GithubHelp home page GithubHelp logo

carbon-multitenancy's Introduction

carbon-multitenancy

Branch Build Status
master Build Status

Latest Released Version v4.5.0, v4.4.4.

carbon-multitenancy repo contains the the following component.

  • tenant-mgt

The goal of multitenancy is to maximize resource sharing by allowing multiple users (tenants) to log in and use a single sever/cluster at the same time, in a tenant-isolated manner. That is, each user is given the experience of using his/her own server, rather than a shared environment. Multitenancy ensures optimal performance of the system's resources such as memory and hardware and also secures each tenant's personal data.

This repository contains the features required for multitenancy functionality.

How to Contribute

Contact us

WSO2 Carbon developers can be contacted via the mailing lists:

carbon-multitenancy's People

Contributors

anuradhask avatar arunasujith avatar ashensw avatar bhagyasakalanka avatar callkalpa avatar damithsenanayake avatar daneshk avatar deshankoswatte avatar hpmtissera avatar hwupathum avatar isurad avatar johannnallathamby avatar jsdjayanga avatar kasunbg avatar kavindu-dodan avatar kishanthan avatar madurangasiriwardena avatar malakaganga avatar manoj-kristhombu avatar mpmadhavig avatar nilasini avatar nipuni avatar niranjan-k avatar nirothipan avatar piraveena avatar sameerajayasoma avatar senthalan avatar supunmalinga avatar tharindu1st avatar wso2-jenkins-bot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

lankavitharana sanjeewa-malalgoda gayashanna erandasooriyabandara prasa7 daneshk pulasthi cnapagoda harsha89 maheshika callkalpa godwinamila laki88 manoj-kristhombu shashikap hemikak nuwandi-is isurad jsdjayanga arunasujith sajinidesilva prabathariyaratna susankha malithie thusithathilina indikasampath2000 niranjan-k damithsenanayake nuwandiw darshanasbg gayanm supunmalinga chanakaudaya madusankapremaratne cdwijayarathna dmhp hasinthaindrajee indunilrathnayake madurangasiriwardena thariyarox nipuni digiwes zhangsong246 manuri pushpalanka billhu422 mefarazath dnwick fschaefer sumedhassk vidurananayakkara nipunamarcus forestz imesh sinthuja rushmin ashensw emswbandara mathieubouchard fazlan-nazeem dengduanlian thishanilucas dharshanaw gowdarn this gdrdabarera tongpi test-coverage-enforce-bot sparaparan swatinec shyabithd andrew8305 thumimku irushil kavindu-dodan pamodaaw arshardh keerthu thanujalk nirothipan dilin993 senthalan ruwiniwj hasinidilanka sachithkay tharindu1st madushadhanushka sajithaliyanage buddhimah codeturbine malakaganga sameeragunarathne hiranyakavishani deshankoswatte nilasini ashendes sumedhe tanyam somindatommy ivantha

carbon-multitenancy's Issues

Providing a malformed email address while updating a tenant doesn't give a meaningful error message.

The present error message is ....

 'Failed to update the tanant config. tanant-domain:tenant1.com.tenant-admin:IT-admin' and it doesn't say that the error is due to a wrong email address format.

A more meaningful message would look like below. (Removing the tenant admin name from the message is not an issue since it doesn't add a value to the error message.)

Failed to update the tenant domain 'tenant1.com'. Root cause : Invalid email is provided.

NPE on tenant deactivation

The following exception is thrown when deactivating a tenant and the tenant does not get deactivated.

[2016-08-17 17:32:31,672] @kaushie.com [1] [IS] INFO
{org.wso2.carbon.identity.entitlement.policy.finder.CarbonPolicyFinder}
Initializing of policy store is finished at : Wed Aug 17 17:32:31 IST 2016
java.lang.NullPointerException
at org.apache.jsp.tenant_002dmgt.activate_005ftenant_005fajaxprocessor_jsp._jspService(activate_005ftenant_005fajaxprocessor_jsp.java:134)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

https://wso2.org/jira/projects/CMTENANCY/issues/CMTENANCY-9

Tenant Deactivate leads to a NPE

Step to re-prod:

  1. Create a tenant
  2. Logout and Log-in again.
  3. Now, click on the deactivate checkbox in the view_tenants.jsp.
  4. Check the logs.
java.lang.NullPointerException
	at org.apache.jsp.tenant_002dmgt.activate_005ftenant_005fajaxprocessor_jsp._jspService(activate_005ftenant_005fajaxprocessor_jsp.java:134)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
	at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
	at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
	at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

"Select Usage Plan For Tenant" dropdown in "Add New Tenant" page in doesn't do anything

Dropdown "Select Usage Plan For Tenant" found in "Add New Tenant" page (see screenshot) in Management Console of IS 5.1.0 doesn't do anthing.

