diff options
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/ENVOY.md | 55 |
1 files changed, 6 insertions, 49 deletions
diff --git a/share/man/ENVOY.md b/share/man/ENVOY.md index dad2b1c..01607ae 100644 --- a/share/man/ENVOY.md +++ b/share/man/ENVOY.md @@ -1,10 +1,10 @@ # Envoy -Envoy Proxy is described as an edge and service proxy. What this means is that -Envoy can take care of managing inbound and outbound networks requests to and -from your application. This allows your application to not to have to worry -about managing key material like OAuth Client secrets, JSON Web Tokens (JWTs), -and other sensitive information. +Envoy Proxy is described as an edge and service proxy. This means that +Envoy can take care of managing inbound and outbound networks requests +to and from your application. This allows your application to not to +have to worry about managing key material like OAuth Client secrets, +JSON Web Tokens (JWTs), and other sensitive information. Envoy provides a plugin system that allows application developers to use built in plugins to handle things like: @@ -83,25 +83,6 @@ understand whether a rigorous authentication and authorization check is warranted or not. The passenger is responsible for obtaining a passport, boarding pass, bus ticket from trusted and reputable authorities. -```sequence - +-----------+ +------------+ +-----+ - | Passenger | | Bus Driver | | Bus | - +-----------+ +------------+ +-----+ - | | | - |-- request access --> | - | | | - |<- request ticket --| | - | | | - |-- present ticket --> authorize (bus #, expiration, fake/legit?) - | | | - |<--- grant access --| | - | | | - |--- board bus ---------------------------->| - --------------------------------------------------------- - |<--- deny access --| -``` - ```mermaid sequenceDiagram participant P as Passenger @@ -136,28 +117,6 @@ passenger could give the token to someone else (for example a child) so that they can access the resource. The security context of this resource does not warrant the need for authentication and only requires authorization. -```uml -+-----------+ +----------------+ +----------------+ +-------+ -| Passenger | | Security Agent | | Boarding Agent | | Plane | -+-----------+ +----------------+ +----------------+ +-------+ - | | | | - |-- request access to gate -->| | | - |<--- request boarding pass ---| | | - | | | | - |-- present boarding pass ---->| | | - | |-> validate pass | | - |<-- allow access to gate -----| | | - | | | | - |-- request access to board plane ----------------->| | - |<--- request passport -----------------------------| | - |-- present passport ------------------------------>| | - |<--- request boarding pass ------------------------| | - |-- present boarding pass ------------------------->| | - |<----- allow access to board plane | | - | | | | - |--- board plane ------------------------------------------------->| -``` - ```mermaid sequenceDiagram participant P as Passenger @@ -168,7 +127,7 @@ sequenceDiagram P->>SA: request access to gate SA->>P: request boarding pass P->>SA: present boarding pass - SA->>SA: validate pass + SA->>SA: validate boarding pass SA->>P: allow access to gate P->>BA: request access to board plane @@ -376,7 +335,6 @@ static_resources: port_value: 8080 ``` - ### Authentication Flow ```mermaid @@ -605,4 +563,3 @@ func (svc *CheckService) Denied(ctx context.Context) *auth.CheckResponse { * https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/-/merge_requests/7 * https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/-/merge_requests/8 * https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/-/merge_requests/9 - |