toolz/goplt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ac85f9b1ceb2524deebf0f3b8e498e6d391d589
goplt/docs/content/stories/epic2/2.4-role-management.md
0x1d 38a251968c docs: Align documentation with true microservices architecture 
Transform all documentation from modular monolith to true microservices
architecture where core services are independently deployable.

Key Changes:
- Core Kernel: Infrastructure only (no business logic)
- Core Services: Auth, Identity, Authz, Audit as separate microservices
  - Each service has own entry point (cmd/{service}/)
  - Each service has own gRPC server and database schema
  - Services register with Consul for service discovery
- API Gateway: Moved from Epic 8 to Epic 1 as core infrastructure
  - Single entry point for all external traffic
  - Handles routing, JWT validation, rate limiting, CORS
- Service Discovery: Consul as primary mechanism (ADR-0033)
- Database Pattern: Per-service connections with schema isolation

Documentation Updates:
- Updated all 9 architecture documents
- Updated 4 ADRs and created 2 new ADRs (API Gateway, Service Discovery)
- Rewrote Epic 1: Core Kernel & Infrastructure (infrastructure only)
- Rewrote Epic 2: Core Services (Auth, Identity, Authz, Audit as services)
- Updated Epic 3-8 stories for service architecture
- Updated plan.md, playbook.md, requirements.md, index.md
- Updated all epic READMEs and story files

New ADRs:
- ADR-0032: API Gateway Strategy
- ADR-0033: Service Discovery Implementation (Consul)

New Stories:
- Epic 1.7: Service Client Interfaces
- Epic 1.8: API Gateway Implementation
2025-11-06 08:54:19 +01:00

3.9 KiB
Raw Blame History

Story 2.4: Role Management (Part of Authz Service)

Metadata

  • Story ID: 2.4
  • Title: Role Management (Part of Authz Service)
  • Epic: 2 - Core Services (Authentication & Authorization)
  • Status: Pending
  • Priority: High
  • Estimated Time: 6-8 hours
  • Dependencies: 2.3

Goal

Extend Authz Service with role management gRPC endpoints for creating, updating, and deleting roles, assigning permissions to roles, and assigning roles to users.

Description

This story extends the Authz Service (implemented in Story 2.3) with role management capabilities. It adds gRPC endpoints for role CRUD operations, permission assignment to roles, and role assignment to users. The service uses IdentityServiceClient to manage user-role relationships.

Deliverables

1. gRPC Service Extensions (api/proto/authz.proto)

Extend Authz Service proto with role management RPCs:

  • CreateRoleRequest / CreateRoleResponse - Create new role
  • GetRoleRequest / GetRoleResponse - Get role details
  • ListRolesRequest / ListRolesResponse - List all roles (with pagination)
  • UpdateRoleRequest / UpdateRoleResponse - Update role
  • DeleteRoleRequest / DeleteRoleResponse - Delete role
  • AssignPermissionToRoleRequest / AssignPermissionToRoleResponse - Assign permission to role
  • RemovePermissionFromRoleRequest / RemovePermissionFromRoleResponse - Remove permission from role
  • AssignRoleToUserRequest / AssignRoleToUserResponse - Assign role to user (via IdentityServiceClient)
  • RemoveRoleFromUserRequest / RemoveRoleFromUserResponse - Remove role from user (via IdentityServiceClient)

2. Role Repository (services/authz/internal/repository/role_repo.go)

  • CRUD operations for roles using Ent
  • Assign permissions to roles (many-to-many via RolePermission entity)
  • List roles with permissions
  • Integration with Authz Service database (authz schema)

3. Role Service (services/authz/internal/service/role_service.go)

  • Role management business logic
  • Permission assignment to roles
  • Role assignment to users (via IdentityServiceClient)
  • Input validation
  • Error handling

4. gRPC Server Extensions (services/authz/internal/api/server.go)

  • Add role management handlers to existing Authz Service gRPC server
  • Integration with Role Service
  • Authorization checks (admin only for role management)

5. Service Client Integration

  • Uses IdentityServiceClient to manage user-role relationships
  • Uses AuditServiceClient to log role management operations

Acceptance Criteria

  • CreateRole RPC creates new roles
  • GetRole/ListRoles RPCs retrieve role data
  • UpdateRole/DeleteRole RPCs modify roles
  • AssignPermissionToRole RPC assigns permissions to roles
  • AssignRoleToUser RPC assigns roles to users (via IdentityServiceClient)
  • Role changes affect user permissions immediately (cache invalidation)
  • All role operations are audited via AuditServiceClient
  • Role management RPCs are protected with proper permissions
  • Service uses IdentityServiceClient for user-role relationships

Related ADRs

Testing

# Test role management
go test ./services/authz/...

# Test gRPC service
grpcurl -plaintext localhost:8083 list
grpcurl -plaintext -d '{"name":"admin","description":"Administrator role"}' \
  localhost:8083 authz.AuthzService/CreateRole

Files to Create/Modify

  • api/proto/authz.proto - Add role management RPCs
  • services/authz/internal/repository/role_repo.go - Role repository
  • services/authz/internal/service/role_service.go - Role service logic
  • services/authz/internal/api/server.go - Add role management handlers