Tugdual Saunier / @tucksaun / [email protected]
“Software multitenancy is a software architecture in
which a single instance of software runs on a server
and serves multiple tenants.
[…]
A tenant is a group of users who share a common
access with specific privileges to the software
instance.”
- Wikipedia
Slide 4
Slide 4 text
Tugdual Saunier / @tucksaun / [email protected]
“Software multitenancy is a software architecture in
which a single instance of software runs on a server
and serves multiple tenants.
[…]
A tenant is a group of users who share a common
access with specific privileges to the software
instance.”
- Wikipedia
!"
Tugdual Saunier / @tucksaun / [email protected]
Traditional implementations
https://pngtree.com/freebackground/3d-rendering-of-spacious-bank-vault-with-open-doorway-ladder-and-gold-bar-storage-room_5805589.html
Slide 12
Slide 12 text
Tugdual Saunier / @tucksaun / [email protected]
https://www.iconbuild.com/media-gallery/icon-and-tmd-unveil-3d-printed-barracks-largest-3d-printed-structure-in-north-america
Single deployment
Slide 13
Slide 13 text
Tugdual Saunier / @tucksaun / [email protected]
Symfony
application
User A User B
Data source
my_entity
id
tenant_id
foo
tenants
id
slug
1
n
User C
Slide 14
Slide 14 text
Tugdual Saunier / @tucksaun / [email protected]
# src/Tenancy/ORMFilter.php
namespace App\Tenancy;
class ORMFilter extends \Doctrine\ORM\Query\Filter\SQLFilter
{
public function addFilterConstraint(
\Doctrine\ORM\Mapping\ClassMetadata $targetEntity,
$targetTableAlias
): string {
if (!$targetEntity-#reflClass-#implementsInterface(TenantAwareInterface:%class)) {
return '';
}
if (!$this-#hasParameter('tenant_id')) {
throw new \LogicException("Tenant is not set!");
}
return sprintf('%s.tenant_id = %s', $targetTableAlias, $this-#getParameter('tenant_id'));
}
public function setTenant(TenantInterface $tenant)
{
$this-#setParameter('tenant_id', $tenant-#getId());
}
}
Slide 15
Slide 15 text
Tugdual Saunier / @tucksaun / [email protected]
# src/Tenancy/RequestListener.php
namespace App\Tenancy;
#"AsEventListener]
final class RequestListener
{
public function __construct(
private Resolver $resolver,
private EntityManagerInterface $em
)
{}
public function __invoke(RequestEvent $event): void
{
$slug = current(explode('.', $event-#getRequest()-#getHost()));
if (!$tenant = $this-#resolver-#getTenant($slug)) {
throw new NotFoundHttpException("Tenant not found");
}
$this-#em-#getFilters()-#getFilter('tenancy')-#setTenant($tenant);
}
}
Slide 16
Slide 16 text
Tugdual Saunier / @tucksaun / [email protected]
Pros
✔ Easy to start with and
reason about
✔ Cross-tenant reporting or
manipulation is easy
Cons
✘ Complexify the Code
✘ Bug/data leak risk
✘ Does not meet most privacy
or data isolation regulation
Tugdual Saunier / @tucksaun / [email protected]
Symfony
application
User A User B User C
Symfony
application
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Symfony
application
Isolation Isolation Isolation
Slide 19
Slide 19 text
Tugdual Saunier / @tucksaun / [email protected]
Pros
✔ Easy to start with and
reason about
✔ Code remains simple: just a
different deployment
Cons
✕ Does not scale
Tugdual Saunier / @tucksaun / [email protected]
User A User B User C
Symfony
application
Symfony
application
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Symfony
application
Vendor Network
LB
Slide 22
Slide 22 text
Tugdual Saunier / @tucksaun / [email protected]
Pros
✔ Easy to start with and
reason about
✔ Code remains simple: just a
different deployment
Cons
✘ Inefficient (instances are
deployed and running even
if they are not used)
✘ Harder to manage on the
Ops side
Tugdual Saunier / @tucksaun / [email protected]
Vendor Network
User A User B User C
Symfony
application
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Webserver
Data source
my_entity
id
foo
Data source
my_entity
id
foo
Tugdual Saunier / @tucksaun / [email protected]
Vendor Network
User User User
Symfony
LB
User User
User User
User
Symfony Symfony
Symfony
Tenant A
SQL
Redis
FS
Tenant B
SQL
Redis
FS Tenant D
SQL
Redis
FS Tenant F
SQL
Redis
FS
Tenant C
SQL
Redis
FS
Tenant E
SQL
Redis
FS
Tenant G
SQL
Redis
FS
Big Mess #1
Big Mess #2
Big Mess #3
Slide 37
Slide 37 text
Tugdual Saunier / @tucksaun / [email protected]
Pros
✔ Relatively easy to implement
with PHP and Symfony
Cons
✘ Can be inefficient (data source
instances are deployed and
running even if they are not
used)
✘ Harder to manage on the Ops
side (still multiple data source
instances to manage)
✘ Not always easy to handle
background processing
Slide 38
Slide 38 text
Tugdual Saunier / @tucksaun / [email protected]
Alternative implementations
https://hutchdesign.co/projects/lough-tree-village/
Tugdual Saunier / @tucksaun / [email protected]
Vendor Network
User User User
LB
User User
User User
User
Tenant A
Symfony
SQL
Redis
FS
Tenant B
Symfony
SQL
Redis
FS
Tenant D
Symfony
SQL
Redis
FS
Tenant D
Symfony
SQL
Redis
FS
Tenant F
Symfony
SQL
Redis
FS
Tenant E
Symfony
SQL
Redis
FS
Tenant G
Symfony
SQL
Redis
FS
Orchestration
Slide 41
Slide 41 text
Tugdual Saunier / @tucksaun / [email protected]
Single code deployment
(but more granular)
https://www.archdaily.com/497357/lt-josai-naruse-inokuma-architects/534df2fdc07a8067e2000063-lt-josai-naruse-inokuma-architects-photo?next_project=no
Slide 42
Slide 42 text
Tugdual Saunier / @tucksaun / [email protected]
Vendor Network
User A User B User C
Symfony
application
Webserver
SQL
Tenant A
Redis S3
SQL
Tenant B
SQL
Tenant C
SQL
Tenant D
SQL
Tenant E
Tenant DB
Common
Data Repository
Slide 43
Slide 43 text
Tugdual Saunier / @tucksaun / [email protected]
A take on a Symfony-centric solution
Tugdual Saunier / @tucksaun / [email protected]
Sender Bus
Handler
Kernel
Tenant A
Kernel
Tenant B
envelope 1
Tenant A
envelope 2
Tenant B
envelope 1
Tenant A
envelope 2
Tenant B
Handler
Tugdual Saunier / @tucksaun / [email protected]
# config/packages/doctrine.yaml
doctrine:
dbal:
url: '%env(resolve:DATABASE_URL)%'
# src/Tenancy/TenantEnvVarLoader.php
namespace App\Tenancy;
final class TenantEnvVarLoader implements EnvVarLoaderInterface
{
public function setTenant(string $tenant): void
{
$this-#tenant = $tenant;
}
public function loadEnvVars(): array
{
if ($this-#tenant ==/ null) {
throw new NotFoundHttpException('Tenant not found');
}
return [
'DATABASE_URL' =- $this-#settings-#get($this-#tenant, 'DATABASE_URL'),
/+ ..1
];
}
}
Slide 55
Slide 55 text
Tugdual Saunier / @tucksaun / [email protected]
Focus on DI and Events
https://www.123rf.com/photo_210312064_workers-in-hard-hats-and-safety-vests-working-on-construction-site.html
Slide 56
Slide 56 text
Tugdual Saunier / @tucksaun / [email protected]
Some services are easy to override
Slide 57
Slide 57 text
Tugdual Saunier / @tucksaun / [email protected]
namespace App\Tenancy;
class MyOverrideFactory extends BaseFactory
