potyarkin/policy-engine
1
0
Fork 0
forked from TrueCloudLab/policy-engine
Code Pull requests Activity
policy-engine/docs/images/ape/s3_ape.svg
aarifullin 1f6f4163d4 [#71] docs: Introduce APE overview 
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 16:37:44 +00:00

73 lines
No EOL
22 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="852px" preserveAspectRatio="none" style="width:1612px;height:852px;" version="1.1" viewBox="0 0 1612 852" width="1612px" zoomAndPan="magnify"><defs><filter height="300%" id="f1l5dhsbmf5oik" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><rect fill="#FF69B4" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="105" x="394" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="18" x="437.5" y="16.0669">S3</text><rect fill="#FFB6C1" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="308" x="501" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="302" x="504" y="16.0669">Access Policy Engine (as s3 middleware)</text><rect fill="#DDDDDD" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="183" x="811" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="177" x="814" y="16.0669">Policy contract (shared)</text><rect fill="#90EE90" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="348" x="996" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="342" x="999" y="16.0669">Access Policy Engine (as storage middleware)</text><rect fill="#008000" height="837.9141" style="stroke: #A80036; stroke-width: 1.0;" width="255" x="1346" y="4"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="100" x="1423.5" y="16.0669">Storage node</text><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="191.9297" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="75.4297"/><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="162.7969" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="281.3594"/><rect fill="#FFFFFF" filter="url(#f1l5dhsbmf5oik)" height="328.4609" style="stroke: #000000; stroke-width: 2.0;" width="1463" x="13" y="458.1563"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="51" x2="51" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="164.5" x2="164.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="305.5" x2="305.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="446" x2="446" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="598.5" x2="598.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="744.5" x2="744.5" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="902" x2="902" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1080" x2="1080" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1229" x2="1229" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1408" x2="1408" y1="58.4297" y2="803.6172"/><line style="stroke: #A80036; stroke-width: 1.0; stroke-dasharray: 5.0,5.0;" x1="1536" x2="1536" y1="58.4297" y2="803.6172"/><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="23" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="30" y="43.1279">Client</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="53" x="23" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="39" x="30" y="822.6123">Client</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="38" x="143.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="24" x="150.5" y="43.1279">IAM</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="38" x="143.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="24" x="150.5" y="822.6123">IAM</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="160" x="223.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="146" x="230.5" y="43.1279">IAM -&gt; APE converter</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="160" x="223.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="146" x="230.5" y="822.6123">IAM -&gt; APE converter</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="93" x="398" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="79" x="405" y="43.1279">S3 gateway</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="93" x="398" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="79" x="405" y="822.6123">S3 gateway</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="513.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="520.5" y="43.1279">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="513.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="520.5" y="822.6123">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="99" x="693.5" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="85" x="700.5" y="43.1279">Chain router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="99" x="693.5" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="85" x="700.5" y="822.6123">Chain router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="828" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="835" y="43.1279">Morph rule storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="145" x="828" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="131" x="835" y="822.6123">Morph rule storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="1026" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="1033" y="43.1279">Chain Router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="104" x="1026" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="90" x="1033" y="822.6123">Chain