Murano/Specifications/Per Tenant Isolation
Per-Tenant Isolation (for Murano-v0.4)
Murano Metadata Repository Server was introduced in Murano-v0.4 release. But there are no access restrictions: any user is able to edit any service definition or file. To prevent this behavior new per-tenant isolation feature will be added to Murano-v0.4.1 release.
In current implementation all files are grouped by data types and stored in corresponding directories. All those directories are located inside "Servicies" derectory along with manifests files (service definitions). Since Metadata Server works on file system, the best solution for data isolation would be dividing data into separate folders.
- Tenant folders
Separate folder named by tenant_id for an each tenant will be created. Users belonging to the same tenant will have equal rights on file modification. This folder should be created on the first uploading request.
- Common folder
Besides tenant folders on the main level there will be "Common" folder that will contain all shared resources. The contents of this folder will be non-editable via Metadata Repository APIs. There will be only one way to modify it - by copying files directly to the "Common" folder (Note: files should be copied to the correct place and all client and server caches should be cleaned). In case where name of file from tenant folder will coincide with name of file from the "Common" - file from tenant folder will be used.
Client Cache Structure
- Murano Conductor cache organizations will stay the same - it has per-task isolation, so diffirent task will execute in a different tenant.
- Murano Dashbord cache should be organized by tenants: one folder with tenant name stores separate cache.
Import and Export
Shared services should be exportable. And it should be an opportunity to import new service to tenant-only environment.
In Murano Dashboard only minor changes should be made. During table rendering in "Service Definitions" section all shared servicies and files that are stored in "Common" folder will have no permitions to modify or delete. In case of name coincidence of common and tenant files common service would be invalid.