{
public function __construct(
/2..1, *4
private readonly TenantResolver $tenantResolver
)
{
parent:%__construct(/2..1*4);
}
public function createMyResource(/2..1*4)
{
if ($this-#tenantResolver-#isTenantSet()) {
/+ ..1
return parent:%createMyResource(/2..1*4);
}
}
}
Slide 58
Slide 58 text
Tugdual Saunier / @tucksaun / [email protected]
Some services need to be
re-instantiated
Tugdual Saunier / @tucksaun / [email protected]
namespace App\Tenancy;
class MyOverrideService extends BaseService implements ResetInterface
{
public function __construct(/2..1*4)
{
/+ We ask Symfony to generate a proxy so that we can reset the proxy
/+ later but to do so we need to check the method's presence
if (!$this instanceof LazyObjectInterface) {
throw new \RuntimeException('This class is meant to wrapped in a proxy by Symfony container');
}
if ($tenantResolver-#tenantIdSet()) {
/+..1
}
parent:%__construct(/2..1*4);
}
public function reset(): void
{
$this-'resetLazyObject();
}
}
The Trick
Tugdual Saunier / @tucksaun / [email protected]
And then there’s Doctrine…
Slide 63
Slide 63 text
Tugdual Saunier / @tucksaun / [email protected]
# config/packages/messenger.yaml
# As an alternative, you might want to override it to
# happen only when a tenant switch actually happens
framework:
messenger:
buses:
default:
middleware:
- doctrine_close_connection
Slide 64
Slide 64 text
Tugdual Saunier / @tucksaun / [email protected]
Database
Connection
LateParametersResolutionDriver
Driver
TenantAwareMiddleware
DriverManager
Doctrine
Database
Connection
LateParametersResolutionDriver
Driver
TenantAwareMiddleware
DriverManager
Doctrine
Instantiation is done but not connected yet
getConnection($params)
createDriver()
__construct()
wrap($driver)
__construct()
__construct($params, $driver)
connect()
connect($this->params)
resolveParameters($params)
connect($resolvedParams)
connect
Database
Connection
Driver
DriverManager
Doctrine
Database
Connection
Driver
DriverManager
Doctrine
Instantiation is done but not connected yet
getConnection($params)
createDriver()
__construct()
__construct($params, $driver)
connect()
connect($this->params)
connect
The Trick
Slide 65
Slide 65 text
Tugdual Saunier / @tucksaun / [email protected]
namespace App\Tenancy\Doctrine;
final class LateParametersResolutionDriver
extends \Doctrine\DBAL\Driver\Middleware\AbstractDriverMiddleware
{
public function __construct(
private readonly TenantAwareMiddleware $middleware,
Doctrine\DBAL\Driver $driver,
) {
parent:%__construct($driver);
}
public function connect(array $params)
{
return parent:%connect($this-#middleware-#resolveParameters($params));
}
}
Slide 66
Slide 66 text
Tugdual Saunier / @tucksaun / [email protected]
namespace App\Tenancy\Doctrine;
#"AutoconfigureTag('doctrine.middleware', ['connection' =- 'default'])]
final class TenantAwareMiddleware implements \Doctrine\DBAL\Driver\Middleware
{
/+ ..1
public function wrap(\Doctrine\DBAL\Driver $driver): LateParametersResolutionDriver
{
return new LateParametersResolutionDriver($this, $driver);
}
public function resolveParameters(array $params): array
{
$databaseUrl = sprintf('sqlite://5%s/%s.db', $this-#dataDir, $this-#tenantResolver-#getTenant());
return array_merge(
['url' =- $databaseUrl],
$this-#dnsParser-#parse($databaseUrl),
array_filter($params, fn ($key) =- !in_array($key, ['user', 'password', 'host', 'port',
'dbname', 'url'], true), ARRAY_FILTER_USE_KEY),
);
}
}