fix(secrets): Disallow empty names

MarcelBochtler · MarcelBochtler · commit 2ecca3f489a6 · 2026-01-21T09:27:44.000Z
The name of secrets are used as a key when updating or deleting them.
Thus, they must not be empty.

Signed-off-by: Marcel Bochtler &lt;marcel.bochtler@bosch.com&gt;
diff --git a/components/secrets/api-model/src/commonMain/kotlin/Secret.kt b/components/secrets/api-model/src/commonMain/kotlin/Secret.kt
@@ -52,9 +52,9 @@ data class PostSecret(
     val description: String?
 ) {
     companion object {
-        val NAME_PATTERN_REGEX = """^(?!\s)[A-Za-z0-9- ]*(?<!\s)$""".toRegex()
-        const val NAME_PATTERN_MESSAGE = "The entity name may only contain letters, numbers, hyphen marks and " +
-                "spaces. Leading and trailing whitespaces are not allowed."
+        val NAME_PATTERN_REGEX = """^(?!\s)[A-Za-z0-9- ]+(?<!\s)$""".toRegex()
+        const val NAME_PATTERN_MESSAGE = "The entity name must not be empty and may only contain letters, " +
+                "numbers, hyphen marks and spaces. Leading and trailing whitespaces are not allowed."
     }
 
     fun validate() =
diff --git a/components/secrets/backend/src/test/kotlin/routes/organization/PostOrganizationSecretIntegrationTest.kt b/components/secrets/backend/src/test/kotlin/routes/organization/PostOrganizationSecretIntegrationTest.kt
@@ -126,5 +126,35 @@ class PostOrganizationSecretIntegrationTest : SecretsIntegrationTest({
                 provider.readSecret(Path("organization_${orgId}_${secret.name}"))?.value.shouldBeNull()
             }
         }
+
+        "respond with 'Bad Request' if the secret's name is empty" {
+            secretsTestApplication { client ->
+                install(StatusPages) {
+                    // TODO: This should use the same config as in core.
+                    exception<RequestValidationException> { call, e ->
+                        call.respondError(
+                            HttpStatusCode.BadRequest,
+                            message = "Request validation has failed.",
+                            cause = e.message
+                        )
+                    }
+                }
+
+                val secret = PostSecret("", "value", "description")
+
+                val response = client.post("/organizations/$orgId/secrets") {
+                    setBody(secret)
+                }
+
+                response shouldHaveStatus HttpStatusCode.BadRequest
+
+                val body = response.body<ErrorResponse>()
+                body.message shouldBe "Request validation has failed."
+                body.cause shouldContain "Validation failed for PostSecret"
+
+                val provider = SecretsProviderFactoryForTesting.instance()
+                provider.readSecret(Path("organization_${orgId}_${secret.name}"))?.value.shouldBeNull()
+            }
+        }
     }
 })
