tenant

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TenantIDKey is the context key for the tenant ID.
	TenantIDKey contextKey = "tenant_id"

	// TenantHeaderName is the default HTTP header for the tenant ID.
	TenantHeaderName = "X-Tenant-ID"
)

Variables

This section is empty.

Functions

func ContextWithTenant 

func ContextWithTenant(ctx context.Context, tenantID string) context.Context

ContextWithTenant returns a context with the tenant ID set.

func TenantFromContext 

func TenantFromContext(ctx context.Context) string

TenantFromContext extracts the tenant ID from the context.

Types

type QuotaEnforcer 

type QuotaEnforcer struct {
	Registry *QuotaRegistry
}

QuotaEnforcer is an HTTP middleware that enforces per-tenant rate limits and concurrency quotas using the QuotaRegistry.

func NewQuotaEnforcer 

func NewQuotaEnforcer(registry *QuotaRegistry) *QuotaEnforcer

NewQuotaEnforcer creates a new quota enforcer middleware.

func (*QuotaEnforcer) Process 

func (q *QuotaEnforcer) Process(next http.Handler) http.Handler

Process wraps an HTTP handler with quota enforcement.

type QuotaRegistry 

type QuotaRegistry struct {
	// contains filtered or unexported fields
}

QuotaRegistry manages quotas and usage tracking for all tenants.

func NewQuotaRegistry 

func NewQuotaRegistry() *QuotaRegistry

NewQuotaRegistry creates a new quota registry.

func (*QuotaRegistry) AcquireWorkflowSlot 

func (r *QuotaRegistry) AcquireWorkflowSlot(tenantID string) error

AcquireWorkflowSlot atomically checks rate + concurrency and increments the counter.

func (*QuotaRegistry) CheckAPIRate 

func (r *QuotaRegistry) CheckAPIRate(tenantID string) error

CheckAPIRate checks whether the tenant can make another API request.

func (*QuotaRegistry) CheckConcurrency 

func (r *QuotaRegistry) CheckConcurrency(tenantID string) error

CheckConcurrency checks whether the tenant can start another concurrent workflow.

func (*QuotaRegistry) CheckStorage 

func (r *QuotaRegistry) CheckStorage(tenantID string, additionalBytes int64) error

CheckStorage checks whether the tenant has storage capacity remaining.

func (*QuotaRegistry) CheckWorkflowRate 

func (r *QuotaRegistry) CheckWorkflowRate(tenantID string) error

CheckWorkflowRate checks whether the tenant can execute another workflow. Returns nil if allowed, or an error describing the quota violation.

func (*QuotaRegistry) GetQuota 

func (r *QuotaRegistry) GetQuota(tenantID string) (TenantQuota, bool)

GetQuota returns the quota for a tenant.

func (*QuotaRegistry) GetUsageSnapshot 

func (r *QuotaRegistry) GetUsageSnapshot(tenantID string) (UsageSnapshot, bool)

GetUsageSnapshot returns a snapshot of current usage for a tenant.

func (*QuotaRegistry) ReleaseWorkflowSlot 

func (r *QuotaRegistry) ReleaseWorkflowSlot(tenantID string)

ReleaseWorkflowSlot decrements the concurrent workflow counter.

func (*QuotaRegistry) RemoveQuota 

func (r *QuotaRegistry) RemoveQuota(tenantID string)

RemoveQuota removes a tenant's quota and usage tracking.

func (*QuotaRegistry) SetQuota 

func (r *QuotaRegistry) SetQuota(quota TenantQuota)

SetQuota sets the quota for a tenant.

func (*QuotaRegistry) UpdateStorage 

func (r *QuotaRegistry) UpdateStorage(tenantID string, bytes int64)

UpdateStorage updates the storage usage for a tenant.

type TenantIsolation 

type TenantIsolation struct {
	HeaderName      string
	AllowedTenants  map[string]bool // nil means all tenants are allowed
	RequireTenantID bool
}

TenantIsolation is an HTTP middleware that extracts the tenant ID from the request header and injects it into the request context. It rejects requests without a valid tenant ID.

func NewTenantIsolation 

func NewTenantIsolation() *TenantIsolation

NewTenantIsolation creates a new tenant isolation middleware.

func (*TenantIsolation) Process 

func (t *TenantIsolation) Process(next http.Handler) http.Handler

Process wraps an HTTP handler with tenant isolation.

func (*TenantIsolation) SetAllowedTenants 

func (t *TenantIsolation) SetAllowedTenants(tenants []string)

SetAllowedTenants configures the set of allowed tenant IDs.

type TenantQuota 

type TenantQuota struct {
	TenantID string

	// MaxWorkflowsPerMinute is the rate limit for workflow executions.
	MaxWorkflowsPerMinute int
	// MaxConcurrentWorkflows is the maximum number of workflows running at once.
	MaxConcurrentWorkflows int
	// MaxStorageBytes is the maximum storage allowed in bytes.
	MaxStorageBytes int64
	// MaxAPIRequestsPerMinute is the rate limit for API requests.
	MaxAPIRequestsPerMinute int
}

TenantQuota defines resource limits for a single tenant.

func DefaultQuota 

func DefaultQuota(tenantID string) TenantQuota

DefaultQuota returns a default quota for a new tenant.

type TenantUsage 

type TenantUsage struct {
	ConcurrentWorkflows int
	StorageBytes        int64
	// contains filtered or unexported fields
}

TenantUsage tracks current resource usage for a tenant.

func NewTenantUsage 

func NewTenantUsage(workflowRPM, apiRPM int) *TenantUsage

NewTenantUsage creates usage tracking for a tenant with given rate limits.

type UsageSnapshot 

type UsageSnapshot struct {
	ConcurrentWorkflows int
	StorageBytes        int64
	WorkflowTokens      int
	APITokens           int
}

UsageSnapshot is a point-in-time snapshot of tenant usage.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.