Remove eventstore (#282)

.github/workflows/mysql.yaml

@@ -28,15 +28,12 @@ jobs:
         run: |
           sudo systemctl start mysql
           mysql -e 'CREATE DATABASE warrant;' -uroot -proot
-          mysql -e 'CREATE DATABASE warrantEvents;' -uroot -proot
       - name: Install apirunner & go-migrate
         run: |
           go install github.com/warrant-dev/apirunner/cmd/apirunner@latest
           go install -tags 'mysql' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
       - name: Run datastore migrations 'up'
         run: migrate -path ./migrations/datastore/mysql/ -database mysql://root:root@/warrant up
-      - name: Run eventstore migrations 'up'
-        run: migrate -path ./migrations/eventstore/mysql/ -database mysql://root:root@/warrantEvents up
       - name: Start test server
         id: start-server
         run: ./cmd/warrant/bin/warrant > server.log 2>&1 &
@@ -61,19 +58,6 @@ jobs:
           WARRANT_DATASTORE_MYSQL_READERHOSTNAME: 127.0.0.1
           WARRANT_DATASTORE_MYSQL_READERMAXIDLECONNECTIONS: 5
           WARRANT_DATASTORE_MYSQL_READERMAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE: mysql
-          WARRANT_EVENTSTORE_MYSQL_USERNAME: root
-          WARRANT_EVENTSTORE_MYSQL_PASSWORD: root
-          WARRANT_EVENTSTORE_MYSQL_HOSTNAME: 127.0.0.1
-          WARRANT_EVENTSTORE_MYSQL_DATABASE: warrantEvents
-          WARRANT_EVENTSTORE_MYSQL_MAXIDLECONNECTIONS: 5
-          WARRANT_EVENTSTORE_MYSQL_MAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE_MYSQL_CONNMAXIDLETIME: 4h
-          WARRANT_EVENTSTORE_MYSQL_CONNMAXLIFETIME: 6h
-          WARRANT_EVENTSTORE_MYSQL_READERHOSTNAME: 127.0.0.1
-          WARRANT_EVENTSTORE_MYSQL_READERMAXIDLECONNECTIONS: 5
-          WARRANT_EVENTSTORE_MYSQL_READERMAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE_SYNCHRONIZEEVENTS: true
       - name: Run apirunner tests
         run: |
           sleep 3
@@ -83,8 +67,6 @@ jobs:
         run: kill -9 `lsof -i:8000 -t`
       - name: Run datastore migrations 'down'
         run: echo 'y' | migrate -path ./migrations/datastore/mysql/ -database mysql://root:root@/warrant down
-      - name: Run eventstore migrations 'down'
-        run: echo 'y' | migrate -path ./migrations/eventstore/mysql/ -database mysql://root:root@/warrantEvents down
       - name: Archive server log
         if: failure()
         uses: actions/upload-artifact@v3

