Failing Functional tests:
test_creating_secret_w_mode_large_string
test_creating_secret_w_large_string_values
Barbican is not validating the size of the "name", "algorithm" and "mode" values when creating a secret. When you try to create a secret and pass values that are longer than the database column size, the repo layer explodes resulting in a 500 response.
Expected Response: 201
Actual Response: 500
Steps to recreate:
POST to /secrets
{"name": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "algorithm": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "bit_length": 128, "mode": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "payload_content_type": "text/plain", "payload": "secret_with_big_metadata_strings"}
Discussed with John Wood regarding the appropriate status code responses. It seems like the appropriate code should be a 400 as a single field is just too long and not that the request is too long. I'll add a limits in the jsonschema validation and few functional tests around oversized name, algorithm, and mode fields.