"Select Usage Plan For Tenant" functionality originally from Stratos and it is meant for cloud deployments. It let the admin to choose a subscription package which are loaded from "/repository/conf/multitenancy/multitenancy-packages.xml" file, for the creating tenant. However this configuration is no longer loaded and the "Demo" package that is shown in the dropdown is hard-coded in the JSP file. So we can consider this as an obsolete functionality.

https://wso2.org/jira/projects/CMTENANCY/issues/CMTENANCY-8

Carbon 5 Multitenancy

High Level Architecture

The main goal of Carbon 5 (C5) is to make Carbon servers container native. More precisely, it will make servers lightweight, small in size, boot fast, and run on container platforms. As a part of this process in JVM multi-tenancy model found in C4 will be removed and tenancy will be handled by creating a dedicated set of containers for each tenant.

This can be achieved on Kubernetes by using its namespaces feature. Each tenant will have its own namespace on Kubernetes and it will provide a completely isolated environment for creating Carbon containers including network isolation. This approach was verified using a POC and it can be found here.

Moving forward Carbon Multi-tenancy framework will provide a container platform agnostic API for creating such isolated environments on the underlying container platform for managing tenancy. Initially it would support Kubernetes and later support for other container cluster managers will be added. In addition, it would also provide features for integrating tenant specific identity/user management systems using WSO2 Identity Server.

Multi-Tenancy API Design

Tenants API

POST /tenants
GET /tenants/
GET /tenants/{name}
DELETE /tenants/{name}

Tenant Model:

{
    name: String
}

Deployments API

POST /deployments
GET /deployments/
GET /deployments/{id}
DELETE /deployments/{id}

Deployment Model:

{
    id: String
    product: String
    version: String
    pattern: Integer
}

Must login to admin of tenant created by TenantMgtAdminServiceStub

I wrote a code that creates a tenant to using TenantMgtAdminServiceStub.

The tenant is added successfully, however when I was trying to add API to it using APIM 1.10.0 CreateApi::postApis, I got an exception.

Only after I logged in to the admin of the newly created tenant's in the publisher UI (or by curl to login.jag) I was able to add API using CreateApi::postApis.

I was advised by Harsha Kumara to open this bug.

All the details can be found here:
http://stackoverflow.com/questions/36591395/wso2-issue-creating-organization-using-tenantmgtadminservicestub

https://wso2.org/jira/projects/CMTENANCY/issues/CMTENANCY-2

Improve Tenant Deletion via Tenant deletion Admin Service.

Description:
This Issue is regarding improvement of Tenant Deletion. Please go through document below and you can find

  • Existing method description
  • Bugs in Existing Method
  • Existing methods capability in Tenant Deletion

Tenant Deletion Document

Shortly existing flow can only remove tenant from JDBC Primary User Store, Registry tables and some caches.
But while deleting we need to consider about other than mentioned above

  • Tokens
  • All Caches and cache managers
  • Service Providers
  • Deployment Folders
  • Java layer Registries

** Related Issues **
Security exception occurred when try to create a tenant with deleted tenant's domain name

Optimize tenant count retrieval

Description:
As per the code to show the total number of tenants in the UI and we are retrieving all the tenants with their information[2], though pagination is added in the page.
We can optimize this code in memory aspects by just retrieving the tenant count.

[1] - https://wso2.org/jira/browse/CARBON-14690
[2] - https://github.com/wso2/carbon-multitenancy/blob/v4.6.0/components/tenant-mgt/org.wso2.carbon.tenant.mgt.ui/src/main/resources/web/tenant-mgt/view_tenants.jsp#L138-L143

Allowed to create tenant users with '@' in userName through the admin service

When creating a tenant through the org.wso2.carbon.tenant.mgt.services.TenantSelfRegistrationService admin service for registerTenantForTrustedUser, it allows to create tenants with โ€˜@โ€™ symbol in user name of the tenant admin. (e.g :exchange@[email protected])

This is not allowed through the Management console which is based on org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService.

https://wso2.org/jira/projects/CMTENANCY/issues/CMTENANCY-3

Tenant name with upper case letters throws security exception

The following exception is thrown when creating a tenant name with upper case letters.

Caused by java.lang.SecurityException: Key Store with a name: US_GWS.jks does not exist. at org.wso2.carbon.core.util.KeyStoreManager.getKeyStore(KeyStoreManager.java:157) at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:251)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.