fix: Custom Content Storage secret updating (#2135)

backend/data/src/main/kotlin/io/tolgee/dtos/contentDelivery/S3ContentStorageConfigDto.kt

@@ -9,11 +9,9 @@ class S3ContentStorageConfigDto : S3Config {
   @field:Size(max = 255)
   override var bucketName: String = ""
 
-  @field:NotBlank
   @field:Size(max = 255)
   override var accessKey: String? = ""
 
-  @field:NotBlank
   @field:Size(max = 255)
   override var secretKey: String? = ""
 

ee/backend/app/src/main/kotlin/io/tolgee/ee/component/contentDelivery/AzureContentStorageConfigProcessor.kt

@@ -34,20 +34,29 @@ class AzureContentStorageConfigProcessor : ContentStorageConfigProcessor<AzureCo
   ): AzureContentStorageConfig {
     val azureDto = dto.azureContentStorageConfig ?: throw BadRequestException(Message.AZURE_CONFIG_REQUIRED)
     val entity = AzureContentStorageConfig(storageEntity)
+    validateSecrets(azureDto)
     entity.connectionString =
-      azureDto.connectionString ?: throw BadRequestException(Message.AZURE_CONNECTION_STRING_REQUIRED)
+      azureDto.connectionString
     entity.containerName = azureDto.containerName
     storageEntity.azureContentStorageConfig = entity
     em.persist(entity)
     return entity
   }
 
+  private fun validateSecrets(azureDto: AzureContentStorageConfigDto) {
+    if (azureDto.connectionString.isNullOrBlank()) {
+      throw BadRequestException(Message.AZURE_CONNECTION_STRING_REQUIRED)
+    }
+  }
+
   override fun fillDtoSecrets(
     storageEntity: ContentStorage,
     dto: ContentStorageRequest,
   ) {
     val azureDto = dto.azureContentStorageConfig ?: return
     val entity = storageEntity.azureContentStorageConfig ?: return
-    azureDto.connectionString = entity.connectionString
+    if (azureDto.connectionString.isNullOrBlank()) {
+      azureDto.connectionString = entity.connectionString
+    }
   }
 }

ee/backend/app/src/main/kotlin/io/tolgee/ee/component/contentDelivery/S3ContentStorageConfigProcessor.kt

@@ -34,8 +34,9 @@ class S3ContentStorageConfigProcessor : ContentStorageConfigProcessor<S3ContentS
   ): S3ContentStorageConfig {
     val s3dto = dto.s3ContentStorageConfig ?: throw BadRequestException(Message.S3_CONFIG_REQUIRED)
     val entity = S3ContentStorageConfig(storageEntity)
-    entity.accessKey = s3dto.accessKey ?: throw BadRequestException(Message.S3_ACCESS_KEY_REQUIRED)
-    entity.secretKey = s3dto.secretKey ?: throw BadRequestException(Message.S3_SECRET_KEY_REQUIRED)
+    validateSecrets(s3dto)
+    entity.accessKey = s3dto.accessKey!!
+    entity.secretKey = s3dto.secretKey!!
     entity.bucketName = s3dto.bucketName
     entity.signingRegion = s3dto.signingRegion
     entity.endpoint = s3dto.endpoint
@@ -44,13 +45,26 @@ class S3ContentStorageConfigProcessor : ContentStorageConfigProcessor<S3ContentS
     return entity
   }
 
+  private fun validateSecrets(dto: S3ContentStorageConfigDto) {
+    if (dto.accessKey.isNullOrBlank()) {
+      throw BadRequestException(Message.S3_ACCESS_KEY_REQUIRED)
+    }
+    if (dto.secretKey.isNullOrBlank()) {
+      throw BadRequestException(Message.S3_SECRET_KEY_REQUIRED)
+    }
+  }
+
   override fun fillDtoSecrets(
     storageEntity: ContentStorage,
     dto: ContentStorageRequest,
   ) {
     val s3dto = dto.s3ContentStorageConfig ?: return
     val entity = storageEntity.s3ContentStorageConfig ?: return
-    s3dto.accessKey = entity.accessKey
-    s3dto.secretKey = entity.secretKey
+    if (s3dto.accessKey.isNullOrBlank()) {
+      s3dto.accessKey = entity.accessKey
+    }
+    if (s3dto.secretKey.isNullOrBlank()) {
+      s3dto.secretKey = entity.secretKey
+    }
   }
 }

ee/backend/tests/src/test/kotlin/io/tolgee/ee/api/v2/controllers/ContentStorageControllerTest.kt

@@ -100,11 +100,37 @@ class ContentStorageControllerTest : ProjectAuthControllerTest("/v2/projects/")
         "name" to "S3",
         "s3ContentStorageConfig" to
           mapOf(
-            "bucketName" to "bucketName",
-            "accessKey" to "accessKey",
-            "secretKey" to "secretKey",
-            "endpoint" to "endpoint",
-            "signingRegion" to "signingRegion",
+            "bucketName" to "new bucketName",
+            "accessKey" to "new accessKey",
+            "secretKey" to "new secretKey",
+            "endpoint" to "new endpoint",
+            "signingRegion" to "new signingRegion",
+          ),
+      ),
+    ).andIsOk.andAssertThatJson {
+      node("name").isEqualTo("S3")
+    }
+
+    executeInNewTransaction {
+      val updatedStorage = contentStorageService.get(storage.id)
+      updatedStorage.s3ContentStorageConfig!!.bucketName.assert.isEqualTo("new bucketName")
+      updatedStorage.s3ContentStorageConfig!!.accessKey.assert.isEqualTo("new accessKey")
+      updatedStorage.s3ContentStorageConfig!!.secretKey.assert.isEqualTo("new secretKey")
+      updatedStorage.s3ContentStorageConfig!!.endpoint.assert.isEqualTo("new endpoint")
+      updatedStorage.s3ContentStorageConfig!!.signingRegion.assert.isEqualTo("new signingRegion")
+      updatedStorage.azureContentStorageConfig.assert.isNull()
+    }
+
+    // test it keeps the old secrets when empty
+    performProjectAuthPut(
+      "content-storages/${storage.id}",
+      mapOf(
+        "name" to "S3",
+        "s3ContentStorageConfig" to
+          mapOf(
+            "bucketName" to "new bucketName",
+            "endpoint" to "new endpoint",
+            "signingRegion" to "new signingRegion",
           ),
       ),
     ).andIsOk.andAssertThatJson {
@@ -113,7 +139,8 @@ class ContentStorageControllerTest : ProjectAuthControllerTest("/v2/projects/")
 
     executeInNewTransaction {
       val updatedStorage = contentStorageService.get(storage.id)
-      updatedStorage.s3ContentStorageConfig!!.bucketName.assert.isEqualTo("bucketName")
+      updatedStorage.s3ContentStorageConfig!!.accessKey.assert.isEqualTo("new accessKey")
+      updatedStorage.s3ContentStorageConfig!!.secretKey.assert.isEqualTo("new secretKey")
       updatedStorage.azureContentStorageConfig.assert.isNull()
     }
   }