...
The following diagram displays main components and actors involved in the flow (note that most of the interactions are already in place)
| Drawio sketch | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
d. creates (via Kafka) scheduled jobs for Module A _timer endpoints in mod-scheduler. Scheduler associates the system user with jobs created from timer interfaces. As a result these jobs will be executed on behalf of the system user
scheduled job is triggered for
/timer-url-Aendpoint. mod-scheduler prepares a request and put impersonated token for the system user intox-okapi-tokenrequest header. Then the request goes from mod-scheduler to its sidecar, which in turns forwards the request to Kong, since the request URL is not registered inside sidecar’s egress routing tableKong receives the request and searches for known routes associated with the given URL and method.
Once the route is found, the request will be forwarded to target Module A sidecar
Module A sidecar receives the request and as usual performs several steps to authorize request:
get token from request header
parse token
call Keycloak to evaluate permissions. Since the system user has access to all resources, authorization will be successful
Finally Module A sidecar calls
/timer-url-Ainterface of the module and the chain of calls succeeds
Option 2
Have mod-scheduler send egress requests to it’s sidecar like every other module, and add a switch to the module-sidecar which indicates it should retrieve ALL bootstrap info at startup, and consume all discovery events.
...