Skip to content

Commit 44511ae

Browse files
tellieretelliere
committed
data preparation sequence diagram
1 parent e925731 commit 44511ae

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

docs/architecture/data_preparation.md

+39
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Data preparation
2+
3+
This step consists in using an input directory, encrypt it and ship it to the supercomputing site, it's decryption key to the vault.
4+
5+
## Sequence diagram of data preparation
6+
7+
```mermaid
8+
sequenceDiagram
9+
User -->> Data Preparation container: spawns using docker-compose
10+
Data Preparation container -->> Spire Agent: spawns using `spawn_agent.py`
11+
Spire Agent ->> Spire Server: Runs node attestation
12+
Spire Server ->> Spire Agent: Attests node, provide SVIDs for linked identities
13+
Data Preparation container ->> Data Preparation container: Prepare data, results in an encrypted tgz and a private key
14+
Data Preparation container ->> Spire Agent: Fetches API to get an SVID
15+
Spire Agent ->> Data Preparation container: Provides SVID
16+
Data Preparation container ->> Vault: Log-in using SVID
17+
Vault ->> Data Preparation container: Returns an authentication token (write only on client's path)
18+
Data Preparation container ->> Vault: Write private key using authentication token
19+
Vault ->> Data Preparation container:
20+
Data Preparation container ->> HPCS Server: Request creation of workloads (compute nodes, users, groups ...) authorized to access the key and using SVID to authenticate
21+
HPCS Server ->> Spire Server: Validate SVID
22+
Spire Server ->> HPCS Spire Agent:
23+
HPCS Spire Agent ->> Spire Server: Validate SVID
24+
Spire Server ->> HPCS Server:
25+
HPCS Server ->> Spire Server: Create workloads identities to access the key
26+
Spire Server ->> HPCS Server:
27+
HPCS Server ->> Vault: Create role and policy to access the key
28+
Vault ->> HPCS Server:
29+
HPCS Server ->> Data Preparation container: SpiffeID & role to access the container, path to the secret
30+
Data Preparation container ->> Data Preparation container: Parse info file based on previous steps
31+
Data Preparation container ->> Supercomputer: Ship encrypted containe
32+
Supercomputer ->> Data Preparation container:
33+
Data Preparation container ->> Supercomputer: Ship info file
34+
Supercomputer ->> Data Preparation container:
35+
Data Preparation container -->> Spire Agent: Kills
36+
Spire Agent -->> Data Preparation container:
37+
Spire Agent -->> Data Preparation container: Dies
38+
Data Preparation container -->> User: Finishes
39+
```

0 commit comments

Comments
 (0)