I am running the Camunda Spring boot application with Shared Process Definition and the process is attached to a tenant during execution. So a process instance will require the same tenant for all REST API calls like to retrieve or to update the process and tasks in the process.
Now the problem I am facing is in writing the External Task Client. From the external task client, I have to pass the tenant for which I want to poll the task. I have multiple tenants (more than 20), so I do not want to create multiple clients and open long polling connections to process engine.
Has anyone tried the external task client in case of Mulit-Tenancy, then let me know if there is any elegant way to poll the tasks for all tenants?
Hi,
Were you able to implement this feature? I have a similar requirement and your analysis would really help me.
Thanks in advance !
Multi-Tenancy is a must for my product, so I left the idea of External Task Client. Because there was no way to poll tasks for all the tenants for me. As tenant id is added with each rest call so I can poll for tasks only attached to the tenantId passed in the polling call.
In any case, my services are not going to receive tasks regularly, so I do not like the idea of an external client creating a long polling connection with the camunda engine to poll for tasks.
Rather I am dependent on REST APIs of my microservices. Any microservice which wants to provide a task and be part of a workflow, then that service has to provide a Rest endpoint to start the task.
I have a generic Java Delegate class, which hits that rest endpoint. My all microservices are secured with JWT token and Tenant aware.
When I deploy a process then it does not belong to any tenant and can be started with any tenant.
But when I start a process then I have to provide a tenant and then that process execution is attached with that tenant. In that case, all the tasks involved in the workflow also take the Tenant as Input and hits the other microservice with the same tenantId. This way I ensure that the process instance is secured and working in the tenant boundary.
For example: If a process execution starts with Tenant1 then all the User tasks have to be performed by the user belonging to / having access to Tenant1. Similarly, all the Microservices involved as Service Task in this process need to call start endpoint with Tenant1 and the microservice should function within the tenant boundary.
1 Like
Thank you for the explanation