@startuml

!theme vibrant
skinparam linetype ortho
left to right direction

package "External Ports (0.0.0.0)" as ExternalPorts {
    interface "tcp/80 (HTTP)" as PortServerHTTP
}

node "SSO Server" as SSOServer {
    package "Internal Ports (127.0.0.1)" as InternalPorts {
        interface "tcp/4444 (Hydra Public)" as PortHydraPublic
        interface "tcp/4445 (Hydra Admin)" as PortHydraAdmin
        interface "tcp/3000 (Hydra Dispatcher)" as PortHydraDispatcher
        interface "tcp/3001 (Hydra Passwordless)" as PortHydraPasswordless
        interface "tcp/3002 (Shibboleth SP)" as PortShibbolethSP
        interface "tcp/3003 (Hydra Remote User)" as PortHydraRemoteUser
    }

    package "Containers" as Containers {
        [cadoles-pod-hydra-v1] as ContainerHydra
        [cadoles-pod-hydra-dispatcher-v1] as ContainerHydraDispatcher
        [cadoles-pod-hydra-passwordless-v1] as ContainerHydraPasswordless
        [cadoles-pod-hydra-remote-user-v1] as ContainerHydraRemoteUser
        [cadoles-pod-shibboleth-sp-v3] as ContainerShibbolethSP
    }

    package "Files" as Filesystem {
        frame "/etc/haproxy/haproxy.cfg" as HAProxyConfFile
        frame "/etc/cadoles-pod-hydra-v1.conf" as HydraConfFile
        frame "/etc/cadoles-pod-hydra-dispatcher-v1.conf" as HydraDispatcherConfFile
        frame "/etc/hydra-dispatcher/conf.d/*.yml" as HydraDispatcherAppsConfFile
        frame "/etc/hydra/clients.d/*.json" as HydraClientConfFile
        frame "/etc/cadoles-pod-hydra-remote-user-v1.conf" as HydraRemoteUserConfFile
        frame "/etc/hydra-remote-user/conf.d/*.yml" as HydraRemoteUserMappingsConfFile
        frame "/etc/cadoles-pod-hydra-passwordless-v1.conf" as HydraPasswordlessConfFile
        frame "/etc/cadoles-pod-shibboleth-sp-v3.conf" as ShibbolethSPConfFile
        frame "/etc/shibboleth/credentials/*" as ShibbolethSPCredentialsFile
    }

    package "Packages" as Packages {
        [cadoles-pod-hydra-v1] as PackageHydra
        [cadoles-pod-hydra-dispatcher-v1] as PackageHydraDispatcher
        [cadoles-pod-hydra-remote-user-v1] as PackageHydraRemoteUser
        [cadoles-pod-hydra-shibboleth-sp-v3] as PackageShibbolethSP
        [cadoles-pod-hydra-passwordless-v1] as PackageHydraPasswordless
        [haproxy] as PackageHAProxy
    }

    package "Services" as Services {
        [cadoles-pod-hydra-v1] as ServiceHydra
        [cadoles-pod-hydra-dispatcher-v1] as ServiceHydraDispatcher
        [cadoles-pod-shibboleth-sp-v3] as ServiceShibbolethSP
        [cadoles-pod-hydra-remote-user-v1] as ServiceHydraRemoteUser
        [cadoles-pod-hydra-passwordless-v1] as ServiceHydraPasswordless
        [haproxy] as ServiceHAProxy
    }

    PackageHAProxy ..up.> PortServerHTTP: binds

    ServiceHAProxy ...> PortHydraPublic : exposes (/)
    ServiceHAProxy ...> PortHydraDispatcher : exposes (/auth/dispatcher)
    ServiceHAProxy ...> PortHydraPasswordless : exposes (/auth/passwordless)
    ServiceHAProxy ...> PortShibbolethSP : exposes (/auth/saml)

    ContainerHydra ...> PortHydraPublic : binds
    ContainerHydra ...> PortHydraAdmin : binds
    ContainerHydraDispatcher ...> PortHydraDispatcher : binds
    ContainerShibbolethSP ...> PortShibbolethSP : binds
    ContainerHydraPasswordless ...> PortHydraPasswordless : binds
    ContainerHydraRemoteUser ...> PortHydraRemoteUser : binds
    ContainerShibbolethSP ..> PortHydraRemoteUser : proxies

    ServiceHydra ...> ContainerHydra: manages
    ServiceHydraDispatcher ...> ContainerHydraDispatcher: manages
    ServiceShibbolethSP ...> ContainerShibbolethSP: manages
    ServiceHydraPasswordless ...> ContainerHydraPasswordless: manages
    ServiceHydraRemoteUser ...> ContainerHydraRemoteUser: manages

    ContainerHydra ...> HydraConfFile : uses
    ContainerHydra ...> HydraClientConfFile : uses
    ContainerHydraDispatcher ...> HydraDispatcherConfFile : uses
    ContainerHydraDispatcher ...> HydraDispatcherAppsConfFile : uses
    ContainerHydraPasswordless ...> HydraPasswordlessConfFile : uses
    ContainerHydraRemoteUser ...> HydraRemoteUserConfFile : uses
    ContainerHydraRemoteUser ...> HydraRemoteUserMappingsConfFile : uses
    ContainerShibbolethSP ...> ShibbolethSPConfFile : uses
    ContainerShibbolethSP ...> ShibbolethSPCredentialsFile : creates

    PackageHAProxy ...> HAProxyConfFile : deploys
    PackageHydra ...> HydraConfFile : deploys
    PackageHydraDispatcher ...> HydraDispatcherConfFile : deploys
    PackageHydraRemoteUser ...> HydraRemoteUserConfFile : deploys
    PackageShibbolethSP ...> ShibbolethSPConfFile : deploys
    
    PackageHAProxy ...> ServiceHAProxy : deploys
    PackageHydra ...> ServiceHydra : deploys
    PackageHydraDispatcher ...> ServiceHydraDispatcher : deploys
    PackageHydraRemoteUser ...> ServiceHydraRemoteUser : deploys
    PackageHydraPasswordless ...> ServiceHydraPasswordless : deploys

    PackageHydra ...> ContainerHydra : deploys
    PackageHydraDispatcher ...> ContainerHydraDispatcher : deploys
    PackageHydraRemoteUser ...> ContainerHydraRemoteUser : deploys
    PackageShibbolethSP ...> ContainerShibbolethSP : deploys
    PackageHydraPasswordless ...> ContainerHydraPasswordless : deploys
}

@enduml