Allow default parameters when provisioning

src/main/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidator.java

@@ -22,10 +22,10 @@
 import org.springframework.stereotype.Service;
 
 import java.util.Collections;
+import java.util.Set;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
@@ -37,6 +37,8 @@
 @Slf4j
 public class ProvisionerActionsApiValidator {
 
+    private static final Set<String> INTERNAL_PROVISIONING_PARAMS = Set.of("catalog_item_id", "project_key");
+
     private final ComponentCatalogService componentCatalogService;
     private final AuthenticationProvider authenticationProvider;
     private final GroupsRestrictionsEvaluator groupsRestrictionsEvaluator;
@@ -74,6 +76,10 @@ public void validateReceivesOnlyVisibleParameters(ProvisionAction provisionActio
 
         provisionAction.getParameters()
                 .forEach(param -> {
+                    // Some parameters are internally added and should be accepted despite not being defined in the items
+                    if (INTERNAL_PROVISIONING_PARAMS.contains(param.getName())) {
+                        return;
+                    }
                     var catalogParam = catalogParamsByName.get(param.getName());
                     if (catalogParam == null || !Boolean.TRUE.equals(catalogParam.getVisible())) {
                         throw new InvalidRestEntityException(

src/test/java/org/opendevstack/component_provisioner/server/controllers/validators/ProvisionerActionsApiValidatorTest.java

@@ -463,4 +463,49 @@ void validateReceivesOnlyVisibleParameters_succeedsWhenNoParametersProvided() {
         assertThatNoException().isThrownBy(
                 () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem));
     }
+
+    @Test
+    void validateReceivesOnlyVisibleParameters_succeedsWhenOnlyInternalParamsProvided() {
+        // catalog_item_id and project_key are not defined in catalog params but must always be allowed
+        var userAction = CatalogItemUserAction.builder()
+                .id("PROVISION")
+                .parameters(List.of())
+                .build();
+        var catalogItem = CatalogItem.builder()
+                .title("My Catalog Item")
+                .userActions(List.of(userAction))
+                .build();
+        var action = ProvisionActionMother.of(List.of(
+                ProvisionActionParameterMother.of("catalog_item_id", "cat-123"),
+                ProvisionActionParameterMother.of("project_key", "pkey")
+        ));
+
+        assertThatNoException().isThrownBy(
+                () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem));
+    }
+
+    @Test
+    void validateReceivesOnlyVisibleParameters_succeedsWhenInternalParamsCombinedWithVisibleParams() {
+        // catalog_item_id and project_key mixed with regular visible params should still pass
+        var visibleParam = CatalogItemUserActionParameter.builder()
+                .name("visible_param")
+                .visible(true)
+                .build();
+        var userAction = CatalogItemUserAction.builder()
+                .id("PROVISION")
+                .parameters(List.of(visibleParam))
+                .build();
+        var catalogItem = CatalogItem.builder()
+                .title("My Catalog Item")
+                .userActions(List.of(userAction))
+                .build();
+        var action = ProvisionActionMother.of(List.of(
+                ProvisionActionParameterMother.of("catalog_item_id", "cat-123"),
+                ProvisionActionParameterMother.of("project_key", "pkey"),
+                ProvisionActionParameterMother.of("visible_param", "value")
+        ));
+
+        assertThatNoException().isThrownBy(
+                () -> provisionerActionsApiValidator.validateReceivesOnlyVisibleParameters(action, catalogItem));
+    }
 }