generated from TrueCloudLab/basic
73 lines
22 KiB
XML
73 lines
22 KiB
XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="852px" preserveAspectRatio="none" style="width:1612px;height:852px;" version="1.1" viewBox="0 0 1612 852" width="1612px" zoomAndPan="magnify"><defs><filter height="300%" id="f1l5dhsbmf5oik" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><rect fill="#FF69B4" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="105" x="394" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="18" x="437.5" y="16.0669">S3</text><rect fill="#FFB6C1" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="308" x="501" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="302" x="504" y="16.0669">Access Policy Engine (as s3 middleware)</text><rect fill="#DDDDDD" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="183" x="811" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="177" x="814" y="16.0669">Policy contract (shared)</text><rect fill="#90EE90" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="348" x="996" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="342" x="999" y="16.0669">Access Policy Engine (as storage middleware)</text><rect fill="#008000" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="255" x="1346" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="100" x="1423.5" y="16.0669">Storage node</text><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="191.9297" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="75.4297"/><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="162.7969" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="281.3594"/><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="328.4609" style="stroke: #000000; stroke-width: 2.0;" width="1463" x="13" y="458.1563"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="51" x2="51" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="164.5" x2="164.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="305.5" x2="305.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="446" x2="446" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="598.5" x2="598.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="744.5" x2="744.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="902" x2="902" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1080" x2="1080" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1229" x2="1229" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1408" x2="1408" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1536" x2="1536" y1="58.4297" y2="803.6172"/><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="23" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="30" y="43.1279">Client</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="23" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="30" y="822.6123">Client</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="38" x="143.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="24" x="150.5" y="43.1279">IAM</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="38" x="143.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="24" x="150.5" y="822.6123">IAM</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="160" x="223.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="146" x="230.5" y="43.1279">IAM -> APE converter</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="160" x="223.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="146" x="230.5" y="822.6123">IAM -> APE converter</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="93" x="398" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="79" x="405" y="43.1279">S3 gateway</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="93" x="398" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="79" x="405" y="822.6123">S3 gateway</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="513.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="520.5" y="43.1279">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="513.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="520.5" y="822.6123">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="99" x="693.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="85" x="700.5" y="43.1279">Chain router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="99" x="693.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="85" x="700.5" y="822.6123">Chain router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="828" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="835" y="43.1279">Morph rule storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="828" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="835" y="822.6123">Morph rule storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="1026" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="1033" y="43.1279">Chain Router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="1026" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="1033" y="822.6123">Chain Router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="1144" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="1151" y="43.1279">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="1144" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="1151" y="822.6123">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="1350" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="1357" y="43.1279">Object service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="1350" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="1357" y="822.6123">Object service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="1476" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="1483" y="43.1279">Control service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="1476" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="1483" y="822.6123">Control service</text><path d="M13,75.4297 L261,75.4297 L261,82.4297 L251,92.4297 L13,92.4297 L13,75.4297 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="191.9297" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="75.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="203" x="28" y="88.4966">Request IAM to set a policy</text><polygon fill="#A80036" points="152.5,109.6953,162.5,113.6953,152.5,117.6953,156.5,113.6953" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="158.5" y1="113.6953" y2="113.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="89" x="58.5" y="108.6294">Set IAM policy</text><polygon fill="#A80036" points="293.5,138.8281,303.5,142.8281,293.5,146.8281,297.5,142.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="299.5" y1="142.8281" y2="142.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="171.5" y="137.7622">Convert IAM policy</text><polygon fill="#A80036" points="175.5,167.9609,165.5,171.9609,175.5,175.9609,171.5,171.9609" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="169.5" x2="304.5" y1="171.9609" y2="171.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="181.5" y="166.895">Return APE chain</text><polygon fill="#A80036" points="890.5,197.0938,900.5,201.0938,890.5,205.0938,894.5,201.0938" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="896.5" y1="201.0938" y2="201.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="197" x="171.5" y="196.0278">Store IAM policy and APE chain</text><polygon fill="#A80036" points="586.5,226.2266,596.5,230.2266,586.5,234.2266,590.5,230.2266" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="592.5" y1="230.2266" y2="230.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="139" x="171.5" y="225.1606">Set S3 local overrides</text><polygon fill="#A80036" points="62.5,255.3594,52.5,259.3594,62.5,263.3594,58.5,259.3594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="163.5" y1="259.3594" y2="259.3594"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="68.5" y="254.2935">OK</text><path d="M13,281.3594 L252,281.3594 L252,288.3594 L242,298.3594 L13,298.3594 L13,281.3594 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="162.7969" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="281.3594"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="194" x="28" y="294.4263">Request S3 to set a policy</text><polygon fill="#A80036" points="434.5,315.625,444.5,319.625,434.5,323.625,438.5,319.625" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="440.5" y1="319.625" y2="319.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="58.5" y="314.5591">Set bucket policy</text><polygon fill="#A80036" points="316.5,344.7578,306.5,348.7578,316.5,352.7578,312.5,348.7578" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="310.5" x2="445.5" y1="348.7578" y2="348.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="322.5" y="343.6919">Convert IAM policy</text><polygon fill="#A80036" points="434.5,373.8906,444.5,377.8906,434.5,381.8906,438.5,377.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="305.5" x2="440.5" y1="377.8906" y2="377.8906"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="312.5" y="372.8247">Return APE chain</text><polygon fill="#A80036" points="890.5,403.0234,900.5,407.0234,890.5,411.0234,894.5,407.0234" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="896.5" y1="407.0234" y2="407.0234"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="217" x="453.5" y="401.9575">Store bucket policy and APE chain</text><polygon fill="#A80036" points="62.5,432.1563,52.5,436.1563,62.5,440.1563,58.5,436.1563" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="445.5" y1="436.1563" y2="436.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="68.5" y="431.0903">OK</text><path d="M13,458.1563 L135,458.1563 L135,465.1563 L125,475.1563 L13,475.1563 L13,458.1563 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="328.4609" style="stroke: #000000; stroke-width: 2.0;" width="1463" x="13" y="458.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="77" x="28" y="471.2231">Get object</text><polygon fill="#A80036" points="434.5,492.4219,444.5,496.4219,434.5,500.4219,438.5,496.4219" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="440.5" y1="496.4219" y2="496.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="64" x="58.5" y="491.356">GetObject</text><polygon fill="#A80036" points="733,521.5547,743,525.5547,733,529.5547,737,525.5547" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="739" y1="525.5547" y2="525.5547"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="216" x="453.5" y="520.4888">Check if APE allows request for S3</text><path d="M586,538.5547 L586,563.5547 L900,563.5547 L900,548.5547 L890,538.5547 L586,538.5547 " fill="#FBFB77" filter="url(#f1l5dhsbmf5oik)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M890,538.5547 L890,548.5547 L900,548.5547 L890,538.5547 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="293" x="592" y="555.6216">matching the request with overrides and rules</text><polygon fill="#A80036" points="457.5,589.8203,447.5,593.8203,457.5,597.8203,453.5,593.8203" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="451.5" x2="744" y1="593.8203" y2="593.8203"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="94" x="463.5" y="588.7544">Status: ALLOW</text><polygon fill="#A80036" points="1396,618.9531,1406,622.9531,1396,626.9531,1400,622.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="1402" y1="622.9531" y2="622.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="66" x="453.5" y="617.8872">Get object</text><polygon fill="#A80036" points="1091,648.0859,1081,652.0859,1091,656.0859,1087,652.0859" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="1085" x2="1407" y1="652.0859" y2="652.0859"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="199" x="1097" y="647.02">Check if APE allows the request</text><path d="M921,665.0859 L921,690.0859 L1235,690.0859 L1235,675.0859 L1225,665.0859 L921,665.0859 " fill="#FBFB77" filter="url(#f1l5dhsbmf5oik)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M1225,665.0859 L1225,675.0859 L1235,675.0859 L1225,665.0859 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="293" x="927" y="682.1528">matching the request with overrides and rules</text><polygon fill="#A80036" points="1396,716.3516,1406,720.3516,1396,724.3516,1400,720.3516" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="1080" x2="1402" y1="720.3516" y2="720.3516"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="94" x="1087" y="715.2856">Status: ALLOW</text><polygon fill="#A80036" points="457.5,745.4844,447.5,749.4844,457.5,753.4844,453.5,749.4844" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="451.5" x2="1407" y1="749.4844" y2="749.4844"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="137" x="463.5" y="744.4185">Response: OK, Object</text><polygon fill="#A80036" points="62.5,774.6172,52.5,778.6172,62.5,782.6172,58.5,778.6172" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="445.5" y1="778.6172" y2="778.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="137" x="68.5" y="773.5513">Response: OK, Object</text><!--MD5=[4f7bfd8a138449b73a59d1b5879a7178]
|
|
@startuml s3 ape
|
|
|
|
participant "Client" as client
|
|
|
|
participant "IAM" as iam
|
|
participant "IAM -> APE converter" as converter
|
|
|
|
box "S3" #HotPink
|
|
participant "S3 gateway" as s3
|
|
end box
|
|
|
|
box "Access Policy Engine (as s3 middleware)" #LightPink
|
|
participant "Local override storage" as s3localOverrides
|
|
participant "Chain router" as s3chainRouter
|
|
end box
|
|
|
|
box "Policy contract (shared)"
|
|
participant "Morph rule storage" as morphRuleStorage
|
|
end box
|
|
|
|
box "Access Policy Engine (as storage middleware)" #LightGreen
|
|
participant "Chain Router" as storageChainRouter
|
|
participant "Local override storage" as storageLocalOverrides
|
|
end box
|
|
|
|
box "Storage node" #Green
|
|
participant "Object service" as obj
|
|
participant "Control service" as control
|
|
end box
|
|
|
|
group Request IAM to set a policy
|
|
client -> iam : Set IAM policy
|
|
iam -> converter : Convert IAM policy
|
|
converter -> iam : Return APE chain
|
|
iam -> morphRuleStorage : Store IAM policy and APE chain
|
|
iam -> s3localOverrides : Set S3 local overrides
|
|
iam -> client : OK
|
|
end
|
|
|
|
group Request S3 to set a policy
|
|
client -> s3 : Set bucket policy
|
|
s3 -> converter : Convert IAM policy
|
|
converter -> s3 : Return APE chain
|
|
s3 -> morphRuleStorage : Store bucket policy and APE chain
|
|
s3 -> client : OK
|
|
end
|
|
|
|
group Get object
|
|
client -> s3: GetObject
|
|
s3 -> s3chainRouter: Check if APE allows request for S3
|
|
note over s3chainRouter: matching the request with overrides and rules
|
|
s3chainRouter -> s3: Status: ALLOW
|
|
s3 -> obj: Get object
|
|
obj -> storageChainRouter: Check if APE allows the request
|
|
note over storageChainRouter : matching the request with overrides and rules
|
|
storageChainRouter -> obj: Status: ALLOW
|
|
obj -> s3: Response: OK, Object
|
|
s3 -> client: Response: OK, Object
|
|
end
|
|
|
|
@enduml
|
|
|
|
PlantUML version 1.2020.02(Sun Mar 01 13:22:07 MSK 2020)
|
|
(GPL source distribution)
|
|
Java Runtime: OpenJDK Runtime Environment
|
|
JVM: OpenJDK 64-Bit Server VM
|
|
Java Version: 11.0.22+7-post-Ubuntu-0ubuntu222.04.1
|
|
Operating System: Linux
|
|
Default Encoding: UTF-8
|
|
Language: en
|
|
Country: null
|
|
--></g></svg> |