Audit Log Event Schema

This topic describes the Confluent Cloud audit log event schema, which is based on CloudEvents.

Compatibility policy

Confluent will make non-breaking changes to the schema without advance notice. Breaking changes will be widely communicated at least 180 days in advance, and we will continue to maintain compatibility during this time. Exceptions to this policy apply in case of critical security vulnerabilities or functional defects. Refer to Confluent Cloud Release Notes for the latest feature updates.

Confluent considers the following changes to be backwards-compatible:

  • Adding new properties to existing models
  • Changing the order of properties
  • Changing the length or format of opaque strings
  • Introducing new possible values for a property where the existing schema does not constrain to a particular set of possible values
  • Introducing new event types with their own data format constraints independent of the data format constraints of existings event types
  • Omitting properties with null values, or any property that is not explicitly declared as required in the schema
  • Omitting or changing the wording of values that appear in message properties

Key terms and concepts

Correlation ID (correlationId)

A user-supplied integer that is passed back in the response by the server, unmodified. The correlationId is useful for matching a request and response between the client and server.

CRN (Confluent Resource Name)

Used to identify a resource such as a Kafka cluster, topic, or consumer group. You are likely to see CRNs that look like the following:

  • crn://confluent.cloud/kafka=lkc-a1b2c
  • crn://confluent.cloud/kafka=lkc-a1b2c/topic=foo
  • crn://confluent.cloud/kafka=lkc-a1b2c/group=foo

Additionally, CRN values may exist simultaneously in both canonical and uncanonical forms. For example, you might also see the following CRN formats, which are considered equivalent:

  • crn:///kafka=lkc-a1b2c
  • crn://confluent.cloud/organization=ce06515f-f1f5-468f-88b8-9ed99fab2392/environment=env-abcde/kafka=lkc-a1b2c

For additional details about CRNs, refer to Confluent Resource Names.

Type (type)

Describes the type of event. The value in this property corresponds with the presence or absence of certain other event properties. There are two types:

  • io.confluent.kafka.server/authentication
  • io.confluent.kafka.server/authorization

For additional details, read the audit log event schema.

Confluent Routing (confluentRouting)

Ignore/do not use this attribute.

Examples

Successful authentication to a Kafka cluster using API key

{
    "type": "io.confluent.kafka.server/authentication",
    "data": {
        "methodName": "kafka.Authentication",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456",
            "metadata": {
                "mechanism": "SASL_SSL/PLAIN",
                "identifier": "MAIDSRFG53RXYTKR"
            }
        },
        "result": {
            "status": "SUCCESS",
            "message": ""
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Failed authentication to a Kafka cluster using API key

{
    "type": "io.confluent.kafka.server/authentication",
    "data": {
        "methodName": "kafka.Authentication",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456",
            "metadata": {
                "mechanism": "SASL_SSL/PLAIN",
                "identifier": "MAIDSRFG53RXYTKR"
            }
        },
        "result": {
            "status": "UNAUTHENTICATED",
            "message": "Bad password for user MAIDSRFG53RXYTKR"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Successful authentication to a Kafka cluster using interactive token

{
    "type": "io.confluent.kafka.server/authentication",
    "data": {
        "methodName": "kafka.Authentication",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456",
            "metadata": {
                "mechanism": "SASL_SSL/OAUTHBEARER",
                "identifier": "123456"
            }
        },
        "result": {
            "status": "SUCCESS",
            "message": ""
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Failed authentication to a Kafka cluster using interactive token

{
    "type": "io.confluent.kafka.server/authentication",
    "data": {
        "methodName": "kafka.Authentication",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "None:UNKNOWN_USER",
            "metadata": {
                "mechanism": "SASL_SSL/OAUTHBEARER",
                "identifier": "654321"
            }
        },
        "result": {
            "status": "UNAUTHENTICATED",
            "message": "The principal 654321's logical cluster lkc-a1b2c is not hosted on this broker."
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to alter topic configurations allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.AlterConfigs",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "AlterConfigs",
            "resourceType": "Topic",
            "resourceName": "departures",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to create ACL rules on a Kafka cluster allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.CreateAcls",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Alter",
            "resourceType": "Cluster",
            "resourceName": "kafka-cluster",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to add partitions to topic not allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.CreatePartitions",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": false,
            "operation": "Alter",
            "resourceType": "Topic",
            "resourceName": "departures",
            "patternType": "LITERAL",
            "superUserAuthorization": false
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to create any topic on a Kafka cluster allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.CreateTopics",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Create",
            "resourceType": "Cluster",
            "resourceName": "kafka-cluster",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to create a specific topic allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "methodName": "kafka.CreateTopics",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "DescribeConfigs",
            "resourceType": "Topic",
            "resourceName": "departures",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to create a specific topic not allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.CreateTopics",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": false,
            "operation": "Create",
            "resourceType": "Topic",
            "resourceName": "departures",
            "patternType": "LITERAL",
            "superUserAuthorization": false
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to delete ACL rules from a Kafka cluster allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "methodName": "kafka.DeleteAcls",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Alter",
            "resourceType": "Cluster",
            "resourceName": "kafka-cluster",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to delete consumer group allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.DeleteGroups",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/group=delivery-estimator",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Delete",
            "resourceType": "Group",
            "resourceName": "delivery-estimator",
            "patternType": "LITERAL",
            "superUserAuthorization": false,
            "aclAuthorization": {
                "host": "*",
                "permissionType": "ALLOW"
            }
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to delete records from topic allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.DeleteRecords",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=foo-KSTREAM-REPARTITION-0000000016-repartition",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Delete",
            "resourceType": "Topic",
            "resourceName": "foo-KSTREAM-REPARTITION-0000000016-repartition",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to delete topic allowed based on prefix match

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.DeleteTopics",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures-2021-01-01",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "Delete",
            "resourceType": "Topic",
            "resourceName": "departures-",
            "patternType": "PREFIX",
            "superUserAuthorization": false,
            "aclAuthorization": {
                "permissionType": "ALLOW",
                "host": "*"
            }
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to alter cluster configurations allowed based on super user

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.IncrementalAlterConfigs",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "AlterConfigs",
            "resourceType": "Cluster",
            "resourceName": "kafka-cluster",
            "patternType": "LITERAL",
            "superUserAuthorization": true
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to alter topic configurations allowed based on ACL

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.IncrementalAlterConfigs",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": true,
            "operation": "AlterConfigs",
            "resourceType": "Topic",
            "resourceName": "departures",
            "patternType": "LITERAL",
            "superUserAuthorization": false,
            "aclAuthorization": {
                "permissionType": "ALLOW",
                "host": "*"
            }
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Authorization to delete consumer group offsets not allowed

{
    "type": "io.confluent.kafka.server/authorization",
    "data": {
        "methodName": "kafka.OffsetDelete",
        "serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
        "resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/group=delivery-estimator",
        "authenticationInfo": {
            "principal": "User:123456"
        },
        "authorizationInfo": {
            "granted": false,
            "operation": "Delete",
            "resourceType": "Group",
            "resourceName": "delivery-estimator",
            "patternType": "LITERAL",
            "superUserAuthorization": false
        },
        "request": {
            "correlationId": "123",
            "clientId": "adminclient-42"
        }
    }
    },
    "id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
    "time": "2021-01-01T12:34:56.789Z",
    "datacontenttype": "application/json",
    "source": "crn://confluent.cloud/kafka=lkc-a1b2c",
    "subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
    "specversion": "1.0"
}

Full audit log event schema

Following is the full audit log event schema:

{
    "$schema": "http://json-schema.org/draft-07/schema#",
    "type": "object",
    "description": "This is v1 of the Confluent cloud audit log event schema. It is based on CloudEvents. Links to the latest version can be found at https://docs.confluent.io/cloud/current/access-management/audit-logs.html. Confluent will make non-breaking changes to the schema without advance notice. Breaking changes will be widely communicated at least 180 days in advance, and we will continue to maintain compatibility during this time. Exceptions to this policy apply in case of critical security vulnerabilities or functional defects. Check the above web page for links to our announcement channels and details about our compatibility policy.",
    "properties": {
        "id": {
            "type": "string",
            "minLength": 1,
            "description": "Uniquely identifies the event.",
            "examples": ["c72a3d0c-e6f3-4196-9b49-a835614452df"]
        },
        "specversion": {
            "type": "string",
            "minLength": 1,
            "description": "The version of the CloudEvents specification which the event uses.",
            "examples": ["1.0"]
        },
        "source": {
            "type": "string",
            "format": "uri-reference",
            "minLength": 1,
            "description": "Identifies the context in which an event happened.",
            "examples": [
                "crn://confluent.cloud",
                "crn://confluent.cloud/kafka=lkc-a1b2c",
                "crn:///kafka=lkc-a1b2c"
            ]
        },
        "subject": {
            "type": ["string","null"],
            "minLength": 1,
            "description": "Identifies the resource that would be affected by the event.",
            "examples": [
                "crn:///kafka=lkc-a1b2c",
                "crn://confluent.cloud/kafka=lkc-a1b2c",
                "crn://confluent.cloud/kafka=lkc-xyz01/topic=departures",
                "crn://confluent.cloud/kafka=lkc-xyz01/group=delivery-estimator"
            ]
        },
        "type": {
            "type": "string",
            "minLength": 1,
            "description": "Describes the type of event.",
            "examples": [
                "io.confluent.kafka.server/authentication",
                "io.confluent.kafka.server/authorization"
            ]
        },
        "time": {
            "type": ["string", "null"],
            "format": "date-time",
            "minLength": 1,
            "description": "Timestamp of when the occurrence happened. Adheres to RFC 3339.",
            "examples": [
                "2020-12-06T13:39:03Z",
                "2020-12-06T13:39:03.123Z"
            ]
        },
        "datacontenttype": {
            "type": ["string","null"],
            "description": "Content type of the data value. Adheres to RFC 2046 format.",
            "minLength": 1,
            "examples": [
                "application/json"
            ]
        },
        "dataschema": {
            "type": ["string", "null"],
            "format": "uri",
            "minLength": 1,
            "description": "Identifies the schema that data adheres to. Currently unused."
        },
        "data": {
            "type": "object",
            "description": "Additional details about the audited occurrence.",
            "properties": {
                "serviceName": {
                    "type": "string",
                    "description": "The resource identifier of the service (the source) that received the request being logged.",
                    "examples": [
                        "crn://confluent.cloud",
                        "crn://confluent.cloud/kafka=lkc-a1b2c",
                        "crn:///kafka=lkc-a1b2c"
                    ]
                },
                "resourceName": {
                    "type": "string",
                    "description": "The resource identifier of the target (subject) of the request",
                    "examples": [
                        "crn:///kafka=lkc-a1b2c",
                        "crn://confluent.cloud/kafka=lkc-a1b2c",
                        "crn://confluent.cloud/kafka=lkc-xyz01/topic=departures",
                        "crn://confluent.cloud/kafka=lkc-xyz01/group=delivery-estimator"
                    ]
                },
                "request": {
                    "type": ["object","null"],
                    "description": "Unordered map of dynamically typed values.",
                    "additionalProperties": {
                        "type": ["array","boolean","number","object","string","null"]
                    }
                },
                "requestMetadata": {
                    "type": ["object","null"],
                    "description": "Unordered map of dynamically typed values.",
                    "additionalProperties": {
                        "type": ["array","boolean","number","object","string","null"]
                    }
                },
                "result": {
                    "type": ["object","null"],
                    "description": "Unordered map of dynamically typed values.",
                    "additionalProperties": {
                        "type": ["array","boolean","number","object","string","null"]
                    }
                }
            }
        },
        "confluentRouting": {
            "type": ["array","boolean","number","object","string","null"],
            "description": "Ignore this attribute. It is reserved for internal use, and may be omitted in the future."
        }
    },
    "required": [
        "id",
        "source",
        "specversion",
        "type"
    ],
    "allOf": [
        {
            "if": {
                "required": ["type"],
                "properties": {
                    "type": { "const": "io.confluent.kafka.server/authentication" }
                }
            },
            "then": {
                "properties" : {
                    "data": {
                        "type": "object",
                        "description": "Additional details about the authentication check.",
                        "properties": {
                            "methodName": {
                                "type": "string",
                                "description": "The type of request being logged.",
                                "examples": [
                                    "kafka.Authentication"
                                ]
                            },
                            "authenticationInfo": {
                                "type": "object",
                                "properties": {
                                    "principal": {
                                        "type": "string",
                                        "description": "Identifies the authenticated principal.",
                                        "examples": [
                                            "User:12345",
                                            "None:UNKNOWN_USER"
                                        ]
                                    },
                                    "metadata": {
                                        "type": "object",
                                        "properties": {
                                            "mechanism": {
                                                "type": "string",
                                                "description": "Authentication mechanism.",
                                                "examples": [
                                                    "SASL_SSL/PLAIN",
                                                    "SASL_SSL/OAUTHBEARER"
                                                ]
                                            },
                                            "identifier": {
                                                "type": "string",
                                                "description": "Identifies the numeric user ID or API key supplied by the requester.",
                                                "examples": [
                                                    "MAIDSRFG53RXYTKR",
                                                    "12345"
                                                ]
                                            }
                                        }
                                    }
                                }
                            },
                            "requestMetadata": {
                                "type": "object",
                                "properties": {
                                    "client_address": {
