Add initial audit logging pipeline (API, SDK, OTLP exporter, and autoconfigure)#7

Open

hilmarf wants to merge 38 commits into

mainfrom

hilmarf commented Apr 28, 2026

Member

Summary

This PR introduces an initial end-to-end audit logging pipeline for OpenTelemetry Java, including new API and SDK modules, OTLP HTTP export support, and autoconfiguration wiring.

What changed

Added a new Audit API module with core audit types and contracts, including:
- provider and global provider access
- logger and logger builder
- audit record builder and receipt model
- actor/outcome semantics and delivery exception handling
Added a new Audit SDK module with runtime implementation, including:
- SDK audit provider and logger implementations
- read/write record model
- exporter and processor contracts
- processor implementations (simple, batch, multi, noop)
- in-memory exporter for testing scenarios
Added a new OTLP HTTP audit exporter module:
- OTLP audit record data adapter
- HTTP exporter and builder for audit records
Added autoconfigure integration for audit:
- audit provider configuration bootstrap
- audit exporter selection and SPI loading
- new SPI interface for configurable audit exporters
Wired new modules into the build:
- included new projects in settings
- added audit SDK to the sdk aggregate module
Added a GitHub workflow for fork synchronization:
- sync-fork.yaml

Configuration behavior

New property: otel.audit.exporter
Default exporter: otlp
Special value: none (disables audit exporting)
Validation: configuration fails if none is combined with other exporters or if an unknown exporter name is configured

Why

This lays the foundation for first-class audit logging support in OpenTelemetry Java with:

clear API/SDK separation
pluggable exporter model
out-of-the-box OTLP export path
autoconfigure-based runtime setup

Notes

This change is primarily additive and introduces new modules and integration points.
No existing tracing/metrics/logging APIs are replaced by this PR.

hilmarf force-pushed the main branch from 6bd3996 to 2d95040 Compare

April 28, 2026 09:43

hilmarf force-pushed the main branch from ae758b4 to fabd118 Compare

June 4, 2026 07:41

hilmarf force-pushed the auditing branch 2 times, most recently from 50b5619 to beec303 Compare

June 8, 2026 14:10

hilmarf force-pushed the main branch from 6d44972 to 6852822 Compare

June 9, 2026 13:54

apeirora-bot Bot added the api-change label

apeirora-bot Bot commented Jun 9, 2026 •

edited

Loading

⚠️ API changes detected — additional maintainer review required

@jack-berg @jkwatson

This PR modifies the public API surface area of the following module(s):

opentelemetry-api
opentelemetry-common
opentelemetry-context
opentelemetry-exporter-common
opentelemetry-exporter-logging
opentelemetry-exporter-logging-otlp
opentelemetry-exporter-zipkin
opentelemetry-extension-kotlin
opentelemetry-extension-trace-propagators
opentelemetry-opentracing-shim
opentelemetry-sdk
opentelemetry-sdk-extension-autoconfigure-spi

Please review the changes in docs/apidiffs/current_vs_latest/ carefully before approving.

hilmarf added this to OTel-Audit-Logging

github-project-automation Bot moved this to Backlog in OTel-Audit-Logging

hilmarf moved this from Backlog to In progress in OTel-Audit-Logging

hilmarf added 10 commits

June 10, 2026 14:52


          Add files via upload

5fa285d

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          REUSE status

040d5ba

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Ensure GHA work properly on fork or are disabled!

6803d8a

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          reuse download --all

a65b712

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Add REUSE compliance: LICENSES/, .reuse/dep5, and fix invalid SPDX ex… (

b5d4212

#9)

* Add REUSE compliance: LICENSES/, .reuse/dep5, and fix invalid SPDX expressions

- Add LICENSES/Apache-2.0.txt (copy of LICENSE) as required by REUSE spec
- Add .reuse/dep5 to provide copyright/license info for files without inline headers
- Fix invalid SPDX expressions in OtelImplJavadocTest and OtelInternalJavadocTest
  by wrapping embedded SPDX-License-Identifier strings in REUSE-IgnoreStart/End
  comments to prevent the REUSE linter from treating test fixture content as
  actual license declarations

* reuse convert-dep5

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>

---------

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          using APEIRORA_BOT

3ea5d22

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          revert to upstream

6653e70

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          add .dockerignore

20f6b7b

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          group = "eu.apeirora.opentelemetry"

e15cc02

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Remap the Maven group to the Java package root:

eb31429

eu.apeirora.opentelemetry → io.opentelemetry

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>

hilmarf force-pushed the main branch from 1b5d269 to eb31429 Compare

June 10, 2026 12:52

hilmarf added 9 commits

June 10, 2026 14:54


          Add initial audit logging pipeline:

5951b7f

- API
- SDK
- OTLP exporter
- autoconfigure

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Ensure GHA work properly on fork or are disabled!

