Secret usage in Console Webhooks

[Beridar]

What product are you having troubles with?

Console

What Console version are you using?

Mia-Platform Suite Version v14.5.1

Description

When configuring a Mia-Console webhook per this documentation, we can provide a Secret to be sent to the webhook consumer. How should we expect this value to be sent? We do not receive any header with this value when we inspect the headers received by the destination microservice.

Actual Outcome

Webhook requests being created by the Console don't include the configured Secret. Here is an example request we saw using the Project Created event.

POST /project-created HTTP/1.1
Host: dpbs-dev.mia-dev.redchimney.com
User-Agent: Mia-Platform Console (webhook agent)
Accept-Encoding: gzip,br
Content-Type: application/json
traceparent: 00-39f3114d27db98f5d83444b5529f2b91-464b0d33768ba6e7-01, 00-39f3114d27db98f5d83444b5529f2b91-159c4bb7c790be44-01
Content-Length: 3058
x-mia-signature: 342eaaaea5556a29b698e5a4cff40830732c8951acf9a0648cffd3aaf3c95ff6
x-forwarded-for: <<internal IP>>,<<internal IP>>
x-forwarded-proto: https
x-request-id: 26b40099-a564-414f-b35d-fbe9c8e04aec
l5d-client-id: api-gateway.dpbs-dev.serviceaccount.identity.linkerd.cluster.local
x-envoy-external-address: <<internal IP>>
x-forwarded-host: dpbs-dev.mia-dev.redchimney.com
scheme: https
x-real-ip: <<internal IP>>
x-original-uri: /project-webhook/project-created
original-request-uri: /project-webhook/project-created
original-request-method: POST
miausergroups: unlogged
x-envoy-original-path: /project-webhook/project-created

{"eventName":"project_created","eventTimestamp":17737...  /* omitted for simplicity */  ...}

We have tested each of the following event types and see the same behavior.

• project_created
• service_created
• tag_created
• user_added
• user_edited
• user_removed
• configuration_saved
• tag_deleted

Expected Outcome

The configured Secret being sent along as a header.