Managing Apicurio Registry content using the Maven plug-in

When developing client applications, you can use the Apicurio Registry Maven plug-in to manage schema and API artifacts stored in Apicurio Registry:

Prerequisites
  • Apicurio Registry is installed and running in your environment.

  • Apache Maven is installed and configured in your environment.

Adding schema and API artifacts using the Maven plug-in

The most common use case for the Maven plug-in is adding artifacts during a build of your client application. You can accomplish this by using the register execution goal.

Prerequisites
Procedure
  1. Update your Maven pom.xml file to use the apicurio-registry-maven-plugin to register an artifact. The following example shows registering Apache Avro and GraphQL schemas:

    <plugin>
      <groupId>io.apicurio</groupId>
      <artifactId>apicurio-registry-maven-plugin</artifactId>
      <version>${apicurio.version}</version>
      <executions>
          <execution>
            <phase>generate-sources</phase>
            <goals>
                <goal>register</goal>  (1)
            </goals>
            <configuration>
                <registryUrl>MY-REGISTRY-URL/apis/registry/v3</registryUrl> (2)
                <authServerUrl>MY-AUTH-SERVER</authServerUrl>
                <clientId>MY-CLIENT-ID</clientId>
                <clientSecret>MY-CLIENT-SECRET</clientSecret> (3)
                <clientScope>MY-CLIENT-SCOPE</clientScope>
                <artifacts>
                    <artifact>
                        <groupId>TestGroup</groupId> (4)
                        <artifactId>FullNameRecord</artifactId>
                        <file>${project.basedir}/src/main/resources/schemas/record.avsc</file>
                        <ifExists>FAIL</ifExists>
                    </artifact>
                    <artifact>
                        <groupId>TestGroup</groupId>
                        <artifactId>ExampleAPI</artifactId> (5)
                        <artifactType>GRAPHQL</artifactType>
                        <file>${project.basedir}/src/main/resources/apis/example.graphql</file>
                        <ifExists>FIND_OR_CREATE_VERSION</ifExists>
                        <canonicalize>true</canonicalize>
                    </artifact>
                </artifacts>
            </configuration>
        </execution>
      </executions>
     </plugin>
    1 Specify register as the execution goal to upload the schema artifact to Apicurio Registry.
    2 Specify the Apicurio Registry URL with the ../apis/registry/v3 endpoint.
    3 If authentication is required, you can specify your authentication server and client credentials.
    4 Specify the Apicurio Registry artifact group ID. You can specify the default group if you do not want to use a unique group ID.
    5 You can register multiple artifacts using the specified group ID, artifact ID, and location.
  2. Build your Maven project, for example, by using the mvn package command.

Additional resources

Downloading schema and API artifacts using the Maven plug-in

You can use the Maven plug-in to download artifacts from Apicurio Registry. This is often useful, for example, when generating code from a registered schema.

Prerequisites
Procedure
  1. Update your Maven pom.xml file to use the apicurio-registry-maven-plugin to download an artifact. The following example shows downloading Apache Avro and GraphQL schemas.

    <plugin>
      <groupId>io.apicurio</groupId>
      <artifactId>apicurio-registry-maven-plugin</artifactId>
      <version>${apicurio.version}</version>
      <executions>
        <execution>
          <phase>generate-sources</phase>
          <goals>
            <goal>download</goal> (1)
          </goals>
          <configuration>
              <registryUrl>MY-REGISTRY-URL/apis/registry/v3</registryUrl> (2)
              <authServerUrl>MY-AUTH-SERVER</authServerUrl>
              <clientId>MY-CLIENT-ID</clientId>
              <clientSecret>MY-CLIENT-SECRET</clientSecret> (3)
              <clientScope>MY-CLIENT-SCOPE</clientScope>
              <artifacts>
                  <artifact>
                      <groupId>TestGroup</groupId> (4)
                      <artifactId>FullNameRecord</artifactId> (5)
                      <file>${project.build.directory}/classes/record.avsc</file>
                      <overwrite>true</overwrite>
                  </artifact>
                  <artifact>
                      <groupId>TestGroup</groupId>
                      <artifactId>ExampleAPI</artifactId>
                      <version>1</version>
                      <file>${project.build.directory}/classes/example.graphql</file>
                      <overwrite>true</overwrite>
                  </artifact>
              </artifacts>
          </configuration>
        </execution>
      </executions>
    </plugin>
    1 Specify download as the execution goal.
    2 Specify the Apicurio Registry URL with the ../apis/registry/v3 endpoint.
    3 If authentication is required, you can specify your authentication server and client credentials.
    4 Specify the Apicurio Registry artifact group ID. You can specify the default group if you do not want to use a unique group.
    5 You can download multiple artifacts to a specified directory using the artifact ID.
  2. Build your Maven project, for example, by using the mvn package command.

