qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ulf Lilleengen (Jira)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-1585) Allow specifying address/source/target to be used for a multitenant listener
Date Wed, 01 Apr 2020 11:05:00 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-1585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17072650#comment-17072650

Ulf Lilleengen commented on DISPATCH-1585:

Lets say you have a service suporting multiple tenants, but a single tenant can have applications
running in 2 separate networks (but they belong to the same 'tenant', i.e. they have the same
addresses), so the client applications connect to the router via 2 different hosts, lets say
internal.example.com and public.example.com. Today, I would need to model it this way (omitting
the broker connector and unneeded details):

    ["listener", { "host": "", "port": 56721, "authenticatePeer": false, "saslMechanisms":
"ANONYMOUS", "multiTenant": true }],
    ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }],

    ["vhost", { "hostname": "internal.example.com", "allowUnknownUser": true, // ... }],
    ["address", { "waypoint": true, "prefix": "internal.example.com/foo" }], 
    ["autoLink", { "address": "internal.example.com/foo", "direction": "out", "connection":
"broker", "externalAddress": "t1/foo" }],
    ["autoLink", { "address": "internal.example.com/foo", "direction": "in", "connection":
"broker", "externalAddress": "t1/foo" }],

    ["vhost", { "hostname": "public.example.com", "allowUnknownUser": true, // ... }],
    ["address", { "waypoint": true, "prefix": "public.example.com/foo" }], 
    ["autoLink", { "address": "public.example.com/foo", "direction": "out", "connection":
"broker", "externalAddress": "t1/foo" }],
    ["autoLink", { "address": "public.example.com/foo", "direction": "in", "connection": "broker",
"externalAddress": "t1/foo" }], 
So, for every host to expose for this tenant, a lot of configuration is needed. There is only
one address in this example, but when you have 10k addresses, its starting to be a lot of
work reconfiguring the router just to expose on a new host.


So, what would be very useful for this case is to have some way to specify a mapping from
virtual host to the prefix matched for addresses. I.e
    ["listener", { "host": "", "port": 56721, "authenticatePeer": false, "saslMechanisms":
"ANONYMOUS", "multiTenant": true }],
    ["policy", {"enableVhostPolicy": true, "defaultVhost": "$default" }],

    // List of hostnames that this vhost should apply to, and a prefix that hostnames should
be replaced with when doing routing.
    ["vhost", { "hostnames": ["internal.example.com", "public.example.com"], "prefix": "tenant1",
"allowUnknownUser": true, // ... }],

    ["address", { "waypoint": true, "prefix": "tenant1/foo" }], 
    ["autoLink", { "address": "tenant1/foo", "direction": "out", "connection": "broker", "externalAddress":
"t1/foo" }],
    ["autoLink", { "address": "tenant1/foo", "direction": "in", "connection": "broker", "externalAddress":
"t1/foo" }],

This means the amount of configuration to change would be a lot less if you have many addresses.
There are probably better ways to model this than my example, but hopefully it shows the reason
for raising this issue.

> Allow specifying address/source/target to be used for a multitenant listener
> ----------------------------------------------------------------------------
>                 Key: DISPATCH-1585
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1585
>             Project: Qpid Dispatch
>          Issue Type: Wish
>            Reporter: Ulf Lilleengen
>            Priority: Major
> At present, a multitenant router listener will prefix addresses with the hostname in
the AMQP Open. However, given a configuration where it is desirable to expose a router address
space for multiple DNS names, any address, linkRoute and autoLink configuration will need
to be duplicated for each DNS name. This complicates router configuration significantly.
> Instead, having a way to specify which prefix to apply for a multitenant listener would
allow reusing the same address, autoLink and linkRoute configuration for multiple listeners.

This message was sent by Atlassian Jira

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message