0x1d
38a251968c
Transform all documentation from modular monolith to true microservices
architecture where core services are independently deployable.
Key Changes:
- Core Kernel: Infrastructure only (no business logic)
- Core Services: Auth, Identity, Authz, Audit as separate microservices
- Each service has own entry point (cmd/{service}/)
- Each service has own gRPC server and database schema
- Services register with Consul for service discovery
- API Gateway: Moved from Epic 8 to Epic 1 as core infrastructure
- Single entry point for all external traffic
- Handles routing, JWT validation, rate limiting, CORS
- Service Discovery: Consul as primary mechanism (ADR-0033)
- Database Pattern: Per-service connections with schema isolation
Documentation Updates:
- Updated all 9 architecture documents
- Updated 4 ADRs and created 2 new ADRs (API Gateway, Service Discovery)
- Rewrote Epic 1: Core Kernel & Infrastructure (infrastructure only)
- Rewrote Epic 2: Core Services (Auth, Identity, Authz, Audit as services)
- Updated Epic 3-8 stories for service architecture
- Updated plan.md, playbook.md, requirements.md, index.md
- Updated all epic READMEs and story files
New ADRs:
- ADR-0032: API Gateway Strategy
- ADR-0033: Service Discovery Implementation (Consul)
New Stories:
- Epic 1.7: Service Client Interfaces
- Epic 1.8: API Gateway Implementation
5.1 KiB
5.1 KiB
Story 2.2: Identity Service - User Management
Metadata
- Story ID: 2.2
- Title: Identity Service - User Management
- Epic: 2 - Core Services (Authentication & Authorization)
- Status: Pending
- Priority: High
- Estimated Time: 10-12 hours
- Dependencies: 1.1, 1.2, 1.5, 1.7
Goal
Implement Identity Service as an independent microservice for user CRUD operations, password management, and email verification. The service exposes a gRPC server, manages its own database connection with User entity, and registers with Consul service registry.
Description
This story implements the Identity Service as a separate, independently deployable microservice. It includes user registration, email verification, password reset/change, and user profile management via gRPC. The service has its own entry point, database connection with User entity schema, and service registration.
Deliverables
1. Service Entry Point (cmd/identity-service/main.go)
- Independent service entry point
- Bootstrap with core kernel services
- Register with Consul service registry
- Start gRPC server on configured port (default: 8082)
- Graceful shutdown with service deregistration
2. gRPC Service Definition (api/proto/identity.proto)
CreateUserRequest/CreateUserResponse- User registrationGetUserRequest/GetUserResponse- Get user by IDGetUserByEmailRequest/GetUserByEmailResponse- Get user by emailUpdateUserRequest/UpdateUserResponse- Update user profileDeleteUserRequest/DeleteUserResponse- Delete userVerifyEmailRequest/VerifyEmailResponse- Email verificationRequestPasswordResetRequest/RequestPasswordResetResponse- Password reset requestResetPasswordRequest/ResetPasswordResponse- Password resetChangePasswordRequest/ChangePasswordResponse- Password changeIdentityServicegRPC service definition
3. gRPC Server Implementation (services/identity/internal/api/server.go)
- gRPC server implementation
- Handlers for all user operations
- Integration with Identity Service business logic
4. Identity Service Implementation (services/identity/internal/service/user_service.go)
- User registration with email verification token generation
- Email verification flow
- Password reset flow (token-based, time-limited)
- Password change with old password verification
- User profile updates
- User deletion (soft delete option)
- Password hashing (argon2id)
- Email uniqueness validation
5. User Repository (services/identity/internal/repository/user_repo.go)
- CRUD operations using Ent
- User lookup by ID and email
- User search and pagination
- Ent schema integration
6. Database Connection and Schema (services/identity/ent/schema/user.go)
- Identity Service database connection (schema:
identity) - User entity schema:
- ID, email, password_hash, verified, created_at, updated_at
- Email verification token, password reset token
- Migration support
- Per-service connection pool
7. Service Client Integration
- Uses
AuditServiceClientto log user operations - Service discovery via Consul
8. Service Registration
- Register with Consul on startup
- Health check endpoint for Consul
- Service metadata (name:
identity-service, port: 8082) - Deregister on shutdown
Acceptance Criteria
- Identity Service is independently deployable
- Service entry point exists at
cmd/identity-service/main.go - Service registers with Consul on startup
- gRPC server starts on configured port (8082)
- CreateUser RPC registers new users with password hashing
- GetUser/GetUserByEmail RPCs retrieve user data
- UpdateUser RPC updates user profiles
- VerifyEmail RPC verifies email addresses
- Password reset flow works via RPCs
- Service has its own database connection (identity schema)
- User entity schema is defined and migrated
- Service uses AuditServiceClient for logging
- Service can be discovered by other services via Consul
- Health check endpoint works for Consul
Related ADRs
- ADR-0018: Password Hashing
- ADR-0029: Microservices Architecture
- ADR-0030: Service Communication Strategy
- ADR-0033: Service Discovery Implementation
Testing
# Test Identity Service
go test ./services/identity/...
# Test service startup
go run cmd/identity-service/main.go
# Test gRPC service
grpcurl -plaintext localhost:8082 list
grpcurl -plaintext -d '{"email":"user@example.com","password":"password"}' \
localhost:8082 identity.IdentityService/CreateUser
Files to Create/Modify
cmd/identity-service/main.go- Service entry pointapi/proto/identity.proto- gRPC service definitionservices/identity/internal/api/server.go- gRPC server implementationservices/identity/internal/service/user_service.go- User service logicservices/identity/internal/repository/user_repo.go- User repositoryservices/identity/ent/schema/user.go- User entity schemaconfig/default.yaml- Add identity service configuration