Additional resources

Testing schema and API artifacts using the Maven plug-in

You might want to verify that an artifact can be registered without actually making any changes. This is often useful when rules are configured in Apicurio Registry. Testing the artifact results in a failure if the artifact content violates any of the configured rules.

When testing artifacts using the Maven plug-in, even if the artifact passes the test, no content is added to Apicurio Registry.
Prerequisites
Procedure
  1. Update your Maven pom.xml file to use the apicurio-registry-maven-plugin to test an artifact. The following example shows testing an Apache Avro schema:

    <plugin>
      <groupId>io.apicurio</groupId>
      <artifactId>apicurio-registry-maven-plugin</artifactId>
      <version>${apicurio.version}</version>
      <executions>
          <execution>
            <phase>generate-sources</phase>
            <goals>
                <goal>test-update</goal>  (1)
            </goals>
            <configuration>
                <registryUrl>MY-REGISTRY-URL/apis/registry/v3</registryUrl> (2)
                <authServerUrl>MY-AUTH-SERVER</authServerUrl>
                <clientId>MY-CLIENT-ID</clientId>
                <clientSecret>MY-CLIENT-SECRET</clientSecret> (3)
                <clientScope>MY-CLIENT-SCOPE</clientScope>
                <artifacts>
                    <artifact>
                        <groupId>TestGroup</groupId> (4)
                        <artifactId>FullNameRecord</artifactId>
                        <file>${project.basedir}/src/main/resources/schemas/record.avsc</file> (5)
                    </artifact>
                </artifacts>
            </configuration>
        </execution>
      </executions>
     </plugin>
    1 Specify test-update as the execution goal to test the schema artifact.
    2 Specify the Apicurio Registry URL with the ../apis/registry/v3 endpoint.
    3 If authentication is required, you can specify your authentication server and client credentials.
    4 Specify the Apicurio Registry artifact group ID. You can specify the default group if you do not want to use a unique group.
    5 You can test multiple artifacts from a specified directory using the artifact ID.
  2. Build your Maven project, for example, by using the mvn package command.

Additional resources

Adding artifact references manually using the Apicurio Registry Maven plug-in

Some Apicurio Registry artifact types can include artifact references from one artifact file to another. You can create efficiencies by defining reusable schema or API artifacts, and then referencing them from multiple locations in artifact references.

The following artifact types support artifact references:

  • Apache Avro

  • Google Protobuf

  • JSON Schema

  • OpenAPI

  • AsyncAPI

This section shows a simple example of using the Apicurio Registry Maven plug-in to manually register an artifact reference to a simple Avro schema artifact stored in Apicurio Registry. This example assumes that the following Exchange schema artifact has already been created in Apicurio Registry:

Exchange schema
{
  "namespace": "com.kubetrade.schema.common",
  "type": "enum",
  "name": "Exchange",
  "symbols" : ["GEMINI"]
}

This example then creates a TradeKey schema artifact, which includes a reference to the nested Exchange schema artifact:

TradeKey schema with nested reference to Exchange schema
{
  "namespace": "com.kubetrade.schema.trade",
  "type": "record",
  "name": "TradeKey",
  "fields": [
    {
      "name": "exchange",
      "type": "com.kubetrade.schema.common.Exchange"
    },
    {
      "name": "key",
      "type": "string"
    }
  ]
}
Prerequisites
  • You have created a Maven project for your client application. For more details, see the Apache Maven documentation.

