goplt/docs/content/stories/epic2

Epic 2: Core Services (Authentication & Authorization)

Overview

Implement Auth, Identity, Authz, and Audit as separate, independent microservices. Each service has its own entry point (cmd/{service}/), gRPC server, database connection/schema, and registers with Consul service registry. Services communicate via service clients (gRPC) and use service discovery.

Key Principle: Each service is independently deployable from day one.

Stories

2.1 Auth Service - JWT Authentication

• Story: 2.1 - Auth Service
• Goal: Implement Auth Service as independent microservice with JWT token generation/validation.
• Deliverables:
  • Service entry point: cmd/auth-service/main.go
  • gRPC server implementation
  • Database connection and schema (auth schema)
  • Service registration with Consul
  • JWT token generation/validation logic

2.2 Identity Service - User Management

• Story: 2.2 - Identity Service
• Goal: Implement Identity Service as independent microservice for user CRUD and password management.
• Deliverables:
  • Service entry point: cmd/identity-service/main.go
  • gRPC server implementation
  • Database connection and schema (identity schema with User entity)
  • Service registration with Consul
  • User CRUD, password management, email verification

2.3 Authz Service - Authorization & RBAC

• Story: 2.3 - Authz Service
• Goal: Implement Authz Service as independent microservice for permission resolution and authorization.
• Deliverables:
  • Service entry point: cmd/authz-service/main.go
  • gRPC server implementation
  • Database connection and schema (authz schema with Role, Permission entities)
  • Service registration with Consul
  • Permission resolution, RBAC/ABAC authorization

2.4 Role Management (Part of Authz Service)

• Story: 2.4 - Role Management
• Goal: Extend Authz Service with role management API.
• Deliverables:
  • Role management gRPC endpoints
  • Role assignment to users (via Identity Service client)
  • Permission assignment to roles

2.5 Audit Service - Audit Logging

• Story: 2.5 - Audit Service
• Goal: Implement Audit Service as independent microservice for audit logging.
• Deliverables:
  • Service entry point: cmd/audit-service/main.go
  • gRPC server implementation
  • Database connection and schema (audit schema with AuditLog entity)
  • Service registration with Consul
  • Audit log recording and querying

2.6 Database Seeding

• Story: 2.6 - Database Seeding
• Goal: Provide seeding for all services (initial admin user, default roles, permissions).
• Deliverables:
  • Seed scripts for each service
  • Seed commands
  • Integration with service startup

Deliverables Checklist

• Auth Service: Independent service with gRPC server, database schema, Consul registration
• Identity Service: Independent service with gRPC server, User entity, Consul registration
• Authz Service: Independent service with gRPC server, Role/Permission entities, Consul registration
• Audit Service: Independent service with gRPC server, AuditLog entity, Consul registration
• All services use service clients for inter-service communication
• All services have their own database connection pools and schemas
• Seed scripts for all services

Acceptance Criteria

• Each service is independently deployable
• Each service has its own entry point (cmd/{service}/main.go)
• Each service registers with Consul service registry
• Services communicate via gRPC through service clients
• Each service has its own database schema
• API Gateway can route to all services via service discovery
• Integration test: Services can discover and communicate with each other