[MATRIX-1216] added basic auth support for mcp connections

[yanand0909]

Release Notes

New Features

• Added basic authentication support for MCP_SERVER connection type

Checklist

• I have successfully built and used a custom CLI binary, without linter issues from this PR.
• I have clearly specified in the What section below whether this PR applies to Confluent Cloud, Confluent Platform, or both.
• I have verified this PR in Confluent Cloud pre-prod or production environment, if applicable.
• I have verified this PR in Confluent Platform on-premises environment, if applicable.
• I have attached manual CLI verification results or screenshots in the Test & Review section below.
• I have added appropriate CLI integration or unit tests for any new or updated commands and functionality.
• I confirm that this PR introduces no breaking changes or backward compatibility issues.
• I have indicated the potential customer impact if something goes wrong in the Blast Radius section below.
• I have put checkmarks below confirming that the feature associated with this PR is enabled in:
  • Confluent Cloud prod
  • Confluent Cloud stag
  • Confluent Platform
  • Check this box if the feature is enabled for certain organizations only

What

Added basic authentication support for MCP_SERVER connection type

Blast Radius

This is a new authentication feature support and independent to the existing ones so should not affect anything

References

https://confluentinc.atlassian.net/browse/MATRIX-1216

Test & Review

Added test for this and tested with locally built binary, snapshots of which is added in below thread
https://confluent.slack.com/archives/CG6BW233L/p1762874095525569

[confluent-cla-assistant]

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

[Copilot]

Pull Request Overview

This PR adds basic authentication (username/password) support for MCP_SERVER connection types in Flink connections, expanding the available authentication methods alongside existing API key, bearer token, and OAuth2 options.

Key Changes:

• Added username/password as valid authentication credentials for mcp_server connection type
• Updated test coverage to include basic auth scenario for mcp_server connections
• Updated help text and documentation to reflect new authentication option

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

File	Description
test/flink_test.go	Added test case for mcp_server connection creation with username/password authentication
pkg/flink/utils.go	Updated connection type mappings to include username/password as valid secrets for mcp_server
test/fixtures/output/flink/connection/*.golden	Updated help text in multiple test fixtures to document username/password support for mcp_server

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqube-confluent]

Quality Gate passed

Issues
7 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[letaoj]

LGTM. We might also need to update the gateway to loose the check on basic auth

[yanand0909]

LGTM. We might also need to update the gateway to loose the check on basic auth

Yes gateway changes are already merged

[lihaosky]

@yanand0909 , can you rebase and ask CLI team to take a look?

[yanand0909]

@yanand0909 , can you rebase and ask CLI team to take a look?

@lihaosky A2A changes were reverted as the gateway changes has not made it to prod yet but cli team is tracking this here

[lihaosky]

ok. So we are waiting for a2a revert revert and then rebase this

[yanand0909]

ok. So we are waiting for a2a revert revert and then rebase this

Yes