Add support for extending finalizer configurations with custom data from the rule without the need to provide a full configuration

[dadrus]

Preflight checklist

• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines."
• I have discussed this feature request with the community.

Describe the background of your feature request

Currently, finalizer configurations in heimdall lack the ability to easily extend or customize their behavior dynamically. For example, if a pipeline requires adding specific claims to a JWT, users must duplicate the entire claims configuration of the jwt finalizer mechanism. The challenge is not specific to the jwt finalizer, it applies to all finalizer mechanisms where slight variations are needed at the pipeline level. Without extension points or the ability to dynamically inject custom data, maintaining and updating configurations across multiple pipelines becomes cumbersome and error-prone.

Describe your idea

Introduce support for extension points by utilizing .Values, like already possible with e.g. authorization mechanisms, allowing users to inject or override specific data without duplicating the entire configuration.

For example, a jwt mechanism could be defined in the mechanisms catalogue like this:

id: jwt
type: jwt
config:
  signer:
    key_store:
      path: /etc/heimdall/keys/signer.pem
  ttl: 5m
  claims: |
    {{- $emailVerified := false }}
    {{- $email := (dig "identity" "traits" "email" "" .Subject.Attributes) }}
    {{- range (dig "identity" "verifiable_addresses" list .Subject.Attributes) -}}
      {{- if eq .value $email -}}{{- $emailVerified = .verified -}}{{- end -}}
    {{- end -}}
    {{- dict "name" $email "email" $email "email_verified" $emailVerified "extra" .Values.extra | toJson -}}
  values:
    extra: {} # default empty object

and in a specific rule pipeline, users could extend this configuration with additional data, such as:

execute:
  # other steps
  - finalizer: jwt
    config:
      values:
        extra: |
          {{- dict "whatever" .Outputs.some.value | toJson -}}

This approach would simplify configuration management by reducing duplication, making pipelines easier to maintain, and ensuring flexibility.

Are there any workarounds or alternatives?

Currently, the only workaround is to copy the entire configuration of a finalizer and manually apply modifications. This is inefficient, increases maintenance effort, and risks inconsistencies when updates are needed.

Version

0.15.5

Additional Context

As already written above, mechanisms like remote_authorizer already support dynamic injection of values through .Values, demonstrating the benefit of such an approach. Adding similar functionality to finalizers would improve consistency across implemented mechanisms.