generated from TrueCloudLab/basic
58 lines
17 KiB
XML
58 lines
17 KiB
XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="755px" preserveAspectRatio="none" style="width:1131px;height:755px;" version="1.1" viewBox="0 0 1131 755" width="1131px" zoomAndPan="magnify"><defs><filter height="300%" id="f1vrzas1fwodf6" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><rect fill="#008000" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="255" x="327.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="100" x="405" y="16.0669">Storage node</text><rect fill="#90EE90" height="740.3828" style="stroke: #A80036; stroke-width: 1.0;" width="455" x="584.5" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="154" x="735" y="16.0669">Access Policy Engine</text><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="138.6641" style="stroke: #000000; stroke-width: 2.0;" width="555" x="134.5" y="70.4297"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="80.3984" style="stroke: #000000; stroke-width: 2.0;" width="935.5" x="41.5" y="222.0938"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="315.4922"/><rect fill="#FFFFFF" filter="url(#f1vrzas1fwodf6)" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="506.2891"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="57.5" x2="57.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="150.5" x2="150.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="389.5" x2="389.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="518" x2="518" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="673.5" x2="673.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="822.5" x2="822.5" y1="58.4297" y2="703.0859"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="961" x2="961" y1="58.4297" y2="703.0859"/><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="105" x="3" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="91" x="10" y="43.1279">Administrator</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="122" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="129" y="43.1279">Client</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="331.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="338.5" y="43.1279">Object service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="457.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="464.5" y="43.1279">Control service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="588.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="595.5" y="43.1279">Local override storage</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="768.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="775.5" y="43.1279">Chain Router</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="886.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="893.5" y="43.1279">Morph rule storage</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="105" x="3" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="91" x="10" y="723.0811">Administrator</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="122" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="129" y="723.0811">Client</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="331.5" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="338.5" y="723.0811">Object service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="457.5" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="464.5" y="723.0811">Control service</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="588.5" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="595.5" y="723.0811">Local override storage</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="768.5" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="775.5" y="723.0811">Chain Router</text><rect fill="#FEFECE" filter="url(#f1vrzas1fwodf6)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="886.5" y="703.0859"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="893.5" y="723.0811">Morph rule storage</text><path d="M134.5,70.4297 L308.5,70.4297 L308.5,77.4297 L298.5,87.4297 L134.5,87.4297 L134.5,70.4297 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="138.6641" style="stroke: #000000; stroke-width: 2.0;" width="555" x="134.5" y="70.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="129" x="149.5" y="83.4966">Set local override</text><polygon fill="#A80036" points="506,109.6953,516,113.6953,506,117.6953,510,113.6953" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="150.5" x2="512" y1="113.6953" y2="113.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="114" x="157.5" y="108.6294">Add local override</text><polygon fill="#A80036" points="661.5,138.8281,671.5,142.8281,661.5,146.8281,665.5,142.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="518" x2="667.5" y1="142.8281" y2="142.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="126" x="525" y="137.7622">Save override in DB</text><polygon fill="#A80036" points="529,167.9609,519,171.9609,529,175.9609,525,171.9609" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="523" x2="672.5" y1="171.9609" y2="171.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="535" y="166.895">OK</text><polygon fill="#A80036" points="161.5,197.0938,151.5,201.0938,161.5,205.0938,157.5,201.0938" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="155.5" x2="517" y1="201.0938" y2="201.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="167.5" y="196.0278">OK</text><path d="M41.5,222.0938 L315.5,222.0938 L315.5,229.0938 L305.5,239.0938 L41.5,239.0938 L41.5,222.0938 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="80.3984" style="stroke: #000000; stroke-width: 2.0;" width="935.5" x="41.5" y="222.