Skip to content

feat: multi-tenant deployment support#2138

Open
alexm-redhat wants to merge 1 commit into
NVIDIA:mainfrom
alexm-redhat:feat/1722-multi-tenant-deployment
Open

feat: multi-tenant deployment support#2138
alexm-redhat wants to merge 1 commit into
NVIDIA:mainfrom
alexm-redhat:feat/1722-multi-tenant-deployment

Conversation

@alexm-redhat

Copy link
Copy Markdown

Summary

Adds tenant-scoped ownership enforcement to the OpenShell gateway, enabling multi-tenant sandbox and provider isolation.

Core ownership engine (auth/ownership.rs, 448 lines):

  • OwnershipGuard trait with check_owner() and stamp_owner() methods
  • Tenant extraction from OIDC sub claims with configurable claim field
  • Owner-stamped sandbox creation and owner-filtered list/get/delete
  • Owner-stamped provider CRUD with (owner, name) uniqueness

Gateway integration:

  • OIDC tenant extraction in auth/oidc.rs
  • RBAC guard augmented with ownership checks in auth/authz.rs
  • Tenant-scoped sandbox gRPC handlers in grpc/sandbox.rs
  • Tenant-scoped provider gRPC handlers in grpc/provider.rs
  • Compute driver tenant labels on sandbox containers
  • CLI --multi-tenant flag and multi_tenant.enabled config toggle (off by default)

21 files changed, +825/-17 lines across openshell-core and openshell-server.

Test plan

  • cargo build — all crates compile
  • cargo test — 3,072 passed, 0 failed, 10 ignored
  • Unit tests for ownership guard enforcement (stamp, check, filter)
  • Unit tests for tenant-scoped sandbox and provider gRPC handlers
  • Integration tests for OIDC tenant extraction
  • Manual E2E: deploy with multi_tenant.enabled: true, create sandboxes as two different OIDC users, verify isolation

Addresses #1722

  Add tenant-scoped sandbox and provider ownership enforcement to the
  OpenShell gateway, porting the multi-tenant deployment pattern from
  Kagenti's per-tenant gateway architecture.

  Changes across 20 files in openshell-core and openshell-server:
  - Tenant extraction from OIDC subject claims
  - Tenant-scoped sandbox CRUD (create, list, get, delete)
  - Tenant-scoped provider CRUD with ownership enforcement
  - CLI --namespace flag for tenant selection
  - Compute driver tenant labels on sandbox containers
  - Config structs for multi-tenant mode

  Build: PASS | Tests: 3,072 passed, 0 failed

  Closes NVIDIA#1722
@copy-pr-bot

copy-pr-bot Bot commented Jul 4, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

All contributors have signed the DCO ✍️ ✅
Posted by the DCO Assistant Lite bot.

@alexm-redhat

alexm-redhat commented Jul 4, 2026

Copy link
Copy Markdown
Author

I have read the DCO document and I hereby sign the DCO.

@alexm-redhat

Copy link
Copy Markdown
Author

recheck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant