Added custom headers to cloudwatch logs sink

[mzurita-amz]

Description

This change adds support for custom HTTP headers in the CloudWatch Logs sink plugin. Users can now configure custom headers that will be included in all CloudWatch Logs API requests. The implementation includes:

• New custom_headers configuration option in CloudWatchLogsSinkConfig
• Updated CloudWatchLogsClientFactory to accept and apply custom headers to the AWS SDK client
• Comprehensive validation for header names and values following HTTP standards
• Maximum limit of 10 custom headers to prevent configuration bloat
• Logging of configured headers (names only, values redacted for security)
• Full backward compatibility - existing configurations continue to work unchanged

Issues Resolved

Resolves #5905

Check List

• [x] New functionality includes testing.
• Added comprehensive unit tests for configuration validation
• Added tests for client factory header integration
• Added tests for sink initialization with custom headers
• [ ] New functionality has a documentation issue. Please link to it in this PR.
• [x] New functionality has javadoc added
• [x] Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dlvenable]

Thank you @mzurita-amz for this contribution.

[dlvenable]

For STS, we use a configuration named sts_header_overrides. We should stay consistent. So perhaps header_overrides would be a better name.

[mzurita-amz]

Addressed

[dlvenable]

Java standards call for one class per file. Please move this into another file in the same directory named ValidCustomHeaders.java.

[mzurita-amz]

Addressed.

[dlvenable]

Please add a conditional to prevent running any of this code (e.g. String.join) when the INFO logger is not enabled.

Here is an example on debug logging. It would be similar for INFO.

data-prepper/data-prepper-plugin-framework/src/main/java/org/opensearch/dataprepper/plugin/ClasspathExtensionClassProvider.java

Lines 68 to 72 in 7cbfb0a

	if (LOG.isDebugEnabled()) {
	LOG.debug("Found {} extension classes.", extensionClasses.size());
	LOG.debug("Extensions classes: {}",
	extensionClasses.stream().map(Class::getName).collect(Collectors.joining(", ")));
	}

[mzurita-amz]

Addressed. I also removed the debug logging, as it was redundant.

[dlvenable]

Please change this logic a little.

final AwsCredentialsOptions awsCredentialsOptions = awsConfig != null
  ? convertToCredentialOptions(awsConfig)
  : AwsCredentialsOptions.defaultOptions();
final AwsCredentialsProvider awsCredentialsProvider = awsCredentialsSupplier.getProvider(awsCredentialsOptions);

[mzurita-amz]

Addressed

[mzurita-amz]

@dlvenable I've addressed your comments. The changes are in commit be176b5. Please take a look!

[dlvenable]

Thank you @mzurita-amz !

[mzurita-amz]

@dlvenable apologies, but I forgot to cleanup some unused imports on tests, and build failed after your approval. I think that by amending I can't access now the error. But I cleaned up the imports, and now I see it passing by running:

1. Compile the plugin:
  bash
   ./gradlew :data-prepper-plugins:cloudwatch-logs:compileJava


2. Run tests:
  bash
   ./gradlew :data-prepper-plugins:cloudwatch-logs:test


3. Run checkstyle on main source code:
  bash
   ./gradlew :data-prepper-plugins:cloudwatch-logs:checkstyleMain


4. Run checkstyle on test code:
  bash
   ./gradlew :data-prepper-plugins:cloudwatch-logs:checkstyleTest