Add Confluence Data Center support with allow_local_address and bearer token auth

Make address validation configurable via allow_local_address (default false)
so Confluence Data Center on internal networks is supported. Add bearer token
authentication for Personal Access Tokens used by Data Center deployments.

Resolves #6496

Signed-off-by: Srikanth Padakanti <srikanth_padakanti@apple.com>

Author: srikanthpadakanti

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/AtlassianSourceConfig.java

@@ -41,6 +41,9 @@ public abstract class AtlassianSourceConfig implements CrawlerSourceConfig {
     @JsonProperty("acknowledgments")
     private boolean acknowledgments = false;
 
+    @JsonProperty("allow_local_address")
+    private boolean allowLocalAddress = false;
+
     public String getAccountUrl() {
         return this.getHosts().get(0);
     }

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/configuration/AuthenticationConfig.java

@@ -16,6 +16,7 @@
 import lombok.Getter;
 
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BASIC;
+import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BEARER_TOKEN;
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.OAUTH2;
 
 
@@ -29,16 +30,23 @@ public class AuthenticationConfig {
     @Valid
     private Oauth2Config oauth2Config;
 
-    @AssertTrue(message = "Authentication config should have either basic or oauth2")
+    @JsonProperty("bearer_token")
+    private String bearerToken;
+
+    @AssertTrue(message = "Authentication config should have exactly one of basic, oauth2, or bearer_token")
     private boolean isValidAuthenticationConfig() {
         boolean hasBasic = basicConfig != null;
         boolean hasOauth = oauth2Config != null;
-        return hasBasic ^ hasOauth;
+        boolean hasBearer = bearerToken != null && !bearerToken.isBlank();
+        int count = (hasBasic ? 1 : 0) + (hasOauth ? 1 : 0) + (hasBearer ? 1 : 0);
+        return count == 1;
     }
 
     public String getAuthType() {
         if (basicConfig != null) {
             return BASIC;
+        } else if (bearerToken != null && !bearerToken.isBlank()) {
+            return BEARER_TOKEN;
         } else {
             return OAUTH2;
         }

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/AtlassianRestClient.java

@@ -39,17 +39,24 @@ public class AtlassianRestClient {
     final Counter authFailures;
     private final RestTemplate restTemplate;
     private final AtlassianAuthConfig authConfig;
+    private final boolean allowLocalAddress;
 
     public AtlassianRestClient(RestTemplate restTemplate, AtlassianAuthConfig authConfig,
                                PluginMetrics pluginMetrics) {
+        this(restTemplate, authConfig, pluginMetrics, false);
+    }
+
+    public AtlassianRestClient(RestTemplate restTemplate, AtlassianAuthConfig authConfig,
+                               PluginMetrics pluginMetrics, boolean allowLocalAddress) {
         this.restTemplate = restTemplate;
         this.authConfig = authConfig;
         this.authFailures = pluginMetrics.counter(AUTH_FAILURES_COUNTER);
+        this.allowLocalAddress = allowLocalAddress;
     }
 
 
     protected <T> ResponseEntity<T> invokeRestApi(URI uri, Class<T> responseType) throws BadRequestException {
-        AddressValidation.validateInetAddress(AddressValidation.getInetAddress(uri.toString()));
+        AddressValidation.validateInetAddress(AddressValidation.getInetAddress(uri.toString()), allowLocalAddress);
         int retryCount = 0;
         while (retryCount < MAX_RETRIES) {
             try {

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/BearerTokenInterceptor.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.dataprepper.plugins.source.atlassian.rest;
+
+import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianBearerTokenAuthConfig;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+public class BearerTokenInterceptor implements ClientHttpRequestInterceptor {
+
+    private final AtlassianBearerTokenAuthConfig authConfig;
+
+    public BearerTokenInterceptor(AtlassianBearerTokenAuthConfig authConfig) {
+        this.authConfig = authConfig;
+    }
+
+    @Override
+    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
+        request.getHeaders().setBearerAuth(authConfig.getBearerToken());
+        return execution.execute(request, body);
+    }
+}

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/CustomRestTemplateConfig.java

@@ -13,12 +13,14 @@
 
 import org.opensearch.dataprepper.plugins.source.atlassian.AtlassianSourceConfig;
 import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianAuthConfig;
+import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianBearerTokenAuthConfig;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
+import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BEARER_TOKEN;
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.OAUTH2;
 
 @Configuration
@@ -31,6 +33,8 @@ public RestTemplate basicAuthRestTemplate(AtlassianSourceConfig config, Atlassia
         ClientHttpRequestInterceptor httpInterceptor;
         if (OAUTH2.equals(config.getAuthType())) {
             httpInterceptor = new OAuth2RequestInterceptor(authConfig);
+        } else if (BEARER_TOKEN.equals(config.getAuthType())) {
+            httpInterceptor = new BearerTokenInterceptor((AtlassianBearerTokenAuthConfig) authConfig);
         } else {
             httpInterceptor = new BasicAuthInterceptor(config);
         }

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/auth/AtlassianAuthFactory.java

@@ -14,6 +14,7 @@
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.context.annotation.Configuration;
 
+import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BEARER_TOKEN;
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.OAUTH2;
 
 @Configuration
@@ -31,6 +32,9 @@ public AtlassianAuthConfig getObject() {
         if (OAUTH2.equals(authType)) {
             return new AtlassianOauthConfig(sourceConfig);
         }
+        if (BEARER_TOKEN.equals(authType)) {
+            return new AtlassianBearerTokenAuthConfig(sourceConfig);
+        }
         return new AtlassianBasicAuthConfig(sourceConfig);
     }
 

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/auth/AtlassianBearerTokenAuthConfig.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.dataprepper.plugins.source.atlassian.rest.auth;
+
+import org.opensearch.dataprepper.plugins.source.atlassian.AtlassianSourceConfig;
+
+public class AtlassianBearerTokenAuthConfig implements AtlassianAuthConfig {
+
+    private String accountUrl;
+    private final String bearerToken;
+
+    public AtlassianBearerTokenAuthConfig(AtlassianSourceConfig sourceConfig) {
+        this.bearerToken = sourceConfig.getAuthenticationConfig().getBearerToken();
+        accountUrl = sourceConfig.getAccountUrl();
+        if (!accountUrl.endsWith("/")) {
+            accountUrl += "/";
+        }
+    }
+
+    @Override
+    public String getUrl() {
+        return accountUrl;
+    }
+
+    public String getBearerToken() {
+        return bearerToken;
+    }
+
+    @Override
+    public void renewCredentials() {
+        // static token, no renewal needed
+    }
+}

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/main/java/org/opensearch/dataprepper/plugins/source/atlassian/utils/Constants.java

@@ -19,5 +19,6 @@ public class Constants {
 
     public static final String OAUTH2 = "OAuth2";
     public static final String BASIC = "Basic";
+    public static final String BEARER_TOKEN = "BearerToken";
     public static final String SLASH = "/";
 }

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/test/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/BearerTokenInterceptorTest.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.dataprepper.plugins.source.atlassian.rest;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianBearerTokenAuthConfig;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class BearerTokenInterceptorTest {
+
+    @Mock
+    private AtlassianBearerTokenAuthConfig authConfig;
+
+    @Mock
+    private HttpRequest request;
+
+    @Mock
+    private ClientHttpRequestExecution execution;
+
+    @Mock
+    private ClientHttpResponse response;
+
+    @Test
+    void testInterceptSetsBearerAuthHeader() throws IOException {
+        when(authConfig.getBearerToken()).thenReturn("my-token");
+        HttpHeaders headers = new HttpHeaders();
+        when(request.getHeaders()).thenReturn(headers);
+        when(execution.execute(request, new byte[0])).thenReturn(response);
+
+        BearerTokenInterceptor interceptor = new BearerTokenInterceptor(authConfig);
+        interceptor.intercept(request, new byte[0], execution);
+
+        verify(execution).execute(request, new byte[0]);
+        assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION), equalTo("Bearer my-token"));
+    }
+}

data-prepper-plugins/saas-source-plugins/atlassian-commons/src/test/java/org/opensearch/dataprepper/plugins/source/atlassian/rest/CustomRestTemplateConfigTest.java

@@ -23,6 +23,7 @@
 import org.opensearch.dataprepper.plugins.source.atlassian.configuration.BasicConfig;
 import org.opensearch.dataprepper.plugins.source.atlassian.configuration.Oauth2Config;
 import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianAuthConfig;
+import org.opensearch.dataprepper.plugins.source.atlassian.rest.auth.AtlassianBearerTokenAuthConfig;
 import org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.client.InterceptingClientHttpRequestFactory;
@@ -48,6 +49,9 @@ class CustomRestTemplateConfigTest {
     @Mock
     private AtlassianAuthConfig mockAuthConfig;
 
+    @Mock
+    private AtlassianBearerTokenAuthConfig mockBearerAuthConfig;
+
     @Mock
     private BasicConfig mockBasicConfig;
 
@@ -67,6 +71,7 @@ private static Stream<Arguments> provideAuthTypeAndExpectedInterceptorType() {
         return Stream.of(
                 Arguments.of(Constants.OAUTH2, OAuth2RequestInterceptor.class),
                 Arguments.of(Constants.BASIC, BasicAuthInterceptor.class),
+                Arguments.of(Constants.BEARER_TOKEN, BearerTokenInterceptor.class),
                 Arguments.of("Default", BasicAuthInterceptor.class),
                 Arguments.of(null, BasicAuthInterceptor.class)
         );
@@ -92,7 +97,8 @@ void testBasicAuthRestTemplateWithOAuth2(String authType, Class interceptorClass
         lenient().when(mockBasicConfig.getUsername()).thenReturn("username");
         lenient().when(mockBasicConfig.getPassword()).thenReturn("password");
 
-        RestTemplate restTemplate = config.basicAuthRestTemplate(mockSourceConfig, mockAuthConfig);
+        AtlassianAuthConfig authConfigToUse = Constants.BEARER_TOKEN.equals(authType) ? mockBearerAuthConfig : mockAuthConfig;
+        RestTemplate restTemplate = config.basicAuthRestTemplate(mockSourceConfig, authConfigToUse);
         assertNotNull(restTemplate);
         assertInstanceOf(InterceptingClientHttpRequestFactory.class, restTemplate.getRequestFactory());
         List<ClientHttpRequestInterceptor> interceptors = restTemplate.getInterceptors();