Skip to content

Instantly share code, notes, and snippets.

@devorbitus

devorbitus/README.md

Last active March 7, 2024 19:38
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save devorbitus/0e7fa91f70ce72532695c87bab5e2b99 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save devorbitus/0e7fa91f70ce72532695c87bab5e2b99 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. devorbitus revised this gist Dec 19, 2023. 1 changed file with 27 additions and 29 deletions.
    56 changes: 27 additions & 29 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -45,42 +45,40 @@ A client calling a gateway in a cloud service provider which sends the request t

    ```mermaid
    sequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant Client
    participant CSP_Gateway as CSP Gateway
    participant Akeyless_SaaS as Akeyless SaaS Platform
    participant OnPrem_Gateway as On-Premises Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    participant Akeyless_SaaS as Akeyless SaaS Platform
    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    Client->>CSP_Gateway: Request secret from specific path
    CSP_Gateway->>Akeyless_SaaS: Forward request
    Akeyless_SaaS->>OnPrem_Gateway: Route request to on-prem
    OnPrem_Gateway->>DSP: Check if path matches custom producer
    alt Path matches
    DSP->>Webhook: Call out to validate request (1st time)
    Webhook->>Akeyless_SaaS: Verify request origin (1st time)
    DSP->>Webhook: Call out to validate request
    Webhook->>Akeyless_SaaS: Verify request origin
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification (1st time)
    Webhook->>DSP: Verification successful (1st time)
    DSP->>Webhook: Call out to validate request (2nd time)
    Webhook->>Akeyless_SaaS: Verify request origin (2nd time)
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification (2nd time)
    Webhook->>DSP: Verification successful (2nd time)
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    else Verification Failed (2nd time)
    Akeyless_SaaS->>Webhook: Deny verification (2nd time)
    Webhook->>DSP: Verification failed (2nd time)
    DSP->>G: Deny secret
    G->>C: Return error to client
    end
    else Verification Failed (1st time)
    Akeyless_SaaS->>Webhook: Deny verification (1st time)
    Webhook->>DSP: Verification failed (1st time)
    DSP->>G: Deny secret
    G->>C: Return error to client
    Akeyless_SaaS->>Webhook: Confirm verification
    Webhook->>DSP: Verification successful
    DSP->>DSP: Generate dynamic secret
    DSP->>OnPrem_Gateway: Return dynamic secret
    OnPrem_Gateway->>Akeyless_SaaS: Send response with secret
    Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
    CSP_Gateway->>Client: Return response to client
    else Verification Failed
    Akeyless_SaaS->>Webhook: Deny verification
    Webhook->>DSP: Verification failed
    DSP->>OnPrem_Gateway: Deny secret
    OnPrem_Gateway->>Akeyless_SaaS: Send denial response
    Akeyless_SaaS->>CSP_Gateway: Forward denial response
    CSP_Gateway->>Client: Return denial to client
    end
    else Path does not match
    G->>C: Return error or default behavior
    OnPrem_Gateway->>Akeyless_SaaS: Path does not match
    Akeyless_SaaS->>CSP_Gateway: Inform of mismatch
    CSP_Gateway->>Client: Return error or default behavior
    end
  2. devorbitus revised this gist Dec 19, 2023. 1 changed file with 33 additions and 24 deletions.
    57 changes: 33 additions & 24 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -45,33 +45,42 @@ A client calling a gateway in a cloud service provider which sends the request t

