fix: actually fix updating webhooks with secrets and validation header

If the user updates a webhook without providing a new secret, then we
include the existing secret if it exists, for validation.

Signed-off-by: Donnie Adams <[email protected]>

pkg/api/handlers/webhooks.go

@@ -52,7 +52,11 @@ func (a *WebhookHandler) Update(req api.Context) error {
 		return err
 	}
 
-	if err := validateManifest(req, webhookReq.WebhookManifest, false); err != nil {
+	if webhookReq.WebhookManifest.ValidationHeader != "" && webhookReq.WebhookManifest.Secret == "" {
+		webhookReq.WebhookManifest.Secret = wh.Spec.Secret
+	}
+
+	if err := validateManifest(req, webhookReq.WebhookManifest); err != nil {
 		return err
 	}
 
@@ -96,7 +100,7 @@ func (a *WebhookHandler) Create(req api.Context) error {
 		return err
 	}
 
-	if err := validateManifest(req, webhookReq.WebhookManifest, true); err != nil {
+	if err := validateManifest(req, webhookReq.WebhookManifest); err != nil {
 		return err
 	}
 
@@ -278,7 +282,7 @@ func validateSecretHeader(secret string, body []byte, values []string) error {
 	return fmt.Errorf("invalid secret header")
 }
 
-func validateManifest(req api.Context, manifest types.WebhookManifest, create bool) error {
+func validateManifest(req api.Context, manifest types.WebhookManifest) error {
 	// Ensure that the WorkflowID is set and the workflow exists
 	if manifest.Workflow == "" {
 		return apierrors.NewBadRequest("webhook manifest must have a workflow name")
@@ -292,7 +296,7 @@ func validateManifest(req api.Context, manifest types.WebhookManifest, create bo
 	}
 
 	// On creation, the user must set both the validation header and secret or set neither.
-	if create && (manifest.ValidationHeader != "") != (manifest.Secret != "") {
+	if (manifest.ValidationHeader != "") != (manifest.Secret != "") {
 		return apierrors.NewBadRequest("webhook must have secret and header set together")
 	}