eventgate
A flexible, identity-aware gateway & immutable event storage service for microservices abiding by the Event Sourcing Pattern
Status: Proof of Concept
Features
- Headless
- Native gRPC support
- Optional Embedded graphQL support
/graphql
(transcoding)
- Optional Embedded REST support
/
(transcoding)
- Optional Embedded grpcweb support (transcoding)
- Optional Metrics Server(prometheus/pprof)
- Authentication - JWT/OAuth with remote JWKS verification
- Authorization - Rego based Authorization engine
- Autogenerated Client gRPC SDK's
- Structured JSON Logs
- Sample Kubernetes Manifest
- Pluggable "Channel" Providers
- Nats
- Nats Streaming(Stan)
- Redis
- Kafka
- RabbitMQ
- Google PubSub
- AWS SQS
- Azure Queue
- Pluggable "Storage" Providers
- MongoDb
- ElasticSearch
- Cassandra
- PostgreSQL
- MySQL
- Snowflake
Concepts
Channel Provider
A Channel Provider is a plugin that provides stream/channel functionality for broadcasting & consuming events
A single Channel Provider is required. An in memory provider may be used for testing, but it is not considered to be production ready.
Storage Provider
A storage provider is a plugin that provides storage for persisting a historical record of all events produced
Storage provider's enable the History
method- without it, an Unimplemented
error will be returned to the client
Goals
- Create a universal API interface for publishing and subscribing to events using pluggable channel & storage provider
- Interact with the API interface in gRPC, REST, and/or graphQL.
- Safe to swap backend providers without changing client-side code
- Type-safe client's generated in many languages
- Safe to expose to the public internet due to fine-grained authentication/authorization model.
- Capture a persistant, immutable historical record of all events using a pluggable storage provider
- Different combinations of Channel & Storage Providers are interoperable.
- Audit log of events broadcasted by authorized producers
Command Line
eventgate -h
Usage of eventgate:
--config string path to config file (env: EVENTGATE_CONFIG) (default "config.yaml")
Sample Config
# port to serve on. metrics server is started on this port+1 if enabled
port: 8080
# enable graphQL API
graphql: true
# enable rest API
rest: true
# enable metrics server
metrics: true
# enable grpcweb support
grpcweb: true
cors:
allowed_origins:
- "*"
allowed_methods:
- "POST"
- "PUT"
- "GET"
- "OPTIONS"
allowed_headers:
- "*"
#tls:
# cert_file: "/tmp/server.cert"
# key_file: "/tmp/server.key"
logging:
# enable debug logs
debug: true
backend:
# pluggable channel providers: [inmem, redis, nats, stan, kafka, google-pubsub, aws-sqs]
channel_provider:
name: "nats"
config:
addr: "0.0.0.0:4444"
# client_cert_file: "/tmp/nats.cert"
# client_key_file: "/tmp/nats.key"
# channel_provider:
# name: "redis"
# config:
# addr: "0.0.0.0:6379"
# user: "default"
# password: "admin1234"
# client_cert_file: "/tmp/redis.cert"
# client_key_file: "/tmp/redis.key"
# channel_provider:
# name: "stan"
# config:
# addr: "0.0.0.0:4444"
# client_cert_file: "/tmp/stan.cert"
# client_key_file: "/tmp/stan.key"
# pluggable storage providers: [mongo, elasticsearch]
# storage_provider:
# name: "mongo"
# config:
# addr: "mongodb://localhost:27017/testing"
# database: "testing"
# client_cert_file: "/tmp/mongo.cert"
# client_key_file: "/tmp/mongo.key"
storage_provider:
name: "elasticsearch"
config:
addr: "http://localhost:9200"
# user: "default"
# password: "admin1234"
# authentication options
authentication:
# json web keys uri for authentication.
# if empty, inbound jwt's will not be verified.
jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
# authorization options
authorization:
requests: |
package eventgate.authz
default allow = false
allow {
input.claims.sub = "1234567890"
input.claims.name = "John Doe"
}
responses: |
package eventgate.authz
default allow = true
Notes