IndyKite Developer Hub logo
Back to all configurations
Outbound Events

Pub/Sub Outbound Events / Signal - Config

Create an Outbound Events configuration with a Pub/Sub provider.

Pub/Sub Outbound Events / Signal - Config

Outbound Events (Signals) push real-time notifications to external systems when changes occur in your IndyKite environment.

This configuration sets up event streaming to Pub/Sub for configuration changes:

1. Define Pub/Sub as the event provider.

2. Route configuration change events to a Pub/Sub topic.

3. Receive messages when any configuration is created, read, updated, or deleted.

Use case

Scenario: You need to audit or react to configuration changes in your IndyKite project.

Each time a configuration node is modified (create, read, update, delete), an event is sent to your Pub/Sub topic. This enables:

- Audit logging of all configuration changes.

- Triggering downstream workflows when configurations are updated.

- Real-time monitoring of your IndyKite environment.

Note: Only one Outbound Events configuration can be active per project.

ikg

Requirements

- ServiceAccount credentials created in the IndyKite Hub for your organization.

- A GCP Service Account with a valid API Key with IAM permission roles/pubsub.editor (or roles/pubsub.publisher + roles/pubsub.viewer).

- A Pub/Sub topic created in your GCP Project.

- A subscription for the topic

Steps

1. Securely provide GCP Service Account credentials to the Terraform configuration via a credentials file.

2. Apply the Terraform configuration to create the Outbound Events setup.

3. Perform any CRUD action on a configuration node in your project.

4. Verify that event messages appear in your Pub/Sub topic subscription.

main.tf

terraform {
  required_providers {
    indykite = {
      source  = "indykite/indykite"
      version = 1.34. # or latest version
    }
  }
}

# indykite provider integrates IndyKite platform with Terraform scripting.
# Provider for now does not support any parameters and all is set within service account credential file.
provider "indykite" {}
resource "time_static" "example" {}

resource "indykite_event_sink" "outbound_events" {
  name         = "outbound-events"
  display_name = "Outbound Events"
  location     = "ik_project_id"
  providers {
    provider_name = "pubsub-provider"
    pubsub {
	  project_id = "pub-sub-gcp-project-id"
	  topic_name = "topic-name-in-pub-sub"
	  credentials_json = file("path-to-file.json")
    }
  }
  routes {
    provider_id     = "pubsub-provider"
    stop_processing = true
    keys_values_filter {
      event_type = "indykite.audit.config.*"
    }
    route_display_name = "Configuration Audit Events"
    route_id           = "config-audit-log"
  }
}

resource "indykite_authorization_policy" "policy_drive_car" {
  name         = "terraform-policy-drive-car"
  display_name = "Terraform policy drive car"
  description  = "Policy person drive car"
  json = jsonencode({
    meta = {
      policy_version = "2.0-kbac"
    },
    subject = {
      type = "Person"
    },
    actions = ["CAN_DRIVE"],
    resource = {
      type = "Car"
    },
    condition = {
      cypher = "MATCH (subject)-[:DRIVES]->(resource:Car)"
    }
  })
  location = "project_id"
  status   = "active"
}

ikg