[Bug]: missing validation of `operations` content when creating a namespace

[bigluck]

What happened

In some parts of our code we're still using (because they're more complete) Nessie's v2 APIs to create, modify and remove certain objects, particularly namespaces.

Over time we've rewritten the integration by directly sending the POST request to /trees/ref/history/commit, so we can aggregate multiple operations in a single commit; however, we only just noticed an error in the body we generate that manifests in the iceberg endpoint with the list of namespaces.

This is the content of our HTTP request:

{
    "commitMeta": {
        "author": "Luca Bigon <luca.bigon@blablabla.com>",
        "authorTime": "2025-08-21T14:47:54.917049+00:00",
        "message": "Create NAMESPACE commander_db_4",
        "properties": {}
    },
    "operations": [
        {
            "type": "PUT",
            "key": {
                "elements": ["blabla"]
            },
            "content": {
                "type": "NAMESPACE"
            }
        }
    ]
}

The server responds correctly, and using Nessie's APIs (v2) we can see the new namespace blabla, but the iceberg endpoint returns an object without a name:

{
  "next-page-token" : null,
  "namespaces" : [ [ ] ]
}

The issue seems to be due to not repeating the list of elements inside the "content" object when we make our request. Unfortunately though, there doesn't seem to be any validation happening on the server side for the request content, leading to the race condition described above.

How to reproduce it

see instructions above

Nessie server type (docker/uber-jar/built from source) and version

docker v0.103.0-java

Client type (Ex: UI/Spark/pynessie ...) and version

No response

Additional information

Thanks su much @dimas-b for your help