0x1d
3ac8983e98
- Add Consul service to docker-compose.yml - Running in dev mode on port 8500 - Health checks configured - Persistent volume for data - Web UI available at http://localhost:8500/ui - Update SUMMARY.md - Document Consul setup in docker-compose - Add Consul verification steps - Update prerequisites to include Docker Compose - Add note about Consul Web UI - Remove obsolete version field from docker-compose.yml
Epic 2: Core Services (Authentication & Authorization)
Overview
Implement Auth, Identity, Authz, and Audit as separate, independent microservices. Each service has its own entry point (cmd/{service}/), gRPC server, database connection/schema, and registers with Consul service registry. Services communicate via service clients (gRPC) and use service discovery.
Key Principle: Each service is independently deployable from day one.
Stories
2.1 Auth Service - JWT Authentication
- Story: 2.1 - Auth Service
- Goal: Implement Auth Service as independent microservice with JWT token generation/validation.
- Deliverables:
- Service entry point:
cmd/auth-service/main.go - gRPC server implementation
- Database connection and schema (auth schema)
- Service registration with Consul
- JWT token generation/validation logic
- Service entry point:
2.2 Identity Service - User Management
- Story: 2.2 - Identity Service
- Goal: Implement Identity Service as independent microservice for user CRUD and password management.
- Deliverables:
- Service entry point:
cmd/identity-service/main.go - gRPC server implementation
- Database connection and schema (identity schema with User entity)
- Service registration with Consul
- User CRUD, password management, email verification
- Service entry point:
2.3 Authz Service - Authorization & RBAC
- Story: 2.3 - Authz Service
- Goal: Implement Authz Service as independent microservice for permission resolution and authorization.
- Deliverables:
- Service entry point:
cmd/authz-service/main.go - gRPC server implementation
- Database connection and schema (authz schema with Role, Permission entities)
- Service registration with Consul
- Permission resolution, RBAC/ABAC authorization
- Service entry point:
2.4 Role Management (Part of Authz Service)
- Story: 2.4 - Role Management
- Goal: Extend Authz Service with role management API.
- Deliverables:
- Role management gRPC endpoints
- Role assignment to users (via Identity Service client)
- Permission assignment to roles
2.5 Audit Service - Audit Logging
- Story: 2.5 - Audit Service
- Goal: Implement Audit Service as independent microservice for audit logging.
- Deliverables:
- Service entry point:
cmd/audit-service/main.go - gRPC server implementation
- Database connection and schema (audit schema with AuditLog entity)
- Service registration with Consul
- Audit log recording and querying
- Service entry point:
2.6 Database Seeding
- Story: 2.6 - Database Seeding
- Goal: Provide seeding for all services (initial admin user, default roles, permissions).
- Deliverables:
- Seed scripts for each service
- Seed commands
- Integration with service startup
Deliverables Checklist
- Auth Service: Independent service with gRPC server, database schema, Consul registration
- Identity Service: Independent service with gRPC server, User entity, Consul registration
- Authz Service: Independent service with gRPC server, Role/Permission entities, Consul registration
- Audit Service: Independent service with gRPC server, AuditLog entity, Consul registration
- All services use service clients for inter-service communication
- All services have their own database connection pools and schemas
- Seed scripts for all services
Acceptance Criteria
- Each service is independently deployable
- Each service has its own entry point (
cmd/{service}/main.go) - Each service registers with Consul service registry
- Services communicate via gRPC through service clients
- Each service has its own database schema
- API Gateway can route to all services via service discovery
- Integration test: Services can discover and communicate with each other