IndyKite Developer Hub logo
Back to all configurations
Outbound Events

Kafka Outbound Events / Signal - Config

Create an Outbound Events configuration with a Kafka provider.

Kafka Outbound Events / Signal - Config

Steps to create the Outbound Events configuration in a project with Kafka as provider in Confluent.

Use case

One Outbound Events configuration can be set per project.

The configuration will send events to the defined providers through the designated routes each time a modification is made in the stipulated IKG section.

In this use case, a configuration is created to send a message each time a CRUD action is executed on any configuration node.

ikg

Requirements

- ServiceAccount credentials created in the IndyKite Hub for your organization.

- A valid API Key for a Confluent environment.

Steps

1. Create a topic on Confluent.

2. Create an Outbound Events configuration and a KBAC policy configuration.

3. Check that messages are received in the topic each time a CRUD action is executed on any configuration node (including any read action on Outbound Events).

main.tf

terraform {
  required_providers {
    indykite = {
      source  = "indykite/indykite"
      version = 1.26. # or latest version
    }
  }
}

# indykite provider integrates IndyKite platform with Terraform scripting.
# Provider for now does not support any parameters and all is set within service account credential file.
provider "indykite" {}
resource "time_static" "example" {}

resource "indykite_event_sink" "outbound_events" {
  name         = "outbound-events"
  display_name = "Outbound Events"
  location     = "project_id"
  providers {
    provider_name = "confluent-provider"
    kafka {
      brokers  = ["broker"]
      topic    = "topic_signal"
      username = "api_key"
      password = "api_key_secret"
    }
  }
  routes {
    provider_id     = "confluent-provider"
    stop_processing = true
    keys_values_filter {
      event_type = "indykite.audit.config.*"
    }
    route_display_name = "Configuration Audit Events"
    route_id           = "config-audit-log"
  }
  # lifecycle {
  #   create_before_destroy = true
  # }
}

resource "indykite_authorization_policy" "policy_drive_car" {
  name         = "terraform-policy-drive-car"
  display_name = "Terraform policy drive car"
  description  = "Policy person drive car"
  json = jsonencode({
    meta = {
      policy_version = "2.0-kbac"
    },
    subject = {
      type = "Person"
    },
    actions = ["CAN_DRIVE"],
    resource = {
      type = "Car"
    },
    condition = {
      cypher = "MATCH (subject)-[:DRIVES]->(resource:Car)"
    }
  })
  location = "project_id"
  status   = "active"
}

ikg