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="229" x="56.5" y="235.1606">Update state in Policy contract</text><polygon fill="#A80036" points="949,261.3594,959,265.3594,949,269.3594,953,265.3594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="57.5" x2="955" y1="265.3594" y2="265.3594"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="63" x="64.5" y="260.2935">Add chain</text><polygon fill="#A80036" points="68.5,290.4922,58.5,294.4922,68.5,298.4922,64.5,294.4922" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="62.5" x2="960" y1="294.4922" y2="294.4922"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="74.5" y="289.4263">OK</text><path d="M134.5,315.4922 L330.5,315.4922 L330.5,322.4922 L320.5,332.4922 L134.5,332.4922 L134.5,315.4922 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="315.4922"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="151" x="149.5" y="328.5591">Perform a request A</text><polygon fill="#A80036" points="377.5,354.7578,387.5,358.7578,377.5,362.7578,381.5,358.7578" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="150.5" x2="383.5" y1="358.7578" y2="358.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="157.5" y="353.6919">Sending a request</text><polygon fill="#A80036" points="810.5,383.8906,820.5,387.8906,810.5,391.8906,814.5,387.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="389.5" x2="816.5" y1="387.8906" y2="387.8906"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="199" x="396.5" y="382.8247">Check if APE allows the request</text><path d="M545.5,400.8906 L545.5,425.8906 L1095.5,425.8906 L1095.5,410.8906 L1085.5,400.8906 L545.5,400.8906 " fill="#FBFB77" filter="url(#f1vrzas1fwodf6)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M1085.5,400.8906 L1085.5,410.8906 L1095.5,410.8906 L1085.5,400.8906 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="529" x="551.5" y="417.9575">Fetches local overrides and rules defined for a target/targets and looks for a match</text><polygon fill="#A80036" points="400.5,452.1563,390.5,456.1563,400.5,460.1563,396.5,456.1563" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="394.5" x2="821.5" y1="456.1563" y2="456.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="243" x="406.5" y="451.0903">APE returns status: "ACCESS DENIED"</text><polygon fill="#A80036" points="161.5,481.2891,151.5,485.2891,161.5,489.2891,157.5,485.2891" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="155.5" x2="388.5" y1="485.2891" y2="485.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="215" x="167.5" y="480.2231">Response: "the request is denied"</text><path d="M134.5,506.2891 L330.5,506.2891 L330.5,513.2891 L320.5,523.2891 L134.5,523.2891 L134.5,506.2891 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="177.7969" style="stroke: #000000; stroke-width: 2.0;" width="986" x="134.5" y="506.2891"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="151" x="149.5" y="519.356">Perform a request B</text><polygon fill="#A80036" points="377.5,545.5547,387.5,549.5547,377.5,553.5547,381.5,549.5547" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="150.5" x2="383.5" y1="549.5547" y2="549.5547"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="157.5" y="544.4888">Sending a request</text><polygon fill="#A80036" points="810.5,574.6875,820.5,578.6875,810.5,582.6875,814.5,578.6875" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="389.5" x2="816.5" y1="578.6875" y2="578.6875"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="199" x="396.5" y="573.6216">Check if APE allows the request</text><path d="M545.5,591.6875 L545.5,616.6875 L1095.5,616.6875 L1095.5,601.6875 L1085.5,591.6875 L545.5,591.6875 " fill="#FBFB77" filter="url(#f1vrzas1fwodf6)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M1085.5,591.6875 L1085.5,601.6875 L1095.5,601.6875 L1085.5,591.6875 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="529" x="551.5" y="608.7544">Fetches local overrides and rules defined for a target/targets and looks for a match</text><polygon fill="#A80036" points="400.5,642.9531,390.5,646.9531,400.5,650.9531,396.5,646.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="394.5" x2="821.5" y1="646.9531" y2="646.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="181" x="406.5" y="641.8872">APE returns status: "ALLOW"</text><polygon fill="#A80036" points="161.5,672.0859,151.5,676.0859,161.5,680.0859,157.5,676.0859" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="155.5" x2="388.5" y1="676.0859" y2="676.0859"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="98" x="167.5" y="671.02">Response: "OK"</text><!--MD5=[e23ac9467eb60061ceeecaa3efeeb687]
|
|
@startuml storage node ape
|
|
!pragma teoz true
|
|
|
|
participant "Administrator" as administrator
|
|
participant "Client" as client
|
|
|
|
box "Storage node" #Green
|
|
participant "Object service" as obj
|
|
participant "Control service" as control
|
|
end box
|
|
|
|
box "Access Policy Engine" #LightGreen
|
|
participant "Local override storage" as localOverrides
|
|
participant "Chain Router" as chainRouter
|
|
participant "Morph rule storage" as morphRuleStorage
|
|
end box
|
|
|
|
group Set local override
|
|
client -> control: Add local override
|
|
control -> localOverrides: Save override in DB
|
|
localOverrides -> control: OK
|
|
control -> client: OK
|
|
end
|
|
|
|
group Update state in Policy contract
|
|
administrator -> morphRuleStorage: Add chain
|
|
morphRuleStorage -> administrator: OK
|
|
end
|
|
|
|
group Perform a request A
|
|
client -> obj : Sending a request
|
|
obj -> chainRouter: Check if APE allows the request
|
|
note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
|
|
chainRouter -> obj: APE returns status: "ACCESS DENIED"
|
|
obj -> client: Response: "the request is denied"
|
|
end
|
|
|
|
group Perform a request B
|
|
client -> obj : Sending a request
|
|
obj -> chainRouter: Check if APE allows the request
|
|
note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
|
|
chainRouter -> obj: APE returns status: "ALLOW"
|
|
obj -> client: Response: "OK"
|
|
end
|
|
|
|
@enduml
|
|
|
|
PlantUML version 1.2020.02(Sun Mar 01 13:22:07 MSK 2020)
|
|
(GPL source distribution)
|
|
Java Runtime: OpenJDK Runtime Environment
|
|
JVM: OpenJDK 64-Bit Server VM
|
|
Java Version: 11.0.22+7-post-Ubuntu-0ubuntu222.04.1
|
|
Operating System: Linux
|
|
Default Encoding: UTF-8
|
|
Language: en
|
|
Country: null
|
|
--></g></svg> |