.github/workflows/postgres.yaml

@@ -32,16 +32,13 @@ jobs:
           sudo -u postgres psql --command="ALTER USER warrant_user CREATEDB" --command="\du"
           sudo -u postgres createdb --owner=warrant_user warrant_user
           sudo -u postgres createdb --owner=warrant_user warrant
-          sudo -u postgres createdb --owner=warrant_user warrant_events
           sudo -u postgres psql --command="\l"
       - name: Install apirunner & go-migrate
         run: |
           go install github.com/warrant-dev/apirunner/cmd/apirunner@latest
           go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
       - name: Run datastore migrations 'up'
         run: migrate -path ./migrations/datastore/postgres/ -database postgres://warrant_user:db_password@/warrant?sslmode=disable up
-      - name: Run eventstore migrations 'up'
-        run: migrate -path ./migrations/eventstore/postgres/ -database postgres://warrant_user:db_password@/warrant_events?sslmode=disable up
       - name: Start test server
         id: start-server
         run: ./cmd/warrant/bin/warrant > server.log 2>&1 &
@@ -67,20 +64,6 @@ jobs:
           WARRANT_DATASTORE_POSTGRES_READERHOSTNAME: localhost
           WARRANT_DATASTORE_POSTGRES_READERMAXIDLECONNECTIONS: 5
           WARRANT_DATASTORE_POSTGRES_READERMAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE: postgres
-          WARRANT_EVENTSTORE_POSTGRES_USERNAME: warrant_user
-          WARRANT_EVENTSTORE_POSTGRES_PASSWORD: db_password
-          WARRANT_EVENTSTORE_POSTGRES_HOSTNAME: localhost
-          WARRANT_EVENTSTORE_POSTGRES_DATABASE: warrant_events
-          WARRANT_EVENTSTORE_POSTGRES_SSLMODE: disable
-          WARRANT_EVENTSTORE_POSTGRES_MAXIDLECONNECTIONS: 5
-          WARRANT_EVENTSTORE_POSTGRES_MAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE_POSTGRES_CONNMAXIDLETIME: 4h
-          WARRANT_EVENTSTORE_POSTGRES_CONNMAXLIFETIME: 6h
-          WARRANT_EVENTSTORE_POSTGRES_READERHOSTNAME: localhost
-          WARRANT_EVENTSTORE_POSTGRES_READERMAXIDLECONNECTIONS: 5
-          WARRANT_EVENTSTORE_POSTGRES_READERMAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE_SYNCHRONIZEEVENTS: true
       - name: Run apirunner tests
         run: |
           sleep 3
@@ -90,8 +73,6 @@ jobs:
         run: kill -9 `lsof -i:8000 -t`
       - name: Run datastore migrations 'down'
         run: echo 'y' | migrate -path ./migrations/datastore/postgres/ -database postgres://warrant_user:db_password@/warrant?sslmode=disable down
-      - name: Run eventstore migrations 'down'
-        run: echo 'y' | migrate -path ./migrations/eventstore/postgres/ -database postgres://warrant_user:db_password@/warrant_events?sslmode=disable down
       - name: Archive server log
         if: failure()
         uses: actions/upload-artifact@v3

.github/workflows/sqlite.yaml

@@ -46,15 +46,6 @@ jobs:
           WARRANT_DATASTORE_SQLITE_MAXOPENCONNECTIONS: 1
           WARRANT_DATASTORE_SQLITE_CONNMAXIDLETIME: 4h
           WARRANT_DATASTORE_SQLITE_CONNMAXLIFETIME: 6h
-          WARRANT_EVENTSTORE: sqlite
-          WARRANT_EVENTSTORE_SQLITE_DATABASE: warrantEvents
-          WARRANT_EVENTSTORE_SQLITE_INMEMORY: true
-          WARRANT_EVENTSTORE_SQLITE_MIGRATIONSOURCE: file://./migrations/eventstore/sqlite
-          WARRANT_EVENTSTORE_SQLITE_MAXIDLECONNECTIONS: 5
-          WARRANT_EVENTSTORE_SQLITE_MAXOPENCONNECTIONS: 5
-          WARRANT_EVENTSTORE_SQLITE_CONNMAXIDLETIME: 4h
-          WARRANT_EVENTSTORE_SQLITE_CONNMAXLIFETIME: 6h
-          WARRANT_EVENTSTORE_SYNCHRONIZEEVENTS: true
       - name: Run apirunner tests
         run: |
           sleep 3

README.md

@@ -17,7 +17,7 @@
     <a href="https://www.ycombinator.com/companies/warrant"><img alt="Backed by Y Combinator" src="https://img.shields.io/badge/Backed%20by-Y%20Combinator-%23E16E38"/></a>
 </p>
 
-# Warrant - Open Source Access Control Service
+# Warrant - Google Zanzibar-inspired, centralized authorization service
 
 Warrant is a **highly scalable, centralized authorization service** for _defining_, _storing_, _querying_, _checking_, and _auditing_ application authorization models and access rules. At its core, Warrant is a [relationship based access control (ReBAC)](https://en.wikipedia.org/wiki/Relationship-based_access_control) engine (inspired by [Google Zanzibar](https://research.google/pubs/pub48190/)) capable of enforcing any authorization paradigm, including role based access control (RBAC) (e.g. `[user:1] has [permission:view-billing-details]`), attribute based access control (ABAC) (e.g. `[user:1] can [view] [department:accounting] if [geo == "us"]`), and relationship based access control (ReBAC) (e.g. `[user:1] is an [editor] of [document:docA]`).
 
