diff --git a/out/diagrams/pages/builds.png b/out/diagrams/pages/builds.png index 2c31f3e..5764564 100644 Binary files a/out/diagrams/pages/builds.png and b/out/diagrams/pages/builds.png differ diff --git a/out/diagrams/pages/builds.svg b/out/diagrams/pages/builds.svg new file mode 100644 index 0000000..61eedac --- /dev/null +++ b/out/diagrams/pages/builds.svg @@ -0,0 +1 @@ +
AWS Gov Cloud
GSA Authorized SaaS Connection
cloud.gov platform
Pages cloud.gov production space
cloud.gov space services
Commits update to source code
HTTPS/443
Webhook request to start build
HTTPS/443
Proxy request
HTTPS/443
Creates site build record
HTTPS/443
Starts site build event
HTTPS/443
Listens for new site build event
HTTPS/443
Sends site build task request
HTTPS/443
Starts site build task
HTTPS/443
Publishes site files
HTTPS/443
Sends build status
HTTPS/443
Sends build logs
HTTPS/443
Legend
👤 User
Process
Database
Load Balancer / Router
Pages Web Application
*Node.js
Pages Build Container
Builds and publishes site
*Docker
Pages Builder
Starts a site build
*Node.js
Control Plane
*CloudFoundry Task
Database
*AWS RDS Postgres
Key/Value Store
*AWS Elasticache Redis
Object Store
*AWS S3
Customer Site Source Control
*GitHub
👤
UnPrivileged User
*A Pages customer
 \ No newline at end of file diff --git a/out/diagrams/pages/cicd.png b/out/diagrams/pages/cicd.png index 5c5554b..1971c24 100644 Binary files a/out/diagrams/pages/cicd.png and b/out/diagrams/pages/cicd.png differ diff --git a/out/diagrams/pages/cicd.svg b/out/diagrams/pages/cicd.svg new file mode 100644 index 0000000..4e2a99e --- /dev/null +++ b/out/diagrams/pages/cicd.svg @@ -0,0 +1 @@ +
AWS Gov Cloud
GSA Authorized SaaS Connection
cloud.gov tooling
cloud.gov platform
CI: Concourse CI
Pages cloud.gov production space
Merges Pull Request
HTTPS/443
Polls Source Code For Update
SSH/22
Pulls Test Container Image
Runs Tests
No
Yes
Pulls Deploy Container Image
No
Yes
Yes
Legend
👤 User
Process
Database
Decision
Pages Web Application
*Node.js
Container Registry Store
*AWS ECR
Test Source Code
*CI Task
Are tests passing?
Deploy Pages App
*CI Tasks

Notify Success Status
*CI Tasks

Notify Failure Status
*CI Tasks
Did Pages app deploy?
Source Control
*GitHub
👤
Privileged User
*A Pages Operator
 \ No newline at end of file diff --git a/out/diagrams/pages/public_flow.png b/out/diagrams/pages/public_flow.png index bc93672..b67f41d 100644 Binary files a/out/diagrams/pages/public_flow.png and b/out/diagrams/pages/public_flow.png differ diff --git a/out/diagrams/pages/public_flow.svg b/out/diagrams/pages/public_flow.svg new file mode 100644 index 0000000..7d8e95f --- /dev/null +++ b/out/diagrams/pages/public_flow.svg @@ -0,0 +1 @@ +
AWS Gov Cloud
AWS Commercial Cloud
cloud.gov platform
Pages cloud.gov production space
cloud.gov space services
cloud.gov platform
Views Static Content
HTTPS/443
Yes
No
Proxy Request
HTTPS/443
Proxy Request
HTTPS/443
Proxy Site Requests
HTTPS/443
Legend
👤 User
Process
Database
Decision
Load Balancer / Router
AWS Application Load Balancer
Pages Proxy Application
*NGINX
Object Store
*AWS S3
CDN
AWS CloudFront
👤
Public User
*A member of the public
Is request cached
 \ No newline at end of file diff --git a/out/diagrams/pages/web.png b/out/diagrams/pages/web.png index 16ae896..ffc4517 100644 Binary files a/out/diagrams/pages/web.png and b/out/diagrams/pages/web.png differ diff --git a/out/diagrams/pages/web.svg b/out/diagrams/pages/web.svg new file mode 100644 index 0000000..6c804c6 --- /dev/null +++ b/out/diagrams/pages/web.svg @@ -0,0 +1 @@ +
