Configurable const BundleLimitBytes #2781
Assignees
Comments
|
We can make the 1GB limit configurable. The limit was originally added as a measure against tar bombs (#920). We'll expose a configuration option on the bundle section that you can set. For example: |
tsandall
added a commit
to tsandall/opa
that referenced
this issue
Oct 20, 2020
This commit lets users override the 1GB file size limit on the bundle reader with a configuration setting. Fixes open-policy-agent#2781 Signed-off-by: Torin Sandall <torinsandall@gmail.com>
tsandall
added a commit
that referenced
this issue
Oct 21, 2020
This commit lets users override the 1GB file size limit on the bundle reader with a configuration setting. Fixes #2781 Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
OPA Engine would allow me to configure the BundleLimitBytes const in Bundle.go via something to the effect of an entry in config.yaml or an executable flag such that the Engine is able to download and activate a bundle whose contents contain a file larger than 1GiB
Actual Behavior
The BundleLimitBytes const in Bundle.go is set to 1GiB and is non-configurable, thus when the engine downloads a bundle.tar.gz that contains a file of size over 1GiB for example, data.json > 1GiB it will produce the error "Bundle download failed: bundle exceeded max size (1073741824 bytes)"
Steps to Reproduce the Problem
This issue was observed with a bundle.tar.gz of size ~110MB which contained a .manifest of 45B, an authz.rego of ~50KB and a data.json ~1.3GB. Thus any bundle with a file sufficiently large is capable of reproducing this issue.
Additional Info
OPA version 0.23.2
The text was updated successfully, but these errors were encountered: