confluentinc · GunalKupta · Oct 14, 2025 · Oct 13, 2025 · Oct 13, 2025 · Oct 13, 2025
@@ -55,6 +55,8 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.BiFunction;
 import java.util.stream.Collectors;
+
+import org.apache.kafka.common.TopicPartition;
 import org.apache.kafka.common.config.types.Password;
 import org.apache.kafka.common.serialization.Serde;
 import org.apache.kafka.common.serialization.Serdes.StringSerde;
@@ -96,7 +98,8 @@
       }
       String topic = config.getString(SchemaRegistryConfig.METADATA_ENCODER_TOPIC_CONFIG);
       this.keyTemplate = KeyTemplates.get(KEY_TEMPLATE_NAME);
-      this.encoders = createCache(new StringSerde(), new KeysetWrapperSerde(config), topic, null);
+      this.encoders = createCache(new StringSerde(), new KeysetWrapperSerde(config), topic, 
+          new TenantCacheUpdateHandler());
     } catch (Exception e) {
       throw new IllegalArgumentException("Could not instantiate MetadataEncoderService", e);
     }
@@ -392,4 +395,26 @@
       }
     }
   }
+
+  /**
+   * Cache update handler that logs tenant (key) updates to the encoder cache.
+   */
+  private static class TenantCacheUpdateHandler
+      implements CacheUpdateHandler<String, KeysetWrapper> {
+
+    @Override
+    public void handleUpdate(String tenant, KeysetWrapper newValue, KeysetWrapper oldValue,
+                             TopicPartition tp, long offset, long timestamp) {
+      if (oldValue == null) {
+        log.info("Encoder cache update: new tenant '{}' added (partition={}, offset={}, "
+                + "timestamp={})", tenant, tp.partition(), offset, timestamp);
+      } else if (newValue == null) {
+        log.info("Encoder cache update: tenant '{}' removed (partition={}, offset={}, "
+                + "timestamp={})", tenant, tp.partition(), offset, timestamp);
+      } else {
+        log.info("Encoder cache update: tenant '{}' updated (partition={}, offset={}, "
+                + "timestamp={})", tenant, tp.partition(), offset, timestamp);
+      }
+    }
+  }
 }
@@ -49,27 +49,29 @@
    encoderService.init();

    Map<String, String> properties = new HashMap<>();
    properties.put("nonsensitive", "foo");
    properties.put("sensitive", "foo");
    Metadata metadata = new Metadata(null, properties, Collections.singleton("sensitive"));

    SchemaValue schema = new SchemaValue(
         "mysubject", null, null, null, null, null,
         new io.confluent.kafka.schemaregistry.storage.Metadata(metadata), null, "true", false);
     encoderService.encodeMetadata(schema);
-    assertEquals(schema.getMetadata().getProperties().get("nonsensitive"), "foo");
+    assertEquals("foo", schema.getMetadata().getProperties().get("nonsensitive"));
     // the value of "sensitive" is encrypted
-    assertNotEquals(schema.getMetadata().getProperties().get("sensitive"), "foo");
+    assertNotEquals("foo", schema.getMetadata().getProperties().get("sensitive"));
     assertNotNull(schema.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));
 
     SchemaValue schema2 = new SchemaValue(
         "mysubject", null, null, null, null, null,
         new io.confluent.kafka.schemaregistry.storage.Metadata(
             schema.getMetadata().toMetadataEntity()), null, "true", false);
     encoderService.decodeMetadata(schema2);
-    assertEquals(schema2.getMetadata().getProperties().get("nonsensitive"), "foo");
+    assertEquals("foo", schema2.getMetadata().getProperties().get("nonsensitive"));
     // the value of "sensitive" is decrypted
-    assertEquals(schema2.getMetadata().getProperties().get("sensitive"), "foo");
+    assertEquals("foo", schema2.getMetadata().getProperties().get("sensitive"));
     assertNull(schema2.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));
+
+    encoderService.close();
   }
 }