  • The referenced Exchange schema artifact is already created in Apicurio Registry.

Procedure
  1. Update your Maven pom.xml file to use the apicurio-registry-maven-plugin to register the TradeKey schema, which includes a nested reference to the Exchange schema as follows:

    <plugin>
        <groupId>io.apicurio</groupId>
        <artifactId>apicurio-registry-maven-plugin</artifactId>
        <version>${apicurio-registry.version}</version>
        <executions>
            <execution>
                <phase>generate-sources</phase>
                <goals>
                    <goal>register</goal> (1)
                </goals>
                <configuration>
                    <registryUrl>MY-REGISTRY-URL/apis/registry/v3</registryUrl> (2)
                    <authServerUrl>MY-AUTH-SERVER</authServerUrl>
                    <clientId>MY-CLIENT-ID</clientId>
                    <clientSecret>MY-CLIENT-SECRET</clientSecret> (3)
                    <clientScope>MY-CLIENT-SCOPE</clientScope>
                    <artifacts>
                        <artifact>
                            <groupId>test-group</groupId> (4)
                            <artifactId>TradeKey</artifactId>
                            <version>2.0</version>
                            <artifactType>AVRO</artifactType>
                            <file>
                                ${project.basedir}/src/main/resources/schemas/TradeKey.avsc
                            </file>
                            <ifExists>FIND_OR_CREATE_VERSION</ifExists>
                            <canonicalize>true</canonicalize>
                            <references>
                                <reference> (5)
                                    <name>com.kubetrade.schema.common.Exchange</name>
                                    <groupId>test-group</groupId>
                                    <artifactId>Exchange</artifactId>
                                    <version>2.0</version>
                                    <artifactType>AVRO</artifactType>
                                    <file>
                                        ${project.basedir}/src/main/resources/schemas/Exchange.avsc
                                    </file>
                                    <ifExists>FIND_OR_CREATE_VERSION</ifExists>
                                    <canonicalize>true</canonicalize>
                                </reference>
                            </references>
                        </artifact>
                    </artifacts>
                </configuration>
            </execution>
        </executions>
    </plugin>
    1 Specify register as the execution goal to upload the schema artifacts to Apicurio Registry.
    2 Specify the Apicurio Registry URL by using the ../apis/registry/v3 endpoint.
    3 If authentication is required, you can specify your authentication server and client credentials.
    4 Specify the Apicurio Registry artifact group ID. You can specify the default group if you do not want to use a unique group ID.
    5 Specify the Apicurio Registry artifact reference using its group ID, artifact ID, version, type, and location. You can register multiple artifact references in this way.
  2. Build your Maven project, for example, by using the mvn package command.

Additional resources

Adding artifact references automatically using the Apicurio Registry Maven plug-in

Some Apicurio Registry artifact types can include artifact references from one artifact file to another. You can create efficiencies by defining reusable schema or API artifacts, and then referencing them from multiple locations in artifact references.

The following artifact types support artifact references:

  • Apache Avro

  • Google Protobuf

  • JSON Schema

  • OpenAPI

  • AsyncAPI

You can specify a single artifact and configure the Apicurio Registry Maven plugin to automatically detect all references to artifacts located in the same directory, and to automatically register those references. This is a Technology Preview feature.

Technology Preview features are not supported with RedHat production service level agreements (SLAs) and might not be functionally complete. RedHat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of RedHat Technology Preview features, see Technology Preview Features Support Scope.

This section shows a simple example of using the Maven plug-in to register an Avro schema and automatically detect and register an artifact reference to a simple schema artifact. This example assumes that the parent TradeKey artifact and the nested Exchange schema artifact are both available in the same directory:

TradeKey schema with nested reference to Exchange schema
{
  "namespace": "com.kubetrade.schema.trade",
  "type": "record",
  "name": "TradeKey",
  "fields": [
    {
      "name": "exchange",
      "type": "com.kubetrade.schema.common.Exchange"
    },
    {
      "name": "key",
      "type": "string"
    }
  ]
}
Exchange schema
{
  "namespace": "com.kubetrade.schema.common",
  "type": "enum",
  "name": "Exchange",
  "symbols" : ["GEMINI"]
}
Prerequisites
  • You have created a Maven project for your client application. For more details, see the Apache Maven documentation.

