This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

The demo-server provisions and runs the full suite of Fineract CN microservices. The process of provisioning, and granting permissions is complex, especially with respect to rhythm and the services which rely on it. The provisioning workflow within a tenant in this case is as follows:

demo_server -> provisioner: add identity service to the tenant
demo_server -> identity: add user imhotep (as user antony)
demo_server -> provisioner: add rhythm service to the tenant
  provisioner -> rhythm: provision signature with same timestamp as current identity signature.
  provisioner -> identity: create application with signature returned by rhythm
  provisioner -> rhythm: ask what permissions rhythm needs
  provisioner -> identity: create permission request for rhythm to access identity to create permission requests
  provisioner -> rhythm: initialize (in this case only, tenant data is not in separate databases)
demo_server -> identity: grant rhythm's request to create permission requests via the user imhotep. (as user antony)
demo_server -> provisioner: add accounting to the tenant
demo_server -> provisioner: add portfolio to the tenant
  provisioner -> portfolio: provision for the given tenant
    portfolio -> rhythm: request that rhythm make a callback once an hour to portfolio (with system token)
      rhythm -> identity: create a permission request for rhythm to access portfolio's permittable group named portfolio__v1__khepri (as user imhotep)
demo_server -> identity: allow rhythm to call portfolio__v1__khepri as imhotep (as user imhotep)


rhythm(internally): react to scheduled event; find all beats for all tenants which are currently needed.
  rhythm -> identity: acquire token to act as imhotep (via application refresh token for rhythm)
  rhythm -> portfolio: trigger beat (as user imhotep)
    portfolio -> identity: acquire token to act as imhotep (via application refresh token for portfolio)
    portfolio -> accounting: transfer interest, late fees, etc (as user imhotep)

  • No labels