Interactions entre DS et DS Proxy - demarches-simplifiees/demarches-simplifiees.fr GitHub Wiki

Interaction des divers intervenants dans la gestion des pièces jointes, stockées sur un Object storage Openstack chez OVH.

Au boot de l'app, ou à la première requête (à vérifier), chaque processus ruby contacte l'Object Storage, pour obtenir un token d'authentification, valide 24h

Ajout d'une PJ

sequenceDiagram
    participant C as client
    participant H as haproxy
    participant R as rails_app
    participant D as ds_proxy
    participant O as OVH bucket
    C->>H: POST dev.ds.fr/active_storage/direct_uploads
    H->>R: POST dev.ds.fr/active_storage/direct_uploads
    R-->>C: URL openstack (/v1/AUTH)
    C->>H: OPTIONS qa.ds.fr/v1/AUTH_xxx/object_desc
    H->>D: OPTIONS qa.ds.fr/v1/AUTH_xxx/object_desc
    D->>O: OPTIONS object_desc
    O-->>C: response
    C->>H: PUT qa.ds.fr/v1/AUTH_xxx/object_desc
    H->>D: PUT qa.ds.fr/v1/AUTH_xxx/object_desc
    D->>D: encrypt
    D->>O: PUT object_desc
    O-->>C: response
    C->>R: confirm successful upload
    R->>R: attach blob as attachment

Récupération d'une PJ

sequenceDiagram
    participant C as client
    participant H as haproxy
    participant R as rails_app
    participant D as ds_proxy
    participant O as OVH bucket
    C->>H: GET dev.ds.fr/attachments/xxx?signed_id=yyy
    H->>R: GET dev.ds.fr/attachments/xxx?signed_id=yyy
    R->>H: GET qa.ds.fr/v1/AUTH_xxx/object_desc
    H->>D: GET qa.ds.fr/v1/AUTH_xxx/object_desc
    D->>O: GET object_desc
    O-->>H: response (encrypted)
    H-->>D: response (encrypted)
    D->>D: decrypt
    D-->>H: response (uncrypted)
    H-->>R: response (uncrypted)
    R-->>C: response

Suppression d'une PJ

sequenceDiagram
    participant C as client
    participant H as haproxy
    participant R as rails_app
    participant D as ds_proxy
    participant O as OVH bucket
    C->>H: DELETE dev.ds.fr/attachments/xxx?signed_id=yyy
    H->>R: DELETE dev.ds.fr/attachments/xxx?signed_id=yyy
    R-->>C: response 200
    R->>R: active storage DelayedPurgeJob
    R->>H: DELETE qa.ds.fr/v1/AUTH_xxx/object_desc
    H->>D: DELETE qa.ds.fr/v1/AUTH_xxx/object_desc
    D->>O: DELETE qa.ds.fr/v1/AUTH_xxx/object_desc
    O-->>H: response 200
    H-->>R: response 200