780ffa2

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          refactor: migrated the separate package api\audit into api\all

237bad1

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          refactored fields to attributes

70fecae

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          integrityValue + algorithm + certificate

32ca0e7

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Add audit signal tests, fix exporter imports, update apidiffs and bui…

8ab5b68

…ld config

- Add unit tests for SdkAuditProvider, SimpleAuditRecordProcessor,
  BatchAuditRecordProcessor, and AuditLogRecordDataAdapter
- Fix OtlpHttpAuditRecordExporter/Builder to use otlp.internal HTTP classes
  instead of removed exporter.internal.http package
- Fix Checkstyle import order in SimpleAuditRecordProcessorTest
- Update build.gradle.kts dependencies for audit exporter tests
- Refresh apidiffs to compare against 1.63.0 baseline
- Disable Gradle parallel/caching/config-cache for reproducible local builds

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          sync with main

cef7c30

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          gradle jApiCmp

74a272c

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          fix spotlessJavaCheck issues

287fe61

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          audit.* semantic conventions

3a7faad

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>

hilmarf force-pushed the auditing branch from a0f2610 to 44b8f55 Compare

June 10, 2026 13:07

hilmarf force-pushed the main branch 2 times, most recently from 6e99b21 to e768afa Compare

June 10, 2026 15:15

hilmarf and others added 16 commits

June 10, 2026 18:31


          AuditRecordData extends LogRecordData

01aed0a

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          simplify audit API

9c7de86

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Convert remaining declarative config factory tests to parameterized t…

b4d2414

…est (open-telemetry#8460)

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          Exclude certain github actions from running on forks (open-telemetry#…

64c06d8

…8466)

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          using APEIRORA_BOT

0b850e6

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          revert to upstream

0d282b0

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          build: add GitHub Packages repository to publish conventions

3d3b253

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          build: restrict GitHub Packages publishing to SNAPSHOT versions only

f678551

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          ci: add snapshot publish workflow for GitHub Packages

1c7a84e

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          docs: add GitHub Packages SNAPSHOT consumer guide

60c9398

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          docs: clarify Maven CI settings.xml token wiring for GitHub Packages

85e5317

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          docs: update CLAUDE.md with language rules and publishing architecture

eb447d1

notes

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          build: gate signing on GPG_PRIVATE_KEY instead of CI env var

2ca22d7

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          ci: use targeted publish task to avoid Sonatype credential errors

7884cee

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          fix: resolve AutoValue constructor mismatch in SdkAuditRecordData

61bf20a

AuditRecordData extends LogRecordData. AutoValue generates constructor
parameters for all abstract (non-default) getter methods. The previous
code passed arguments in the wrong order and included fields (body,
InstrumentationScopeInfo, etc.) that AutoValue did not expect.

- Add default implementations in AuditRecordData for LogRecordData
  fields not applicable to audit: InstrumentationScopeInfo, SpanContext,
  Severity, SeverityText, Body, TotalAttributeCount
- Declare getEventName() abstract in AuditRecordData so AutoValue
  generates a field for it
- Fix argument order in SdkAuditRecordData.create() and
  SdkReadWriteAuditRecord.toAuditRecordData() to match AutoValue order
- Remove unused body field from SdkReadWriteAuditRecord; setBody() in
  SdkAuditRecordBuilder is now a no-op per spec (body travels via
  AuditRecordData.getBodyValue() default)
- Update tests to use combined API methods setActor(), setTarget(),
  setSource() instead of the removed individual setActorId() etc.

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>


          apidiffs

eb2fd5b

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>

hilmarf force-pushed the auditing branch from 3922106 to eb2fd5b Compare

June 10, 2026 16:31

CLAassistant commented Jun 10, 2026 •

edited

Loading

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 3 committers have signed the CLA.

✅ hilmarf
❌ jaydeluca
❌ jack-berg
_{You have signed the CLA already but the status is still pending? Let us recheck it.}


          Merge branch 'main' into auditing

f03d26d

jkwatson commented Jun 11, 2026

I think you probably don't want to be running all of the core github actions on your fork....


          remove duplicate condition

ce6f533

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels