UNOMI-958: Extend tenant usage API and add event retention purge#811
Merged
Conversation
Operators and upstream control planes need read-only usage metrics per tenant.
Unomi measures usage; plan limits stay outside the CDP. This adds GET /tenants/{id}/usage,
replaces internal monitoring/quota services, and hardens tenant-scoped REST security.
Expand the per-tenant usage snapshot for upstream reconcile jobs (monthly events, scope counts, per-scope breakdown) and add a tenant-scoped event purge endpoint. Add service, REST, and integration test coverage.
… RBAC RuntimeExceptionMapper now preserves WebApplicationException status/message instead of collapsing every thrown WebApplicationException to a 500, fixing validation error responses on TenantEndpoint and TaskEndpoint. Removed a broken TenantIT test that sent tenant private-key credentials to a JAAS-only auth path, which produced repeated failed JAAS logins with knock-on effects on later tests in the shared container. TaskEndpoint now accepts TENANT_ADMINISTRATOR in addition to ADMINISTRATOR, matching the pattern already used by TenantEndpoint's usage/purge endpoints; scheduled tasks are tenant-scoped at the persistence layer so this doesn't weaken isolation. Also fixes two tenant-scoping gaps in the in-memory persistence test double (queryCount, calculateStorageSize) and adds regression coverage for tenant usage isolation and the exception mapper fix.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Plain-language summary
Multi-tenant operators could not see how much each customer was using Unomi (profiles, events, scopes, storage, and similar). Upstream billing and plan tools need a supported way to read that usage and, for retention policies, to delete old events per tenant without talking to the search cluster directly.
This change adds a read-only usage API and a tenant-scoped event purge API on the tenant REST endpoints. It also removes old quota code that suggested Unomi enforced limits when it did not. Tenant admins can manage their own tenant; platform admins can manage any tenant.
What changed
GET /cxs/tenants/{tenantId}/usagewith monthly event counts, scope totals, per-scope segment/rule breakdown, active API key count, andperiodStart/periodEnd.period=current-month(default),YYYY-MM, and legacy24h(same as current month).POST /cxs/tenants/{tenantId}/purge/events?retentionDays=Nfor tenant-scoped event retention (minimum 7 days).TenantScopeUsage,TenantEventPurgeResult, and expandTenantUsageService/TenantUsageServiceImpl.ResourceQuotaand replaceTenantMonitoringService/TenantQuotaService.@RequiresTenanton tenant-scoped routes, class/method role resolution inSecurityFilter.KarafSecurityService.clearCurrentSubject()to clear the request subject correctly.Test plan
mvn -pl services -Dmaven.build.cache.enabled=false test -Dtest=TenantUsageServiceImplTest(19 tests)mvn -pl rest -Dmaven.build.cache.enabled=false test -Dtest=TenantEndpointTest(7 tests)mvn -pl rest test -Dtest=SecurityFilterTestmvn -pl services-common test -Dtest=KarafSecurityServiceTestmvn -pl api,services,rest,services-common,itests -am test-compileTenantITusage and purge coverage)References
UNOMI-958