Architecture
Current Architecture:
Explanation
- In coming search request
- If policy is enabled (on by default on by most CSPs) it will
- Call iPolicyService.getCompiledPolicy via the OS Core Common library.
- OS Core Common will make a REST call to Policy Service /translate API, sending Query Unknowns, Inputs and optionally groups.
- Policy Service will verify auth via entitlement
- Policy Service will make a REST call to OPA /v1/data if Preprocess is enabled (default)
- Policy Service should get back the results back and then
- Policy Service will use these results in the query to OPA
- Policy Service should recieve an Abstract Syntax Tree (AST) json response from OPA
- Policy Service will convert this AST into Elastic Search (ES) Query format and return the result back to OS Core Common
- Which will return the result back to Search. There search will combine this response with the result of the elastic search query. This is where the "filtering" happens.
Previous (M14-M17) Architecture:
The above diagram does not represent the M18 preprocessor addition.