Multi tenant

auth/app/auth/AuthConfig.scala

@@ -1,8 +1,10 @@
 package auth
 
 import com.gu.mediaservice.lib.config.{CommonConfig, GridConfigResources}
+import com.gu.mediaservice.model.Instance
 
 class AuthConfig(resources: GridConfigResources) extends CommonConfig(resources) {
-  val rootUri: String = services.authBaseUri
-  val mediaApiUri: String = services.apiBaseUri
+  val rootUri: Instance => String = services.authBaseUri
+  val rootInstanceUri: Instance => String = services.authBaseInstanceUri
+  val mediaApiUri: Instance => String = services.apiBaseUri
 }

auth/app/auth/AuthController.scala

@@ -6,9 +6,11 @@ import com.gu.mediaservice.lib.auth.Authentication.{InnerServicePrincipal, Machi
 import com.gu.mediaservice.lib.auth.Permissions.{DeleteImage, ShowPaid, UploadImages}
 import com.gu.mediaservice.lib.auth.provider.AuthenticationProviders
 import com.gu.mediaservice.lib.auth.{Authentication, Authorisation, Internal}
+import com.gu.mediaservice.lib.config.InstanceForRequest
 import com.gu.mediaservice.lib.guardian.auth.PandaAuthenticationProvider
+import com.gu.mediaservice.model.Instance
 import play.api.libs.json.Json
-import play.api.mvc.{BaseController, ControllerComponents, Result}
+import play.api.mvc.{AnyContent, BaseController, ControllerComponents, Request, Result}
 
 import java.net.URI
 import java.util.Date
@@ -19,15 +21,15 @@ class AuthController(auth: Authentication, providers: AuthenticationProviders, v
                      override val controllerComponents: ControllerComponents,
                      authorisation: Authorisation)(implicit ec: ExecutionContext)
   extends BaseController
-  with ArgoHelpers {
+  with ArgoHelpers with InstanceForRequest {
 
-  val indexResponse = {
+  def indexResponse()(implicit instance: Instance) = {
     val indexData = Map("description" -> "This is the Auth API")
     val indexLinks = List(
-      Link("root",          config.mediaApiUri),
-      Link("login",         config.services.loginUriTemplate),
-      Link("ui:logout",     s"${config.rootUri}/logout"),
-      Link("session",       s"${config.rootUri}/session")
+      Link("root",          config.mediaApiUri(instance)),
+      Link("login",         config.services.loginUriTemplate(instance)),
+      Link("ui:logout",     s"${config.rootUri(instance)}/logout"),
+      Link("session",       s"${config.rootInstanceUri(instance)}/session")
     )
     respond(indexData, indexLinks)
   }
@@ -42,7 +44,10 @@ class AuthController(auth: Authentication, providers: AuthenticationProviders, v
     }
   }
 
-  def index = auth { indexResponse }
+  def index = auth { request =>
+    implicit val instance: Instance = instanceOf(request)
+    indexResponse()
+  }
 
   def session = auth { request =>
     val showPaid = authorisation.hasPermissionTo(ShowPaid)(request.user)

build.sbt

@@ -97,6 +97,7 @@ lazy val commonLib = project("common-lib").settings(
     "com.amazonaws" % "aws-java-sdk-s3" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-ec2" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-sqs" % awsSdkVersion,
+    "software.amazon.awssdk" % "sqs" % awsSdkV2Version,
     "com.amazonaws" % "aws-java-sdk-sns" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-sts" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-kinesis" % awsSdkVersion,
@@ -183,7 +184,8 @@ lazy val thrall = playProject("thrall", 9002)
       "software.amazon.awssdk" % "dynamodb" % awsSdkV2Version,
       "com.gu" %% "kcl-pekko-stream" % "0.1.0",
       "org.testcontainers" % "testcontainers-elasticsearch" % "2.0.2" % Test,
-      "com.google.protobuf" % "protobuf-java" % "3.19.6"
+      "com.google.protobuf" % "protobuf-java" % "3.19.6",
+      "software.amazon.awssdk" % "sqs" % awsSdkV2Version
     ),
     // amazon-kinesis-client 2.6.0 brings in a critically vulnerable version of apache avro,
     // but we cannot upgrade amazon-kinesis-client further without performing the v2->v3 upgrade https://docs.aws.amazon.com/streams/latest/dev/kcl-migration-from-2-3.html

