[EnMasse] EnMasse multitenancy roles

[Ulf Lilleengen]

Hi,

Resending this as 3 of us were not subscribed to the list.

After our discussion yesterday, I've tried to collect my thoughts on 
multitenancy. In our past discussions there have been sort of 2 views on 
multitenancy: one where multitenancy is handled within the dispatch 
router, and one with multiple isolated router networks. As Rob mentioned 
(and I agree) we should think of supporting both.

I don't think took into account supporting isolated and non-isolated 
tenants when we discussed this earlier. And I'm not sure if we should 
think of it as just 1 role or 2 roles externally:

* Client - connects to the messaging endpoint
* Tenant - Manages one address space
(* Instance - Have 1 or more tenants)
* Messaging operator - Manages EnMasse instances and tenants
* OpenShift operator - Manages OpenShift

Instances are isolated into separate OpenShift namespaces, while a 
tenant may share the same instance (routers and possibly brokers) with 
other tenants.

Does it make sense to think of it this way? With this definition we have 
support for multiple instances today, but not multiple tenants within 
the same instance.

We expose the ability to create and manage instances, but would also 
need to support another dimension in the addressing API for tenants 
(instance/foo/tenant/bar/address ?). Another approach would be to 
replace this API with something that allows you to create tenants and 
specify isolation as a property on the tenant resource.

-- 
Ulf