Merge pull request #571 from LerianStudio/feat/add-multi-tenant-service-api-key

brunobls · web-flow · commit 95be9d7b63b1 · 2026-03-16T14:33:50.000-03:00
feat: add multi tenant service api key
diff --git a/components/manager/.env.example b/components/manager/.env.example
@@ -162,4 +162,6 @@ MULTI_TENANT_ENABLED=false
 # Consecutive failures before circuit breaker opens
 #MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD=5
 # Seconds before circuit breaker resets (half-open)
-#MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC=30
+#MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC=30
+# Service API key for authenticating with Tenant Manager (required when MULTI_TENANT_ENABLED=true)
+#MULTI_TENANT_SERVICE_API_KEY=
diff --git a/components/manager/internal/bootstrap/config.go b/components/manager/internal/bootstrap/config.go
@@ -103,6 +103,7 @@ type Config struct {
 	MultiTenantIdleTimeoutSec           int    `env:"MULTI_TENANT_IDLE_TIMEOUT_SEC" default:"300"`
 	MultiTenantCircuitBreakerThreshold  int    `env:"MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD" default:"5"`
 	MultiTenantCircuitBreakerTimeoutSec int    `env:"MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC" default:"30"`
+	MultiTenantServiceAPIKey            string `env:"MULTI_TENANT_SERVICE_API_KEY"`
 }
 
 // Validate checks that all required configuration fields are present
@@ -196,6 +197,10 @@ func (c *Config) validateManagerMultiTenantFields(errs []string) []string {
 		errs = append(errs, "MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC must be > 0 when MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD > 0 (default: 30)")
 	}
 
+	if c.MultiTenantServiceAPIKey == "" {
+		errs = append(errs, "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")
+	}
+
 	return errs
 }
 
diff --git a/components/manager/internal/bootstrap/config_test.go b/components/manager/internal/bootstrap/config_test.go
@@ -231,6 +231,35 @@ func TestConfig_Validate_ProductionRequiresSecureStorageAndRedis(t *testing.T) {
 	assert.Contains(t, err.Error(), "OBJECT_STORAGE_ENDPOINT must use HTTPS in production")
 }
 
+func TestConfig_Validate_MultiTenantRequiresServiceAPIKey(t *testing.T) {
+	t.Parallel()
+
+	cfg := validManagerConfig()
+	cfg.MultiTenantEnabled = true
+	cfg.MultiTenantURL = "http://tenant-manager:8080"
+	cfg.MultiTenantCircuitBreakerThreshold = 5
+	cfg.MultiTenantCircuitBreakerTimeoutSec = 30
+	cfg.MultiTenantServiceAPIKey = ""
+
+	err := cfg.Validate()
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")
+}
+
+func TestConfig_Validate_MultiTenantValidWithServiceAPIKey(t *testing.T) {
+	t.Parallel()
+
+	cfg := validManagerConfig()
+	cfg.MultiTenantEnabled = true
+	cfg.MultiTenantURL = "http://tenant-manager:8080"
+	cfg.MultiTenantCircuitBreakerThreshold = 5
+	cfg.MultiTenantCircuitBreakerTimeoutSec = 30
+	cfg.MultiTenantServiceAPIKey = "test-api-key"
+
+	err := cfg.Validate()
+	require.NoError(t, err)
+}
+
 func TestConfig_Validate_ProductionRequiresSecureRabbitMQScheme(t *testing.T) {
 	t.Parallel()
 
diff --git a/components/manager/internal/bootstrap/init_tenant.go b/components/manager/internal/bootstrap/init_tenant.go
@@ -120,6 +120,8 @@ func newTenantManagerClient(cfg *Config, logger log.Logger) (*tmclient.Client, e
 		)
 	}
 