    ```mermaid
    sequenceDiagram
    participant Client
    participant CSP_Gateway as Cloud Service Provider Gateway
    participant Akeyless_SaaS as Akeyless SaaS Platform
    participant OnPrem_Gateway as On-Premises Gateway
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    participant Akeyless_SaaS as Akeyless SaaS Platform
    Client->>CSP_Gateway: Request secret/data
    CSP_Gateway->>Akeyless_SaaS: Forward request
    Akeyless_SaaS->>OnPrem_Gateway: Route request to on-prem
    OnPrem_Gateway->>DSP: Request dynamic secret
    DSP->>Webhook: Call out to validate request
    Webhook->>Akeyless_SaaS: Verify request origin
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification
    Webhook->>DSP: Verification successful
    DSP->>OnPrem_Gateway: Provide dynamic secret
    OnPrem_Gateway->>Akeyless_SaaS: Send response with secret
    Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
    CSP_Gateway->>Client: Return response to client
    else Verification Failed
    Akeyless_SaaS->>Webhook: Deny verification
    Webhook->>DSP: Verification failed
    DSP->>OnPrem_Gateway: Deny secret
    OnPrem_Gateway->>Akeyless_SaaS: Send denial response
    Akeyless_SaaS->>CSP_Gateway: Forward denial response
    CSP_Gateway->>Client: Return denial to client
    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    alt Path matches
    DSP->>Webhook: Call out to validate request (1st time)
    Webhook->>Akeyless_SaaS: Verify request origin (1st time)
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification (1st time)
    Webhook->>DSP: Verification successful (1st time)
    DSP->>Webhook: Call out to validate request (2nd time)
    Webhook->>Akeyless_SaaS: Verify request origin (2nd time)
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification (2nd time)
    Webhook->>DSP: Verification successful (2nd time)
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    else Verification Failed (2nd time)
    Akeyless_SaaS->>Webhook: Deny verification (2nd time)
    Webhook->>DSP: Verification failed (2nd time)
    DSP->>G: Deny secret
    G->>C: Return error to client
    end
    else Verification Failed (1st time)
    Akeyless_SaaS->>Webhook: Deny verification (1st time)
    Webhook->>DSP: Verification failed (1st time)
    DSP->>G: Deny secret
    G->>C: Return error to client
    end
    else Path does not match
    G->>C: Return error or default behavior
    end
  3. devorbitus revised this gist Dec 19, 2023. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -35,6 +35,7 @@ sequenceDiagram
    G->>C: Return error or default behavior
    end
    ```

    ## Local Gateway being fulfilled by remote Gateway
  4. devorbitus revised this gist Dec 19, 2023. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -6,7 +6,8 @@ Sequence diagrams for custom dynamic secret producers

    Sequence flow when client is communicating to the local gateway cluster who is responsible for sepaking with the custom dynamic secret producer webhook.

    ```mermaidsequenceDiagram
    ```mermaid
    sequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
  5. devorbitus revised this gist Dec 19, 2023. 1 changed file with 5 additions and 6 deletions.
    11 changes: 5 additions & 6 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -6,26 +6,26 @@ Sequence diagrams for custom dynamic secret producers

    Sequence flow when client is communicating to the local gateway cluster who is responsible for sepaking with the custom dynamic secret producer webhook.

    ```mermaid
    sequenceDiagram
    ```mermaidsequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    participant Akeyless_SaaS as Akeyless SaaS Platform
    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    alt Path matches
    DSP->>Webhook: Call out to validate request
    Webhook->>G: Verify request origin
    Webhook->>Akeyless_SaaS: Verify request origin
    alt Request Verified
    G->>Webhook: Confirm verification
    Akeyless_SaaS->>Webhook: Confirm verification
    Webhook->>DSP: Verification successful
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    else Verification Failed
    G->>Webhook: Deny verification
    Akeyless_SaaS->>Webhook: Deny verification
    Webhook->>DSP: Verification failed
    DSP->>G: Deny secret
    G->>C: Return error to client
    @@ -34,7 +34,6 @@ sequenceDiagram
    G->>C: Return error or default behavior
    end
    ```

