You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

This functionality is only available with the Multi Tenancy License. Please contact Blueriq Support.

Enabling Multi tenancy

To enable multi-tenancy, it is necessary to activate multi-tenancy mode and define the permitted tenants. These defined tenants will subsequently be utilized in configuring additional multi-tenancy-related properties.
application.properties
blueriq.multi-tenancy.enabled=true
blueriq.multi-tenancy.allowed-tenants=google,apple


X-Tenant-ID

Enabling multi-tenancy requires that requests include an additional X-TENANT-ID header containing the name of the desired tenant. If this header is missing or the tenant name is not on the allowed list, a message will be logged indicating that the tenant could not be identified, and an HTTP status 400 (Bad Request) will be returned.

It is possible to change the name of the header using the following property

application.properties
blueriq.multi-tenancy.http-header=http-tenant-id

Error rendering macro 'excerpt-include'

No link could be created for 'Multi-tenant setup COPY'.

Error rendering macro 'excerpt-include'

User 'null' does not have permission to view the page.

 

Event publisher tenant configuration

Since CDS 4.4 the customerdata service supports a multi-tenant event publisher. Enabling multi-tenancy means that properties for publishing aggregate event messages to a queue can be configured for each tenant. To enable the event publisher the entity-event-publisher-amqp profile should be active.

Tenant configuration

blueriq-customerdata-odata-service-v1.yml or blueriq-customerdata-odata-service-v1.properties
blueriq:
  multi-tenancy:
    enabled: true
    allowed-tenants: <tenant-name-A>,<tenant-name-B> 
  customerdata:
 	datasource:
      <datasource-name>:
   	    driver-class-name: <driver> 
        tenants: 
          <tenant-name-A>: 
            url: <url>
            username: <username>
            password: <password>
          <tenant-name-B>: 
            url: <url>
            username: <username>
            password: <password>
	# publisher
    aggregate-event:
      channel:
        amqp:
          rabbitmq:
            tenants:
              google:
                host: <host>
                port: <port>
                virtualHost: <virtualHost>
                username: <username>
                password: <password>
                ssl:
                  enabled: <enabled>
                exchangeName: <exchangeName>
              apple:
                host: <host>
                port: <port>
                virtualHost: <virtualHost>
                username: <username>
                password: <password>
                ssl:
                  enabled: <enabled>
                exchangeName: <exchangeName>


Example setup

Configuration

blueriq-customerdata-odata-service-v1.yml or blueriq-customerdata-odata-service-v1.properties
blueriq:
  multi-tenancy:
    enabled: true
    allowed-tenants: google,apple
  customerdata:
 	datasource:
      customer-data-sql-store:
   	    driver-class-name: oracle.jdbc.driver.OracleDriver
        tenants: 
          google: 
            url: jdbc:oracle:thin:@localhost:1521:orcl
            username: google
            password: welcome
          apple: 
            url: jdbc:oracle:thin:@localhost:1521:orcl
            username: apple
            password: welcome
	# publisher
    aggregate-event:
      channel:
        amqp:
          rabbitmq:
            tenants:
              google:
                host: localhost
                port: 5672
                virtualHost: Blueriq
                username: guest
                password: guest
                ssl:
                  enabled: false
                exchangeName: customerDataService
              apple:
                host: localhost
                port: 5672
                virtualHost: Everest
                username: guest
                password: guest
                ssl:
                  enabled: false
                exchangeName: customerDataService
hibernate:
  dialect: org.hibernate.dialect.Oracle12cDialect
  hbm2ddl:
    auto: validate
  id:
    new_generator_mappings: true
  show_sql: true
  use_nationalized_character_data: true

HTTP request

Example request
GET http://localhost:8080/api/v1/Aggregates HTTP/1.1
Content-Type: application/json
Authorization: Basic Ymx1ZXJpcTp3ZWxjb21l
X-TENANT-ID: google

Example Multi-tenancy DCM Lists Service configuration

blueriq-dcm-lists.yml
blueriq:
  dcm:
    lists:
      multi-tenancy:
        enabled: true
        allowed-tenants:
          - google
          - apple
		mongodb:
		  tenants:
			google:
		      host: localhost
              port: 27017
              database: google
			apple:
		      host: localhost
              port: 27017
              database: apple
        rabbitmq:
		  tenants:
            google:
              host: localhost
              port: 5672
              virtualHost: google
              username: google
              password: welcome
              ssl:
                enabled: false
              queueNames: googleQueue
            apple:
              host: localhost
              port: 5672
              virtualHost: apple
              username: apple
              password: welcome
              ssl:
                enabled: false
              queueNames: appleQueue

Authentication

To be able to use the DCM Maintenance App, the user should be authenticated. This is done through Keycloak as explained in Blueriq Gateway and OAuth2 configuration. The difference with multi-tenancy is that the application now expects a claim to be present in the JWT token with the claim path name "tenant" and with the tenant name as value. This claim name is customizable if the tenant is present in the JWT token with a different claim name.

Customizing the tenant path

The tenant claim can be customized using a JsonPath expression in the same way the roles-path and username-path can be set.

blueriq-dcm-maintenance-app.yml
blueriq:
  jwt:
    tenant-path: $.custom_tenant_claim_path

RabbitMQ and MongoDB configuration

For RabbitMQ and MongoDB the properties need to be set per tenant as well.

Currently, it's required to supply the queue and exchange names if multi-tenancy is enabled. This is an example of this configuration:


blueriq-dcm-maintenance-app.yml
blueriq:
  multi-tenancy:
    enabled: true
    allowed-tenants:
      - A
      - B
  dcm:
    maintenance:
      app:        
        dlq:
          retry:
            delay: 2m
            max-retries: 3
          rabbitmq:
            tenants:
              A:
                host: localhost
                port: 5672
                username: guest
                password: guest
                virtualHost: A_vhost
                queueNames:
                  - dcmEventsDlq
                  - dcmTasksEventsDlq
                  - dcmScheduledEventsDlq
                  - traceDlq
                  - timelineDlq
                  - dcmMaintenanceEventsDlq
                  - auditEventsDlq
                  - dcmListsEventsDlq
              B:
                host: localhost
                port: 5672
                username: guest
                password: guest
                virtualHost: B_vhost
                queueNames:
                  - dcmEventsDlq
                  - dcmTasksEventsDlq
                  - dcmScheduledEventsDlq
                  - traceDlq
                  - timelineDlq
                  - dcmMaintenanceEventsDlq
                  - auditEventsDlq
                  - dcmListsEventsDlq
        case-engine:
          rabbitmq:
            tenants:
              A:
                host: localhost
                port: 5672
                username: guest
                password: guest
                queueNames:
                  - dcmMaintenanceEventsQueue
                virtualHost: A_vhost
              B:
                host: localhost
                port: 5672
                username: guest
                password: guest
                queueNames:
                  - dcmMaintenanceEventsQueue
                virtualHost: B_vhost

        mongodb:
          tenants:
            A:
              host: localhost
              port: 27017
              database: A_messages
            B:
              host: localhost
              port: 27017
              database: B_messages

Error rendering macro 'excerpt-include'

No link could be created for 'Audit Consumer - Multi-tenancy [editor]'.


OAuth2 - Keycloak

  • No labels

Didn't find the answer you were looking for? Try the advanced search