Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PlantUML Macro
@startuml

rectangle vault_server as "Vault server" {
    rectangle jwt_auth as "JWT aeuthauth (GitHub)" {
        collections jwt_roles as "JWT roles"
        file jwt_role as "JWT role"
        jwt_roles . jwt_role
    }

    collections vault_policies as "Vault policies"
    file vault_policy as "Vault policy"
    vault_policies . vault_policy

    collections vault_secrets as "Vault secrets"
    file vault_secret as "Vault secret"
    vault_secrets . vault_secret
    vault_policy --> vault_secret : read

    agent rt_plugin as "Artifactory plugin"
    collections rt_roles as "Artifactory roles"
    file rt_role as "Artifactory role"
    rt_roles . rt_role

    vault_policy --> rt_plugin : read
    rt_plugin --> rt_role : scope

}

rectangle github as "GitHub infra" {
    file workflow as "Actions workflow"
    node runner as "Actions runner"

    database token_issuer as "Token issuer"
    workflow --> runner
    workflow -> token_issuer

    circle token as "GitHub token"

    token_issuer .> token
    runner -> token
}

rectangle artifactory as "Artifactory server" {
    collections access_tokens as "Access tokens"
    file access_token as "Access token"
    access_tokens -> access_token
    access_token --> rt_plugin : consume
    rt_role --> access_tokens : generate
}

jwt_role <-- token : match on claims
jwt_role --> vault_policy : map to policy



@enduml

...