    ## Local Gateway being fulfilled by remote Gateway
  6. devorbitus revised this gist Dec 19, 2023. 1 changed file with 16 additions and 3 deletions.
    19 changes: 16 additions & 3 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -11,17 +11,30 @@ sequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    alt Path matches
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    DSP->>Webhook: Call out to validate request
    Webhook->>G: Verify request origin
    alt Request Verified
    G->>Webhook: Confirm verification
    Webhook->>DSP: Verification successful
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    else Verification Failed
    G->>Webhook: Deny verification
    Webhook->>DSP: Verification failed
    DSP->>G: Deny secret
    G->>C: Return error to client
    end
    else Path does not match
    G->>C: Return error or default behavior
    end
    ```

    ## Local Gateway being fulfilled by remote Gateway
  7. devorbitus revised this gist Dec 19, 2023. 1 changed file with 21 additions and 4 deletions.
    25 changes: 21 additions & 4 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -35,13 +35,30 @@ sequenceDiagram
    participant CSP_Gateway as Cloud Service Provider Gateway
    participant Akeyless_SaaS as Akeyless SaaS Platform
    participant OnPrem_Gateway as On-Premises Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    Client->>CSP_Gateway: Request secret/data
    CSP_Gateway->>Akeyless_SaaS: Forward request
    Akeyless_SaaS->>OnPrem_Gateway: Route request to on-prem
    OnPrem_Gateway->>OnPrem_Gateway: Process and fulfill request
    OnPrem_Gateway->>Akeyless_SaaS: Send response
    Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
    CSP_Gateway->>Client: Return response to client
    OnPrem_Gateway->>DSP: Request dynamic secret
    DSP->>Webhook: Call out to validate request
    Webhook->>Akeyless_SaaS: Verify request origin
    alt Request Verified
    Akeyless_SaaS->>Webhook: Confirm verification
    Webhook->>DSP: Verification successful
    DSP->>OnPrem_Gateway: Provide dynamic secret
    OnPrem_Gateway->>Akeyless_SaaS: Send response with secret
    Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
    CSP_Gateway->>Client: Return response to client
    else Verification Failed
    Akeyless_SaaS->>Webhook: Deny verification
    Webhook->>DSP: Verification failed
    DSP->>OnPrem_Gateway: Deny secret
    OnPrem_Gateway->>Akeyless_SaaS: Send denial response
    Akeyless_SaaS->>CSP_Gateway: Forward denial response
    CSP_Gateway->>Client: Return denial to client
    end
    ```
  8. devorbitus created this gist Dec 19, 2023.
    47 changes: 47 additions & 0 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,47 @@
    # Akeyless Custom Dynamic Secret Producer Sequence

    Sequence diagrams for custom dynamic secret producers

    ## Local Gateway

    Sequence flow when client is communicating to the local gateway cluster who is responsible for sepaking with the custom dynamic secret producer webhook.

    ```mermaid
    sequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    alt Path matches
    DSP->>DSP: Generate dynamic secret
    DSP->>G: Return dynamic secret
    G->>C: Provide secret to client
    else Path does not match
    G->>C: Return error or default behavior
    end
    ```

    ## Local Gateway being fulfilled by remote Gateway

    A client calling a gateway in a cloud service provider which sends the request through the SaaS platform and directs the request to an on-prem gateway who fulfills the request and sends the response back through the SaaS to the requesting gateway and back to the requesting client.


    ```mermaid
    sequenceDiagram
    participant Client
    participant CSP_Gateway as Cloud Service Provider Gateway
    participant Akeyless_SaaS as Akeyless SaaS Platform
    participant OnPrem_Gateway as On-Premises Gateway
    Client->>CSP_Gateway: Request secret/data
    CSP_Gateway->>Akeyless_SaaS: Forward request
    Akeyless_SaaS->>OnPrem_Gateway: Route request to on-prem
    OnPrem_Gateway->>OnPrem_Gateway: Process and fulfill request
    OnPrem_Gateway->>Akeyless_SaaS: Send response
    Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
    CSP_Gateway->>Client: Return response to client
    ```