Enhance gateway configuration by conditionally including OAuth2 client ID and secret in the Helm chart template

[Thushani-Jayasekera]

Purpose

This is not a mandatory fix - as we can ommit these values without adding even empty values to the values.yaml

#1987

Without the conditionals, the template would render:

apim_oauth2_client_id = ""
apim_oauth2_client_secret = ""

An explicit empty string is a value — it gets written to the ConfigMap and the controller reads it from the TOML file. Most Go config frameworks (Viper, etc.) won't fall back to an env var when the key is present in the config file, even if the value is empty. The env var would be silently ignored.

By making the fields conditional, those lines are omitted entirely from config.toml. Only then — when the key is absent from the file — does the controller fall back to its env var override (APIP_GW_CONTROLPLANE_APIM_OAUTH2_CLIENT_ID).

So the conditionals are load-bearing. Without them: controller auth fails with an empty client ID. With them: the TOML is silent on those fields, env vars win.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5691d72e-86b3-4e6c-a609-900a610c7708

📥 Commits

Reviewing files that changed from the base of the PR and between 574afd6 and c9abac6.

📒 Files selected for processing (1)

• kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml

---

📝 Walkthrough

Summary

This PR updates the Helm chart template for gateway configuration to conditionally render OAuth2 client credentials only when explicitly configured, rather than always including them with empty values.

Changes

File modified: kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml

The controller.controlplane section now wraps apim_oauth2_client_id and apim_oauth2_client_secret in conditional checks so these fields are omitted from the generated configuration when the corresponding values are not set in values.yaml.

Impact

Previously, these fields were always rendered as empty strings, which prevented the controller from falling back to environment variable overrides. By omitting the keys entirely when unconfigured, the configuration parser will now use the environment variables (APIP_GW_CONTROLPLANE_APIM_OAUTH2_CLIENT_ID and APIP_GW_CONTROLPLANE_APIM_OAUTH2_CLIENT_SECRET) instead, enabling proper authentication flow.

References

Related to issue #1987

Walkthrough

This pull request modifies the Helm chart template for the gateway configuration to conditionally render OAuth2 credentials. The template now wraps apim_oauth2_client_id and apim_oauth2_client_secret fields in conditional Helm if blocks, ensuring they are only included in the generated config.toml when the corresponding Helm values are explicitly provided. This prevents the generation of empty credential fields in the configuration output.

Suggested reviewers

• RakhithaRR
• VirajSalaka
• Tharsanan1
• Arshardh
• CrowleyRajapakse

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description addresses Purpose and Goals sections comprehensively, but omits most required template sections (Approach, User stories, Documentation, Automation tests, Security checks, Samples, Related PRs, Test environment).	Complete the required template sections: document the technical approach, user stories, documentation impact, test coverage, security validation, and test environment details.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main change: conditionally including OAuth2 credentials in the Helm chart template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[renuka-fernando]

Most Go config frameworks (Viper, etc.) won't fall back to an env var when the key is present in the config file, even if the value is empty. The env var would be silently ignored.

We are using Koanf, it should override the config from the env var.