Mechanism to report progress

Proposal with JWT

Sequence Diagram

Diagram

Source for the Diagram

Steps

1. The Bifrost Portal requests a new migration. The Migration GUID and the zipped code are sent to the Azure Function.

2. The Azure Function starts processing the request

3. During the conversion, the Azure Function will start reporting progress update

4. For every progress update:

   1. The Azure Function will request the secret from the Key Vault

   2. The Azure Function will use the secret to prepare and sign a JWT, with the necessary data (Migration GUID and Progress Descriptor Status, which is an object holding information about the status).

   3. The Azure Function will POST the signed JWT to the endpoint provided by the Bifrost Portal to receive progress updates

   4. The Bifrost Portal can request the secret to verify the authenticity of the JWT, and validate that the claims have not been modified by a malicious third-party

   5. If the JWT is valid, then both claims can be used (Migration GUID and Progress Descriptor Status) to update the progress in the UI.

Resources

• How to get value from Azure Key Vault in Azure Function

• How to automate rotation for a secret stored in Azure Key Vault