refactor: Address PR feedback

BhattacharyaSumit · BhattacharyaSumit · commit 7360f5906cc5 · 2026-03-12T16:47:49.000Z
- Rename validate_at_bootstrap to skip_validation_on_start - Change default from true to false (validate by default per DataPrepper convention) - Remove ellipses from log messages - Extract duplicate lazy-loading code into loadSecretIfNeeded() helper method - Update tests to use random values as member variables initialized in @beforeeach - Update all test mocks to use new method name - Remove example configuration file - Remove accidentally committed build artifacts Signed-off-by: Sumit Bhattacharya <sumit4739@gmail.com>
diff --git a/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretManagerConfiguration.java b/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretManagerConfiguration.java
@@ -52,8 +52,8 @@ public class AwsSecretManagerConfiguration {
     @JsonProperty("disable_refresh")
     private boolean disableRefresh = false;
 
-    @JsonProperty("validate_at_bootstrap")
-    private boolean validateAtBootstrap = true;  // Default: true (safe-by-default)
+    @JsonProperty("skip_validation_on_start")
+    private boolean skipValidationOnStart = false;  // Default: false (validate by default)
 
     public String getAwsSecretId() {
         return awsSecretId;
@@ -71,8 +71,8 @@ public boolean isDisableRefresh() {
         return disableRefresh;
     }
 
-    public boolean isValidateAtBootstrap() {
-        return validateAtBootstrap;
+    public boolean isSkipValidationOnStart() {
+        return skipValidationOnStart;
     }
 
     public SecretsManagerClient createSecretManagerClient(final AwsCredentialsSupplier awsCredentialsSupplier) {
diff --git a/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplier.java b/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplier.java
@@ -61,9 +61,9 @@ private ConcurrentMap<String, Object> toSecretMap(
                             awsSecretManagerConfigurationMap.get(secretConfigurationId);
                     final SecretsManagerClient secretsManagerClient = entry.getValue();
                     
-                    // Check if validation at bootstrap is disabled for this secret
-                    if (!awsSecretManagerConfiguration.isValidateAtBootstrap()) {
-                        LOG.info("Skipping secret retrieval at bootstrap for secret: {} (validate_at_bootstrap=false)", 
+                    // Check if validation on start is skipped for this secret
+                    if (awsSecretManagerConfiguration.isSkipValidationOnStart()) {
+                        LOG.info("Skipping secret retrieval on start for secret: {} (skip_validation_on_start=true)", 
                             awsSecretManagerConfiguration.getAwsSecretId());
                         return NOT_LOADED_SENTINEL; // Mark as not loaded, will be loaded on first access
                     }
@@ -88,13 +88,8 @@ public Object retrieveValue(String secretId, String key) {
             throw new IllegalArgumentException(String.format("Unable to find secretId: %s", secretId));
         }
         
-        // Check if secret was skipped at bootstrap and needs to be loaded now
-        Object keyValuePairs = secretIdToValue.get(secretId);
-        if (keyValuePairs == NOT_LOADED_SENTINEL) {
-            LOG.info("Secret {} was not loaded at bootstrap, loading now on first access...", secretId);
-            refresh(secretId);
-            keyValuePairs = secretIdToValue.get(secretId);
-        }
+        // Load secret if it was skipped on start
+        final Object keyValuePairs = loadSecretIfNeeded(secretId);
         
         if (!(keyValuePairs instanceof Map)) {
             throw new IllegalArgumentException(String.format("The value under secretId: %s is not a valid json.",
@@ -114,13 +109,8 @@ public Object retrieveValue(String secretId) {
             throw new IllegalArgumentException(String.format("Unable to find secretId: %s", secretId));
         }
         
-        // Check if secret was skipped at bootstrap and needs to be loaded now
-        Object secretValue = secretIdToValue.get(secretId);
-        if (secretValue == NOT_LOADED_SENTINEL) {
-            LOG.info("Secret {} was not loaded at bootstrap, loading now on first access...", secretId);
-            refresh(secretId);
-            secretValue = secretIdToValue.get(secretId);
-        }
+        // Load secret if it was skipped on start
+        final Object secretValue = loadSecretIfNeeded(secretId);
         
         try {
             return secretValue instanceof Map ? objectMapper.writeValueAsString(secretValue) :
@@ -131,6 +121,22 @@ public Object retrieveValue(String secretId) {
         }
     }
 
+    /**
+     * Loads a secret if it was skipped on start (lazy-loading).
+     * 
+     * @param secretId The secret configuration ID
+     * @return The loaded secret value
+     */
+    private Object loadSecretIfNeeded(String secretId) {
+        Object value = secretIdToValue.get(secretId);
+        if (value == NOT_LOADED_SENTINEL) {
+            LOG.info("Secret {} was not loaded on start, loading now on first access.", secretId);
+            refresh(secretId);
+            value = secretIdToValue.get(secretId);
+        }
+        return value;
+    }
+
 
     @Override
     public void refresh(String secretConfigId) {
diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretManagerConfigurationValidateAtBootstrapTest.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretManagerConfigurationValidateAtBootstrapTest.java
@@ -23,52 +23,38 @@ class AwsSecretManagerConfigurationValidateAtBootstrapTest {
             .registerModule(new JavaTimeModule());
 
     @Test
-    void testDefaultValidateAtBootstrap() {
+    void testDefaultSkipValidationOnStart() {
         final AwsSecretManagerConfiguration config = new AwsSecretManagerConfiguration();
         
-        // Default should be true (safe-by-default)
-        assertThat(config.isValidateAtBootstrap(), equalTo(true));
+        // Default should be false (validate by default)
+        assertThat(config.isSkipValidationOnStart(), equalTo(false));
     }
 
     @Test
-    void testValidateAtBootstrapFromYaml_Enabled() throws Exception {
+    void testSkipValidationOnStartFromYaml_Enabled() throws Exception {
         final String yaml = 
             "secret_id: my-secret\n" +
             "region: us-east-1\n" +
             "refresh_interval: PT1H\n" +
-            "validate_at_bootstrap: true\n";
+            "skip_validation_on_start: true\n";
         
         final AwsSecretManagerConfiguration config = 
             objectMapper.readValue(yaml, AwsSecretManagerConfiguration.class);
         
-        assertThat(config.isValidateAtBootstrap(), equalTo(true));
+        assertThat(config.isSkipValidationOnStart(), equalTo(true));
     }
 
     @Test
-    void testValidateAtBootstrapFromYaml_Disabled() throws Exception {
+    void testSkipValidationOnStartFromYaml_Disabled() throws Exception {
         final String yaml = 
             "secret_id: my-secret\n" +
             "region: us-east-1\n" +
             "refresh_interval: PT1H\n" +
-            "validate_at_bootstrap: false\n";
+            "skip_validation_on_start: false\n";
         
         final AwsSecretManagerConfiguration config = 
             objectMapper.readValue(yaml, AwsSecretManagerConfiguration.class);
         
-        assertThat(config.isValidateAtBootstrap(), equalTo(false));
-    }
-
-    @Test
-    void testValidateAtBootstrapFromYaml_NotSpecified_UsesDefault() throws Exception {
-        final String yaml = 
-            "secret_id: my-secret\n" +
-            "region: us-east-1\n" +
-            "refresh_interval: PT1H\n";
-        
-        final AwsSecretManagerConfiguration config = 
-            objectMapper.readValue(yaml, AwsSecretManagerConfiguration.class);
-        
-        // Should default to true when not specified
-        assertThat(config.isValidateAtBootstrap(), equalTo(true));
+        assertThat(config.isSkipValidationOnStart(), equalTo(false));
     }
 }
diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretPluginIT.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretPluginIT.java
@@ -99,7 +99,7 @@ void testInitializationWithNonNullConfig() {
         when(awsSecretPluginConfig.getAwsSecretManagerConfigurationMap()).thenReturn(
                 Map.of(TEST_SECRET_CONFIG_ID, awsSecretManagerConfiguration));
         when(awsSecretManagerConfiguration.getRefreshInterval()).thenReturn(testInterval);
-        when(awsSecretManagerConfiguration.isValidateAtBootstrap()).thenReturn(true); // Default behavior
+        when(awsSecretManagerConfiguration.isSkipValidationOnStart()).thenReturn(false); // Default behavior
         when(awsSecretManagerConfiguration.createSecretManagerClient(awsCredentialsSupplier)).thenReturn(secretsManagerClient);
         when(awsSecretManagerConfiguration.createGetSecretValueRequest()).thenReturn(getSecretValueRequest);
         when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenReturn(getSecretValueResponse);
@@ -134,7 +134,7 @@ void testInitializationWithDisableRefresh() {
         when(awsSecretPluginConfig.getAwsSecretManagerConfigurationMap()).thenReturn(
                 Map.of(TEST_SECRET_CONFIG_ID, awsSecretManagerConfiguration));
         when(awsSecretManagerConfiguration.isDisableRefresh()).thenReturn(true);
-        when(awsSecretManagerConfiguration.isValidateAtBootstrap()).thenReturn(true); // Default behavior
+        when(awsSecretManagerConfiguration.isSkipValidationOnStart()).thenReturn(false); // Default behavior
         when(awsSecretManagerConfiguration.createSecretManagerClient(awsCredentialsSupplier)).thenReturn(secretsManagerClient);
         when(awsSecretManagerConfiguration.createGetSecretValueRequest()).thenReturn(getSecretValueRequest);
         when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenReturn(getSecretValueResponse);
diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierLazyLoadTest.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierLazyLoadTest.java
@@ -22,6 +22,7 @@
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
 
 import java.util.Map;
+import java.util.UUID;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -32,15 +33,15 @@
 import static org.mockito.Mockito.when;
 
 /**
- * Tests for lazy-loading behavior when validate_at_bootstrap is false.
+ * Tests for lazy-loading behavior when skip_validation_on_start is true.
  */
 @ExtendWith(MockitoExtension.class)
 class AwsSecretsSupplierLazyLoadTest {
 
-    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
-    private static final String TEST_SECRET_ID = "test-secret";
-    private static final String TEST_KEY = "test-key";
-    private static final String TEST_VALUE = "test-value";
+    private ObjectMapper objectMapper;
+    private String testSecretId;
+    private String testKey;
+    private String testValue;
 
     @Mock
     private SecretValueDecoder secretValueDecoder;
@@ -63,63 +64,71 @@ class AwsSecretsSupplierLazyLoadTest {
     @Mock
     private AwsCredentialsSupplier awsCredentialsSupplier;
 
+    @BeforeEach
+    void setUp() {
+        objectMapper = new ObjectMapper();
+        testSecretId = UUID.randomUUID().toString();
+        testKey = UUID.randomUUID().toString();
+        testValue = UUID.randomUUID().toString();
+    }
+
     @Test
-    void testSecretWithValidateAtBootstrapFalse_LoadsOnFirstAccess() throws JsonProcessingException {
-        // Given: Secret configured with validate_at_bootstrap=false
+    void testSecretWithSkipValidationOnStartTrue_LoadsOnFirstAccess() throws JsonProcessingException {
+        // Given: Secret configured with skip_validation_on_start=true
         when(awsSecretPluginConfig.getAwsSecretManagerConfigurationMap()).thenReturn(
-                Map.of(TEST_SECRET_ID, awsSecretManagerConfiguration)
+                Map.of(testSecretId, awsSecretManagerConfiguration)
         );
-        when(awsSecretManagerConfiguration.isValidateAtBootstrap()).thenReturn(false); // Skip at bootstrap
+        when(awsSecretManagerConfiguration.isSkipValidationOnStart()).thenReturn(true); // Skip on start
         when(awsSecretManagerConfiguration.createSecretManagerClient(awsCredentialsSupplier)).thenReturn(secretsManagerClient);
         when(awsSecretManagerConfiguration.createGetSecretValueRequest()).thenReturn(getSecretValueRequest);
-        when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(OBJECT_MAPPER.writeValueAsString(
-                Map.of(TEST_KEY, TEST_VALUE)
+        when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(objectMapper.writeValueAsString(
+                Map.of(testKey, testValue)
         ));
         when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenReturn(getSecretValueResponse);
 
         // When: AwsSecretsSupplier is constructed
         final AwsSecretsSupplier supplier = new AwsSecretsSupplier(
-                secretValueDecoder, awsSecretPluginConfig, OBJECT_MAPPER, awsCredentialsSupplier
+                secretValueDecoder, awsSecretPluginConfig, objectMapper, awsCredentialsSupplier
         );
 
         // Then: Secret is NOT retrieved at construction time
         verify(secretsManagerClient, never()).getSecretValue(eq(getSecretValueRequest));
 
         // When: Secret is accessed for the first time
-        final Object value = supplier.retrieveValue(TEST_SECRET_ID, TEST_KEY);
+        final Object value = supplier.retrieveValue(testSecretId, testKey);
 
         // Then: Secret is loaded on-demand
         verify(secretsManagerClient, times(1)).getSecretValue(eq(getSecretValueRequest));
-        assertThat(value, equalTo(TEST_VALUE));
+        assertThat(value, equalTo(testValue));
     }
 
     @Test
-    void testSecretWithValidateAtBootstrapTrue_LoadsAtConstruction() throws JsonProcessingException {
-        // Given: Secret configured with validate_at_bootstrap=true (default)
+    void testSecretWithSkipValidationOnStartFalse_LoadsAtConstruction() throws JsonProcessingException {
+        // Given: Secret configured with skip_validation_on_start=false (default)
         when(awsSecretPluginConfig.getAwsSecretManagerConfigurationMap()).thenReturn(
-                Map.of(TEST_SECRET_ID, awsSecretManagerConfiguration)
+                Map.of(testSecretId, awsSecretManagerConfiguration)
         );
-        when(awsSecretManagerConfiguration.isValidateAtBootstrap()).thenReturn(true); // Load at bootstrap
+        when(awsSecretManagerConfiguration.isSkipValidationOnStart()).thenReturn(false); // Load on start
         when(awsSecretManagerConfiguration.createSecretManagerClient(awsCredentialsSupplier)).thenReturn(secretsManagerClient);
         when(awsSecretManagerConfiguration.createGetSecretValueRequest()).thenReturn(getSecretValueRequest);
-        when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(OBJECT_MAPPER.writeValueAsString(
-                Map.of(TEST_KEY, TEST_VALUE)
+        when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(objectMapper.writeValueAsString(
+                Map.of(testKey, testValue)
         ));
         when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenReturn(getSecretValueResponse);
 
         // When: AwsSecretsSupplier is constructed
         final AwsSecretsSupplier supplier = new AwsSecretsSupplier(
-                secretValueDecoder, awsSecretPluginConfig, OBJECT_MAPPER, awsCredentialsSupplier
+                secretValueDecoder, awsSecretPluginConfig, objectMapper, awsCredentialsSupplier
         );
 
         // Then: Secret IS retrieved at construction time
         verify(secretsManagerClient, times(1)).getSecretValue(eq(getSecretValueRequest));
 
         // When: Secret is accessed
-        final Object value = supplier.retrieveValue(TEST_SECRET_ID, TEST_KEY);
+        final Object value = supplier.retrieveValue(testSecretId, testKey);
 
         // Then: No additional retrieval (already loaded)
         verify(secretsManagerClient, times(1)).getSecretValue(eq(getSecretValueRequest));
-        assertThat(value, equalTo(TEST_VALUE));
+        assertThat(value, equalTo(testValue));
     }
 }
diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierTest.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierTest.java
@@ -86,7 +86,7 @@ class AwsSecretsSupplierTest {
     @BeforeEach
     void setUp() throws JsonProcessingException {
         when(awsSecretManagerConfiguration.createGetSecretValueRequest()).thenReturn(getSecretValueRequest);
-        when(awsSecretManagerConfiguration.isValidateAtBootstrap()).thenReturn(true); // Default: validate at bootstrap
+        when(awsSecretManagerConfiguration.isSkipValidationOnStart()).thenReturn(false); // Default: validate on start
         when(awsSecretPluginConfig.getAwsSecretManagerConfigurationMap()).thenReturn(
                 Map.of(TEST_AWS_SECRET_CONFIGURATION_NAME, awsSecretManagerConfiguration)
         );
diff --git a/examples/config/data-prepper-config-secret-validation.yaml b/examples/config/data-prepper-config-secret-validation.yaml
