Fix wrong oauth outbound auth header configuration property name

[schaer-bgs]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format:
Current setting for output auth headers is disregarded tue to wrong name
See https://apim.docs.wso2.com/en/latest/reference/config-catalog/#api-m-oauth-configurations

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above
Enables disabling the removal of auth header for outbound requests.

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• New Features

  • Added OpenTelemetry/OpenTracer configuration options
  • Added token hashing configuration support
  • Added security/keystore configuration options

• Chores

  • Renamed OAuth outbound header configuration parameter for clarity
  • Updated default behavior for outbound OAuth header handling (flag semantics changed)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

The PR renames removeOutboundAuthHeader to enableOutboundAuthHeader across configuration and docs, inverting the flag's boolean semantics. It also adds an OAuth enable_token_hashing TOML setting and introduces OpenTelemetry/OpenTracer keys in the gateway README.

Changes

Cohort / File(s)	Summary
OAuth flag rename — configs & values all-in-one/values.yaml, all-in-one/default_*.yaml, all-in-one/default_openshift_values.yaml, distributed/gateway/values.yaml, docs/am-pattern-*/default*.yaml, docs/**/default*_values.yaml	Replaced removeOutboundAuthHeader with enableOutboundAuthHeader and inverted default boolean (true -> false) across many value files and defaults.
Deployment TOML changes all-in-one/confs/instance-1/deployment.toml, all-in-one/confs/instance-2/deployment.toml, distributed/gateway/confs/deployment.toml	Renamed remove_outbound_auth_header to enable_outbound_auth_header. Added enable_token_hashing in instance files.
Documentation updates all-in-one/README.md, distributed/gateway/README.md	Updated public configuration declarations to remove removeOutboundAuthHeader and add enableOutboundAuthHeader. Gateway README also documents new OpenTelemetry/OpenTracer keys (openTelemetry.port, openTracer.enabled, openTracer.name, openTracer.properties.hostname, openTracer.properties.port).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 The flag hopped off, a name made new,

From "remove" to "enable," the meaning skewed,
TOML and defaults now sing in rhyme,
Tracing keys peek in—what a time!
I nibble changes, tidy and spry.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete with most required sections only containing template placeholders. Only Purpose and Goals sections have minimal content; all other sections lack concrete information, links, or details.	Complete critical sections: add Release note describing the fix, provide Documentation links or N/A with explanation, fill Testing details including what was tested, and complete Security checks with yes/no answers and brief explanations.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately summarizes the main change: renaming an incorrectly named OAuth configuration property from removeOutboundAuthHeader to enableOutboundAuthHeader.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@all-in-one/values.yaml`:
- Around line 534-535: The existing comment "Remove auth header from outgoing
requests" is stale after renaming removeOutboundAuthHeader to
enableOutboundAuthHeader; update the comment near the enableOutboundAuthHeader
property to describe the current boolean semantics (e.g., "Enable outbound auth
header in outgoing requests" or similar) and change the wording in every file
where the stale comment appears (references: the YAML key
enableOutboundAuthHeader and the old identifier removeOutboundAuthHeader) so the
comment accurately states whether the outbound auth header will be sent when
true/false.

In `@docs/am-pattern-1-all-in-one-HA/default_values.yaml`:
- Around line 419-420: Update the stale comment that mentions the old
removeOutboundAuthHeader semantics to reflect the new property name and meaning:
change the comment above enableOutboundAuthHeader to indicate that it controls
sending the OAuth/auth header to the backend as received from the client (e.g.,
"Send oauth header to the backend as received from the client" or similar).
Apply this change for the enableOutboundAuthHeader comment wherever it appears
across pattern files (previously named removeOutboundAuthHeader) so the comment
matches the README description and the property semantics.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docs/am-pattern-3-ACP_TM_GW/default_gw_values.yaml (1)

320-329: ⚠️ Potential issue | 🟡 Minor

Stale comment doesn't match the renamed property.

Line 322 still says "Remove oauth header from outgoing requests", which describes the old removeOutboundAuthHeader semantics. Update it to match the new enableOutboundAuthHeader meaning, consistent with the updated comment in all-in-one/values.yaml and the README description.

Proposed fix

      # APIM OAuth configurations
      oauth_config:
-       # -- Remove oauth header from outgoing requests
+       # -- Enable outbound auth header in outgoing requests
        enableOutboundAuthHeader: false

docs/am-pattern-4-ACP_TM_GW_KM/default_gw_values.yaml (1)

320-329: ⚠️ Potential issue | 🟡 Minor

Stale comment — same issue as in the pattern-3 GW file.

Line 322 still reads "Remove oauth header from outgoing requests". Update to match the new property semantics, e.g., "Enable outbound auth header in outgoing requests".

Proposed fix

      # APIM OAuth configurations
      oauth_config:
-       # -- Remove oauth header from outgoing requests
+       # -- Enable outbound auth header in outgoing requests
        enableOutboundAuthHeader: false