Skip to content

feat: SaaS multi-tenant isolation and OTAP support#988

Open
rubenvdlinde wants to merge 3 commits intodevelopmentfrom
fix/saas-multi-tenant
Open

feat: SaaS multi-tenant isolation and OTAP support#988
rubenvdlinde wants to merge 3 commits intodevelopmentfrom
fix/saas-multi-tenant

Conversation

@rubenvdlinde
Copy link
Contributor

@rubenvdlinde rubenvdlinde commented Mar 24, 2026
edited
Loading

Summary

Context

This PR was previously merged as #955 and reverted in #967 along with several other PRs while investigating a development branch issue. The revert commit (34b7f67) was itself a no-op (empty diff), so this re-applies the feature via cherry-pick of the original commit.

Changes

  • BackgroundJob Tenant{Deprovision,Purge,UsageSync}Job.php — named params for parent::__construct and setInterval
  • Controller OrganisationController.php — explicit apcu_fetch false-check replacing implicit ternary
  • Db MultiTenancyTrait.php — explicit boolean variable replacing inline ternary condition
  • Db TenantUsage.php — added short descriptions to property docblocks
  • Db TenantUsageMapper.php — named params for QBMapper calls
  • Middleware TenantQuotaExceededException.php, TenantStatusException.php, TenantQuotaMiddleware.php — named params for parent::__construct and internal calls
  • Migration Version1Date20260322000000.php — named params for private method calls
  • Service TenantLifecycleService.php — named params for validateTransition calls
  • Migration Version1Date20250828120000.php — pre-existing PHPCS fix (constructor docblock)

@rubenvdlinde
fix: resolve pre-existing PHPCS violations on development
7badaf5
@rubenvdlinde
feat: SaaS multi-tenant isolation and OTAP support (#952)
8c2f9ed 
Add production-grade multi-tenancy for SaaS deployments:

- Tenant lifecycle state machine (provisioning/active/suspended/deprovisioning/archived)
- OTAP environment tagging (development/test/acceptance/production) on organisations
- Request and bandwidth quota enforcement via TenantQuotaMiddleware with APCu counters
- SaaS mode flag that prevents admin override of organisation boundaries
- Cross-tenant access audit logging in MultiTenancyTrait
- Background jobs for deprovisioning, purging, and usage sync
- API endpoints for suspend/activate/deprovision/usage/isolation-verify/metrics
- Database migration adding lifecycle and OTAP fields to organisations table
- New openregister_tenant_usage table for quota tracking
- Unit tests for lifecycle service and quota middleware
@rubenvdlinde
fix: resolve PHPCS violations in SaaS multi-tenant implementation
bfbd6db
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

Quality Report
Repository ConductionNL/openregister
Commit 408155e
Branch 988/merge
Event pull_request
Generated 2026-03-24 11:24 UTC
Workflow Run https://github.com/ConductionNL/openregister/actions/runs/23486884864

Summary

Group Result
PHP Quality PASS
Vue Quality PASS
Security PASS
License PASS
PHPUnit SKIP
Newman SKIP
Playwright SKIP

PHP Quality

Tool Result
lint PASS
phpcs PASS
phpmd PASS
psalm PASS
phpstan PASS
phpmetrics PASS

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer PASS
npm PASS

License Compliance

Ecosystem Result
composer PASS
npm PASS

composer dependencies (147 total)

Metric Count
Approved (allowlist) 146
Approved (override) 1
Denied 0

npm dependencies (586 total)

Metric Count
Approved (allowlist) 585
Approved (override) 1
Denied 0

PHPUnit Tests

PHPUnit tests were not enabled for this run.

Integration Tests (Newman)

Newman integration tests were not enabled for this run.

E2E Tests (Playwright)

Playwright E2E tests were not enabled for this run.

Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubenvdlinde