Webhook Provider always URL escapes template parameters, even for Body templates #3652
Description
Describe the bug
The Webhook Provider allows you run the template engine over the Body as well as the URL Parameters. However, template data rendered in the Body is also being ran through url.QueryEscape before it hits the template engine, which URL Encodes data which would otherwise be valid in a POST body, and the corresponding API won't properly decode it.
To Reproduce
Here is an example manifest -- assume the API returns all the secrets under a specific path
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: secret-store
spec:
provider:
webhook:
url: https://external-provider.com/secret/list
method: POST
body: '{ "folder": "{{ .remoteRef.key }}" }'
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: external-secrets-under-path
spec:
refreshInterval: "5m"
secretStoreRef:
name: secret-store
kind: SecretStore
target:
name: example-secret
template:
templateFrom:
- target: Data
literal: |-
{{- $values := .secrets | fromJson }}
{{- range $values.items }}
{{ .name }}: '{{ .value }}'
{{- end }}
data:
- secretKey: secrets
remoteRef:
key: /secrets/myapp-nameExpected behavior
Template parameters passed through the body shouldn't be URL encoded, or otherwise have a means of controlling this
Additional context
The exact code is in GetTemplateData, in pkg/common/webhook/webhook.go. While there is a separate function for template the URL and the Body parameters, the data is being encoded once before being passed into them.
I am working with an API that is using POST calls for everything, hence why I need to provide a Body like this instead of a typical URL parameter in a GET. Additionally, I could make an ExternalSecret per secret, but I don't necessarily know every secret under the path here.