toolz/goplt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
goplt/docs/content/stories/epic2/README.md
0x1d 38a251968c docs: Align documentation with true microservices architecture 
Transform all documentation from modular monolith to true microservices
architecture where core services are independently deployable.

Key Changes:
- Core Kernel: Infrastructure only (no business logic)
- Core Services: Auth, Identity, Authz, Audit as separate microservices
  - Each service has own entry point (cmd/{service}/)
  - Each service has own gRPC server and database schema
  - Services register with Consul for service discovery
- API Gateway: Moved from Epic 8 to Epic 1 as core infrastructure
  - Single entry point for all external traffic
  - Handles routing, JWT validation, rate limiting, CORS
- Service Discovery: Consul as primary mechanism (ADR-0033)
- Database Pattern: Per-service connections with schema isolation

Documentation Updates:
- Updated all 9 architecture documents
- Updated 4 ADRs and created 2 new ADRs (API Gateway, Service Discovery)
- Rewrote Epic 1: Core Kernel & Infrastructure (infrastructure only)
- Rewrote Epic 2: Core Services (Auth, Identity, Authz, Audit as services)
- Updated Epic 3-8 stories for service architecture
- Updated plan.md, playbook.md, requirements.md, index.md
- Updated all epic READMEs and story files

New ADRs:
- ADR-0032: API Gateway Strategy
- ADR-0033: Service Discovery Implementation (Consul)

New Stories:
- Epic 1.7: Service Client Interfaces
- Epic 1.8: API Gateway Implementation
2025-11-06 08:54:19 +01:00

83 lines
3.8 KiB
Markdown
Raw Permalink Blame History

# Epic 2: Core Services (Authentication & Authorization)
## Overview
Implement Auth, Identity, Authz, and Audit as **separate, independent microservices**. Each service has its own entry point (`cmd/{service}/`), gRPC server, database connection/schema, and registers with Consul service registry. Services communicate via service clients (gRPC) and use service discovery.
**Key Principle:** Each service is independently deployable from day one.
## Stories
### 2.1 Auth Service - JWT Authentication
- [Story: 2.1 - Auth Service](./2.1-jwt-authentication.md)
- **Goal:** Implement Auth Service as independent microservice with JWT token generation/validation.
- **Deliverables:**
- Service entry point: `cmd/auth-service/main.go`
- gRPC server implementation
- Database connection and schema (auth schema)
- Service registration with Consul
- JWT token generation/validation logic
### 2.2 Identity Service - User Management
- [Story: 2.2 - Identity Service](./2.2-identity-management.md)
- **Goal:** Implement Identity Service as independent microservice for user CRUD and password management.
- **Deliverables:**
- Service entry point: `cmd/identity-service/main.go`
- gRPC server implementation
- Database connection and schema (identity schema with User entity)
- Service registration with Consul
- User CRUD, password management, email verification
### 2.3 Authz Service - Authorization & RBAC
- [Story: 2.3 - Authz Service](./2.3-rbac-system.md)
- **Goal:** Implement Authz Service as independent microservice for permission resolution and authorization.
- **Deliverables:**
- Service entry point: `cmd/authz-service/main.go`
- gRPC server implementation
- Database connection and schema (authz schema with Role, Permission entities)
- Service registration with Consul
- Permission resolution, RBAC/ABAC authorization
### 2.4 Role Management (Part of Authz Service)
- [Story: 2.4 - Role Management](./2.4-role-management.md)
- **Goal:** Extend Authz Service with role management API.
- **Deliverables:**
- Role management gRPC endpoints
- Role assignment to users (via Identity Service client)
- Permission assignment to roles
### 2.5 Audit Service - Audit Logging
- [Story: 2.5 - Audit Service](./2.5-audit-logging.md)
- **Goal:** Implement Audit Service as independent microservice for audit logging.
- **Deliverables:**
- Service entry point: `cmd/audit-service/main.go`
- gRPC server implementation
- Database connection and schema (audit schema with AuditLog entity)
- Service registration with Consul
- Audit log recording and querying
### 2.6 Database Seeding
- [Story: 2.6 - Database Seeding](./2.6-database-seeding.md)
- **Goal:** Provide seeding for all services (initial admin user, default roles, permissions).
- **Deliverables:**
- Seed scripts for each service
- Seed commands
- Integration with service startup
## Deliverables Checklist
- [ ] Auth Service: Independent service with gRPC server, database schema, Consul registration
- [ ] Identity Service: Independent service with gRPC server, User entity, Consul registration
- [ ] Authz Service: Independent service with gRPC server, Role/Permission entities, Consul registration
- [ ] Audit Service: Independent service with gRPC server, AuditLog entity, Consul registration
- [ ] All services use service clients for inter-service communication
- [ ] All services have their own database connection pools and schemas
- [ ] Seed scripts for all services
## Acceptance Criteria
- Each service is independently deployable
- Each service has its own entry point (`cmd/{service}/main.go`)
- Each service registers with Consul service registry
- Services communicate via gRPC through service clients
- Each service has its own database schema
- API Gateway can route to all services via service discovery
- Integration test: Services can discover and communicate with each other
Reference in New Issue View Git Blame Copy Permalink