Multi-Tenancy
Ringkasan
Section titled “Ringkasan”Greentic dirancang dari awal untuk deployment multi-tenant. Setiap aspek platform mendukung isolasi tenant, sehingga satu deployment dapat melayani banyak organisasi dengan aman.
Hierarki Tenant
Section titled “Hierarki Tenant”Workspace└── Tenant (organization) └── Environment (prod, staging, dev) └── Team (department, group) └── Channel (messaging provider instance) └── Session (user conversation)TenantCtx
Section titled “TenantCtx”Struct TenantCtx mengalir melalui semua operasi:
pub struct TenantCtx { pub tenant_id: String, pub env_id: String, pub team_id: Option<String>,}Setiap panggilan API, eksekusi flow, dan akses data dibatasi ke sebuah TenantCtx.
Konfigurasi
Section titled “Konfigurasi”Definisi Tenant
Section titled “Definisi Tenant”tenant: id: acme name: "ACME Corporation" settings: timezone: "America/New_York" language: "en-US"
environments: - id: prod name: "Production" - id: staging name: "Staging"Definisi Team
Section titled “Definisi Team”team: id: support name: "Customer Support" tenant_id: acme
channels: slack: provider: messaging-slack config: workspace_id: "T123456" channel_id: "C789012"
telegram: provider: messaging-telegram config: chat_id: "-1001234567890"Konfigurasi Bundle
Section titled “Konfigurasi Bundle”tenants: acme: name: "ACME Corporation" teams: support: name: "Customer Support" channels: slack: provider: messaging-slack telegram: provider: messaging-telegram
sales: name: "Sales Team" channels: teams: provider: messaging-teams
bigcorp: name: "BigCorp Inc." teams: helpdesk: channels: webchat: provider: messaging-webchatIsolasi Data
Section titled “Isolasi Data”Penyimpanan Session
Section titled “Penyimpanan Session”Session diisolasi berdasarkan konteks tenant:
sessions/├── acme/│ ├── prod/│ │ ├── support/│ │ │ ├── session_001.cbor│ │ │ └── session_002.cbor│ │ └── sales/│ │ └── session_003.cbor│ └── staging/│ └── support/│ └── session_004.cbor└── bigcorp/ └── prod/ └── helpdesk/ └── session_005.cborIsolasi State
Section titled “Isolasi State”Working memory (state) dibatasi per session:
// State key formatlet key = format!( "state:{}:{}:{}:{}", tenant_ctx.tenant_id, tenant_ctx.env_id, tenant_ctx.team_id.unwrap_or("default"), session_id);Isolasi Subject NATS
Section titled “Isolasi Subject NATS”Routing pesan menggunakan subject dengan scope tenant:
greentic.messaging.ingress.{env}.{tenant}.{team}.{channel} │ │ │ │ │ │ │ └─ Channel ID (slack, telegram) │ │ └──────── Team ID │ └─────────────── Tenant ID └────────────────────── Environment (prod, staging)Isolasi Secret
Section titled “Isolasi Secret”Secret disimpan dan diambil dengan scope tenant:
// Secret retrieval includes tenant contextlet secret = secrets_client .get_secret(&tenant_ctx, "api_key") .await?;Namespace Secret
Section titled “Namespace Secret”secrets/├── global/ # Platform-wide secrets│ └── signing_key├── acme/ # Tenant: ACME│ ├── slack_bot_token│ ├── openai_api_key│ └── teams/│ └── support/│ └── webhook_secret└── bigcorp/ # Tenant: BigCorp └── telegram_bot_tokenIsolasi Flow
Section titled “Isolasi Flow”Setiap tenant dapat memiliki flow dan konfigurasi yang berbeda:
name: acme_support_flowversion: "1.0"
# ACME-specific support flownodes: - id: greet type: reply config: message: "Welcome to ACME Support! How can I help?"name: bigcorp_helpdesk_flowversion: "1.0"
# BigCorp-specific helpdesk flownodes: - id: greet type: reply config: message: "BigCorp Helpdesk here. What's your issue?"Kontrol Akses
Section titled “Kontrol Akses”Akses Komponen
Section titled “Akses Komponen”Komponen menerima TenantCtx dan harus menghormati batasannya:
impl Guest for MyComponent { fn process(input: Input, ctx: &TenantCtx) -> Output { // Verify tenant has access to requested resource if !has_permission(ctx, &input.resource_id) { return Output::error("Access denied"); }
// Process with tenant scope process_for_tenant(ctx, input) }}Akses API
Section titled “Akses API”REST API menegakkan scope tenant:
GET /api/v1/sessionsAuthorization: Bearer <token>X-Tenant-ID: acmeX-Team-ID: supportModel Deployment
Section titled “Model Deployment”Single-Tenant
Section titled “Single-Tenant”Satu instance Greentic per tenant:
┌─────────────────┐│ Greentic (ACME) │└─────────────────┘
┌─────────────────┐│ Greentic (BigCorp)│└─────────────────┘Multi-Tenant Shared
Section titled “Multi-Tenant Shared”Banyak tenant di atas infrastruktur bersama:
┌───────────────────────────────────┐│ Greentic Instance ││ ┌─────────┐ ┌─────────────────┐││ │ ACME │ │ BigCorp │││ │ (prod) │ │ (prod) │││ └─────────┘ └─────────────────┘││ ┌─────────┐ ┌─────────────────┐││ │ ACME │ │ BigCorp │││ │(staging)│ │ (staging) │││ └─────────┘ └─────────────────┘│└───────────────────────────────────┘Hybrid
Section titled “Hybrid”Campuran sumber daya dedicated dan shared:
┌───────────────────────────────────┐│ Shared Greentic Instance ││ ┌─────────┐ ┌─────────────────┐││ │ Small │ │ Medium │││ │ Tenants │ │ Tenants │││ └─────────┘ └─────────────────┘│└───────────────────────────────────┘
┌───────────────────────────────────┐│ Dedicated: Enterprise Tenant ││ (Custom SLA, dedicated resources)│└───────────────────────────────────┘Praktik Terbaik
Section titled “Praktik Terbaik”- Selalu teruskan TenantCtx - Jangan pernah hardcode ID tenant
- Validasi di batas sistem - Periksa akses tenant di level API dan komponen
- Gunakan logging dengan scope tenant - Sertakan ID tenant di setiap entri log
- Pisahkan secret - Jangan pernah berbagi secret antar tenant
- Uji isolasi - Pastikan satu tenant tidak bisa mengakses data tenant lain
- Pantau per tenant - Lacak penggunaan dan error per tenant