opensearch-project · srikanthpadakanti · May 12, 2026 · May 21, 2026 · May 21, 2026 · May 21, 2026
@@ -10,10 +10,12 @@
 
 package org.opensearch.dataprepper.plugins.source.atlassian.configuration;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.AssertTrue;
 import lombok.Getter;
+import org.opensearch.dataprepper.model.plugin.PluginConfigVariable;
 
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BASIC;
 import static org.opensearch.dataprepper.plugins.source.atlassian.utils.Constants.BEARER_TOKEN;
@@ -31,24 +33,38 @@ public class AuthenticationConfig {
     private Oauth2Config oauth2Config;
 
     @JsonProperty("bearer_token")
-    private String bearerToken;
+    private PluginConfigVariable bearerToken;
+
+    @JsonIgnore
+    public String getBearerTokenValue() {
+        if (bearerToken == null || bearerToken.getValue() == null) {
+            return null;
+        }
+        final Object value = bearerToken.getValue();
+        if (value instanceof String) {
+            return (String) value;
+        }
+        return value.toString();
+    }
 
     @AssertTrue(message = "Authentication config should have exactly one of basic, oauth2, or bearer_token")
     private boolean isValidAuthenticationConfig() {
         boolean hasBasic = basicConfig != null;
         boolean hasOauth = oauth2Config != null;
-        boolean hasBearer = bearerToken != null && !bearerToken.isEmpty();
+        final String tokenValue = getBearerTokenValue();
+        boolean hasBearer = tokenValue != null && !tokenValue.isEmpty();
         int count = (hasBasic ? 1 : 0) + (hasOauth ? 1 : 0) + (hasBearer ? 1 : 0);
         return count == 1;
     }
 
     public String getAuthType() {
         if (basicConfig != null) {
             return BASIC;
-        } else if (bearerToken != null && !bearerToken.isEmpty()) {
+        }
+        final String tokenValue = getBearerTokenValue();
+        if (tokenValue != null && !tokenValue.isEmpty()) {
             return BEARER_TOKEN;
-        } else {
-            return OAUTH2;
         }
+        return OAUTH2;
     }
 }
@@ -10,19 +10,25 @@
 
 package org.opensearch.dataprepper.plugins.source.atlassian.rest.auth;
 
+import org.opensearch.dataprepper.model.plugin.PluginConfigVariable;
 import org.opensearch.dataprepper.plugins.source.atlassian.AtlassianSourceConfig;
 
+import java.util.Objects;
+
 public class AtlassianBearerTokenAuthConfig implements AtlassianAuthConfig {
 
-    private String accountUrl;
-    private final String bearerToken;
+    private final String accountUrl;
+    private final PluginConfigVariable bearerTokenVariable;
 
     public AtlassianBearerTokenAuthConfig(AtlassianSourceConfig sourceConfig) {
-        this.bearerToken = sourceConfig.getAuthenticationConfig().getBearerToken();
-        accountUrl = sourceConfig.getAccountUrl();
-        if (!accountUrl.endsWith("/")) {
-            accountUrl += "/";
+        Objects.requireNonNull(sourceConfig, "sourceConfig must not be null");
+        this.bearerTokenVariable = sourceConfig.getAuthenticationConfig().getBearerToken();
+        Objects.requireNonNull(bearerTokenVariable, "bearer_token must not be null");
+        String url = sourceConfig.getAccountUrl();
+        if (!url.endsWith("/")) {
+            url += "/";
         }
+        this.accountUrl = url;
     }
 
     @Override
@@ -31,11 +37,15 @@ public String getUrl() {
     }
 
     public String getBearerToken() {
-        return bearerToken;
+        final Object value = bearerTokenVariable.getValue();
+        if (value instanceof String) {
+            return (String) value;
+        }
+        return value != null ? value.toString() : null;
     }
 
     @Override
     public void renewCredentials() {
-        // static token, no renewal needed
+        bearerTokenVariable.refresh();
     }
 }
@@ -20,7 +20,6 @@
 import org.opensearch.dataprepper.plugins.source.atlassian.configuration.AuthenticationConfig;
 import org.opensearch.dataprepper.plugins.source.atlassian.configuration.Oauth2Config;
 
-import java.util.UUID;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertInstanceOf;
@@ -46,6 +45,9 @@ public class AtlassianAuthFactoryTest {
     @Mock
     private PluginConfigVariable refreshTokenPluginConfigVariable;
 
+    @Mock
+    private PluginConfigVariable bearerTokenVariable;
+
     private AtlassianAuthFactory confluenceAuthFactory;
 
     @BeforeEach
@@ -72,10 +74,9 @@ void testGetObjectBasicAuth() {
 
     @Test
     void testGetObjectBearerToken() {
-        final String token = UUID.randomUUID().toString();
         when(sourceConfig.getAuthType()).thenReturn(BEARER_TOKEN);
         when(sourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(token);
+        when(authenticationConfig.getBearerToken()).thenReturn(bearerTokenVariable);
         when(sourceConfig.getAccountUrl()).thenReturn("https://confluence.opensearch.org");
         assertInstanceOf(AtlassianBearerTokenAuthConfig.class, confluenceAuthFactory.getObject());
     }

@@ -15,14 +15,15 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensearch.dataprepper.model.plugin.PluginConfigVariable;
 import org.opensearch.dataprepper.plugins.source.atlassian.AtlassianSourceConfig;
 import org.opensearch.dataprepper.plugins.source.atlassian.configuration.AuthenticationConfig;
 
 import java.util.UUID;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
@@ -34,6 +35,9 @@ class AtlassianBearerTokenAuthConfigTest {
     @Mock
     private AuthenticationConfig authenticationConfig;
 
+    @Mock
+    private PluginConfigVariable bearerTokenVariable;
+
     private String token;
 
     @BeforeEach
@@ -45,7 +49,7 @@ void setUp() {
     void testGetUrl() {
         when(sourceConfig.getAccountUrl()).thenReturn("https://confluence.opensearch.org");
         when(sourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(token);
+        when(authenticationConfig.getBearerToken()).thenReturn(bearerTokenVariable);
 
         AtlassianBearerTokenAuthConfig config = new AtlassianBearerTokenAuthConfig(sourceConfig);
         assertThat(config.getUrl(), equalTo("https://confluence.opensearch.org/"));
@@ -55,7 +59,7 @@ void testGetUrl() {
     void testGetUrlWithTrailingSlash() {
         when(sourceConfig.getAccountUrl()).thenReturn("https://confluence.opensearch.org/");
         when(sourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(token);
+        when(authenticationConfig.getBearerToken()).thenReturn(bearerTokenVariable);
 
         AtlassianBearerTokenAuthConfig config = new AtlassianBearerTokenAuthConfig(sourceConfig);
         assertThat(config.getUrl(), equalTo("https://confluence.opensearch.org/"));
@@ -65,19 +69,22 @@ void testGetUrlWithTrailingSlash() {
     void testGetBearerToken() {
         when(sourceConfig.getAccountUrl()).thenReturn("https://confluence.opensearch.org");
         when(sourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(token);
+        when(authenticationConfig.getBearerToken()).thenReturn(bearerTokenVariable);
+        when(bearerTokenVariable.getValue()).thenReturn(token);
 
         AtlassianBearerTokenAuthConfig config = new AtlassianBearerTokenAuthConfig(sourceConfig);
         assertThat(config.getBearerToken(), equalTo(token));
     }
 
     @Test
-    void testRenewCredentialsIsNoOp() {
+    void testRenewCredentials_calls_refresh() {
         when(sourceConfig.getAccountUrl()).thenReturn("https://confluence.opensearch.org");
         when(sourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(token);
+        when(authenticationConfig.getBearerToken()).thenReturn(bearerTokenVariable);
 
         AtlassianBearerTokenAuthConfig config = new AtlassianBearerTokenAuthConfig(sourceConfig);
-        assertDoesNotThrow(config::renewCredentials);
+        config.renewCredentials();
+
+        verify(bearerTokenVariable).refresh();
     }
 }
@@ -105,8 +105,8 @@ public static boolean validateConfig(ConfluenceSourceConfig config) {
         }
 
         if (BEARER_TOKEN.equals(authType)) {
-            String bearerToken = config.getAuthenticationConfig().getBearerToken();
-            if (bearerToken == null || bearerToken.isEmpty()) {
+            final String tokenValue = config.getAuthenticationConfig().getBearerTokenValue();
+            if (tokenValue == null || tokenValue.isEmpty()) {
                 throw new RuntimeException("Bearer token is required for BearerToken AuthType");
             }
         }

@@ -70,6 +70,9 @@ public class ConfluenceConfigHelperTest {
     @Mock
     PluginConfigVariable refreshTokenPluginConfigVariable;
 
+    @Mock
+    PluginConfigVariable bearerTokenVariable;
+
     @Test
     void testInitialization() {
         ConfluenceConfigHelper confluenceConfigHelper = new ConfluenceConfigHelper();
@@ -161,7 +164,7 @@ void testValidateConfigBearerToken_nullToken_throwsException() {
         when(confluenceSourceConfig.getAccountUrl()).thenReturn("https://opensearch.org");
         when(confluenceSourceConfig.getAuthType()).thenReturn(BEARER_TOKEN);
         when(confluenceSourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(null);
+        when(authenticationConfig.getBearerTokenValue()).thenReturn(null);
         assertThrows(RuntimeException.class, () -> ConfluenceConfigHelper.validateConfig(confluenceSourceConfig));
     }
 
@@ -170,7 +173,7 @@ void testValidateConfigBearerToken_emptyToken_throwsException() {
         when(confluenceSourceConfig.getAccountUrl()).thenReturn("https://opensearch.org");
         when(confluenceSourceConfig.getAuthType()).thenReturn(BEARER_TOKEN);
         when(confluenceSourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn("");
+        when(authenticationConfig.getBearerTokenValue()).thenReturn("");
         assertThrows(RuntimeException.class, () -> ConfluenceConfigHelper.validateConfig(confluenceSourceConfig));
     }
 
@@ -179,7 +182,8 @@ void testValidateConfigBearerToken_validToken_succeeds() {
         when(confluenceSourceConfig.getAccountUrl()).thenReturn("https://opensearch.org");
         when(confluenceSourceConfig.getAuthType()).thenReturn(BEARER_TOKEN);
         when(confluenceSourceConfig.getAuthenticationConfig()).thenReturn(authenticationConfig);
-        when(authenticationConfig.getBearerToken()).thenReturn(UUID.randomUUID().toString());
+        when(authenticationConfig.getBearerTokenValue()).thenReturn(UUID.randomUUID().toString());
+        when(confluenceSourceConfig.isAllowLocalAddress()).thenReturn(false);
         assertDoesNotThrow(() -> ConfluenceConfigHelper.validateConfig(confluenceSourceConfig));
     }
 }