@@ -26,7 +26,6 @@ Warrant is a **highly scalable, centralized authorization service** for _definin
 - HTTP APIs for managing your authorization model, access rules, and other Warrant resources (roles, permissions, features, tenants, users, etc.) from an application, a CLI tool, etc.
 - Real-time, low latency API for performing access checks in your application(s) at runtime (e.g. `is [user:A] an [editor] of [tenant:X]?`)
 - Integrates with in-house and third-party authn/identity providers like Auth0 and Firebase
-- A queryable, global event log that tracks updates to your authorization model, access rules, and all other Warrant resources, making auditing and debugging simple
 - Officially supported [SDKs](#sdks) for most popular languages and frameworks
 - Support for a number of databases, including: MySQL, Postgres, and SQLite (in-memory or file)
 

cmd/warrant/main.go

@@ -28,7 +28,6 @@ import (
 	warrant "github.com/warrant-dev/warrant/pkg/authz/warrant"
 	"github.com/warrant-dev/warrant/pkg/config"
 	"github.com/warrant-dev/warrant/pkg/database"
-	"github.com/warrant-dev/warrant/pkg/event"
 	object "github.com/warrant-dev/warrant/pkg/object"
 	feature "github.com/warrant-dev/warrant/pkg/object/feature"
 	permission "github.com/warrant-dev/warrant/pkg/object/permission"
@@ -40,27 +39,19 @@ import (
 )
 
 const (
-	MySQLDatastoreMigrationVersion     = 000006
-	MySQLEventstoreMigrationVersion    = 000003
-	PostgresDatastoreMigrationVersion  = 000007
-	PostgresEventstoreMigrationVersion = 000004
-	SQLiteDatastoreMigrationVersion    = 000006
-	SQLiteEventstoreMigrationVersion   = 000003
+	MySQLDatastoreMigrationVersion    = 000006
+	PostgresDatastoreMigrationVersion = 000007
+	SQLiteDatastoreMigrationVersion   = 000006
 )
 
 type ServiceEnv struct {
-	Datastore  database.Database
-	Eventstore database.Database
+	Datastore database.Database
 }
 
 func (env ServiceEnv) DB() database.Database {
 	return env.Datastore
 }
 
-func (env ServiceEnv) EventDB() database.Database {
-	return env.Eventstore
-}
-
 func (env *ServiceEnv) InitDB(cfg config.Config) error {
 	ctx, cancelFunc := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancelFunc()
@@ -122,71 +113,9 @@ func (env *ServiceEnv) InitDB(cfg config.Config) error {
 	return errors.New("invalid database configuration provided")
 }
 
-func (env *ServiceEnv) InitEventDB(config config.Config) error {
-	ctx, cancelFunc := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancelFunc()
-
-	if config.GetEventstore().MySQL.Hostname != "" {
-		db := database.NewMySQL(*config.GetEventstore().MySQL)
-		err := db.Connect(ctx)
-		if err != nil {
-			return err
-		}
-
-		if config.GetAutoMigrate() {
-			err = db.Migrate(ctx, MySQLEventstoreMigrationVersion)
-			if err != nil {
-				return err
-			}
-		}
-
-		env.Eventstore = db
-		return nil
-	}
-
-	if config.GetEventstore().Postgres.Hostname != "" {
-		db := database.NewPostgres(*config.GetEventstore().Postgres)
-		err := db.Connect(ctx)
-		if err != nil {
-			return err
-		}
-
-		if config.GetAutoMigrate() {
-			err = db.Migrate(ctx, PostgresEventstoreMigrationVersion)
-			if err != nil {
-				return err
-			}
-		}
-
-		env.Eventstore = db
-		return nil
-	}
-
-	if config.GetEventstore().SQLite.Database != "" {
-		db := database.NewSQLite(*config.GetEventstore().SQLite)
-		err := db.Connect(ctx)
-		if err != nil {
-			return err
-		}
-
-		if config.GetAutoMigrate() {
-			err = db.Migrate(ctx, SQLiteEventstoreMigrationVersion)
-			if err != nil {
-				return err
-			}
-		}
-
-		env.Eventstore = db
-		return nil
-	}
-
-	return errors.New("invalid database configuration provided")
-}
-
 func NewServiceEnv() ServiceEnv {
 	return ServiceEnv{
-		Datastore:  nil,
-		Eventstore: nil,
+		Datastore: nil,
 	}
 }
 
@@ -198,66 +127,53 @@ func main() {
 		log.Fatal().Err(err).Msg("init: could not initialize and connect to the configured datastore. Shutting down.")
 	}
 
