Skip to content

Architecture

Current Architecture:

Arch

Explanation

  1. In coming search request
  2. If policy is enabled (on by default on by most CSPs) it will
  3. Call iPolicyService.getCompiledPolicy via the OS Core Common library.
  4. OS Core Common will make a REST call to Policy Service /translate API, sending Query Unknowns, Inputs and optionally groups.
  5. Policy Service will verify auth via entitlement
  6. Policy Service will make a REST call to OPA /v1/data if Preprocess is enabled (default)
  7. Policy Service should get back the results back and then
  8. Policy Service will use these results in the query to OPA
  9. Policy Service should recieve an Abstract Syntax Tree (AST) json response from OPA
  10. Policy Service will convert this AST into Elastic Search (ES) Query format and return the result back to OS Core Common
  11. Which will return the result back to Search. There search will combine this response with the result of the elastic search query. This is where the "filtering" happens.

Previous (M14-M17) Architecture:

Arch

The above diagram does not represent the M18 preprocessor addition.