collections/app/CollectionsComponents.scala

@@ -15,7 +15,7 @@ class CollectionsComponents(context: Context) extends GridComponents(context, ne
   val notifications = new Notifications(config)
 
   val collections = new CollectionsController(auth, config, collectionsStore, controllerComponents)
-  val imageCollections = new ImageCollectionsController(auth, config, notifications, imageCollectionsStore, controllerComponents)
+  val imageCollections = new ImageCollectionsController(auth, notifications, imageCollectionsStore, controllerComponents)
 
 
   override val router = new Routes(httpErrorHandler, collections, imageCollections, management)

collections/app/controllers/CollectionsController.scala

@@ -6,16 +6,18 @@ import com.gu.mediaservice.lib.argo.model.{EmbeddedEntity, Link}
 import com.gu.mediaservice.lib.auth.Authentication
 import com.gu.mediaservice.lib.auth.Authentication.getIdentity
 import com.gu.mediaservice.lib.collections.CollectionsManager
-import com.gu.mediaservice.model.{ActionData, Collection}
+import com.gu.mediaservice.lib.config.InstanceForRequest
+import com.gu.mediaservice.model.{ActionData, Collection, Instance}
 import lib.CollectionsConfig
 import model.Node
 import org.joda.time.DateTime
 import play.api.libs.functional.syntax._
 import play.api.libs.json._
-import play.api.mvc.{BaseController, ControllerComponents}
+import play.api.mvc.{BaseController, ControllerComponents, Request}
 import store.{CollectionsStore, CollectionsStoreError}
 import com.gu.mediaservice.lib.net.{URI => UriOps}
 import software.amazon.awssdk.services.dynamodb.model.AttributeValue
+import com.gu.mediaservice.lib.net.{URI => UriOps}
 
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
@@ -31,31 +33,31 @@ object AppIndex {
 }
 
 class CollectionsController(authenticated: Authentication, config: CollectionsConfig, store: CollectionsStore,
-                            val controllerComponents: ControllerComponents) extends BaseController with ArgoHelpers {
+                            val controllerComponents: ControllerComponents) extends BaseController with ArgoHelpers with InstanceForRequest {
 
   import CollectionsManager.{getCssColour, isValidPathBit, pathToUri, uriToPath}
   // Stupid name clash between Argo and Play
   import com.gu.mediaservice.lib.argo.model.{Action => ArgoAction}
 
-  def uri(u: String) = URI.create(u)
-  val collectionUri = uri(s"${config.rootUri}/collections")
-  def collectionUri(p: List[String] = Nil) = {
+  private def uri(u: String) = URI.create(u)
+  private def collectionUri()(implicit instance: Instance) = uri(s"${config.rootUri(instance)}/collections")
+  private def collectionUri(p: List[String] = Nil)(implicit instance: Instance) = {
     val path = if(p.nonEmpty) s"/${pathToUri(p)}" else ""
-    uri(s"${config.rootUri}/collections$path")
+    uri(s"${config.rootUri(instance)}/collections$path")
   }
 
-  val appIndex = AppIndex("media-collections", "The one stop shop for collections")
-  val indexLinks = List(Link("collections", collectionUri.toString))
+  private val appIndex = AppIndex("media-collections", "The one stop shop for collections")
+  private def indexLinks()(implicit instance: Instance) = List(Link("collections", collectionUri().toString))
 
-  def getNodeAction(n: Node[Collection]): Option[Link] = Some(Link("collection", collectionUri(n.fullPath).toString))
-  def addChildAction(pathId: List[String] = Nil): Option[ArgoAction] = Some(ArgoAction("add-child", collectionUri(pathId), "POST"))
-  def addChildAction(n: Node[Collection]): Option[ArgoAction] = addChildAction(n.fullPath)
-  def removeNodeAction(n: Node[Collection]): Option[ArgoAction] = if (n.children.nonEmpty) None else Some(
+  private def getNodeAction(n: Node[Collection])(implicit instance: Instance): Option[Link] = Some(Link("collection", collectionUri(n.fullPath).toString))
+  private def addChildAction(pathId: List[String] = Nil)(implicit instance: Instance): Option[ArgoAction] = Some(ArgoAction("add-child", collectionUri(pathId), "POST"))
+  private def addChildAction(n: Node[Collection])(implicit instance: Instance): Option[ArgoAction] = addChildAction(n.fullPath)
+  private def removeNodeAction(n: Node[Collection])(implicit instance: Instance): Option[ArgoAction] = if (n.children.nonEmpty) None else Some(
     ArgoAction("remove", collectionUri(n.fullPath), "DELETE")
   )
 
   def index = authenticated { req =>
-    respond(appIndex, links = indexLinks)
+    respond(appIndex, links = indexLinks()(instanceOf(req)))
   }
 
   def collectionNotFound(path: String) =
@@ -70,15 +72,16 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
   def storeError(message: String) =
     respondError(InternalServerError, "collection-store-error", message)
 
-  def getActions(n: Node[Collection]): List[ArgoAction] = {
+  def getActions(n: Node[Collection])(implicit instance: Instance): List[ArgoAction] = {
     List(addChildAction(n), removeNodeAction(n)).flatten
   }
 
-  def getLinks(n: Node[Collection]): List[Link] = {
+  private def getLinks(n: Node[Collection])(implicit instance: Instance): List[Link] = {
     List(getNodeAction(n)).flatten
   }
 
   def correctedCollections = authenticated.async { req =>
+    implicit val instance: Instance = instanceOf(req)
     store.getAll flatMap { collections =>
       val tree = Node.fromList[Collection](
         collections,
@@ -100,14 +103,15 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
     }
   }
 
-  def allCollections = store.getAll.map { collections =>
+  def allCollections()(implicit instance: Instance)= store.getAll.map { collections =>
     Node.fromList[Collection](
       collections,
       (collection) => collection.path,
       (collection) => collection.description)
   }
 
-  def getCollection(collectionPathId: String) = authenticated.async {
+  def getCollection(collectionPathId: String) = authenticated.async { request =>
+    implicit val instance: Instance = instanceOf(request)
     store.get(uriToPath(collectionPathId)).map {
       case Some(collection) =>
         val node = Node(collection.path.last, Nil, collection.path, collection.path, Some(collection))
@@ -120,7 +124,18 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
   }
 
   def getCollections = authenticated.async { req =>
-    allCollections.map { tree =>
+    implicit val instance: Instance = instanceOf(req)
+    implicit def asArgo: Writes[Node[Collection]] = (
+      (__ \ "basename").write[String] ~
+        (__ \ "children").lazyWrite[CollectionsEntity](Writes[CollectionsEntity]
+          // This is so we don't have to rewrite the Write[Seq[T]]
+          (seq => Json.toJson(seq))).contramap(collectionsEntity(_: List[Node[Collection]])) ~
+        (__ \ "fullPath").write[List[String]] ~
+        (__ \ "data").writeNullable[Collection] ~
+        (__ \ "cssColour").writeNullable[String]
+      )(node => (node.basename, node.children, node.fullPath, node.data, getCssColour(node.fullPath)))
+
+    allCollections().map { tree =>
       respond(
         Json.toJson(tree)(asArgo),
         actions = List(addChildAction()).flatten
@@ -134,6 +149,7 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
   def addChildToRoot = addChildTo(None)
   def addChildToCollection(collectionPathId: String) = addChildTo(Some(collectionPathId))
   def addChildTo(collectionPathId: Option[String]) = authenticated.async(parse.json) { req =>
+    implicit val instance: Instance = instanceOf(req)
     (req.body \ "data").asOpt[String] map { child =>
       if (isValidPathBit(child)) {
         val path = collectionPathId.map(uriToPath).getOrElse(Nil) :+ child
@@ -153,8 +169,8 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
   }
 
   type MaybeTree = Option[Node[Collection]]
-  def hasChildren(path: List[String]): Future[Boolean] =
-    allCollections.map { tree =>
+  private def hasChildren(path: List[String])(implicit instance: Instance) =
+    allCollections().map { tree =>
 
