RS Gateway Support for Multi-Tenancy

MATRIXX Engine authorizes REST API operations for allowed tenant IDs. each RS Gateway client performs REST API operations on subscriber data belonging to the authorized tenant ID only.

For more information about multi-tenancy, see the discussion about multi-tenancy in MATRIXX Pricing and Rating.

The tenant creation policies only apply if no sub-domain is specified on the create request. RS Gateway supports the following creation policies:
  • none (default) — Any query that does not specify a routing term uses the default configured RS Gateway routing term, (such as DMID1 or RTID1). For example, if the RS Gateway engine connection is configured as:
    engine:
  address:           localhost
  port:              4080
  poolsize:          16
  route:             RTID1
  domainRoute:       DMID1

    DMID1 and RTID1 are the default routing terms.

  • round-robin — A round-robin tenant policy applies to tenant subscriptions configured across sub-domains. See for more information, see Round-Robin.
  • auto — The auto tenant policy finds the first allowed sub-domain for which the tenant can be created. If none can be found, it uses the none creation policy. The set of sub-domains is determined by reviewing the tenants that have been configured for the sub-domains.
  • auto-round-robin — The auto-round-robin is similar to the auto setting, but instead of always picking the first available sub-domain, it uses the round-robin tenant policy across all allowed sub-domains (the tenant is defined in the sub-domain) to create the tenant. If there are no allowed sub-domains, MATRIXX Engine uses the none creation policy. For more information, see Round-Robin.
Note: If either auto or auto-round-robin is selected, you cannot configure tenants in rsgateway.yaml. For information about configuring tenants in sub-domains in Helm values files, see the discussions about multi-tenant deployments and Topology Operator global configuration.

Because tenants can be defined during sub-domain configuration, if tenants are not defined in the rsgateway.yaml as described in Round-Robin, the auto and auto-round-robin tenant creation policies refer to the sub-domain tenant configurations. You do not have to manually define the tenants as shown in Round-Robin.

Round-Robin

The following describes the round-robing tenant policy for REST operations:
  • When only one sub-domain exists and is configured for tenant 1, the system sets the routing term to that sub-domain.
  • When more than one sub-domain exists (for example, sub-domain 1 and 2) and tenant 1 is configured for only one sub-domain 2:
    • All tenant 1 objects are created for sub-domain 2.
    • If there is a request to create an object with tenant ID tenant1/RTID1, that request is sent to the engine without applying any creation policy. This is because the creation policy is only applied if the sub-domain is not specified in the create request.
  • When three or more sub-domains are configured (for example, sub-domain 1, 2 and 3) and tenant 1 is configured for sub-domains (2 and 3), then:
    • Create calls for tenant 1 are round-robin distributed to sub-domains 2 and 3.
    • If there is a create call for tenant 1 on sub-domain 1, that request is sent to the engine even though the creation policy does not create objects for tenant 1 on sub-domain 1. The creation policy only applies if the RouteId is not specified in the create request indicating which sub-domain the object should be created in.
Note: If the tenant ID on the request does not match any of the configured information, or if there is no tenant ID on the request, then the system processes the tenant distribution normally (without round-robin distribution).
The round-robin policy is configured in rsgateway.yaml. The following example shows three tenants managed by the policy:
tenant:
  policy-name: round-robin
  round-robin:
    - name: tenant1
      subdomains:
        RTID1:
          create-disabled: false
        RTID2:
          create-disabled: true
    - name: tenant2
      subdomains:
        RTID1:
          create-disabled: false
        RTID3:
          create-disabled: true
    - name: tenant3
      subdomains:
        RTID3:
          create-disabled: false
In this example:
  • For tenant 1, allowed items are valid (routable) on sub-domain 1 and 2 but can only be created on sub-domain 1.
  • Tenant 2 is restricted to sub-domains 1 and 3 but can only be created on sub-domain 1.
  • Tenant 3 is limited to sub-domain 3.
  • If there are any other tenants configured in the system, they are allowed on all sub-domains within the configured domain.

JVM Switches

JVM switches are supported for these values (the default is none):
  • Dtenant.policy-name=none
  • Dtenant.policy-name=round-robin
  • Dtenant.policy-name=auto
  • Dtenant.policy-name=auto-round-robin