+	clientOpts = append(clientOpts, tmclient.WithServiceAPIKey(cfg.MultiTenantServiceAPIKey))
+
 	if strings.HasPrefix(strings.ToLower(cfg.MultiTenantURL), "http://") && strings.ToLower(cfg.EnvName) != "production" {
 		clientOpts = append(clientOpts, tmclient.WithAllowInsecureHTTP())
 	}
diff --git a/components/worker/.env.example b/components/worker/.env.example
@@ -119,4 +119,6 @@ MULTI_TENANT_ENABLED=false
 # Consecutive failures before circuit breaker opens
 #MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD=5
 # Seconds before circuit breaker resets (half-open)
-#MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC=30
+#MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC=30
+# Service API key for authenticating with Tenant Manager (required when MULTI_TENANT_ENABLED=true)
+#MULTI_TENANT_SERVICE_API_KEY=
diff --git a/components/worker/internal/bootstrap/config.go b/components/worker/internal/bootstrap/config.go
@@ -68,6 +68,7 @@ type Config struct {
 	MultiTenantIdleTimeoutSec           int    `env:"MULTI_TENANT_IDLE_TIMEOUT_SEC" default:"300"`
 	MultiTenantCircuitBreakerThreshold  int    `env:"MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD" default:"5"`
 	MultiTenantCircuitBreakerTimeoutSec int    `env:"MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC" default:"30"`
+	MultiTenantServiceAPIKey            string `env:"MULTI_TENANT_SERVICE_API_KEY"`
 }
 
 // InitWorker initializes and configures the application's dependencies and returns the Service instance.
diff --git a/components/worker/internal/bootstrap/config_multitenant.go b/components/worker/internal/bootstrap/config_multitenant.go
@@ -63,6 +63,8 @@ func newTenantManagerClient(cfg *Config, logger clog.Logger) (*tmclient.Client,
 		)
 	}
 
+	clientOpts = append(clientOpts, tmclient.WithServiceAPIKey(cfg.MultiTenantServiceAPIKey))
+
 	if strings.HasPrefix(strings.ToLower(cfg.MultiTenantURL), "http://") && strings.ToLower(cfg.EnvName) != "production" {
 		clientOpts = append(clientOpts, tmclient.WithAllowInsecureHTTP())
 	}
diff --git a/components/worker/internal/bootstrap/config_test.go b/components/worker/internal/bootstrap/config_test.go
@@ -295,6 +295,7 @@ func TestConfig_Validate_ProductionRequiresSecureStorageAndRedisWhenMultiTenant(
 	cfg.MultiTenantURL = "https://tenant-manager.internal"
 	cfg.MultiTenantCircuitBreakerThreshold = 5
 	cfg.MultiTenantCircuitBreakerTimeoutSec = 30
+	cfg.MultiTenantServiceAPIKey = "test-api-key"
 	cfg.RedisHost = "redis:6379"
 	cfg.RedisTLS = false
 	cfg.RedisPassword = ""
@@ -309,6 +310,37 @@ func TestConfig_Validate_ProductionRequiresSecureStorageAndRedisWhenMultiTenant(
 	assert.Contains(t, err.Error(), "OBJECT_STORAGE_ENDPOINT must use HTTPS in production")
 }
 
+func TestConfig_Validate_MultiTenantRequiresServiceAPIKey(t *testing.T) {
+	t.Parallel()
+
+	cfg := validWorkerConfig()
+	cfg.MultiTenantEnabled = true
+	cfg.MultiTenantURL = "http://tenant-manager:8080"
+	cfg.MultiTenantCircuitBreakerThreshold = 5
+	cfg.MultiTenantCircuitBreakerTimeoutSec = 30
+	cfg.RedisHost = "redis:6379"
+	cfg.MultiTenantServiceAPIKey = ""
+
+	err := cfg.Validate()
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")
+}
+
+func TestConfig_Validate_MultiTenantValidWithServiceAPIKey(t *testing.T) {
+	t.Parallel()
+
+	cfg := validWorkerConfig()
+	cfg.MultiTenantEnabled = true
+	cfg.MultiTenantURL = "http://tenant-manager:8080"
+	cfg.MultiTenantCircuitBreakerThreshold = 5
+	cfg.MultiTenantCircuitBreakerTimeoutSec = 30
+	cfg.RedisHost = "redis:6379"
+	cfg.MultiTenantServiceAPIKey = "test-api-key"
+
+	err := cfg.Validate()
+	require.NoError(t, err)
+}
+
 func TestConfig_Validate_ProductionRequiresSecureRabbitMQScheme(t *testing.T) {
 	t.Parallel()
 