       // Traverse the tree using the path
       val maybeTree = path
@@ -168,6 +184,7 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
     }
 
   def removeCollection(collectionPath: String) = authenticated.async { req =>
+    implicit val instance: Instance = instanceOf(req)
     val path = CollectionsManager.uriToPath(UriOps.encodePlus(collectionPath))
 
     hasChildren(path).flatMap { noRemove =>
@@ -195,18 +212,8 @@ class CollectionsController(authenticated: Authentication, config: CollectionsCo
   )(node => (node.basename, node.children, node.fullPath, node.data))
 
   type CollectionsEntity = Seq[EmbeddedEntity[Node[Collection]]]
-  implicit def asArgo: Writes[Node[Collection]] = (
-    (__ \ "basename").write[String] ~
-      (__ \ "children").lazyWrite[CollectionsEntity](Writes[CollectionsEntity]
-          // This is so we don't have to rewrite the Write[Seq[T]]
-          (seq => Json.toJson(seq))).contramap(collectionsEntity) ~
-      (__ \ "fullPath").write[List[String]] ~
-      (__ \ "data").writeNullable[Collection] ~
-      (__ \ "cssColour").writeNullable[String]
-    )(node => (node.basename, node.children, node.fullPath, node.data, getCssColour(node.fullPath)))
-
 
-  def collectionsEntity(nodes: List[Node[Collection]]): CollectionsEntity = {
+  private def collectionsEntity(nodes: List[Node[Collection]])(implicit instance: Instance): CollectionsEntity = {
     nodes.map(n => EmbeddedEntity(collectionUri(n.fullPath), Some(n), links = getLinks(n), actions = getActions(n)))
   }
 

collections/app/controllers/ImageCollectionsController.scala

@@ -5,27 +5,28 @@ import com.gu.mediaservice.lib.auth.Authentication
 import com.gu.mediaservice.lib.auth.Authentication.getIdentity
 import com.gu.mediaservice.lib.aws.{NoItemFound, UpdateMessage}
 import com.gu.mediaservice.lib.collections.CollectionsManager
+import com.gu.mediaservice.lib.config.InstanceForRequest
 import com.gu.mediaservice.lib.net.{URI => UriOps}
-import com.gu.mediaservice.model.{ActionData, Collection}
+import com.gu.mediaservice.model.{ActionData, Collection, Instance}
 import com.gu.mediaservice.syntax.MessageSubjects
-import lib.{CollectionsConfig, Notifications}
+import lib.Notifications
 import org.joda.time.DateTime
-import play.api.libs.json.Json
 import play.api.mvc.{BaseController, ControllerComponents}
 import store.ImageCollectionsStore
 
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
 
 
-class ImageCollectionsController(authenticated: Authentication, config: CollectionsConfig, notifications: Notifications,
+class ImageCollectionsController(authenticated: Authentication, notifications: Notifications,
                                  imageCollectionsStore: ImageCollectionsStore,
                                  override val controllerComponents: ControllerComponents)
-  extends BaseController with MessageSubjects with ArgoHelpers {
+  extends BaseController with MessageSubjects with ArgoHelpers with InstanceForRequest {
 
   import CollectionsManager.onlyLatest
 
   def getCollections(id: String) = authenticated.async { req =>
+    implicit val instance: Instance = instanceOf(req)
     imageCollectionsStore.get(id).map { collections =>
       respond(onlyLatest(collections))
     } recover {
@@ -34,6 +35,7 @@ class ImageCollectionsController(authenticated: Authentication, config: Collecti
   }
 
   def addCollection(id: String) = authenticated.async(parse.json) { req =>
+    implicit val instance: Instance = instanceOf(req)
     (req.body \ "data").asOpt[List[String]].map { path =>
       val collection = Collection.build(path, ActionData(getIdentity(req.user), DateTime.now()))
         imageCollectionsStore.add(id, collection)
@@ -44,6 +46,7 @@ class ImageCollectionsController(authenticated: Authentication, config: Collecti
 
 
   def removeCollection(id: String, collectionString: String) = authenticated.async { req =>
+    implicit val instance: Instance = instanceOf(req)
     val path = CollectionsManager.uriToPath(UriOps.encodePlus(collectionString))
     // We do a get to be able to find the index of the current collection, then remove it.
     // Given that we're using Dynamo Lists this seemed like a decent way to do it.
@@ -63,9 +66,9 @@ class ImageCollectionsController(authenticated: Authentication, config: Collecti
     }
   }
 
