diff --git a/src/main/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidator.java b/src/main/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidator.java index 33d621a..596117a 100644 --- a/src/main/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidator.java +++ b/src/main/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidator.java @@ -22,10 +22,10 @@ import org.springframework.stereotype.Service; import java.util.Collections; +import java.util.Set; import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.Set; import java.util.function.Function; import java.util.stream.Collectors; @@ -37,6 +37,8 @@ @Slf4j public class ProvisionerActionsApiValidator { + private static final Set INTERNAL_PROVISIONING_PARAMS = Set.of("catalog_item_id", "project_key"); + private final ComponentCatalogService componentCatalogService; private final AuthenticationProvider authenticationProvider; private final GroupsRestrictionsEvaluator groupsRestrictionsEvaluator; @@ -74,6 +76,10 @@ public void validateReceivesOnlyVisibleParameters(ProvisionAction provisionActio provisionAction.getParameters() .forEach(param -> { + // Some parameters are internally added and should be accepted despite not being defined in the items + if (INTERNAL_PROVISIONING_PARAMS.contains(param.getName())) { + return; + } var catalogParam = catalogParamsByName.get(param.getName()); if (catalogParam == null || !Boolean.TRUE.equals(catalogParam.getVisible())) { throw new InvalidRestEntityException( diff --git a/src/test/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidatorTest.java b/src/test/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidatorTest.java index c338a93..8012d52 100644 --- a/src/test/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidatorTest.java +++ b/src/test/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidatorTest.java @@ -463,4 +463,49 @@ void validateReceivesOnlyVisibleParameters_succeedsWhenNoParametersProvided() { assertThatNoException().isThrownBy( () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem)); } + + @Test + void validateReceivesOnlyVisibleParameters_succeedsWhenOnlyInternalParamsProvided() { + // catalog_item_id and project_key are not defined in catalog params but must always be allowed + var userAction = CatalogItemUserAction.builder() + .id("PROVISION") + .parameters(List.of()) + .build(); + var catalogItem = CatalogItem.builder() + .title("My Catalog Item") + .userActions(List.of(userAction)) + .build(); + var action = ProvisionActionMother.of(List.of( + ProvisionActionParameterMother.of("catalog_item_id", "cat-123"), + ProvisionActionParameterMother.of("project_key", "pkey") + )); + + assertThatNoException().isThrownBy( + () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem)); + } + + @Test + void validateReceivesOnlyVisibleParameters_succeedsWhenInternalParamsCombinedWithVisibleParams() { + // catalog_item_id and project_key mixed with regular visible params should still pass + var visibleParam = CatalogItemUserActionParameter.builder() + .name("visible_param") + .visible(true) + .build(); + var userAction = CatalogItemUserAction.builder() + .id("PROVISION") + .parameters(List.of(visibleParam)) + .build(); + var catalogItem = CatalogItem.builder() + .title("My Catalog Item") + .userActions(List.of(userAction)) + .build(); + var action = ProvisionActionMother.of(List.of( + ProvisionActionParameterMother.of("catalog_item_id", "cat-123"), + ProvisionActionParameterMother.of("project_key", "pkey"), + ProvisionActionParameterMother.of("visible_param", "value") + )); + + assertThatNoException().isThrownBy( + () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem)); + } }