AWS Gov Cloud
AWS Gov Cloud
GSA Authorized SaaS Monitoring
GSA Authorized SaaS Connection
cloud.gov platform
Pages cloud.gov production space
cloud.gov space services
cloud.gov platform
Request Content
HTTPS/443
Authenticates
HTTPS/443
Request Content
HTTPS/443
Authenticates
HTTPS/443
Authorizes Oauth
HTTPS/443
Stores Oauth Token
HTTPs/443
Reports Usage
HTTPS/4443
Proxy Request
HTTPS/443
Read/Write Site Management
Authenticated HTTPS/443
Read/Write Site Notifications
Authenticated HTTPS/443
Request Send Email
Authenticated HTTPS/443
Sends Email
SMTP
Legend
👤 User
Process
Database
Software as a service
*SaaS
Pages Web Application
*Node.js
Pages Mailer
*Node.js
SMTP Server
*Postfix
Database
*AWS RDS Postgres
Key/Value Store
*AWS Elasticache Redis
Load Balancer / Router
Authentication Provider
*UAA
Analytics
*DAP
Authorization Provider
*GitHub
👤
Privileged User
*Pages Operator
👤
Unprivileged User
*Pages Cusomter
 \ No newline at end of file diff --git a/source/diagrams/pages/README.md b/source/diagrams/pages/README.md new file mode 100644 index 0000000..f482ca6 --- /dev/null +++ b/source/diagrams/pages/README.md @@ -0,0 +1,27 @@ +cg-diagrams Pages +================= + +Information about the cloud.gov Pages diagrams and how to create them. These diagrams are related to the system's different data and workflows using [mermaid diagrams](https://mermaid.js.org/). + +## How to + +The diagrams are written in mermaid and the diagram images are generated using the [mermaid cli](https://github.com/mermaid-js/mermaid-cli) + +### Generating diagram images + +#### Install the CLI + +`npm install -g @mermaid-js/mermaid-cli` + +#### Generate an image from a diagram + +`mmdc -i source/diagrams/pages/diagram-a.mmd -o out/diagrams/pages/diagram-a.png --width 2500` + +Options: +- `-i`: Input mermaid diagram +- `-o`: Output PNG image +- `--width`: Width of the out put *Note: Diagram width in output is 25000* + +#### Storing the diagram images + +All generated images should be stored in [out/diagrams/pages](../../../out/diagrams/pages/) and should be named the same as the corresponding mermaid diagram. diff --git a/source/diagrams/pages/builds.mmd b/source/diagrams/pages/builds.mmd new file mode 100644 index 0000000..7e6f379 --- /dev/null +++ b/source/diagrams/pages/builds.mmd @@ -0,0 +1,70 @@ +flowchart TB + %% Styles + classDef userStyle stroke:#167CC5,stroke-width:4px + classDef processStyle stroke:#bc0061,stroke-width:4px + classDef processSuccessStyle stroke:#bc0061,stroke-width:4px + classDef decisionStyle stroke:#ea8d02,stroke-width:4px + classDef saasStyle stroke:#f2ff07,stroke-width:4px + classDef dbStyle stroke:#010daf,stroke-width:4px + + %% Component Defintions + + %% Users + user["👤
UnPrivileged User
*A Pages customer"]:::userStyle + + %% Processors + aws_load_balancer[Load Balancer / Router]:::processStyle + pages_app[Pages Web Application
*Node.js]:::processStyle + pages_builder[Pages Builder
Starts a site build
*Node.js]:::processStyle + pages_build_container[Pages Build Container
Builds and publishes site
*Docker]:::processStyle + control_plane[Control Plane
*CloudFoundry Task]:::processStyle + + %% SaaS + gh_source[Customer Site Source Control
*GitHub]:::saasStyle + + %% Store + database[(Database
*AWS RDS Postgres)]:::dbStyle + key_value_store[(Key/Value Store
*AWS Elasticache Redis)]:::dbStyle + s3[(Object Store
*AWS S3)]:::dbStyle + + %% Flow + user -- Commits update to source code
HTTPS/443 --> gh_source + gh_source -- Webhook request to start build
HTTPS/443 --> aws_load_balancer + aws_load_balancer -- Proxy request
HTTPS/443 --> pages_app + pages_app -- Creates site build record
HTTPS/443 --> database + pages_app -- Starts site build event
HTTPS/443 --> key_value_store + pages_builder -- Listens for new site build event
HTTPS/443 --> key_value_store + pages_builder -- Sends site build task request
HTTPS/443 --> control_plane + control_plane -- Starts site build task
HTTPS/443 --> pages_build_container + pages_build_container -- Publishes site files
HTTPS/443 --> s3 + pages_build_container -- Sends build status
HTTPS/443 --> pages_app + pages_build_container -- Sends build logs
HTTPS/443 --> database + + %% Layout + subgraph GSA Authorized SaaS Connection + gh_source + end + + subgraph AWS Gov Cloud + aws_load_balancer + subgraph cloud.gov platform + subgraph Pages cloud.gov production space + pages_app + pages_build_container + pages_builder + control_plane + subgraph cloud.gov space services + database + key_value_store + s3 + end + end + end + end + + subgraph Legend + direction BT + legend_user["👤 User"]:::userStyle + legend_process[Process]:::processStyle + legend_db[(Database)]:::dbStyle + end diff --git a/source/diagrams/pages/builds.puml b/source/diagrams/pages/builds.puml deleted file mode 100644 index 2d901cd..0000000 --- a/source/diagrams/pages/builds.puml +++ /dev/null @@ -1,100 +0,0 @@ -@startuml builds -!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml -'https://github.com/plantuml-stdlib/C4-PlantUML - -title Customer Site Builds - -AddRelTag("TLS", $textColor="grey", $lineColor="green", $lineStyle=BoldLine()) - -Person(npu, "Nonprivileged User", "A cloud.gov Pages Customer") -'note "Auth: Token" as webhook - -Boundary(gsa, "Agency Authorized VCS") { - System_Ext(gh, "Customer Source Control", "e.g., Github") -} - -Boundary(gsa2, "GSA Authorized SaaS") { - System_Ext(nr, "Monitoring", "New Relic") -} - -Boundary(awsgov, "AWS GovCloud") { - Boundary(cloudgov, "cloud.gov") { - Container(core, "Pages Web", "Node JS") - Container(builder, "Pages Builder", "Node JS") - Container(build, "Pages Build Container", "Docker Image") - Boundary(cloudgovnetwork, "cloud.gov platform - network") { - System(elb, "Load Balancer / Router", "cloud.gov") - } - Boundary(cloudgovplat, "cloud.gov platform") { - System(cc, "Control Plane", "cloud.gov") - SystemDb(db, "Database", "AWS RDS Postgres") - SystemDb(redis, "Key/Value Store", "AWS Elasticache Redis") - SystemDb(s3, "Object Storage", "AWS S3") - } - } -} -Rel(core, nr, "reports telemetry", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -Rel(npu, gh, "1. commits code modification", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: MFA -end note - -Rel(gh, elb, "2. sends webhook notification", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -Rel(elb, core, "3. proxies request", "HTTPS 443 (T)", $tags="TLS") - -Rel(core, redis, "4. sends build message", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(builder, redis, "5. requests build message", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(builder, cc, "6. requests build", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(cc, build, "7. starts build task", $tags="TLS") - -Rel(build, gh, "8. checks out code", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(build, s3, "9a. sends build results", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(build, db, "9b. sends build logs", "HTTPS 443 (T)", $tags="TLS") -Rel(build, core, "9c. updates status", "HTTPS 443 (T)", $tags="TLS") - -' Other flows -Rel(core, db, "reads/writes build metadata & configuration", "TCP * (T)", $tags="TLS") -note on link - Auth: Credentials/Network -end note - -Rel(core, redis, "reads/writes build notifications", "TCP * (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -' Authentication annotations -'npu .. githubpagesauth -'githubpagesauth .. core -'gh . webhook -'webhook ... core -SHOW_LEGEND() -@enduml diff --git a/source/diagrams/pages/cicd.mmd b/source/diagrams/pages/cicd.mmd new file mode 100644 index 0000000..1e9b17b --- /dev/null +++ b/source/diagrams/pages/cicd.mmd @@ -0,0 +1,77 @@ +flowchart TB + %% Styles + classDef userStyle stroke:#167CC5,stroke-width:4px + classDef processStyle stroke:#bc0061,stroke-width:4px + classDef processSuccessStyle stroke:#bc0061,stroke-width:4px + classDef decisionStyle stroke:#ea8d02,stroke-width:4px + classDef saasStyle stroke:#f2ff07,stroke-width:4px + classDef dbStyle stroke:#010daf,stroke-width:4px + + %% Component Defintions + + %% Users + user["👤
Privileged User
*A Pages Operator"]:::userStyle + + %% Processors + ci_test[Test Source Code
*CI Task]:::processStyle + ci_deploy[Deploy Pages App
*CI Tasks]:::processStyle + ci_notify_success["✅
Notify Success Status
*CI Tasks"]:::processSuccessStyle + ci_notify_failure["❌
Notify Failure Status
*CI Tasks"]:::processStyle + pages_app[Pages Web Application
*Node.js]:::processStyle + + %% Decisions + did_tests_pass{Are tests passing?}:::decisionStyle + did_deploy{Did Pages app deploy?}:::decisionStyle + + %% SaaS + gh_source[Source Control
*GitHub]:::saasStyle + + %% Store + container_registry[(Container Registry Store
*AWS ECR)]:::processStyle + + %% Flow + user -- Merges Pull Request
HTTPS/443 --> gh_source + ci_test <-- Polls Source Code For Update
SSH/22 --> gh_source + ci_test <-- Pulls Test Container Image --> container_registry + ci_test -- Runs Tests --> did_tests_pass + did_tests_pass -- No --> ci_notify_failure + did_tests_pass -- Yes --> ci_deploy + ci_deploy <-- Pulls Deploy Container Image --> container_registry + ci_deploy --> did_deploy + did_deploy -- No --> ci_notify_failure + did_deploy -- Yes --> pages_app + did_deploy -- Yes --> ci_notify_success + ci_notify_success --> gh_source + ci_notify_failure --> gh_source + + %% Layout + subgraph GSA Authorized SaaS Connection + gh_source + end + + subgraph AWS Gov Cloud + subgraph cloud.gov tooling + subgraph CI: Concourse CI + ci_test + did_tests_pass + ci_deploy + ci_notify_success + ci_notify_failure + did_deploy + end + container_registry + end + subgraph cloud.gov platform + subgraph Pages cloud.gov production space + pages_app + end + end + end + + subgraph Legend + direction BT + legend_user["👤 User"]:::userStyle + legend_process[Process]:::processStyle + legend_db[(Database)]:::dbStyle + legend_decision{Decision}:::decisionStyle + end diff --git a/source/diagrams/pages/cicd.puml b/source/diagrams/pages/cicd.puml deleted file mode 100644 index 1cb8aeb..0000000 --- a/source/diagrams/pages/cicd.puml +++ /dev/null @@ -1,70 +0,0 @@ -@startuml cicd -!