Skip to content

EventBus Service

Can work as a standalone service, but may be replaced by a facade to an existing eventbus/mq manager.


This module has a configuration file (eventbus.yaml by default) that describes the host, port, ssl_context, trusted_authorities, and logfile to use. It can also enable insecure logins.

If no configuration file is found it will default to the following values:

kind: EventBusConfig
current-context: default
- context:
    port: 38368
    ssl_context: adhoc
  name: default

ssl_context is either adhoc, a list of two items (certificate file path and private key file path), or disabled (not recommended, will switch to plain HTTP).

A context can also contain a trusted_authorities, which is a list of public key files, used for token validation.

A context can also allow for insecure (token-less) logins, if enable_insecure_login is set to true (by default, insecure logins are disabled).

Insecure logins, if enabled, are only allowed from a given address ( by default). This can be overridden by specifying insecure_bind_address.


python3 -m opentf.core.eventbus [--context context] [--config configfile]


This module exposes three endpoints:

  • /subscriptions (GET, POST)
  • /subscriptions/{uuid} (DELETE)
  • /publications (POST)

Whenever calling those endpoints, a signed token must be specified via the Authorization header.

This header will be of form:

Authorization: Bearer xxxxxxxx

It must be signed with one of the trusted authorities specified in the current context.

On successful subscription a subscription ID is returned (in .details.uuid).

On successful publication, the publication is dispatched to all corresponding subscriptions, asynchronously.

If there is no corresponding subscription, the response code will be 200, but its message part will be:

'Publication received, but no matching subscription'

If there are corresponding subscriptions, the publication will be posted to their endpoints. There will be a X-Subscription-ID header containing the subscription ID:

X-Subscription-ID: uuid

There will also be a X-Publication-ID header containing the publication ID, to help disambiguate duplicates:

X-Publication-ID: uuid

No attempt is made to resubmit a publication to a given subscription if the first attempt failed. A failure to submit a publication to a given subscription has no effect on other subscriptions: they will receive the publication.