  • The TradeKey schema artifact and the nested Exchange schema artifact files are both located in the same directory.

Procedure
  1. Update your Maven pom.xml file to use the apicurio-registry-maven-plugin to register the TradeKey schema, which includes a nested reference to the Exchange schema as follows:

    <plugin>
        <groupId>io.apicurio</groupId>
        <artifactId>apicurio-registry-maven-plugin</artifactId>
        <version>${apicurio-registry.version}</version>
        <executions>
            <execution>
                <phase>generate-sources</phase>
                <goals>
                    <goal>register</goal> (1)
                </goals>
                <configuration>
                    <registryUrl>MY-REGISTRY-URL/apis/registry/v3</registryUrl> (2)
                    <authServerUrl>MY-AUTH-SERVER</authServerUrl>
                    <clientId>MY-CLIENT-ID</clientId>
                    <clientSecret>MY-CLIENT-SECRET</clientSecret> (3)
                    <clientScope>MY-CLIENT-SCOPE</clientScope>
                    <artifacts>
                        <artifact>
                            <groupId>test-group</groupId> (4)
                            <artifactId>TradeKey</artifactId>
                            <version>2.0</version>
                            <artifactType>AVRO</artifactType>
                            <file>
                                ${project.basedir}/src/main/resources/schemas/TradeKey.avsc (5)
                            </file>
                            <ifExists>FIND_OR_CREATE_VERSION</ifExists>
                            <canonicalize>true</canonicalize>
                            <autoRefs>true</autoRefs> (6)
                        </artifact>
                    </artifacts>
                </configuration>
            </execution>
        </executions>
    </plugin>
    1 Specify register as the execution goal to upload the schema artifacts to Apicurio Registry.
    2 Specify the Apicurio Registry URL by using the ../apis/registry/v3 endpoint.
    3 If authentication is required, you can specify your authentication server and client credentials.
    4 Specify the parent artifact group ID that contains the references. You can specify the default group if you do not want to use a unique group ID.
    5 Specify the location of the parent artifact file. All referenced artifacts must also be located in the same directory.
    6 Set the <autoRefs> option to true to automatically detect and register all references to artifacts in the same directory. You can register multiple artifact references in this way.
  2. Build your Maven project, for example, by using the mvn package command.

Additional resources

Configuring TLS and authentication for the Maven plug-in

When connecting to a TLS-enabled Apicurio Registry instance, you can configure the Maven plug-in to use SSL/TLS for secure communication. The plug-in supports various trust store and key store formats, as well as multiple authentication methods.

TLS configuration options

The following table describes the TLS-related configuration options available in the Maven plug-in:

Table 1. Trust store configuration
Parameter Description

trustStorePath

Path to the trust store file containing the CA certificate(s) to trust. Supports JKS, PKCS12, and PEM formats. The format is auto-detected from the file extension (.jks, .p12/.pfx, .pem/.crt/.cer) unless explicitly specified.

trustStorePassword

Password for the trust store. Required for JKS and PKCS12 formats.

trustStoreType

Explicit trust store type: JKS, PKCS12, or PEM. If not specified, the type is auto-detected from the file extension.

Table 2. Key store configuration for mutual TLS (mTLS)
Parameter Description

keyStorePath

Path to the key store file containing the client certificate for mTLS authentication. Supports JKS, PKCS12, and PEM formats.

keyStorePassword

Password for the key store. Required for JKS and PKCS12 formats.

keyStoreType

Explicit key store type: JKS, PKCS12, or PEM. If not specified, the type is auto-detected from the file extension.

keyStorePemKeyPath

Path to the PEM private key file. Required when using PEM format for mTLS, where keyStorePath points to the certificate file.

Table 3. Additional SSL options
Parameter Default Description

trustAll

false

If set to true, trust all SSL/TLS certificates without validation. WARNING: This should only be used for development or testing purposes.

verifyHostname

true

If set to false, disable hostname verification in SSL/TLS connections. WARNING: Disabling this reduces security and should only be used for development or testing.