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml -'https://github.com/plantuml-stdlib/C4-PlantUML - -title Continuous Integration - -AddRelTag("TLS", $textColor="grey", $lineColor="green", $lineStyle=BoldLine()) -AddRelTag("TLS Optional", $textColor="grey", $lineColor="green", $lineStyle=DashedLine()) - -Boundary(aws, "AWS GovCloud") { - Boundary(cg, "cloud.gov") { - System(concourse, "CI", "Concourse") - Boundary(cgp, "cloud.gov platform") { - System(cp, "Control Plane", "cloud.gov") - Container(app, "Pages Application", "NodeJS/nginx/Docker", $descr="The target application") - } - } -} - -Boundary(gsa1, "GSA Authorized SaaS") { - System_Ext(gh, "Source Control", "Github") -} - -Boundary(gsa2, "GSA Authorized SaaS") { - System_Ext(dh, "Container Registry", "DockerHub") - System_Ext(cc, "Static Analysis", "Code Climate") -} - -Person(pu, "Privileged User", "A Pages Developer") -Rel(pu, gh, "1. merges pull requst", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: MFA -end note - -Rel(concourse, gh, "2. polls for changes", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -Rel(concourse, concourse, "3. runs pipeline") - -Rel(concourse, cc, "4a sends analysis results", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -Rel(concourse, dh, "4b. sends image", "HTTPS 443 (T)", $tags="TLS Optional") -note on link - Auth: Credentials -end note - -Rel(concourse, cp, "4c. sends source and manifest or image name", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(concourse, gh, "4d. updates status", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -Rel(cp, dh, "5a. fetches image", "HTTPS 443 (T)", $tags="TLS Optional") -note on link - Auth: Credentials -end note - -Rel(cp, app, "5b. deploys application", "internal", $tags="TLS") - -SHOW_LEGEND() -@enduml \ No newline at end of file diff --git a/source/diagrams/pages/public_flow.mmd b/source/diagrams/pages/public_flow.mmd new file mode 100644 index 0000000..05d6b6e --- /dev/null +++ b/source/diagrams/pages/public_flow.mmd @@ -0,0 +1,58 @@ +flowchart TB + %% Styles + classDef userStyle stroke:#167CC5,stroke-width:4px + classDef processStyle stroke:#bc0061,stroke-width:4px + classDef decisionStyle stroke:#ea8d02,stroke-width:4px + classDef dbStyle stroke:#010daf,stroke-width:4px + + %% Component Defintions + + %% Users + user["👤
Public User
*A member of the public"]:::userStyle + + %% Processors + aws_cdn[CDN
AWS CloudFront]:::processStyle + aws_load_balancer[Load Balancer / Router
AWS Application Load Balancer]:::processStyle + pages_proxy[Pages Proxy Application
*NGINX]:::processStyle + + %% Decisions + is_cached{Is request cached}:::decisionStyle + + %% Databases + s3[(Object Store
*AWS S3)]:::dbStyle + + %% Flow + user -- Views Static Content
HTTPS/443 --> is_cached + is_cached -- Yes --> aws_cdn + is_cached -- No --> aws_load_balancer + aws_cdn -- Proxy Request
HTTPS/443 --> aws_load_balancer + aws_load_balancer -- Proxy Request
HTTPS/443 --> pages_proxy + + pages_proxy -- Proxy Site Requests
HTTPS/443 --> s3 + + %% Layout + subgraph AWS Commercial Cloud + subgraph cloud.gov platform + aws_cdn + end + end + + subgraph AWS Gov Cloud + subgraph cloud.gov platform + aws_load_balancer + subgraph Pages cloud.gov production space + pages_proxy + subgraph cloud.gov space services + s3 + end + end + end + end + + subgraph Legend + direction BT + legend_user["👤 User"]:::userStyle + legend_process[Process]:::processStyle + legend_db[(Database)]:::dbStyle + legend_decision{Decision}:::decisionStyle + end diff --git a/source/diagrams/pages/public_flow.puml b/source/diagrams/pages/public_flow.puml deleted file mode 100644 index a028c48..0000000 --- a/source/diagrams/pages/public_flow.puml +++ /dev/null @@ -1,42 +0,0 @@ -@startuml public_flow -!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml -'https://github.com/plantuml-stdlib/C4-PlantUML - -title Public Site - -AddRelTag("TLS", $textColor="grey", $lineColor="green", $lineStyle=BoldLine()) - -Person_Ext(public, "Public Viewer", "A member of the public") - -Boundary(awsgov, "AWS GovCloud") { - Boundary(cgp_gc, "cloud.gov Platform") { - SystemDb(s3, "Object Store", "AWS S3") - } -} - -Boundary(awscom, "AWS Commercial") { - Boundary(cg, "cloud.gov") { - Boundary(cgp_ew, "cloud.gov platform") { - System(cdn, "CDN", "AWS Cloudfront") - System(elb, "Load Balancer / Router", "cloud.gov") - } - Container(proxy, "Pages Proxy", "nginx") - } -} - -Rel(public, cdn, "1a. views static content", "HTTPS 443 (T)", $tags="TLS") -note on link - Custom Domains -end note -Rel(cdn, elb, "2. proxies requests", "HTTPS 443 (T)", $tags="TLS") - -Rel(public, elb, "1b. views static content", "HTTPS 443 (T)", $tags="TLS") -note on link - Preview Domains -end note -Rel(elb, proxy, "3. proxies requests", "HTTPS 443 (T)", $tags="TLS") - -Rel(proxy, s3, "4. proxies requests", "HTTPS 443 (T)", $tags="TLS") - -SHOW_LEGEND() -@enduml \ No newline at end of file diff --git a/source/diagrams/pages/web.mmd b/source/diagrams/pages/web.mmd new file mode 100644 index 0000000..1b65d88 --- /dev/null +++ b/source/diagrams/pages/web.mmd @@ -0,0 +1,84 @@ +flowchart TB + %% Styles + classDef userStyle stroke:#167CC5,stroke-width:4px + classDef processStyle stroke:#bc0061,stroke-width:4px + classDef saasStyle stroke:#f2ff07,stroke-width:4px + classDef dbStyle stroke:#010daf,stroke-width:4px + + %% Component Defintions + + %% Users + user_privleged["👤
Privileged User
*Pages Operator"]:::userStyle + + user_unprivleged["👤
Unprivileged User
*Pages Cusomter"]:::userStyle + + %% SaaS + gh_auth_provider[Authorization Provider
*GitHub]:::saasStyle + dap[Analytics
*DAP]:::saasStyle + + %% Processors + aws_load_balancer[Load Balancer / Router]:::processStyle + auth_provider[Authentication Provider
*UAA]:::processStyle + pages_app[Pages Web Application
*Node.js]:::processStyle + pages_mailer[Pages Mailer
*Node.js]:::processStyle + smtp_server[SMTP Server
*Postfix]:::processStyle + + %% Databases + database[(Database
*AWS RDS Postgres)]:::dbStyle + key_value_store[(Key/Value Store
*AWS Elasticache Redis)]:::dbStyle + + %% Flow + user_privleged -- Request Content
HTTPS/443 --> aws_load_balancer + user_privleged -- Authenticates
HTTPS/443 --> auth_provider + + user_unprivleged -- Request Content
HTTPS/443 --> aws_load_balancer + user_unprivleged -- Authenticates
HTTPS/443 --> auth_provider + user_unprivleged -- Authorizes Oauth
HTTPS/443 --> gh_auth_provider + gh_auth_provider -- Stores Oauth Token
HTTPs/443 --> database + user_unprivleged -- Reports Usage
HTTPS/4443 --> dap + + aws_load_balancer -- Proxy Request
