Multi-tenant Rafiki v1

[sanducb]

Context

Planning Document

Currently, Rafiki can only be used by a single ASE. We want that a single Rafiki instance to be able to handle multiple tenants (ASEs).

Process

All of the following issues, when completed, should be opened against the feature branch, 2893/multi-tenancy-v1, and can be marked completed in the parent issue here once merged in.

Once multi-tenancy is fully implemented in the feature branch, the feature branch may be merged into main.

Feature Branch

Assumptions/edge cases

• Who should handle rates in the scenario that both the sending and receiving tenants could have only configured a single asset (the respective assets have different asset codes) as described here?. Current assumption is that operator tenant will have to provide the corresponding asset rates.]

Breaking changes

• OPERATOR_TENANT_ID and OPERATOR_SECRET are mandatory environment variables
• Signing Admin API requests is now mandatory (as a result, GraphQL Apollo Studio introspection is now not reachable)
• createWalletAddressMutation: url is now address

Todos

Prerequisites

• Add Business Requirements to Multi-Tenancy Plan Document #3097

Database/Schema changes

• [Multi-Tenant] backend tenants table #3103
• [Multi-Tenant] tenantSettings table in backend #3127
• [Multi-Tenant] auth tenants table #3113

Backend changes

• [Multi-Tenant] Create operator tenant #3149
• [Multi-Tenant] backend tenant service #3123
• [Multi-Tenant] Use http-signatures to determine tenant identity during requests #2928
• [Multi-Tenant] Tenanted Wallet Addresses #3114
• [Multi-Tenant] Tenanted Incoming Payments #3117
• [Multi-Tenant] Tenanted Quotes #3118
• [Multi-Tenant] Tenanted Outgoing Payments #3119
• [Multi-Tenant] Tenanted Assets #3033
• [Multi-Tenant] Tenanted Rates endpoints #3120
• [Multi-Tenant] Tenanted Webhook Events #3121
• [Multi-Tenant] backend Admin Tenant API #3124
• [Multi-Tenant] Tenanted Peers #3129
• Handle Operator API secret Updates #3276

Auth changes

• [Multi-Tenant] auth tenant service #3122
• [Mulit-Tenant] auth Tenant Admin Graphql API #3125
• [Mulit-Tenant] Tenanted grants #3128

Frontend changes

• [Multi-Tenant] Tenanted Admin UI Requests #3108
• [Multi-Tenant] Tenant List, Create and Edit Admin UI Pages #2915
• [Multi-Tenant] Add tenant selection when creating resources in Admin UI #3273
• Document new requirement to submit tenant id and api secret to use frontend #3250
• [Multi-Tenant] Allow viewing deleted tenants #3256

Deprecated Issues

• Automatically create operator-level identity in Kratos on startup #2903
• [Multi-Tenant] Add tenantId to fees #3032
• Environment variable for putting Rafiki into multi-tenant mode #2901
• [Multi-Tenant] Add a public name, api secret to tenants #2932
• [Multi-Tenant] Remove Kratos requirement #3107
• [Multi-tenant Rafiki] Update all resources to have a tenantId foreign key #2894
• Different endpoints per tenant #2899
• Create tenant Admin API #2900
• Backend Admin API middleware to verify session token; add tenantId to context #2916
• Update WalletAddress Response to include tenantId in path #2925
• Add tenantId to OP paths #2926
• [Multi-Tenant] Filter OP resources by tenantId in Admin API calls #2929
• [Multi-Tenant] Fix tests & github actions on feature branch #2972
• [Multi-Tenant] Add tests to existing tenant services/resolvers #3020

Backlog/Potential Future Changes

• [Multi-Tenant] getOrCreateConnection method in Database Connections Service #3105
• [Multi-Tenant] Stub out Database Connections Service #3104