Description
The Confluence and Jira Data Center sources currently accept bearer_token as a plain String in AuthenticationConfig. This works for static Personal Access Tokens (PATs), but does not support reading credentials from external secrets managers (e.g., AWS Secrets Manager).
Per discussion in #6769 with @dlvenable, the bearer token field should be changed from String to PluginConfigVariable to enable:
- External secret refresh : somebody outside of Data Prepper updates the secret in AWS Secrets Manager, and Data Prepper picks up the new value on next use.
This is the same pattern used by RDS source, OpenSearch sink, and other plugins that read credentials externally.
Context
References
PluginConfigVariable usage in OpenSearch sink: ConnectionConfiguration.javaPluginConfigVariable usage in RDS source: RdsSourceConfig.java
Description
The Confluence and Jira Data Center sources currently accept
bearer_tokenas a plainStringinAuthenticationConfig. This works for static Personal Access Tokens (PATs), but does not support reading credentials from external secrets managers (e.g., AWS Secrets Manager).Per discussion in #6769 with @dlvenable, the bearer token field should be changed from
StringtoPluginConfigVariableto enable:This is the same pattern used by RDS source, OpenSearch sink, and other plugins that read credentials externally.
Context
https://github.com/opensearch-project/dataprepper/pull/6769#discussion_r3196227674
References
PluginConfigVariableusage in OpenSearch sink:ConnectionConfiguration.javaPluginConfigVariableusage in RDS source:RdsSourceConfig.java