vault: validate encrypted value size in request validator

[prashantkumar1982]

Summary

• enforce VaultCiphertextSizeLimit in the Vault request validator for create/update requests
• reject oversized EncryptedValue payloads before label verification
• add validator unit tests covering boundary and oversized ciphertext cases

Testing

• go test ./core/capabilities/vault ./core/services/gateway/handlers/vault

[github-actions]

✅ No conflicts with other open PRs targeting release/2.38.1

[github-actions]

I see you updated files related to core. Please run make gocs in the root directory to add a changeset as well as in the text include at least one of the following tags:

• #added For any new functionality added.
• #breaking_change For any functionality that requires manual action for the node to boot.
• #bugfix For bug fixes.
• #changed For any change to the existing functionality.
• #db_update For any feature that introduces updates to database schema.
• #deprecation_notice For any upcoming deprecation functionality.
• #internal For changesets that need to be excluded from the final changelog.
• #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
• #removed For any functionality/config that is removed.
• #updated For any functionality that is updated.
• #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

[trunk-io]

     

Failed Test	Failure Summary	Logs
Test_CRE_V2_HTTP_Regression/[v2]_HTTP_Trigger_fails_with_invalid_AuthorizedKey.PublicKey_format	The test failed due to an invalid public key format in the HTTP trigger workflow.	Logs ↗︎
Test_CRE_V2_HTTP_Regression	The test named Test_CRE_V2_HTTP_Regression failed during execution.	Logs ↗︎

View Full Report ↗︎ ⋅ Docs

[cl-sonarqube-production]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube