generated from TrueCloudLab/basic
46 lines
No EOL
1.4 KiB
Text
46 lines
No EOL
1.4 KiB
Text
@startuml storage node ape
|
|
!pragma teoz true
|
|
|
|
participant "Administrator" as administrator
|
|
participant "Client" as client
|
|
|
|
box "Storage node" #Green
|
|
participant "Object service" as obj
|
|
participant "Control service" as control
|
|
end box
|
|
|
|
box "Access Policy Engine" #LightGreen
|
|
participant "Local override storage" as localOverrides
|
|
participant "Chain Router" as chainRouter
|
|
participant "Morph rule storage" as morphRuleStorage
|
|
end box
|
|
|
|
group Set local override
|
|
client -> control: Add local override
|
|
control -> localOverrides: Save override in DB
|
|
localOverrides -> control: OK
|
|
control -> client: OK
|
|
end
|
|
|
|
group Update state in Policy contract
|
|
administrator -> morphRuleStorage: Add chain
|
|
morphRuleStorage -> administrator: OK
|
|
end
|
|
|
|
group Perform a request A
|
|
client -> obj : Sending a request
|
|
obj -> chainRouter: Check if APE allows the request
|
|
note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
|
|
chainRouter -> obj: APE returns status: "ACCESS DENIED"
|
|
obj -> client: Response: "the request is denied"
|
|
end
|
|
|
|
group Perform a request B
|
|
client -> obj : Sending a request
|
|
obj -> chainRouter: Check if APE allows the request
|
|
note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
|
|
chainRouter -> obj: APE returns status: "ALLOW"
|
|
obj -> client: Response: "OK"
|
|
end
|
|
|
|
@enduml |