Example: TLS with PKCS12 trust store

The following example shows how to configure the Maven plug-in to connect to a TLS-enabled Apicurio Registry using a PKCS12 trust store:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl> (1)
          <trustStorePath>${project.basedir}/certs/truststore.p12</trustStorePath> (2)
          <trustStorePassword>${env.TRUSTSTORE_PASSWORD}</trustStorePassword> (3)
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 Use https:// for the registry URL when connecting with TLS.
2 Specify the path to your PKCS12 trust store containing the CA certificate(s).
3 Use environment variables for passwords to avoid storing secrets in your pom.xml.

Example: TLS with basic authentication

The following example shows how to combine TLS with basic authentication:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl>
          <trustStorePath>${project.basedir}/certs/truststore.p12</trustStorePath>
          <trustStorePassword>${env.TRUSTSTORE_PASSWORD}</trustStorePassword>
          <username>${env.REGISTRY_USERNAME}</username> (1)
          <password>${env.REGISTRY_PASSWORD}</password>
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 Combine TLS configuration with basic authentication credentials.

Example: TLS with OAuth2 authentication

The following example shows how to configure TLS with OAuth2/OIDC client credentials authentication:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl>
          <trustStorePath>${project.basedir}/certs/truststore.p12</trustStorePath>
          <trustStorePassword>${env.TRUSTSTORE_PASSWORD}</trustStorePassword>
          <authServerUrl>https://keycloak.example.com/realms/registry/protocol/openid-connect/token</authServerUrl> (1)
          <clientId>${env.CLIENT_ID}</clientId>
          <clientSecret>${env.CLIENT_SECRET}</clientSecret>
          <clientScope>openid</clientScope>
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 Specify the OAuth2/OIDC token endpoint URL for authentication.

Example: Mutual TLS (mTLS)

The following example shows how to configure mutual TLS where both the client and server authenticate each other using certificates:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl>
          <trustStorePath>${project.basedir}/certs/truststore.p12</trustStorePath> (1)
          <trustStorePassword>${env.TRUSTSTORE_PASSWORD}</trustStorePassword>
          <keyStorePath>${project.basedir}/certs/client-keystore.p12</keyStorePath> (2)
          <keyStorePassword>${env.KEYSTORE_PASSWORD}</keyStorePassword>
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 Trust store to verify the server’s certificate.
2 Key store containing the client certificate for authentication.

Example: TLS with PEM certificates

The following example shows how to use PEM-formatted certificates:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl>
          <trustStorePath>${project.basedir}/certs/ca-cert.pem</trustStorePath> (1)
          <trustStoreType>PEM</trustStoreType>
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 PEM certificate files do not require a password.

Example: mTLS with PEM certificates

The following example shows mTLS configuration using PEM-formatted certificate and key files:

<plugin>
  <groupId>io.apicurio</groupId>
  <artifactId>apicurio-registry-maven-plugin</artifactId>
  <version>${apicurio.version}</version>
  <executions>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>register</goal>
      </goals>
      <configuration>
          <registryUrl>https://registry.example.com:8443/apis/registry/v3</registryUrl>
          <trustStorePath>${project.basedir}/certs/ca-cert.pem</trustStorePath>
          <trustStoreType>PEM</trustStoreType>
          <keyStorePath>${project.basedir}/certs/client-cert.pem</keyStorePath> (1)
          <keyStorePemKeyPath>${project.basedir}/certs/client-key.pem</keyStorePemKeyPath> (2)
          <keyStoreType>PEM</keyStoreType>
          <artifacts>
              <artifact>
                  <groupId>default</groupId>
                  <artifactId>MySchema</artifactId>
                  <file>${project.basedir}/src/main/resources/schemas/schema.avsc</file>
              </artifact>
          </artifacts>
      </configuration>
    </execution>
  </executions>
</plugin>
1 Path to the client certificate PEM file.
2 Path to the client private key PEM file. Required when using PEM format for mTLS.
Additional resources