diff --git a/components/worker/internal/bootstrap/config_validation.go b/components/worker/internal/bootstrap/config_validation.go
@@ -99,6 +99,10 @@ func (c *Config) multiTenantValidationErrors() []string {
 		errs = append(errs, "REDIS_HOST is required when MULTI_TENANT_ENABLED=true (used for tenant discovery cache)")
 	}
 
+	if c.MultiTenantServiceAPIKey == "" {
+		errs = append(errs, "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")
+	}
+
 	return errs
 }
 
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.26
 
 require (
 	github.com/LerianStudio/lib-auth/v2 v2.5.0-beta.7
-	github.com/LerianStudio/lib-commons/v4 v4.0.0
+	github.com/LerianStudio/lib-commons/v4 v4.1.0-beta.4
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/Shopify/toxiproxy/v2 v2.12.0
 	github.com/aws/aws-sdk-go-v2 v1.41.3
diff --git a/go.sum b/go.sum
@@ -19,8 +19,8 @@ github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/LerianStudio/lib-auth/v2 v2.5.0-beta.7 h1:nNPZlDfzZrYJlIR7lAN6jKhpzNMS2maE/aYQbQsFOF4=
 github.com/LerianStudio/lib-auth/v2 v2.5.0-beta.7/go.mod h1:xdXYO1Ncgf++1WAHKZYPCs7YPrcvVt3/zso/X+qUuaI=
-github.com/LerianStudio/lib-commons/v4 v4.0.0 h1:OEdpRKnbLoOhZoUZyI5FgIe7ZbwJzu/syfgpkDzyi3o=
-github.com/LerianStudio/lib-commons/v4 v4.0.0/go.mod h1:WMQ17ouiJ13uUVhH/eY+p++4xb/NOtR44yIMGZ0r8Ow=
+github.com/LerianStudio/lib-commons/v4 v4.1.0-beta.4 h1:2kuNYNuAEV/r7hMAZ/J2spsKbsvjtQ3JzNYyuEWGXeM=
+github.com/LerianStudio/lib-commons/v4 v4.1.0-beta.4/go.mod h1:WMQ17ouiJ13uUVhH/eY+p++4xb/NOtR44yIMGZ0r8Ow=
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
diff --git a/pkg/mongodb/deadline/deadline.go b/pkg/mongodb/deadline/deadline.go
@@ -343,20 +343,25 @@ func (d *Deadline) AdvanceRecurrence(now time.Time) {
 
 	if d.DueDate != originalDueDate {
 		d.DeliveredAt = nil
-		d.Status = ComputeStatus(d.DueDate, nil)
+		d.Status = ComputeStatus(d.DueDate, nil, now)
 	}
 }
 
 // ComputeStatus determines the deadline status based on dueDate and deliveredAt.
 // - If deliveredAt is non-nil, status is "delivered"
 // - If dueDate is before now and not delivered, status is "overdue"
 // - Otherwise, status is "pending"
-func ComputeStatus(dueDate time.Time, deliveredAt *time.Time) string {
+func ComputeStatus(dueDate time.Time, deliveredAt *time.Time, now ...time.Time) string {
 	if deliveredAt != nil {
 		return StatusDelivered
 	}
 
-	if time.Now().After(dueDate) {
+	ref := time.Now()
+	if len(now) > 0 {
+		ref = now[0]
+	}
+
+	if ref.After(dueDate) {
 		return StatusOverdue
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,7 @@ type Config struct {`
`103`	`103`	MultiTenantIdleTimeoutSec int `env:"MULTI_TENANT_IDLE_TIMEOUT_SEC" default:"300"`
`104`	`104`	MultiTenantCircuitBreakerThreshold int `env:"MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD" default:"5"`
`105`	`105`	MultiTenantCircuitBreakerTimeoutSec int `env:"MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC" default:"30"`
	`106`	+ MultiTenantServiceAPIKey string `env:"MULTI_TENANT_SERVICE_API_KEY"`
`106`	`107`	`}`
`107`	`108`
`108`	`109`	`// Validate checks that all required configuration fields are present`
`@@ -196,6 +197,10 @@ func (c *Config) validateManagerMultiTenantFields(errs []string) []string {`
`196`	`197`	`errs = append(errs, "MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC must be > 0 when MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD > 0 (default: 30)")`
`197`	`198`	`}`
`198`	`199`
	`200`	`+ if c.MultiTenantServiceAPIKey == "" {`
	`201`	`+ errs = append(errs, "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")`
	`202`	`+ }`
	`203`	`+`
`199`	`204`	`return errs`
`200`	`205`	`}`
`201`	`206`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,8 @@ func newTenantManagerClient(cfg Config, logger log.Logger) (tmclient.Client, e`
`120`	`120`	`)`
`121`	`121`	`}`
`122`	`122`
	`123`	`+ clientOpts = append(clientOpts, tmclient.WithServiceAPIKey(cfg.MultiTenantServiceAPIKey))`
	`124`	`+`
`123`	`125`	`if strings.HasPrefix(strings.ToLower(cfg.MultiTenantURL), "http://") && strings.ToLower(cfg.EnvName) != "production" {`
`124`	`126`	`clientOpts = append(clientOpts, tmclient.WithAllowInsecureHTTP())`
`125`	`127`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ type Config struct {`
`68`	`68`	MultiTenantIdleTimeoutSec int `env:"MULTI_TENANT_IDLE_TIMEOUT_SEC" default:"300"`
`69`	`69`	MultiTenantCircuitBreakerThreshold int `env:"MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD" default:"5"`
`70`	`70`	MultiTenantCircuitBreakerTimeoutSec int `env:"MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC" default:"30"`
	`71`	+ MultiTenantServiceAPIKey string `env:"MULTI_TENANT_SERVICE_API_KEY"`
`71`	`72`	`}`
`72`	`73`
`73`	`74`	`// InitWorker initializes and configures the application's dependencies and returns the Service instance.`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,8 @@ func newTenantManagerClient(cfg Config, logger clog.Logger) (tmclient.Client,`
`63`	`63`	`)`
`64`	`64`	`}`
`65`	`65`
	`66`	`+ clientOpts = append(clientOpts, tmclient.WithServiceAPIKey(cfg.MultiTenantServiceAPIKey))`
	`67`	`+`
`66`	`68`	`if strings.HasPrefix(strings.ToLower(cfg.MultiTenantURL), "http://") && strings.ToLower(cfg.EnvName) != "production" {`
`67`	`69`	`clientOpts = append(clientOpts, tmclient.WithAllowInsecureHTTP())`
`68`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,10 @@ func (c *Config) multiTenantValidationErrors() []string {`
`99`	`99`	`errs = append(errs, "REDIS_HOST is required when MULTI_TENANT_ENABLED=true (used for tenant discovery cache)")`
`100`	`100`	`}`
`101`	`101`
	`102`	`+ if c.MultiTenantServiceAPIKey == "" {`
	`103`	`+ errs = append(errs, "MULTI_TENANT_SERVICE_API_KEY is required when MULTI_TENANT_ENABLED=true")`
	`104`	`+ }`
	`105`	`+`
`102`	`106`	`return errs`
`103`	`107`	`}`
`104`	`108`