SaaSのマルチテナント実現方法 / Multitenancy implementation method of SaaS

Transcript

1. SaaSͷ Ϛϧνςφϯτ࣮ݱํ๏ @neko-neko

2. ࠓ೔࿩͢͜ͱ • SaaSͷιϑτ΢ΣΞఏڙํ๏ • Ϛϧνςφϯτͷ࣮ݱํ๏

3. ࠓ೔࿩͢͜ͱ • SaaSͷιϑτ΢ΣΞఏڙํ๏ • Ϛϧνςφϯτͷ࣮ݱํ๏

4. SaaSʹ͓͚Διϑτ΢ΣΞ ఏڙํ๏͸2ͭ

5. SaaSͷιϑτ΢ΣΞఏڙํ๏ • γϯάϧςφϯτ • Ϛϧνςφϯτ • ΞϓϦέʔγϣϯڞ༗/DB෼ׂܕ • ΞϓϦέʔγϣϯ/DBڞ༗ܕ

6. SaaSͷιϑτ΢ΣΞఏڙํ๏ • γϯάϧςφϯτ • Ϛϧνςφϯτ • ΞϓϦέʔγϣϯڞ༗/DB෼ׂܕ • ΞϓϦέʔγϣϯ/DBڞ༗ܕ

7. γϯάϧςφϯτͬͯʁ

8. ΞϓϦέʔγϣϯΛݸผͷ؀ڥ Ͱར༻͢ΔϞσϧ

9. • ސ٬ຖʹސ٬ઐ༻ͷαʔϏεͱDBΛ༻ҙ͢Δ • ઐ༗؀ڥΛ༻ҙ͢ΔͷͰߴίετ • ϥϯχϯάίετɺӡ༻ίετͰࢮΜͰ͠·͏

10. SaaSͷιϑτ΢ΣΞఏڙํ๏ • γϯάϧςφϯτ • Ϛϧνςφϯτ • ΞϓϦέʔγϣϯڞ༗/DB෼ׂܕ • ΞϓϦέʔγϣϯ/DBڞ༗ܕ

11. Ϛϧνςφϯτͬͯʁ

12. ΞϓϦέʔγϣϯΛಉ͡؀ڥͰڞ༗ར༻͢Δ Ϟσϧ

13. • ෳ਺ͷސ٬͕1ͭͷ؀ڥΛڞ༻͢Δ • γϯάϧςφϯτͱൺֱͯ͠ϥϯχϯάίε τ΋ӡ༻ίετ΋άοͱ཈͑ΒΕΔ • ੈͷSaaS͸΄ͱΜͲ͜Ε

14. ϚϧνςφϯτΞʔΩςΫνϟ Ҿ༻ݩ: https://www.ibm.com/developerworks/jp/cloud/library/cl-multitenantsaas/index.html

15. SaaSͷιϑτ΢ΣΞఏڙํ๏ • γϯάϧςφϯτ • Ϛϧνςφϯτ • ΞϓϦέʔγϣϯڞ༗/DB෼ׂܕ • ΞϓϦέʔγϣϯ/DBڞ༗ܕ

16. ΞϓϦέʔγϣϯڞ༗ɺDB෼ׂܕ

17. • ϝϦοτ • ؅ཧָ͕ • ༰қʹ৘ใ࿙͍͑Λ๷͙ͨΊͷϑΟϧλ৚݅Λ૊ΊΔ • σϝϦοτ • ࿦ཧతʹDBΛ෼ׂ͍ͯ͠Δέʔε(databaseΛސ٬ຖʹ༻ҙ͢Δํ๏΍εΩʔϚΛސ٬

    ຖʹ༻ҙ͢Δํ๏) • ސ٬਺ͷ૿ՃͰςʔϒϧ਺͕૿͑ΔͨΊDBϚΠάϨʔγϣϯ࣮ߦ͕࣌ؒ૿͑Δ • ςφϯτຖʹεΩʔϚ͕ҟͳΔλΠϛϯά͕௕͍࣌ؒى͖ಘΔ • ສ͕ҰϚΠάϨʔγϣϯ͕ࣦഊͨ࣌͠ͷϦΧόϦ͕खؒ