-	err = svcEnv.InitEventDB(cfg)
-	if err != nil {
-		log.Fatal().Err(err).Msg("init: could not initialize and connect to the configured eventstore. Shutting down.")
-	}
-
-	// Init event repo and service
-	eventRepository, err := event.NewRepository(svcEnv.EventDB())
-	if err != nil {
-		log.Fatal().Err(err).Msg("init: could not initialize EventRepository")
-	}
-	eventSvc := event.NewService(svcEnv, eventRepository, cfg.Eventstore.SynchronizeEvents, nil)
-
 	// Init object type repo and service
 	objectTypeRepository, err := objecttype.NewRepository(svcEnv.DB())
 	if err != nil {
 		log.Fatal().Err(err).Msg("init: could not initialize ObjectTypeRepository")
 	}
-	objectTypeSvc := objecttype.NewService(svcEnv, objectTypeRepository, eventSvc)
+	objectTypeSvc := objecttype.NewService(svcEnv, objectTypeRepository)
 
 	// Init object repo and service
 	objectRepository, err := object.NewRepository(svcEnv.DB())
 	if err != nil {
 		log.Fatal().Err(err).Msg("init: could not initialize ObjectRepository")
 	}
-	objectSvc := object.NewService(svcEnv, objectRepository, eventSvc)
+	objectSvc := object.NewService(svcEnv, objectRepository)
 
 	// Init warrant repo and service
 	warrantRepository, err := warrant.NewRepository(svcEnv.DB())
 	if err != nil {
 		log.Fatal().Err(err).Msg("init: could not initialize WarrantRepository")
 	}
-	warrantSvc := warrant.NewService(svcEnv, warrantRepository, eventSvc, objectTypeSvc, objectSvc)
+	warrantSvc := warrant.NewService(svcEnv, warrantRepository, objectTypeSvc, objectSvc)
 
 	// Init check service
-	checkSvc := check.NewService(svcEnv, warrantSvc, eventSvc, objectTypeSvc, cfg.Check, nil)
+	checkSvc := check.NewService(svcEnv, warrantSvc, objectTypeSvc, cfg.Check, nil)
 
 	// Init query service
 	querySvc := query.NewService(svcEnv, objectTypeSvc, warrantSvc, objectSvc)
 
 	// Init feature service
-	featureSvc := feature.NewService(&svcEnv, eventSvc, objectSvc)
+	featureSvc := feature.NewService(&svcEnv, objectSvc)
 
 	// Init permission service
-	permissionSvc := permission.NewService(&svcEnv, eventSvc, objectSvc)
+	permissionSvc := permission.NewService(&svcEnv, objectSvc)
 
 	// Init pricing tier service
-	pricingTierSvc := pricingtier.NewService(&svcEnv, eventSvc, objectSvc)
+	pricingTierSvc := pricingtier.NewService(&svcEnv, objectSvc)
 
 	// Init role service
-	roleSvc := role.NewService(&svcEnv, eventSvc, objectSvc)
+	roleSvc := role.NewService(&svcEnv, objectSvc)
 
 	// Init tenant service
-	tenantSvc := tenant.NewService(&svcEnv, eventSvc, objectSvc)
+	tenantSvc := tenant.NewService(&svcEnv, objectSvc)
 
 	// Init user service
-	userSvc := user.NewService(&svcEnv, eventSvc, objectSvc)
+	userSvc := user.NewService(&svcEnv, objectSvc)
 
 	svcs := []service.Service{
 		checkSvc,
-		eventSvc,
 		featureSvc,
 		objectSvc,
 		objectTypeSvc,

configuration.md

@@ -1,6 +1,6 @@
 # Server configuration
 
-Warrant requires certain configuration variables to be set via either a `warrant.yaml` config file or via environment variables. There is a set of common variables as well as datastore and eventstore-specific configuration.
+Warrant requires certain configuration variables to be set via either a `warrant.yaml` config file or via environment variables. There is a set of common variables as well as datastore-specific configuration.
 