Router</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="1144" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="1151" y="43.1279">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="166" x="1144" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="152" x="1151" y="822.6123">Local override storage</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="1350" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="1357" y="43.1279">Object service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="112" x="1350" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="98" x="1357" y="822.6123">Object service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="1476" y="23.1328"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="1483" y="43.1279">Control service</text><rect fill="#FEFECE" filter="url(#f1l5dhsbmf5oik)" height="30.2969" style="stroke: #A80036; stroke-width: 1.5;" width="117" x="1476" y="802.6172"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacingAndGlyphs" textLength="103" x="1483" y="822.6123">Control service</text><path d="M13,75.4297 L261,75.4297 L261,82.4297 L251,92.4297 L13,92.4297 L13,75.4297 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="191.9297" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="75.4297"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="203" x="28" y="88.4966">Request IAM to set a policy</text><polygon fill="#A80036" points="152.5,109.6953,162.5,113.6953,152.5,117.6953,156.5,113.6953" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="158.5" y1="113.6953" y2="113.6953"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="89" x="58.5" y="108.6294">Set IAM policy</text><polygon fill="#A80036" points="293.5,138.8281,303.5,142.8281,293.5,146.8281,297.5,142.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="299.5" y1="142.8281" y2="142.8281"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="171.5" y="137.7622">Convert IAM policy</text><polygon fill="#A80036" points="175.5,167.9609,165.5,171.9609,175.5,175.9609,171.5,171.9609" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="169.5" x2="304.5" y1="171.9609" y2="171.9609"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="181.5" y="166.895">Return APE chain</text><polygon fill="#A80036" points="890.5,197.0938,900.5,201.0938,890.5,205.0938,894.5,201.0938" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="896.5" y1="201.0938" y2="201.0938"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="197" x="171.5" y="196.0278">Store IAM policy and APE chain</text><polygon fill="#A80036" points="586.5,226.2266,596.5,230.2266,586.5,234.2266,590.5,230.2266" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="164.5" x2="592.5" y1="230.2266" y2="230.2266"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="139" x="171.5" y="225.1606">Set S3 local overrides</text><polygon fill="#A80036" points="62.5,255.3594,52.5,259.3594,62.5,263.3594,58.5,259.3594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="163.5" y1="259.3594" y2="259.3594"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="68.5" y="254.2935">OK</text><path d="M13,281.3594 L252,281.3594 L252,288.3594 L242,298.3594 L13,298.3594 L13,281.3594 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="162.7969" style="stroke: #000000; stroke-width: 2.0;" width="974" x="13" y="281.3594"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="194" x="28" y="294.4263">Request S3 to set a policy</text><polygon fill="#A80036" points="434.5,315.625,444.5,319.625,434.5,323.625,438.5,319.625" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="440.5" y1="319.625" y2="319.625"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="58.5" y="314.5591">Set bucket policy</text><polygon fill="#A80036" points="316.5,344.7578,306.5,348.7578,316.5,352.7578,312.5,348.7578" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="310.5" x2="445.5" y1="348.7578" y2="348.7578"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="117" x="322.5" y="343.6919">Convert IAM policy</text><polygon fill="#A80036" points="434.5,373.8906,444.5,377.8906,434.5,381.8906,438.5,377.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="305.5" x2="440.5" y1="377.8906" y2="377.8906"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="109" x="312.5" y="372.8247">Return APE chain</text><polygon fill="#A80036" points="890.5,403.0234,900.5,407.0234,890.5,411.0234,894.5,407.0234" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="896.5" y1="407.0234" y2="407.0234"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="217" x="453.5" y="401.9575">Store bucket policy and APE chain</text><polygon fill="#A80036" points="62.5,432.1563,52.5,436.1563,62.5,440.1563,58.5,436.1563" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="445.5" y1="436.1563" y2="436.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="18" x="68.5" y="431.0903">OK</text><path d="M13,458.1563 L135,458.1563 L135,465.1563 L125,475.1563 L13,475.1563 L13,458.1563 " fill="#EEEEEE" style="stroke: #000000; stroke-width: 1.0;"/><rect fill="none" height="328.4609" style="stroke: #000000; stroke-width: 2.0;" width="1463" x="13" y="458.1563"/><text fill="#000000" font-family="sans-serif" font-size="13" font-weight="bold" lengthAdjust="spacingAndGlyphs" textLength="77" x="28" y="471.2231">Get object</text><polygon fill="#A80036" points="434.5,492.4219,444.5,496.4219,434.5,500.4219,438.5,496.4219" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="51.5" x2="440.5" y1="496.4219" y2="496.4219"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="64" x="58.5" y="491.356">GetObject</text><polygon fill="#A80036" points="733,521.5547,743,525.5547,733,529.5547,737,525.5547" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="739" y1="525.5547" y2="525.5547"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="216" x="453.5" y="520.4888">Check if APE allows request for S3</text><path d="M586,538.5547 L586,563.5547 L900,563.5547 L900,548.5547 L890,538.5547 L586,538.5547 " fill="#FBFB77" filter="url(#f1l5dhsbmf5oik)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M890,538.5547 L890,548.5547 L900,548.5547 L890,538.5547 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="293" x="592" y="555.6216">matching the request with overrides and rules</text><polygon fill="#A80036" points="457.5,589.8203,447.5,593.8203,457.5,597.8203,453.5,593.8203" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="451.5" x2="744" y1="593.8203" y2="593.8203"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="94" x="463.5" y="588.7544">Status: ALLOW</text><polygon fill="#A80036" points="1396,618.9531,1406,622.9531,1396,626.9531,1400,622.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="446.5" x2="1402" y1="622.9531" y2="622.9531"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="66" x="453.5" y="617.8872">Get object</text><polygon fill="#A80036" points="1091,648.0859,1081,652.0859,1091,656.0859,1087,652.0859" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="1085" x2="1407" y1="652.0859" y2="652.0859"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="199" x="1097" y="647.02">Check if APE allows the request</text><path d="M921,665.0859 L921,690.0859 L1235,690.0859 L1235,675.0859 L1225,665.0859 L921,665.0859 " fill="#FBFB77" filter="url(#f1l5dhsbmf5oik)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M1225,665.0859 L1225,675.0859 L1235,675.0859 L1225,665.0859 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="293" x="927" y="682.1528">matching the request with overrides and rules</text><polygon fill="#A80036" points="1396,716.3516,1406,720.3516,1396,724.3516,1400,720.3516" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="1080" x2="1402" y1="720.3516" y2="720.3516"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="94" x="1087" y="715.2856">Status: ALLOW</text><polygon fill="#A80036" points="457.5,745.4844,447.5,749.4844,457.5,753.4844,453.5,749.4844" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="451.5" x2="1407" y1="749.4844" y2="749.4844"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="137" x="463.5" y="744.4185">Response: OK, Object</text><polygon fill="#A80036" points="62.5,774.6172,52.5,778.6172,62.5,782.6172,58.5,778.6172" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.0;" x1="56.5" x2="445.5" y1="778.6172" y2="778.6172"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="137" x="68.5" y="773.5513">Response: OK, Object</text><!--MD5=[4f7bfd8a138449b73a59d1b5879a7178]
@startuml s3 ape
participant "Client" as client
participant "IAM" as iam
participant "IAM -> APE converter" as converter
box "S3" #HotPink
participant "S3 gateway" as s3
end box
box "Access Policy Engine (as s3 middleware)" #LightPink
participant "Local override storage" as s3localOverrides
participant "Chain router" as s3chainRouter
end box
box "Policy contract (shared)"
participant "Morph rule storage" as morphRuleStorage
end box
box "Access Policy Engine (as storage middleware)" #LightGreen
participant "Chain Router" as storageChainRouter
participant "Local override storage" as storageLocalOverrides
end box
box "Storage node" #Green
participant "Object service" as obj
participant "Control service" as control
end box
group Request IAM to set a policy
client -> iam : Set IAM policy
iam -> converter : Convert IAM policy
converter -> iam : Return APE chain
iam -> morphRuleStorage : Store IAM policy and APE chain
iam -> s3localOverrides : Set S3 local overrides
iam -> client : OK
end
group Request S3 to set a policy
client -> s3 : Set bucket policy
s3 -> converter : Convert IAM policy
converter -> s3 : Return APE chain
s3 -> morphRuleStorage : Store bucket policy and APE chain
s3 -> client : OK
end
group Get object
client -> s3: GetObject
s3 -> s3chainRouter: Check if APE allows request for S3
note over s3chainRouter: matching the request with overrides and rules
s3chainRouter -> s3: Status: ALLOW
s3 -> obj: Get object
obj -> storageChainRouter: Check if APE allows the request
note over storageChainRouter : matching the request with overrides and rules
storageChainRouter -> obj: Status: ALLOW
obj -> s3: Response: OK, Object
s3 -> client: Response: OK, Object
end
@enduml
PlantUML version 1.2020.02(Sun Mar 01 13:22:07 MSK 2020)
(GPL source distribution)
Java Runtime: OpenJDK Runtime Environment
JVM: OpenJDK 64-Bit Server VM
Java Version: 11.0.22+7-post-Ubuntu-0ubuntu222.04.1
Operating System: Linux
Default Encoding: UTF-8
Language: en
Country: null
--></g></svg>
View git blame Copy permalink