Features | Open Source | Releases | Docs | Try us free | Blog | Product

Multitenant Kafka Ontologies

Owned by Onesait Platform
28/09/20
2 min read

Available from version 2.1.3-gradius

Regarding Kafka, it has 2 main purposes in Onesait Platform:

When Multitenancy is enabled, the use of Kafka changes slightly from the default behaviour. If the default tenant and vertical are being used, nothing changes compared to the two previous guides. However, if a different tenant or vertical are used, then the following changes are needed to be taken into account.

  • Kafka topic names related to ontologies

    By default there are 2 topic prefixes, one for the input topic (ONTOLOGY) and an other one for the notification topics (ONTOLOGY_OUTPUT). The topic names used will be as follows:

    • Input topic: <INPUT_PREFIX>-<VERTICAL_NAME>-<TENANT_NAME>-<ONTOLOGY_NAME>

    • Notification topic: <NOTIFICATION_PREFIX>-<VERTICAL_NAME>-<TENANT_NAME>-<ONTOLOGY_NAME>

      For example, we have the ontology named “MyOntology” which is marked as both kafka input and kafka notification.
      We then create a Digital Client with a token on a different tenant, but in the default vertical.


      If we want to insert data into the ontology via Kafka, the topic name to write to will be: ONTOLOGY-ONESAITPLATFORM-TENANT_RENE-MYONTOLOGY

      If we want to listen to the kafka notificiation topic, this will be named: ONTOLOGY_OUTPUT-ONESAITPLATFORM-TENANT_RENE-MYONTOLOGY


  • Security: Digital Clients and Kafka users

    Onesait Platform has it’s own Kafka Security plugin, where digital clients represent Kafka users.
    When connecting to Kafka, a JAAS file will be used, indicating de digital client name as “username” and a token as the “password”.
    If multitenancy its enabled and we are using a different vertical or tenant than the default one, the kafka “username” will change to <DIGITAL_CLIENT_NAME>-<VERTICAL_NAME>-<TENANT_NAME>.

    Lets use the same Ontology and Digital Client as in the last example. We want to connect to Kafka, but using the tenant named “tenant_rene”. In this case, the Kafka “username” will be: MyKafkaClient-onesaitplatform-tenant_rene and tthe token created for that tenant:

     

This can be seen when asking Kafka for de ACL/permissions of each topic and user:

 


(c) 2020 Indra Soluciones Tecnologías de la Información, S.L.U.