                                        "type": "string",
                                        "description": "Ignore this field until further notice. The address of the client making the request. This field may be missing, or even if present, have an unhelpful value."
                                    }
                                }
                            },
                            "result": {
                                "type": "object",
                                "properties": {
                                    "status": {
                                        "type": "string",
                                        "examples": [
                                            "SUCCESS",
                                            "UNAUTHENTICATED"
                                        ]
                                    },
                                    "message": {
                                        "type": "string",
                                        "description": "Indicates the result status."
                                    }
                                }
                            }
                        }
                    }
                }
            }
        },
        {
            "if": {
                "required": ["type"],
                "properties": {
                    "type": { "const": "io.confluent.kafka.server/authorization" }
                }
            },
            "then": {
                "properties": {
                    "data": {
                        "type": "object",
                        "properties": {
                            "methodName": {
                                "type": "string",
                                "description": "The type of request being logged.",
                                "examples": [
                                    "kafka.AlterConfigs",
                                    "kafka.CreateAcls",
                                    "kafka.CreateTopics",
                                    "kafka.DeleteAcls",
                                    "kafka.DeleteGroups"
                                ]
                            },
                            "authenticationInfo": {
                                "type": "object",
                                "properties": {
                                    "principal": {
                                        "type": "string",
                                        "description": "Identifies the authenticated principal that made the request.",
                                        "examples": [
                                            "User:12345"
                                        ]
                                    }
                                }
                            },
                            "authorizationInfo": {
                                "type": "object",
                                "properties": {
                                    "granted": {
                                        "type": "boolean",
                                        "description": "The result of the authorization check."
                                    },
                                    "operation": {
                                        "type": "string",
                                        "description": "Identifies the operation being checked for authorization.",
                                        "examples": [
                                            "Alter",
                                            "AlterConfigs",
                                            "Create",
                                            "Delete",
                                            "DescribeConfigs"
                                        ]
                                    },
                                    "resourceType": {
                                        "type": "string",
                                        "description": "The type of the resource being checked for authorization.",
                                        "examples": [
                                            "Cluster",
                                            "Group",
                                            "Topic"
                                        ]
                                    },
                                    "resourceName": {
                                        "type": "string",
                                        "description": "The resource name of the checked authorization rule.",
                                        "examples": [
                                            "kafka-cluster",
                                            "delivery-estimator",
                                            "departures"
                                        ]
                                    },
                                    "patternType": {
                                        "type": "string",
                                        "description": "The pattern, LITERAL or PREFIX, used to match the resource against the authorization rule.",
                                        "examples": [
                                            "LITERAL",
                                            "PREFIX"
                                        ]
                                    },
                                    "aclAuthorization": {
                                        "type": "object",
                                        "description": "Details about an ACL rule.",
                                        "properties": {
                                            "permissionType": {
                                                "type": "string",
                                                "examples": [
                                                    "ALLOW",
                                                    "DENY"
                                                ]
                                            },
                                            "host": {
                                                "type": "string",
                                                "description": "Host to which the ACL rule applies, usually wildcard (*).",
                                                "examples": ["*"]
                                            }
                                        }
                                    },
                                    "superUserAuthorization": {
                                        "type": "boolean",
                                        "description": "If true, access was authorized because principal is a super-user."
                                    }
                                }
                            },
                            "request": {
                                "type": "object",
                                "properties": {
                                    "clientId": {
                                        "type": "string",
                                        "description": "This is a user-supplied identifier for the client application. The user can use any identifier they like. This ID acts as a logical grouping across all requests from a particular client.",
                                        "examples": [
                                            "invoice-processor-admin",
                                            "adminclient-42",
                                            "the-replicator"
                                        ]
                                    },
                                    "correlationId": {
                                        "type": "string",
                                        "description": "This is a user-supplied integer. It will be passed back in the response by the server, unmodified. It is useful for matching request and response between the client and server."
                                    }
                                }
                            },
                            "requestMetadata": {
                                "type": "object",
                                "properties": {
                                    "client_address": {
                                        "type": "string",
                                        "description": "Ignore this field until further notice. The address of the client making the request. This field may be missing, or even if present, have an unhelpful value."
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    ]
}