18. SaaSͷιϑτ΢ΣΞఏڙํ๏ • γϯάϧςφϯτ • Ϛϧνςφϯτ • ΞϓϦέʔγϣϯڞ༗/DB෼ׂܕ • ΞϓϦέʔγϣϯ/DBڞ༗ܕ

19. ΞϓϦέʔγϣϯɺDBڞ༗ܕ

20. • ϝϦοτ • γϯϓϧΏ͑ʹ؅ཧָ͕ • γεςϜશମͷςʔϒϧ૯਺΋཈͑ΒΕΔ • σϝϦοτ • DB෼ׂܕͱൺ΂ͯ৘ใ࿙͍͑Λ๷͙ͨΊͷϑΟϧλΛ૊ΉͷΛߟྀ͠ͳ͘

    ͯ͸͍͚ͳ͍ • ୯७ʹݸʑͷॲཧʹରͯ͠ϑΟϧλ৚݅Λ૊ΈࠐΉͱɺ࿙Ε͕ى͖ͨ࣌ ʹॏେͳηΩϡϦςΟϗʔϧͱͳΓಘΔ • ސ٬਺ͷ૿ՃͰγεςϜશମͷϨΠςϯγ͕ѱԽ͢Δ

21. ͔͜͜Β͕ࠓ೔ͷຊ୊

22. ࠓ೔࿩͢͜ͱ • SaaSͷιϑτ΢ΣΞఏڙํ๏ • Ϛϧνςφϯτͷ࣮ݱํ๏

23. ΞϓϦέʔγϣϯڞ༗/ DB෼ׂܕΛ࣮ݱ͢Δ৔߹

24. ΞϓϦέʔγϣϯڞ༗ɺDB෼ׂܕ • Ҋ1: ςφϯτຖʹεΩʔϚ͔databaseΛ෼ ׂ͢Δ • Ҋ2: ϝΠϯςʔϒϧΛ༻ҙ͠ɺςφϯτຖ ʹViewΛ༻ҙ͢Δ

25. ΞϓϦέʔγϣϯڞ༗ɺDB෼ׂܕ • Ҋ1: ςφϯτຖʹεΩʔϚ͔databaseΛ෼ ׂ͢Δ • Ҋ2: ϝΠϯςʔϒϧΛ༻ҙ͠ɺςφϯτຖ ʹViewΛ༻ҙ͢Δ

26. ςφϯτຖʹεΩʔϚ͔DB෼ׂ CREATE SCHEMA tenant1; CREATE TABLE tenant1.blogs ( id bigserial

    NOT NULL PRIMARY KEY, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, );

27. ςφϯτຖʹεΩʔϚ͔DB෼ׂ CREATE SCHEMA tenant1; CREATE TABLE tenant1.blogs ( id bigserial

    NOT NULL PRIMARY KEY, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); ςφϯτຖʹεΩʔϚΛ༻ҙͯ͠ ςʔϒϧΛ࡞੒

28. ΞϓϦέʔγϣϯڞ༗ɺDB෼ׂܕ • Ҋ1: ςφϯτຖʹεΩʔϚ͔databaseΛ෼ ׂ͢Δ • Ҋ2: ϝΠϯςʔϒϧΛ༻ҙ͠ɺςφϯτຖ ʹViewΛ༻ҙ͢Δ

29. ςφϯτຖʹViewΛ༻ҙ͢Δ CREATE TABLE public.blogs ( id bigserial NOT NULL PRIMARY

    KEY, tenant_id bigint NOT NULL, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); CREATE SCHEMA tenant1; CREATE VIEW tenant1.blogs AS SELECT * FROM public.blogs WHERE tenant_id::text = current_setting('application_name');

30. ςφϯτຖʹViewΛ༻ҙ͢Δ CREATE TABLE public.blogs ( id bigserial NOT NULL PRIMARY

    KEY, tenant_id bigint NOT NULL, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); CREATE SCHEMA tenant1; CREATE VIEW tenant1.blogs AS SELECT * FROM public.blogs WHERE tenant_id::text = current_setting('application_name'); ςφϯτຖʹεΩʔϚΛ༻ҙ͢Δͷ͸มΘΒͳ ͍͕ɺ7JFXΛ࢖ͬͯՄࢹੑͷ੍ݶΛߦ͏ɻ
    ςφϯτͷૢ࡞͸7JFXͷΈΛ௨ͯ͡$36%͢Δ͜ ͱͰ҆શʹσʔλΛѻ͑Δ

31. ΞϓϦέʔγϣϯ/DBڞ༗ܕ Λ࣮ݱ͢Δ৔߹

32. ΞϓϦέʔγϣϯ/DBڞ༗ܕ • Ҋ1: ۪௚ʹςφϯτͷϦιʔε͔ϦΫΤετ ຖʹνΣοΫ • Ҋ2: ςφϯτຖͷViewΛ༻ҙ͢Δ • Ҋ3:

    RLS(Row Level Security)Λ࢖͏

33. ΞϓϦέʔγϣϯ/DBڞ༗ܕ • Ҋ1: ۪௚ʹςφϯτͷϦιʔε͔ϦΫΤετ ຖʹνΣοΫ • Ҋ2: ςφϯτຖͷViewΛ༻ҙ͢Δ • Ҋ3:

    RLS(Row Level Security)Λ࢖͏

34. ςφϯτຖʹཁٻϦΫΤετ͕ ਖ਼͍͠είʔϓ͔֬ೝ id := req.params(“id”) if !model.validScope(id) { return permissionDenied

    } // something to do…

35. • ͦͩ͘Δ͍ • ݱ࣮͸͜Μͳγϯϓϧʹ͸ऩ·Βͳ͍ • ສ͕Ұ࿙Ε͕͋ͬͨ৔߹ɺॏେͳηΩϡϦςΟ ϗʔϧʹͳΔ • ਓ͸ϛε͢Δ΋ͷɻݕग़࿙Ε͕ݕ஌ͮ͠Β͍(ςε τέʔε͔Β΋࿙ΕΔՄೳੑ͕͋Δ)

36. ΞϓϦέʔγϣϯ/DBڞ༗ܕ • Ҋ1: ۪௚ʹςφϯτͷϦιʔε͔ϦΫΤετ ຖʹνΣοΫ • Ҋ2: ςφϯτຖͷViewΛ༻ҙ͢Δ • Ҋ3:

    RLS(Row Level Security)Λ࢖͏

37. ςφϯτຖʹViewΛ༻ҙ͢Δ CREATE TABLE public.blogs ( id bigserial NOT NULL PRIMARY

    KEY, tenant_id bigint NOT NULL, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); CREATE VIEW public.tenant1_blogs AS SELECT * FROM public.blogs WHERE tenant_id::text = current_setting('application_name');

38. • UPDATE/DELETE࣌͸Viewʹରͯ͠ߦ͏ • INSERT͸௚઀େݩͷςʔϒϧʹରͯ͠ߦ͏ • ސ٬ຖʹViewΛ༻ҙ͢Δ͜ͱʹ͸ͳΔ͕ɺ࣮ ૷͸ָͪΜ

39. ΞϓϦέʔγϣϯ/DBڞ༗ܕ • Ҋ1: ۪௚ʹςφϯτͷϦιʔε͔ϦΫΤετ ຖʹνΣοΫ • Ҋ2: ςφϯτຖͷViewΛ༻ҙ͢Δ • Ҋ3:

    RLS(Row Level Security)Λ࢖͏

40. RLSͬͯʁ

41. Row Level Security • ߦ୯ҐηΩϡϦςΟ • ߦຖʹϨίʔυͷࢀর/ૠೖ/ߋ৽/࡟আΛ੍ݶ͢Δ͜ͱ͕ग़དྷΔ • ϙϦγʔʹϚον͠ͳ͍৔߹
 ࢀর:

    ֘౰ͷϨίʔυ͕ฦ٫͞Εͳ͍
 ͦΕҎ֎: ࣮ߦग़དྷͳ͍ • ϙϦγʔ͸SUPERUSER΋͘͠͸BYPASSRLS͕Ξλον͞Εͯ ͍Δϩʔϧͷ৔߹ແࢹ͞ΕΔ

42. ࢼͯ͠ΈΔ CREATE TABLE public.blogs ( id bigserial NOT NULL PRIMARY

    KEY, tenant_id bigint NOT NULL, title text NOT NULL ); CREATE POLICY blogs_policy ON public.blogs FOR ALL TO app_user USING (tenant_id::text = current_setting(‘application_name', FALSE)); ALTER TABLE public.blogs ENABLE ROW LEVEL SECURITY; INSERT INTO public.blogs (tenant_id, title) VALUES (1, ‘TEST1’); INSERT INTO public.blogs (tenant_id, title) VALUES (1, ‘TEST2’); INSERT INTO public.blogs (tenant_id, title) VALUES (2, ‘TEST3’); INSERT INTO public.blogs (tenant_id, title) VALUES (2, ‘TEST4’); INSERT INTO public.blogs (tenant_id, title) VALUES (3, ‘TEST5’);

43. ಈ࡞ΛݟΔ(SELECT) -- superuserͷ৔߹ select * from blogs; id | tenant_id

    | title ----+-----------+------- 1 | 1 | TEST1 2 | 1 | TEST2 3 | 2 | TEST3 4 | 2 | TEST4 5 | 3 | TEST5 -- normal userͷ৔߹ select * from blogs; id | tenant_id | title ----+-----------+------- (0 rows) -- normal userͷ৔߹(application_name: 1) SET application_name = '1'; select * from blogs; id | tenant_id | title ----+-----------+------- 1 | 1 | TEST1 2 | 1 | TEST2 (2 rows)

44. ಈ࡞ΛݟΔ(INSERT) -- superuserͷ৔߹ ໰୊ແ͘ೖΔ -- normal userͷ৔߹ INSERT INTO public.blogs

    (tenant_id, title) VALUES (1, 'TEST1'); ERROR: new row violates row-level security policy for table "blogs" -- normal userͷ৔߹(application_name: 1) SET application_name = ‘1'; INSERT INTO public.blogs (tenant_id, title) VALUES (1, 'TEST1'); INSERT 0 1 -- normal userͷ৔߹(application_name: 2) INSERT INTO public.blogs (tenant_id, title) VALUES (1, 'TEST1'); ERROR: new row violates row-level security policy for table "blogs"

45. ಈ࡞ΛݟΔ(UPDATE) -- superuserͷ৔߹ UPDATE blogs SET title='UPDATE' WHERE id =

    1; select * from blogs where id = 1; id | tenant_id | title ----+-----------+-------- 1 | 1 | UPDATE -- normal userͷ৔߹ UPDATE blogs SET title='UPDATE' WHERE id = 1; UPDATE 0 <- Ξοϓσʔτ͞Ε͍ͯͳ͍ -- normal userͷ৔߹(application_name: 1) SET application_name = '1'; UPDATE blogs SET title=‘UPDATE' WHERE id = 1; UPDATE 1 <- Ξοϓσʔτ͞Ε͍ͯΔ

46. ಈ࡞ΛݟΔ(DELETE) -- superuserͷ৔߹ ໰୊ͳ͘࡟আग़དྷΔ -- normal userͷ৔߹ DELETE FROM blogs

    WHERE id = 1; DELETE 0 <- DELETE͞Ε͍ͯͳ͍ -- normal userͷ৔߹(application_name: 1) SET application_name = ‘1’; DELETE FROM blogs WHERE id = 1; DELETE 1 <- DELETE͞Ε͍ͯΔ

47. RLS with go

48. લఏ • ֤ςʔϒϧʹtenant_idΛ࣋ͨͤΔӡ༻ʹ͢Δ • ސ٬ຖʹϩʔϧΛ࡞੒͢Δӡ༻ʹ͸͠ͳ͍ • 1ͭͷεΩʔϚͰαʔϏεͷςʔϒϧ؅ཧΛ ߦ͏

49. Table CREATE TABLE public.blogs ( id bigserial NOT NULL PRIMARY

    KEY, tenant_id bigint NOT NULL, title text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); CREATE TABLE public.posts ( id bigserial NOT NULL PRIMARY KEY, tenant_id bigint NOT NULL, title text NOT NULL, content text NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, ); -- ֎෦Ωʔͷఆٛ͸লུ -- tenant has many groups͕͋ΔલఏͰάϧʔϓͷॴଐϝϯόʔΛ؅ཧ͢Δςʔϒϧ CREATE TABLE public.group_users ( id bigserial NOT NULL PRIMARY KEY, tenant_id bigint NOT NULL, group_id bigint NOT NULL, user_id bigint NOT NULL, created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, );

50. Policy — ϙϦγʔͷఆٛ CREATE POLICY blogs_policy ON public.blogs FOR ALL

    TO app_user USING (tenant_id::text = current_setting(‘application_name', FALSE)); CREATE POLICY posts_policy ON public.posts FOR ALL TO app_user USING (tenant_id::text = current_setting('application_name', FALSE)); CREATE POLICY group_users_policy ON public.group_users FOR ALL TO app_user USING (tenant_id::text = current_setting('application_name', FALSE)); WITH CEHCK ( group_id = (SELECT id FROM groups WHERE id = group_id) AND user_id = (SELECT id FROM users WHERE id = user_id) ); —- ϙϦγʔͷ༗ޮԽ ALTER TABLE public.blogs ENABLE ROW LEVEL SECURITY; ALTER TABLE public.posts ENABLE ROW LEVEL SECURITY; ALTER TABLE public.group_users ENABLE ROW LEVEL SECURITY;

51. Go

52. Middleware(Τϥʔൈ͖) func ExampleMultitenantMiddleware(db *sql.DB) func(next http.Handler) http.Handler { return func(next

    http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() // context͔ΒݱࡏͷςφϯτIDΛऔಘͯ͠ // ίωΫγϣϯϓʔϧͷ઀ଓΛઐ༗͢Δ tenantID := context.CurrentTenantID(ctx) conn, _ := db.Conn(ctx) defer conn.Close() // ηογϣϯ͕ੜ͖͍ͯΔؒ༗ޮʹͳΔม਺ΛDB΁ηοτ // Ҏ߱ͷhandler͸ઐ༗தͷίωΫγϣϯΛ࢖ͬͯΫΤϦΛൃߦ͢Δ conn.ExecContext(ctx, fmt.Sprintf(“SET application_name=%s;”, tenantID)) next.ServeHTTP(w, r.WithContext(context.WithCurrentConnection(ctx, conn))) } return http.HandleFunc(fn) } }

53. ·ͱΊ • RLSΛ࢖͏͜ͱͰDBͷ؅ཧ͕ͦ͜·Ͱ൥ࡶʹͳΒͣ Ϛϧνςφϯτͷ࣮ݱ͕ग़དྷΔ • ϓϩμΫτॳظϑΣʔζͰ͋Ε͹ɺ͜ΕͰे෼྇͛ Δ • Ϩίʔυ਺͕૿͍͑ͯͬͨΒ֤ςʔϒϧͷ tenant_idΛ࢖ͬͯγϟʔσΟϯάΛߦ͍ෛՙରࡦ