HTTPS/443 --> pages_app + + pages_app -- Read/Write Site Management
Authenticated HTTPS/443 --> database + pages_app -- Read/Write Site Notifications
Authenticated HTTPS/443 --> key_value_store + pages_app -- Request Send Email
Authenticated HTTPS/443 --> pages_mailer + + pages_mailer -- Sends Email
SMTP --> smtp_server + + %% Layout + subgraph GSA Authorized SaaS Connection + gh_auth_provider + end + + subgraph GSA Authorized SaaS Monitoring + dap + end + + subgraph AWS Gov Cloud + subgraph cloud.gov platform + aws_load_balancer + auth_provider + end + end + + subgraph AWS Gov Cloud + subgraph cloud.gov platform + subgraph Pages cloud.gov production space + pages_app + pages_mailer + smtp_server + subgraph cloud.gov space services + database + key_value_store + end + end + end + end + + subgraph Legend + direction BT + legend_user["👤 User"]:::userStyle + legend_process[Process]:::processStyle + legend_db[(Database)]:::dbStyle + legend_saas[Software as a service
*SaaS]:::saasStyle + end diff --git a/source/diagrams/pages/web.puml b/source/diagrams/pages/web.puml deleted file mode 100644 index 41260b5..0000000 --- a/source/diagrams/pages/web.puml +++ /dev/null @@ -1,68 +0,0 @@ -@startuml web -!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml -'https://github.com/plantuml-stdlib/C4-PlantUML - -title Web Application - -AddRelTag("TLS", $textColor="grey", $lineColor="green", $lineStyle=BoldLine()) - -Person(npu, "Nonprivileged User", "A Pages Customer") -Person(pu, "Privileged User", "A Pages Operator") - -Boundary(awsgov2, "AWS GovCloud") { - Boundary(cloudgov2, "cloud.gov platform") { - System(elb, "Load Balancer / Router", "cloud.gov") - System(uaa, "Authentication Provider", "UAA") - } -} - -Boundary(awsgov, "AWS GovCloud") { - Boundary(cloudgov, "cloud.gov") { - System(smtp, "SMTP Server", "postfix") - Container(web, "Pages Web", "Node JS/static") - Container(mailer, "Pages Mailer", "Node JS") - Boundary(cloudgovp, "cloud.gov platform") { - SystemDb(db, "Database", "AWS RDS Postgres") - SystemDb(redis, "Key/Value Store", "AWS Elasticache Redis") - } - } -} - -Boundary(gsa1, "GSA Authorized SaaS") { - System_Ext(gh, "Authorization Provider", "Github") -} - -Boundary(gsa2, "GSA Authorized SaaS") { - System_Ext(dap, "Analytics", "DAP") - System_Ext(newrelic, "Monitoring", "New Relic") -} - -Rel(web, mailer, "requests email send", "HTTPS 443 (T)", $tags="TLS") -Rel(mailer, smtp, "sends email", "SMTP (T)", $tags="TLS") -Rel(npu, uaa, "authenticates with", "HTTPS 443 (T)", $tags="TLS") -Rel(npu, gh, "authorizes with", "HTTPS 443 (T)", $tags="TLS") -Rel(pu, uaa, "authenticates with", "HTTPS 443 (T)", $tags="TLS") - -Rel(npu, elb, "1. requests content", "HTTPS 443 (T)", $tags="TLS") -Rel(pu, elb, "1. requests content", "HTTPS 443 (T)", $tags="TLS") -Rel(elb, web, "2. proxies request", "HTTPS 443 (T)", $tags="TLS") - -Rel(web, db, "3. reads/writes site metadata & configuration", "TCP * (T)", $tags="TLS") -note on link - Auth: Credentials/Network -end note - -Rel(web, redis, "reads/writes notifications/messages", "TCP * (T)", $tags="TLS") -note on link - Auth: Credentials -end note - -Rel(npu, dap, "reports usage", "HTTPS 443 (T)", $tags="TLS") - -Rel(web, newrelic, "reports metrics", "HTTPS 443 (T)", $tags="TLS") -note on link - Auth: Token -end note - -SHOW_LEGEND() -@enduml \ No newline at end of file