The demo-server provisions and runs the full suite of Fineract CN microservices. The process of provisioning, and granting permissions is complex, especially with respect to rhythm and the services which rely on it. The provisioning workflow within a tenant in this case is as follows:


demo_server -> provisioner: add identity service to the tenant
demo_server -> identity: add user imhotep (as user antony)
demo_server -> provisioner: add rhythm service to the tenant
  provisioner -> rhythm: provision signature with same timestamp as current identity signature.
  provisioner -> identity: create application with signature returned by rhythm
  provisioner -> rhythm: ask what permissions rhythm needs
  provisioner -> identity: create permission request for rhythm to access identity to create permission requests
  provisioner -> rhythm: initialize (in this case only, tenant data is not in separate databases)
demo_server -> identity: grant rhythm's request to create permission requests via the user imhotep. (as user antony)
demo_server -> provisioner: add accounting to the tenant
demo_server -> provisioner: add portfolio to the tenant
  provisioner -> portfolio: provision for the given tenant
    portfolio -> rhythm: request that rhythm make a callback once an hour to portfolio (with system token)
      rhythm -> identity: create a permission request for rhythm to access portfolio's permittable group named portfolio__v1__khepri (as user imhotep)
demo_server -> identity: allow rhythm to call portfolio__v1__khepri as imhotep (as user imhotep)

...

rhythm(internally): react to scheduled event; find all beats for all tenants which are currently needed.
  rhythm -> identity: acquire token to act as imhotep (via application refresh token for rhythm)
  rhythm -> portfolio: trigger beat (as user imhotep)
    portfolio -> identity: acquire token to act as imhotep (via application refresh token for portfolio)
    portfolio -> accounting: transfer interest, late fees, etc (as user imhotep)


  • No labels