Skip to main content

Multiple Tenant

Overview​

YedMQ's multiple tenant feature provides a robust and secure way to support multiple organizations on a single message broker infrastructure. This architecture ensures complete isolation between different tenants while maximizing resource utilization and reducing operational overhead.

By default, YedMQ uses the public tenant ID for all connections that do not specify a tenant.

Key Features​

Tenant Isolation​

  • Namespace Isolation: Each tenant gets a dedicated namespace for their topics. Topics and messages in one tenant are completely invisible to others.
  • Connection Isolation: Client sessions are isolated by tenant ID. A client ID only needs to be unique within a single tenant.
  • REST API Support: YedMQ provides tenant-scoped REST API endpoints, allowing for fine-grained management of topics, sessions, and messages for each tenant.

Default Tenant​

If no tenant ID is provided during the authentication process, YedMQ assigns the connection to the default tenant named public. This ensures backward compatibility with standard MQTT clients and simplified setups where multi-tenancy is not required.

How to Set Tenant ID​

YedMQ implements multi-tenant management primarily through its Authentication Plugin.

When a new MQTT client attempts to establish a connection, the Authentication Plugin intercepts the process. Based on the client's identity (username, client ID, certificate, etc.), the plugin can return a tenant_id to the broker.

Authentication Process​

  1. Connection Parameter Parsing: The plugin receives connection details including Client ID, Username, Password, and Client IP.
  2. Tenant Identification: The plugin logic determines which tenant the client belongs to.
  3. Returning Tenant ID: The plugin returns an AuthenticateResponse containing the tenant_id.

Example (Proto definition):

message AuthenticateResponse { 
    bool authenticated = 1; 
    // ...
    optional string tenant_id = 5; // The ID of the tenant
}

Dynamic Tenant Creation​

Tenants in YedMQ are created dynamically. When a client connects with a new tenant_id (authorized by the plugin) or when a subscription is made for a new tenant, YedMQ automatically initializes the necessary internal structures for that tenant.

REST API Integration​

All tenant-related resources are accessible via the REST API using the tenant ID in the path:

  • GET /api/v1/:tenant_id/clients: List clients in a tenant.
  • GET /api/v1/:tenant_id/topics: List topics in a tenant.
  • GET /api/v1/:tenant_id/messages/retained: List retained messages for a tenant.
  • POST /api/v1/:tenant_id/messages: Publish a message to a tenant's topic.