Tran Hong Quan created JAMES-4085:
-------------------------------------
Summary: BlobStore multi-tenancy
Key: JAMES-4085
URL: https://issues.apache.org/jira/browse/JAMES-4085
Project: James Server
Issue Type: Improvement
Reporter: Tran Hong Quan
h2. Why?
James does not have blob store isolation between domains as of today.
We should implement an option to turn on multi-tenancy for our blob store.
That way blobstore could implement different isolation strategies for tenants
(configurable):
- buckets as today - good for few tenants after all.
- distinct prefixes
- AES key derivation CF https://github.com/linagora/james-project/issues/5262
Note that AES SSE-C isollation strategy cannot be applied with deduplication as
several tenants might store the same blob and override each other keys.
h2. How?
h3. ### Refactor existing API
Refactor API of the blobstore:
Create a new pojo `record Tenant(String name)`
Create a new pojo `record Bucket(BucketName name, Optional<Tenant> tenant)`
Add methds for `BlobStore` and `BlobStoreDAO` passing `Bucket` and `BlobId`),
provide default methods for Bucketname supplying a Bucket with no tenant.
Then each blobStore can implement the isolation it wishes - or not!
h3. ### Memory blobStore DAO multitenancy
Derive a bucketname per tenant within internal storage.
h3. ### S3
Configuration:
```
multi-tenancy.mode=none|bucket|ssec|prefix
```
Definition of done:
- [ ] Documentation
- [ ] Basic unit tests
h3. #### bucket
Derive a bucketname per tenant within internal storage. (IE what PG does but
done within S3BlobStoreDAO)
GC is likely broken and shall be tested with this mode...
h3. #### ssec
Feed the sse c salt with the tenant.
Should fail with deduplicating blobStore.
h3. #### prefix
Derive the object key within S3 adding the prefix as needed
**This interact with the GC!!!**. We shall make sure the GC, when listing only
takes the last part of the s3Key IE given `prefix/ABC` the GC only uses ABC as
a blobID.
h3. ### file
Derive a folder per tenant.
Test GC with this too.
h3. ### PGSQL
Derive a bucketname per tenant within internal storage. (IE what PG does but
done within
[PostgresBlobStoreDAO](https://github.com/apache/james-project/blob/postgresql/server/blob/blob-postgres/src/main/java/org/apache/james/blob/postgres/PostgresBlobStoreDAO.java))
Test GC with this too.
h3. ### Cassandra
Tenant isolation strategies do not make sense here...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
