Features | Open Source | Releases | Docs | Try us free | Blog | Product
Multitenant Kafka Ontologies
Available from version 2.1.3-gradius
Regarding Kafka, it has 2 main purposes in Onesait Platform:
When Multitenancy is enabled, the use of Kafka changes slightly from the default behaviour. If the default tenant and vertical are being used, nothing changes compared to the two previous guides. However, if a different tenant or vertical are used, then the following changes are needed to be taken into account.
Kafka topic names related to ontologies
By default there are 2 topic prefixes, one for the input topic (ONTOLOGY) and an other one for the notification topics (ONTOLOGY_OUTPUT). The topic names used will be as follows:Input topic: <INPUT_PREFIX>-<VERTICAL_NAME>-<TENANT_NAME>-<ONTOLOGY_NAME>
Notification topic: <NOTIFICATION_PREFIX>-<VERTICAL_NAME>-<TENANT_NAME>-<ONTOLOGY_NAME>
For example, we have the ontology named “MyOntology” which is marked as both kafka input and kafka notification.
We then create a Digital Client with a token on a different tenant, but in the default vertical.
If we want to insert data into the ontology via Kafka, the topic name to write to will be:ONTOLOGY-ONESAITPLATFORM-TENANT_RENE-MYONTOLOGY
If we want to listen to the kafka notificiation topic, this will be named:ONTOLOGY_OUTPUT-ONESAITPLATFORM-TENANT_RENE-MYONTOLOGY
Security: Digital Clients and Kafka users
Onesait Platform has it’s own Kafka Security plugin, where digital clients represent Kafka users.
When connecting to Kafka, a JAAS file will be used, indicating de digital client name as “username” and a token as the “password”.
If multitenancy its enabled and we are using a different vertical or tenant than the default one, the kafka “username” will change to <DIGITAL_CLIENT_NAME>-<VERTICAL_NAME>-<TENANT_NAME>.
Lets use the same Ontology and Digital Client as in the last example. We want to connect to Kafka, but using the tenant named “tenant_rene”. In this case, the Kafka “username” will be:MyKafkaClient-onesaitplatform-tenant_rene
and tthe token created for that tenant:
This can be seen when asking Kafka for de ACL/permissions of each topic and user: