewBox="0 0 1131 755" width="1131px" zoomAndPan="magnify"><defs><filter height="300%" id="f1vrzas1fwodf6" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><rect fill="#008000" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="255" x="327.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="100" x="405" y="16.0669">Storage node</text><rect fill="#90EE90" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="455" x="584.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="154" x="735" y="16.0669">Access Policy Engine</text><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="138.6641" style="stroke: #000000; stroke-width: 2.0;" width="555" x="134.5" y="70.4297"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="80.3984" style="stroke: #000000; stroke-width: 2.0;" width="935.5" x="41.5" y="222.0938"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="315.4922"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="506.2891"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="57.5" x2="57.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="150.5" x2="150.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="389.5" x2="389.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="518" x2="518" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="673.5" x2="673.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="822.5" x2="822.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="961" x2="961" y1="58.4297" y2="703.0859"/><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="105" x="3" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="91" x="10" y="43.1279">Administrator</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="122" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="129" y="43.1279">Client</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="331.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="338.5" y="43.1279">Object service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="457.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="464.5" y="43.1279">Control service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="588.5" y="23.1
@startuml storage node ape
!pragma teoz true

participant "Administrator" as administrator
participant "Client" as client

box "Storage node" #Green
  participant "Object service" as obj
  participant "Control service" as control
end box

box "Access Policy Engine" #LightGreen
  participant "Local override storage" as localOverrides
  participant "Chain Router" as chainRouter
  participant "Morph rule storage" as morphRuleStorage
end box

group Set local override
  client -> control: Add local override
  control -> localOverrides: Save override in DB
  localOverrides -> control: OK
  control -> client: OK
end

group Update state in Policy contract
  administrator -> morphRuleStorage: Add chain
  morphRuleStorage -> administrator: OK
end

group Perform a request A
  client -> obj : Sending a request
  obj -> chainRouter: Check if APE allows the request
  note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
  chainRouter -> obj: APE returns status: "ACCESS DENIED"
  obj -> client: Response: "the request is denied"
end

group Perform a request B
  client -> obj : Sending a request
  obj -> chainRouter: Check if APE allows the request
  note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
  chainRouter -> obj: APE returns status: "ALLOW"
  obj -> client: Response: "OK"
end

@enduml

PlantUML version 1.2020.02(Sun Mar 01 13:22:07 MSK 2020)
(GPL source distribution)
Java Runtime: OpenJDK Runtime Environment
JVM: OpenJDK 64-Bit Server VM
Java Version: 11.0.22+7-post-Ubuntu-0ubuntu222.04.1
Operating System: Linux
Default Encoding: UTF-8
Language: en
Country: null
--></g></svg>
[#71] docs: Introduce APE overview Signed-off-by: Airat Arifullin <aarifullin@yadro.com> 2024-04-18 11:27:52 +00:00			<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="755px" preserveAspectRatio="none" style="width:1131px;height:755px;" version="1.1" viewBox="0 0 1131 755" width="1131px" zoomAndPan="magnify"><defs><filter height="300%" id="f1vrzas1fwodf6" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><rect fill="#008000" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="255" x="327.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="100" x="405" y="16.0669">Storage node</text><rect fill="#90EE90" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="455" x="584.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="154" x="735" y="16.0669">Access Policy Engine</text><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="138.6641" style="stroke: #000000; stroke-width: 2.0;" width="555" x="134.5" y="70.4297"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="80.3984" style="stroke: #000000; stroke-width: 2.0;" width="935.5" x="41.5" y="222.0938"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="315.4922"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="506.2891"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="57.5" x2="57.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="150.5" x2="150.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="389.5" x2="389.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="518" x2="518" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="673.5" x2="673.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="822.5" x2="822.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="961" x2="961" y1="58.4297" y2="703.0859"/><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="105" x="3" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="91" x="10" y="43.1279">Administrator</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="122" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="129" y="43.1279">Client</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="331.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="338.5" y="43.1279">Object service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="457.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="464.5" y="43.1279">Control service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="588.5" y="23.1
			`@startuml storage node ape`
			`!pragma teoz true`

			`participant "Administrator" as administrator`
			`participant "Client" as client`

			`box "Storage node" #Green`
			`participant "Object service" as obj`
			`participant "Control service" as control`
			`end box`

			`box "Access Policy Engine" #LightGreen`
			`participant "Local override storage" as localOverrides`
			`participant "Chain Router" as chainRouter`
			`participant "Morph rule storage" as morphRuleStorage`
			`end box`

			`group Set local override`
			`client -> control: Add local override`
			`control -> localOverrides: Save override in DB`
			`localOverrides -> control: OK`
			`control -> client: OK`
			`end`

			`group Update state in Policy contract`
			`administrator -> morphRuleStorage: Add chain`
			`morphRuleStorage -> administrator: OK`
			`end`

			`group Perform a request A`
			`client -> obj : Sending a request`
			`obj -> chainRouter: Check if APE allows the request`
			`note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match`
			`chainRouter -> obj: APE returns status: "ACCESS DENIED"`
			`obj -> client: Response: "the request is denied"`
			`end`

			`group Perform a request B`
			`client -> obj : Sending a request`
			`obj -> chainRouter: Check if APE allows the request`
			`note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match`
			`chainRouter -> obj: APE returns status: "ALLOW"`
			`obj -> client: Response: "OK"`
			`end`

			`@enduml`

			`PlantUML version 1.2020.02(Sun Mar 01 13:22:07 MSK 2020)`
			`(GPL source distribution)`
			`Java Runtime: OpenJDK Runtime Environment`
			`JVM: OpenJDK 64-Bit Server VM`
			`Java Version: 11.0.22+7-post-Ubuntu-0ubuntu222.04.1`
			`Operating System: Linux`
			`Default Encoding: UTF-8`
			`Language: en`
			`Country: null`
			`--></g></svg>`