[jira] [Created] (JAMES-4085) BlobStore multi-tenancy

Sun, 03 Nov 2024 18:36:07 -0800 

Tran Hong Quan created JAMES-4085:
-------------------------------------

             Summary: BlobStore multi-tenancy
                 Key: JAMES-4085
                 URL: https://issues.apache.org/jira/browse/JAMES-4085
             Project: James Server
          Issue Type: Improvement
            Reporter: Tran Hong Quan


h2. Why?

James does not have blob store isolation between domains as of today.

We should implement an option to turn on multi-tenancy for our blob store.

That way blobstore could implement different isolation strategies for tenants 
(configurable):

 - buckets as today - good for few tenants after all.
 - distinct prefixes
 - AES key derivation CF https://github.com/linagora/james-project/issues/5262

Note that AES SSE-C isollation strategy cannot be applied with deduplication as 
several tenants might store the same blob and override each other keys.
h2. How?
h3. ### Refactor existing API

Refactor API of the blobstore:

Create a new pojo `record Tenant(String name)`
Create a new pojo `record Bucket(BucketName name, Optional<Tenant> tenant)`
Add methds for `BlobStore` and `BlobStoreDAO` passing `Bucket` and `BlobId`), 
provide default methods for Bucketname supplying a Bucket with no tenant.

Then each blobStore can implement the isolation it wishes - or not!
h3. ### Memory blobStore DAO multitenancy

Derive a bucketname per tenant within internal storage.
h3. ### S3

Configuration:

```
multi-tenancy.mode=none|bucket|ssec|prefix
```

Definition of done:
 - [ ] Documentation
 - [ ] Basic unit tests
h3. #### bucket

Derive a bucketname per tenant within internal storage. (IE what PG does but 
done within S3BlobStoreDAO)

GC is likely broken and shall be tested with this mode...
h3. #### ssec

Feed the sse c salt with the tenant.

Should fail with deduplicating blobStore.
h3. #### prefix

Derive the object key within S3 adding the prefix as needed

**This interact with the GC!!!**. We shall make sure the GC, when listing only 
takes the last part of the s3Key IE given `prefix/ABC` the GC only uses ABC as 
a blobID.
h3. ### file

Derive a folder per tenant.

Test GC with this too.
h3. ### PGSQL

Derive a bucketname per tenant within internal storage. (IE what PG does but 
done within 
[PostgresBlobStoreDAO](https://github.com/apache/james-project/blob/postgresql/server/blob/blob-postgres/src/main/java/org/apache/james/blob/postgres/PostgresBlobStoreDAO.java))

Test GC with this too.
h3. ### Cassandra

Tenant isolation strategies do not make sense here...



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to