 ## Common variables
 
@@ -9,7 +9,7 @@ Warrant requires certain configuration variables to be set via either a `warrant
 | `port` | Port where the server runs. | no | 8000 | `port: VALUE` | `WARRANT_PORT=VALUE` |
 | `logLevel` | Log level (e.g. Debug, Info etc.) for the server. Warrant uses zerolog, valid log levels are defined [here](https://github.com/rs/zerolog#leveled-logging). | no | 0 | `logLevel: VALUE` | `WARRANT_LOGLEVEL=VALUE` |
 | `enableAccessLog` | Determines whether the built-in request logger is enabled or not. | no | true | `enableAccessLog: VALUE` | `WARRANT_ENABLEACCESSLOG=VALUE` |
-| `autoMigrate` | If set to `true`, the server will apply datastore and eventstore migrations before starting up. | no | false | `autoMigrate: VALUE` | `WARRANT_AUTOMIGRATE=VALUE` |
+| `autoMigrate` | If set to `true`, the server will apply datastore migrations before starting up. | no | false | `autoMigrate: VALUE` | `WARRANT_AUTOMIGRATE=VALUE` |
 | `check.concurrency` | The default concurrency setting for access checks. | no | 4 | `concurrency: VALUE` | `WARRANT_CHECK_CONCURRENCY=VALUE` |
 | `check.maxConcurrency` | The max concurrency setting for access checks. | no | 1000 | `maxConcurrency: VALUE` | `WARRANT_CHECK_MAXCONCURRENCY=VALUE` |
 | `check.timeout` | Access check global timeout. | no | 1m | `timeout: VALUE` | `WARRANT_CHECK_TIMEOUT=VALUE` |
@@ -36,17 +36,15 @@ You can optionally configure Warrant to allow access check requests made to the
 
 If you are using Firebase as your authentication provider, the public key value is optional.
 
-## Set up datastore & eventstore
+## Set up datastore
 
-Warrant is a stateful service that runs with an accompanying `datastore` and `eventstore` (for tracking resource & access events). Currently, `MySQL`, `PostgreSQL` and `SQLite` (file and in-memory) are supported. Refer to these guides to set up your desired database(s):
+Warrant is a stateful service that runs with an accompanying `datastore`. Currently, `MySQL`, `PostgreSQL` and `SQLite` (file and in-memory) are supported. Refer to these guides to set up your desired database(s):
 
 - [MySQL](/migrations/datastore/mysql/README.md)
 - [PostgreSQL](/migrations/datastore/postgres/README.md)
 - [SQLite](/migrations/datastore/sqlite/README.md)
 
-Note: It's possible to use different dbs for the `datastore` and `eventstore` (e.g. mysql for datastore and sqlite for eventstore) but we recommend using the same type of db during development for simplicity.
-
-Here is an example of a full server config using `mysql` for both the datastore and eventstore:
+Here is an example of a full server config using `mysql` for the datastore:
 
 ### Sample `warrant.yaml` config (place file in same dir as server binary)
 
@@ -67,13 +65,6 @@ datastore:
     password: replace_with_password
     hostname: replace_with_hostname
     database: warrant
-eventstore:
-  synchronizeEvents: false
-  mysql:
-    username: replace_with_username
-    password: replace_with_password
-    hostname: replace_with_hostname
-    database: warrantEvents
 ```
 
 ### Sample `warrant.yaml` config with JWT authentication config
@@ -101,13 +92,6 @@ datastore:
     password: replace_with_password
     hostname: replace_with_hostname
     database: warrant
-eventstore:
-  synchronizeEvents: false
-  mysql:
-    username: replace_with_username
-    password: replace_with_password
-    hostname: replace_with_hostname
-    database: warrantEvents
 ```
 
 ### Sample environment variables config
@@ -125,9 +109,4 @@ export WARRANT_DATASTORE_MYSQL_USERNAME="replace_with_username"
 export WARRANT_DATASTORE_MYSQL_PASSWORD="replace_with_password"
 export WARRANT_DATASTORE_MYSQL_HOSTNAME="replace_with_hostname"
 export WARRANT_DATASTORE_MYSQL_DATABASE="warrant"
-export WARRANT_EVENTSTORE_SYNCHRONIZEEVENTS=false
-export WARRANT_EVENTSTORE_MYSQL_USERNAME="replace_with_username"
-export WARRANT_EVENTSTORE_MYSQL_PASSWORD="replace_with_password"
-export WARRANT_EVENTSTORE_MYSQL_HOSTNAME="replace_with_hostname"
-export WARRANT_EVENTSTORE_MYSQL_DATABASE="warrantEvents"
 ```