Update JAAS diagram (#34)

* Update JAAS diagram Signed-off-by: Babak K. Shandiz <[email protected]> * Add "OpenFGA" Signed-off-by: Babak K. Shandiz <[email protected]> * Update explanation/jaas_overview.rst Co-authored-by: Kian Parvin <[email protected]> * Improve sentence Signed-off-by: Babak K. Shandiz <[email protected]> --------- Signed-off-by: Babak K. Shandiz <[email protected]> Co-authored-by: Kian Parvin <[email protected]>
canonical · Apr 23, 2024 · ac80580 · ac80580
1 parent 23a7a40
commit ac80580
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 146 deletions.
diff --git a/.custom_wordlist.txt b/.custom_wordlist.txt
@@ -59,6 +59,7 @@ observability
 OEM
 OIDC
 OLM
+OpenFGA
 OpenID
 OpenLDAP
 Permalink

diff --git a/explanation/images/jaas-diagram.rtb b/explanation/images/jaas-diagram.rtb
diff --git a/explanation/images/jaas.png b/explanation/images/jaas.png
diff --git a/explanation/images/jaas.xml b/explanation/images/jaas.xml
diff --git a/explanation/jaas_overview.rst b/explanation/jaas_overview.rst
@@ -22,13 +22,28 @@ Architecture
 
 The diagram below shows an overall picture of JAAS architecture.
 
+.. #
+   Note: JAAS diagram is already in a Miro board here:
+     https://miro.com/app/board/uXjVKUIUKAc=/
+
+   There is also a backup of the board in this directory (named `jaas-diagram.rtb`)
+   which can be used to restore on Miro (in case the original board mentioned above
+   was no longer available).
+
 .. image:: images/jaas.png
 
-As in the diagram JAAS consists of two main components: *Juju Intelligent Model Manager (JIMM)*
-and *ReBAC* Authorisation. Basically, JIMM implements a number of Juju facades and behaves as a
-*Juju Controller*, which under the hood proxies operations to underlying controllers. This enables
-other tools like Juju Dashboard or Juju CLI that expect a Juju Controller to communicate with, to
-seamlessly work with JIMM.
+As in the diagram JAAS consists of the following components:
+
+- Juju Intelligent Model Manager (JIMM)
+- ReBAC authorisation (OpenFGA)
+- Database (PostgreSQL)
+- Secure storage (Vault)
+
+JIMM implements a number of Juju facades and behaves as a *Juju Controller*,
+which under the hood proxies operations to underlying controllers. This enables
+other tools, like the Juju Dashboard or Juju CLI, that communicate with a 
+Juju Controller to work seamlessly with JIMM.
 
-For authentication of users or service accounts, JAAS requires an *OIDC Provider* that handles
-the standard OAuth flows including browser flow, device flow, and client credentials.
+For authentication of users or service accounts, JAAS requires an *OIDC Provider*
+(Hydra) that handles the standard OAuth flows including browser flow, device flow,
+and client credentials.
-Original file line number
+Diff line change
@@ Expand Up / @@ -59,6 +59,7 @@ observability @@
     OEM
     OIDC
     OLM
+    OpenFGA
     OpenID
     OpenLDAP
     Permalink
@@ Expand Down @@