fix: add input validation for Terraform state name parameter

Anna Vovchenkorequested to merge
workloads/a49b60059d8 into master

What does this MR do and why?

This MR was created by Duo in Session 1102335

Changes

  • Add input validation for Terraform state name parameter to prevent database constraint violations
  • Implement proper length limits for state name field to match database schema constraints
  • Add validation to prevent excessively long state names that cause ActiveRecord::ValueTooLong errors

Update:

Duo refused to push the changes after all 😅 But the plan seemed fine, and I went through it myself.

References

Screenshots or screen recordings

Before After
Screenshot_2025-09-05_at_18.07.16 Screenshot_2025-09-09_at_10.53.16

How to set up and validate locally

  1. Create a state name longer than 255 characters and make the API request:
bashcurl -X POST \
  -H "Content-Type: application/json" \
  -H "Private-Token: your-token-here" \
  -d '{"ID":"test-lock","Operation":"OperationTypePlan","Info":"","Who":"test-user","Version":"1.0","Created":"2024-01-01T00:00:00Z","Path":""}' \
  "https://gdk.test:3443/api/v4/projects/<project_id>/terraform/state/$(printf 'a%.0s' {1..300})/lock"
  1. Verify response returns HTTP 500 with database constraint error (before fix)
  2. Apply the fix and verify response returns HTTP 400 with "State name exceeds maximum length" message (after fix)
Edited by Anna Vovchenko

Merge request reports