Max allowed header size too low in Broker Server

[ankitsultana]

gcp-token-broker/apps/broker/src/main/java/com/google/cloud/broker/grpc/BrokerServer.java

Line 74 in 635aaf0

.addService(ServerInterceptors.intercept(new BrokerImpl(), new AuthorizationHeaderServerInterceptor(), new ClientAddressServerInterceptor()));

I suspect that the maximum header size is too low in the broker server. Currently, while creating the server we are not configuring maxInboundMetadataSize, so it defaults to 8 KB, which I think is too small, since the Kerberos token may exceed the 8 KB limit. (which is being added in the connector side as seen here)

I think it needs to be figured out what the appropriate size should be set to.

[jphalip]

Good catch. Do you recommend setting it to a specific value, or should we simply make it configurable?

[ankitsultana]

IIRC I doubled it for my use case, however the actual required size wasn't much more than 8 KB— but we can may be make it configurable.

I am not quite sure how long a Kerberos token may be in size. Do you know if there is a spec regarding it? If not, I'd say it's best to make it configurable.