[Multitenant] PGSQL multitenancy

[Arsnael]

After the refactoring of the base API (BlobStore and BlobStoreDAO), you need to refactor PostgresBlobStoreDAO to implement the new methods taking multitenancy per bucket into account.

DoD: Integration tests still green

[Arsnael]

Question: Does postgres implem actually does it already? I dont remember it doing it, and trying to look into the code I dont see any of it either. It looks like to me everything goes into the same default bucket name.

Or do we imply it works if rls is enabled? But even then it's more of a differentiation between domains and not really bucket name, correct?

[quantranhong1999]

Or do we imply it works if rls is enabled?

Good point.

[Arsnael]

Except I just double checked and rls is disabled for that table

[quantranhong1999]

Except I just double checked and rls is disabled for that table

Not sure why we did that. Maybe we can try to see if we can enable RLS for that table?

[vttranlina]

Not sure why we did that.

Currently, The blobStoreDAO API doen't have domain parameter input.

I remember we prefer rls for only mailbox module.

Maybe we can try to see if we can enable RLS for that table?

It can be able when input parameter is Bucket(Bucketname, Optional)

[chibenwa]

Except I just double checked and rls is disabled for that table Not sure why we did that. Maybe we can try to see if we can enable RLS for that table?

Exactly the "domain" information was not caried over.

I remember isolation was achieved by the use of distincts bockets...

[Arsnael]

I remember isolation was achieved by the use of distincts bockets...

Would like you to point out where then cause nobody in the team seems able to find that piece of code honestly ^^'

[chibenwa]

Ok after a quick code review I confirm this is unimplemented...

[Arsnael]

Configuration needed to enable/disable multitenancy per bucket or not for pgsql?

[Arsnael]

How about just enabling RLS with this table to achieve isolation per domain (aka tenant)?

[chibenwa]

How about just enabling RLS with this table to achieve isolation per domain (aka tenant)?

And what do we do for places that might store in the blobstore without a clearly identified domain IE the mailQueue?

[Arsnael]

Ok fair point