-  def publish(id: String)(collections: List[Collection]): List[Collection] = {
+  def publish(id: String)(collections: List[Collection])(implicit instance: Instance): List[Collection] = {
     val onlyLatestCollections = onlyLatest(collections)
-    val updateMessage = UpdateMessage(subject = SetImageCollections, id = Some(id), collections = Some(onlyLatestCollections))
+    val updateMessage = UpdateMessage(subject = SetImageCollections, id = Some(id), collections = Some(onlyLatestCollections), instance = instance)
     notifications.publish(updateMessage)
     onlyLatestCollections
   }

collections/app/lib/CollectionsConfig.scala

@@ -1,11 +1,12 @@
 package lib
 
 import com.gu.mediaservice.lib.config.{CommonConfig, GridConfigResources}
+import com.gu.mediaservice.model.Instance
 
 
 class CollectionsConfig(resources: GridConfigResources) extends CommonConfig(resources) {
   val collectionsTable = string("dynamo.table.collections")
   val imageCollectionsTable = string("dynamo.table.imageCollections")
 
-  val rootUri = services.collectionsBaseUri
+  val rootUri: Instance => String = services.collectionsBaseUri
 }

collections/app/store/CollectionsStore.scala

@@ -1,19 +1,18 @@
 package store
 
+import cats.implicits._
 import com.gu.mediaservice.lib.collections.CollectionsManager
-import com.gu.mediaservice.model.{ActionData, Collection}
+import com.gu.mediaservice.model.{ActionData, Collection, Instance}
 import org.joda.time.DateTime
 import org.scanamo.generic.auto.genericDerivedFormat
-import org.scanamo.{DynamoFormat, ScanamoAsync, Table}
 import org.scanamo.syntax._
+import org.scanamo.{DynamoFormat, ScanamoAsync, Table}
 import software.amazon.awssdk.services.dynamodb.DynamoDbAsyncClient
 
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
-import cats.implicits._
-import org.scanamo.generic.semiauto.FieldName
 
-case class Record(id: String, collection: Collection)
+case class Record(id: String, collection: Collection, instance: String)
 
 class CollectionsStore(val tableName: String, client: DynamoDbAsyncClient) extends DynamoHelpers {
   import org.scanamo.generic.semiauto._
@@ -25,24 +24,24 @@ class CollectionsStore(val tableName: String, client: DynamoDbAsyncClient) exten
 
   private lazy val collectionsTable = Table[Record](tableName)
 
-  def getAll: Future[List[Collection]] = {
-    ScanamoAsync(client).exec(collectionsTable.scan()).map(_.sequence).flatMap(res =>
+  def getAll(implicit instance: Instance): Future[List[Collection]] = {
+    ScanamoAsync(client).exec(collectionsTable.query("instance" === instance.id)).map(_.sequence).flatMap(res =>
       handleResponse(res)(records => records.map(_.collection))
     )
   }
 
-  def add(collection: Collection): Future[Collection] = {
+  def add(collection: Collection)(implicit instance: Instance): Future[Collection] = {
     ScanamoAsync(client).exec(
       collectionsTable.update(
-        "id" === collection.pathId,
+        "id" === collection.pathId and "instance" === instance.id,
         set("collection", collection)
       )
     ).flatMap(res => handleResponse(res)(record => record.collection))
   }
 
-  def get(collectionPath: List[String]): Future[Option[Collection]] = {
+  def get(collectionPath: List[String])(implicit instance: Instance): Future[Option[Collection]] = {
     val path = CollectionsManager.pathToPathId(collectionPath)
-    ScanamoAsync(client).exec(collectionsTable.get("id" === path)).flatMap(maybeEither =>
+    ScanamoAsync(client).exec(collectionsTable.get("id" === path and "instance" === instance.id)).flatMap(maybeEither =>
       maybeEither.fold[Future[Option[Collection]]](
         Future.successful(None)
       )(res =>
@@ -51,9 +50,9 @@ class CollectionsStore(val tableName: String, client: DynamoDbAsyncClient) exten
     )
   }
 
-  def remove(collectionPath: List[String]): Future[Unit] = {
+  def remove(collectionPath: List[String])(implicit instance: Instance): Future[Unit] = {
     val path = CollectionsManager.pathToPathId(collectionPath)
-    ScanamoAsync(client).exec(collectionsTable.delete("id" === path))
+    ScanamoAsync(client).exec(collectionsTable.delete("id" === path and "instance" === instance.id))
   }
 }