| 1 | User interaction with the web application via the http or https protocol |
| 2 | The web application works with the API gateway via a reverse proxy |
| 3 | The user's login and password are transferred to the KeyCloak to perform the authentication procedure |
| 4 | To store the user's registration data and the hash of their password, KeyCloak uses the PostgreSQL |
| 5 | Integration of KeyCloak with the corporate LDAP directory allows you to use existing user accounts. Using OpenID Connect provides single sign-on for all connected applications |
| 7 | KeyCloak issues JSON Web Token (JWT) for web application access to Salt.Box components |
| 8 | Passing JWT as part of any request made by the web application |
| 9 | API Gateway validates JWT received as part of any request against the KeyCloak |
| 10 | If JWT is valid, API Gateway queries OPA (Open Policy Agent) for the token owner's access policy to Salt.Box |
| 11 | Checking for updates, receiving, packing and saving changes in bundles |
| 12 | If the access policy allows the user to make the request, API Gateway forwards the request to the core of the Salt.Box |
| 13 | Service Core stores temporary data (pillars data, jobs, job execution results) in the key-value Redis store |
| 14 | Salt engines also have access to Redis store, get from it and save Job Returns and other data structures. The results of job execution are saved with a specified time to live (TTL) |
| 15, 16 | The Core service makes synchronous calls (RPC) and processes events (Events) via a message broker based on Redis Pub/Sub channels, managed by the FastStream framework |
| 17 | Static data (collections, minion and master server parameters, job schemes, task templates, Salt.Box settings) are stored in a DB managed by MongoDB |
| 18 | After processing the request and executing the corresponding jobs on the SaltStack minion side, the Core service returns a response to the API gateway |
| 19 | The API gateway passes the response to the web application to display the result to the user |
| 20 | The Core service launches long-running asynchronous tasks via Taskiq, using RabbitMQ as a message broker. Additionally, Taskiq provides a scheduler for executing tasks |
| 21 | The request to the Salt.Box extension module is executed in the same way as in item 12 |
| 22 | The Salt.Box extension module launches long-running asynchronous tasks in the same way as in item 20 |
| 23 | After processing the request and executing the corresponding jobs on the SaltStack minion side, the Salt.Box extension module returns a response to the API gateway |
| 24 | Salt Master publishes jobs, receives events created by the minion, generates its own events |
| 25 | The minion receives tasks jobs, receives events created by the master, generates its own events |
| 26 | Receiving data from the Salt Master's built-in file server |
| 27 | Data returned by the minion (Job returns) |
