Add regex validation for resource identifiers and update related integration tests

- Introduced regex validation for identifiers such as `organizationId`, `workspaceId`, `runnerId`, `runId`, `solutionId`, and `datasetId` across services and APIs.
- Updated OpenAPI specifications to include regex patterns for identifier validation.
- Added integration tests for invalid identifier formats in `organization`, `workspace`, `runner`, `run`, `dataset`, and `solution` APIs.

Author: jreynard-code

api/src/integrationTest/kotlin/com/cosmotech/api/home/dataset/DatasetControllerTests.kt

@@ -49,6 +49,7 @@ import kotlin.test.assertEquals
 import org.apache.commons.io.IOUtils
 import org.hamcrest.Matchers.empty
 import org.hamcrest.Matchers.greaterThan
+import org.hamcrest.core.StringContains.containsString
 import org.json.JSONArray
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
@@ -109,6 +110,61 @@ class DatasetControllerTests : ControllerTestBase() {
             mvc, organizationId, constructWorkspaceCreateRequest(solutionId = solutionId))
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_dataset_part_with_wrong_ids_format() {
+    mvc.perform(
+            get(
+                    "/organizations/wrong-orgId/workspaces/wrong-workspaceId/datasets/wrong-datasetId/parts/wrong-datasetPartId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-datasetId:must match \"^d-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath(
+                "$.detail", containsString("wrong-datasetPartId:must match \"^dp-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/wrong-orgId/workspaces/w-123456abcdef/datasets/d-123456azerty/parts/dp-123456azert")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/wrong-workspaceId/datasets/d-123456azerty/parts/dp-123456azert")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/w-123456abcdef/datasets/wrong-datasetId/parts/dp-123456azert")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-datasetId:must match \"^d-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/w-123456abcdef/datasets/d-123456azerty/parts/wrong-datasetPartId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath(
+                "$.detail", containsString("wrong-datasetPartId:must match \"^dp-\\w{10,20}\"")))
+  }
+
   @Test
   @WithMockOauth2User
   fun create_dataset() {

api/src/integrationTest/kotlin/com/cosmotech/api/home/organization/OrganizationControllerTests.kt

@@ -59,6 +59,17 @@ class OrganizationControllerTests : ControllerTestBase() {
         .andDo(MockMvcResultHandlers.print())
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_organization_with_wrong_orgId_format() {
+    mvc.perform(
+            get("/organizations/wrongid-format")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail").value("wrongid-format:must match \"^o-\\w{10,20}\""))
+  }
+
   @Test
   @WithMockOauth2User
   fun create_organization() {

api/src/integrationTest/kotlin/com/cosmotech/api/home/run/RunControllerTests.kt

@@ -63,6 +63,7 @@ import io.mockk.impl.annotations.MockK
 import io.mockk.mockk
 import java.time.Instant
 import java.util.*
+import org.hamcrest.core.StringContains.containsString
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
@@ -171,6 +172,85 @@ class RunControllerTests : ControllerTestBase() {
             .getString("id")
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_run_with_wrong_ids_format() {
+    mvc.perform(
+            get(
+                    "/organizations/wrong-orgId/workspaces/wrong-workspaceId/runners/wrong-runnerId/runs/wrong-runId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runnerId:must match \"^(r|s)-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runId:must match \"^(run|sr)-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/wrong-orgId/workspaces/w-123456abcdef/runners/r-123456azerty/runs/run-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/wrong-orgId/workspaces/w-123456abcdef/runners/s-123456azerty/runs/run-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/wrong-workspaceId/runners/r-123456azerty/runs/run-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/wrong-workspaceId/runners/s-123456azerty/runs/run-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/w-123456abcdef/runners/wrong-runnerId/runs/run-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runnerId:must match \"^(r|s)-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/w-123456abcdef/runners/r-123456azerty/runs/wrong-runId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runId:must match \"^(run|sr)-\\w{10,20}\"")))
+
+    mvc.perform(
+            get(
+                    "/organizations/o-1233456azer/workspaces/w-123456abcdef/runners/s-123456azerty/runs/wrong-runId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runId:must match \"^(run|sr)-\\w{10,20}\"")))
+  }
+
   @Test
   @WithMockOauth2User
   fun list_runs() {

api/src/integrationTest/kotlin/com/cosmotech/api/home/runner/RunnerControllerTests.kt

@@ -41,6 +41,7 @@ import com.cosmotech.workspace.domain.WorkspaceSolution
 import com.cosmotech.workspace.domain.WorkspaceUpdateRequest
 import com.ninjasquad.springmockk.SpykBean
 import io.mockk.every
+import org.hamcrest.core.StringContains.containsString
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
@@ -159,6 +160,59 @@ class RunnerControllerTests : ControllerTestBase() {
         .andExpect(status().is2xxSuccessful)
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_runner_with_wrong_ids_format() {
+    mvc.perform(
+            get("/organizations/wrong-orgId/workspaces/wrong-workspaceId/runners/wrong-runnerId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runnerId:must match \"^(r|s)-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/wrong-orgId/workspaces/w-123456abcdef/runners/r-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/wrong-orgId/workspaces/w-123456abcdef/runners/s-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/o-1233456azer/workspaces/wrong-workspaceId/runners/r-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/o-1233456azer/workspaces/wrong-workspaceId/runners/s-123456azerty")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/o-1233456azer/workspaces/w-123456abcdef/runners/wrong-runnerId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-runnerId:must match \"^(r|s)-\\w{10,20}\"")))
+  }
+
   @Test
   @WithMockOauth2User
   fun create_runner() {

api/src/integrationTest/kotlin/com/cosmotech/api/home/solution/SolutionControllerTests.kt

@@ -25,6 +25,7 @@ import com.cosmotech.solution.api.SolutionApiService
 import com.cosmotech.solution.domain.*
 import io.mockk.every
 import io.mockk.mockk
+import org.hamcrest.core.StringContains.containsString
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
@@ -59,6 +60,34 @@ class SolutionControllerTests : ControllerTestBase() {
     organizationId = createOrganizationAndReturnId(mvc, constructOrganizationCreateRequest())
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_solution_with_wrong_ids_format() {
+    mvc.perform(
+            get("/organizations/wrong-orgId/solutions/wrong-solutionId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-solutionId:must match \"^sol-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/wrong-orgId/solutions/sol-123456abcdef")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/o-123456abcdef/solutions/wrong-solutionId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-solutionId:must match \"^sol-\\w{10,20}\"")))
+  }
+
   @Test
   @WithMockOauth2User
   fun list_solutions() {

api/src/integrationTest/kotlin/com/cosmotech/api/home/workspace/WorkspaceControllerTests.kt

@@ -22,6 +22,7 @@ import com.cosmotech.common.rbac.ROLE_VIEWER
 import com.cosmotech.workspace.domain.WorkspaceAccessControl
 import com.cosmotech.workspace.domain.WorkspaceSecurity
 import org.apache.commons.io.IOUtils
+import org.hamcrest.core.StringContains.containsString
 import org.json.JSONObject
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
@@ -53,6 +54,34 @@ class WorkspaceControllerTests : ControllerTestBase() {
     solutionId = createSolutionAndReturnId(mvc, organizationId, constructSolutionCreateRequest())
   }
 
+  @Test
+  @WithMockOauth2User
+  fun get_workspace_with_wrong_ids_format() {
+    mvc.perform(
+            get("/organizations/wrong-orgId/workspaces/wrong-workspaceId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/wrong-orgId/workspaces/w-123456abcdef")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(jsonPath("$.detail", containsString("wrong-orgId:must match \"^o-\\w{10,20}\"")))
+
+    mvc.perform(
+            get("/organizations/o-123456abcdef/workspaces/wrong-workspaceId")
+                .contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON))
+        .andExpect(status().isBadRequest)
+        .andExpect(
+            jsonPath("$.detail", containsString("wrong-workspaceId:must match \"^w-\\w{10,20}\"")))
+  }
+
   @Test
   @WithMockOauth2User
   fun create_workspace() {

common/src/main/kotlin/com/cosmotech/common/exceptions/CsmExceptionHandling.kt

@@ -3,8 +3,10 @@
 package com.cosmotech.common.exceptions
 
 import io.awspring.cloud.s3.S3Exception
+import jakarta.validation.ConstraintViolationException
 import java.net.URI
 import org.apache.commons.lang3.NotImplementedException
+import org.hibernate.validator.internal.engine.ConstraintViolationImpl
 import org.springframework.core.Ordered
 import org.springframework.core.annotation.Order
 import org.springframework.http.HttpHeaders
@@ -129,6 +131,20 @@ open class CsmExceptionHandling : ResponseEntityExceptionHandler() {
     return problemDetail
   }
 
+  @ExceptionHandler
+  fun handleConstraintViolationException(exception: ConstraintViolationException): ProblemDetail {
+    val badRequestStatus = HttpStatus.BAD_REQUEST
+    val problemDetail = ProblemDetail.forStatus(badRequestStatus)
+    problemDetail.type = URI.create(httpStatusCodeTypePrefix + badRequestStatus.value())
+    val constraintViolations = exception.constraintViolations
+    problemDetail.detail =
+        constraintViolations.joinToString {
+          val constraint = (it as ConstraintViolationImpl)
+          "${constraint.invalidValue}:${constraint.message}"
+        }
+    return problemDetail
+  }
+
   @ExceptionHandler(AuthenticationServiceException::class)
   fun handleAuthenticationServiceException(
       exception: AuthenticationServiceException