Skip to content

EventBus Service

Can work as a standalone service, but may be replaced by a facade to an existing eventbus/mq manager.


This module has a configuration file (eventbus.yaml by default) that describes the host, port, ssl_context, and trusted_authorities to use. It can also enable insecure logins.

Default service limits can also be overridden in this configuration file.

If no configuration file is found it will default to the following values:

kind: EventBusConfig
current-context: default
- context:
    port: 38368
    ssl_context: adhoc
    enable_insecure_login: false
    max_publication_attempts: 2
    max_publication_threads: 4
  name: default

ssl_context is either adhoc, a list of two items (certificate file path and private key file path), or disabled (not recommended, will switch to plain HTTP).

A context can also contain a trusted_authorities, which is a list of public key files, used for token validation.

A context can also allow for insecure (token-less) logins if enable_insecure_login is set to true (by default, insecure logins are disabled).

Insecure logins, if enabled, are only allowed from a given address ( by default). This can be overridden by specifying insecure_bind_address.

EventBus limits

All those limits must be integers. If the entry is missing, the default value will be assumed.

max_publication_attempts limits the number of attempts the eventbus makes to send a publication to a subscriber. If not specified, defaults to 2.

The eventbus only attempts to re-send a publication to a subscriber if the previous attempt failed. Please note that if the subscriber returned a 4xx or 5xx error code it is not considered a failure.

max_publication_threads limits the number of simultaneous publication threads. If not specified, defaults to 4.

Each publication received by the eventbus is dispatched to the relevant subscribers in its own thread. Increasing this number means more publications can be dispatched in parallel.

If all publication threads are in use, the pending publications are queued and will be dispatched when publication threads become available.


python3 -m opentf.core.eventbus [--context context] [--config configfile]


This module exposes three endpoints:

  • /subscriptions (GET, POST)
  • /subscriptions/{uuid} (DELETE)
  • /publications (POST)

Whenever calling those endpoints, a signed token must be specified via the Authorization header.

This header will be of the form:

Authorization: Bearer xxxxxxxx

It must be signed by one of the trusted authorities specified in the current context.

On successful subscription, a subscription ID is returned (in .details.uuid).

On successful publication, the publication is dispatched to all corresponding subscriptions, asynchronously.

If there is no corresponding subscription, the response code will be 200, but its message part will be:

'Publication received, but no matching subscription'

If there are corresponding subscriptions, the publication will be posted to their endpoints. There will be a X-Subscription-ID header containing the subscription ID:

X-Subscription-ID: uuid

There will also be a X-Publication-ID header containing the publication ID, to help disambiguate duplicates:

X-Publication-ID: uuid