This repository contains the sample implementation for the multi-tenant spring-boot application. The code uses the discriminator column with DB row-level security to achieve isolation of tenants on the shared database. The HashiCorp vault has the feature to rotate the database credentials for improving database security. The application uses the spring vault to fetch the DB credentials periodically from the HashiCorp vault. The spring-boot application uses PostgreSQL as a database.
- Based on Spring Boot
- Based on HashiCorp Vault
- Requires Java 8+, Docker, Docker-Compose, Apache Maven, JQ
-
Use the following command to start the services required by the spring-boot application.
$ docker-compose up -d
-
Check the status of the services with the following command. Wait till all containers are in a healthy state.
$ docker-compose ps
-
Unseal the vault using the following command.
$ sh unseal-vault-enable-approle-databases.sh
-
Export the root token for the vault.
$ export VAULT_ROOT_TOKEN=...
-
Run the following script.
$ sh setup-spring-vault-approle-postgresql.sh
-
Run the DB script to create the tables and policies.
$ psql -U spring -h localhost -p 7358 -d springvault -f db_script.sql
-
Use the following command to run the spring-boot application.
$ ./mvnw spring-boot:run
-
Add a student to the database for tenant1.
$ curl 'http://localhost:8080/api/students' \ --header 'X-TenantID: tenant1' \ --header 'Content-Type: application/json' \ --data-raw '{ "firstName" : "John", "lastName": "Doe"}'
-
Fetch all students of tenant1.
$ curl --location --request GET 'http://localhost:8080/api/students' \ --header 'X-TenantID: tenant1'
-
Fetch all students of tenant2.
$ curl --location --request GET 'http://localhost:8080/api/students' \ --header 'X-TenantID: tenant2'
-
To stop the docker-compose deployment, use the following command.
$ docker-compose down -v