Extend MINT Helm Chart to Support Both JWT and Webhook Authentication

[mosoriob]

Background

Currently, the MINT Helm chart only supports JWT authentication with Hasura. We want to make it flexible to support both JWT and webhook authentication methods, allowing users to choose their preferred method during deployment.

Objective

Add support for webhook-based authentication while maintaining existing JWT functionality, making the authentication method configurable through Helm values.

Implementation Details

1. Update values.yaml

Add new authentication configuration structure:

hasura:
  auth:
    type: jwt  # or "webhook"
    jwt:
      enabled: true
      key: "public-key"
      claims:
        namespace: "https://hasura.io/jwt/claims"
    webhook:
      enabled: false
      image:
        repository: ghcr.io/in-for-disaster-analytics/hasura-tapis-auth-webhook
        tag: latest
      config:
        tapisJwksUri: "https://tacc.tapis.io/v3/tenants/tacc"
        tapisTokenIssuer: "https://tacc.tapis.io/v3/tokens"

2. Create New Templates

1. Add webhook deployment template
2. Add webhook service template
3. Update Hasura deployment template to handle both auth types

3. Conditional Deployments

Use Helm conditionals to deploy resources based on auth type:

{{- if eq .Values.hasura.auth.type "webhook" }}
# webhook resources
{{- end }}

4. Environment Variables

JWT configuration:

HASURA_GRAPHQL_JWT_SECRET: {...}

Webhook configuration:

HASURA_GRAPHQL_AUTH_HOOK: "http://webhook-service:3000/auth-webhook"
HASURA_GRAPHQL_AUTH_HOOK_MODE: "POST"

Testing Steps

1. Test JWT Configuration

helm template . --set hasura.auth.type=jwt

2. Test Webhook Configuration

helm template . --set hasura.auth.type=webhook

3. Test Authentication Method Upgrades

helm upgrade mint . --set hasura.auth.type=webhook

Documentation Updates Needed

1. Documentation Files

• Update README.md with new configuration options
• Add examples for both authentication methods
• Document upgrade process
• Add troubleshooting guide

2. Configuration Examples

Include examples for common scenarios:

• Basic JWT setup
• Basic webhook setup
• Advanced configurations
• Migration between methods

Acceptance Criteria

• Both JWT and webhook authentication methods work correctly
• Configuration is done through values.yaml
• Switching between methods doesn't require manual intervention
• Documentation is clear and complete
• Tests are added for both authentication methods
• Resource requests/limits are properly configured
• Health checks are implemented for webhook service