Skip to content

[Data Contracts] Contract Audit Log #7244

New issue
New issue
Open
Open
[Data Contracts] Contract Audit Log#7244
Labels
priority/lowLow priority issues that should only be worked on if they are easy to complete.type/enhancementIssues that represent requests for new features.
@carlesarnal

Description

@carlesarnal
carlesarnal
opened on Feb 2, 2026

Parent Epic

Part of #6192

Priority

P3 (Low)

Phase

Phase 4 - Audit & Events

Blocked By

  • Contract Lifecycle Status Management
  • Promotion Workflow

Description

Implement audit logging for contract lifecycle changes.

Requirements

  • Create audit log table (SQL storage):

    CREATE TABLE contract_audit_log (
    id BIGSERIAL PRIMARY KEY,
    group_id VARCHAR(512) NOT NULL,
    artifact_id VARCHAR(512) NOT NULL,
    action VARCHAR(64) NOT NULL,
    previous_value TEXT,
    new_value TEXT,
    performed_by VARCHAR(256),
    performed_on TIMESTAMP NOT NULL,
    comment TEXT
);

CREATE INDEX idx_contract_audit_artifact 
    ON contract_audit_log(group_id, artifact_id);
CREATE INDEX idx_contract_audit_action 
    ON contract_audit_log(action);
CREATE INDEX idx_contract_audit_time 
    ON contract_audit_log(performed_on);

  • Create ContractAuditService:

    @ApplicationScoped
public class ContractAuditService {
    void logStatusChange(ContractStatusChanged event);
    void logPromotion(ContractPromoted event);
    void logMetadataUpdate(String groupId, String artifactId, 
                          ContractMetadata previous, ContractMetadata updated,
                          String performedBy);
    List<ContractAuditEntry> getAuditLog(String groupId, String artifactId,
                                         int offset, int limit);
}

  • Subscribe to contract events and log them

  • Add REST endpoint:

    GET /apis/registry/v3/groups/{groupId}/artifacts/{artifactId}/contract/audit
Query: offset, limit, action (filter by action type)
Response: ContractAuditResults { entries: [...], count: N }

Audit Actions

Action Description
STATUS_CHANGE Contract status changed
PROMOTION Contract promoted to new stage
METADATA_UPDATE Contract metadata updated
CONTRACT_CREATED Contract metadata first added
CONTRACT_DELETED Contract metadata removed

Acceptance Criteria

  • All contract lifecycle changes are logged
  • Audit log can be queried via REST API
  • Audit entries include user, timestamp, and details
  • Integration tests verify audit logging
  • Works with all storage variants (SQL, KafkaSQL)

Technical Notes

SQL location: app/src/main/java/io/apicurio/registry/storage/impl/sql/

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/lowLow priority issues that should only be worked on if they are easy to complete.type/enhancementIssues that represent requests for new features.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions