Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP Binding: add "maxResponseBodySize" metadata option #3040

Merged
merged 9 commits into from Aug 15, 2023
Merged

HTTP Binding: add "maxResponseBodySize" metadata option #3040

merged 9 commits into from Aug 15, 2023

Conversation

ItalyPaleAle
Copy link
Contributor

Updates the HTTP binding to add the "maxResponseBodySize" metadata option, which limits the amount of data read from response bodies.

This is necessary to prevent OOMs if the server returns too much data.

The default limit is 100 MiB. This may be considered a breaking change if users were using the binding to fetch very large payloads (which may not be a very efficient thing to do anyways). The breaking change is justified by the security aspect of this fix.

The "maxResponseBodySize" metadata is parsed as a resource, using the same library used by K8s. A number without unit is interpreted as bytes (e.g. "100"); units can be added such as "Mi", "M", etc. To be able to support resource quantities, new methods have been added to the metadata parser.

@ItalyPaleAle
Add support for resource quantities in metadata
ea5b6e1 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle
Limit response body in HTTP binding
4fb9f84 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle ItalyPaleAle requested review from a team as code owners August 3, 2023 21:33
@ItalyPaleAle ItalyPaleAle added the documentation required This issue needs documentation label Aug 3, 2023
@ItalyPaleAle ItalyPaleAle added this to the v1.12 milestone Aug 3, 2023
@ItalyPaleAle ItalyPaleAle removed the documentation required This issue needs documentation label Aug 3, 2023
@ItalyPaleAle ItalyPaleAle mentioned this pull request Aug 3, 2023
Closed
@ItalyPaleAle
Use ResourceQuantity
8c59285 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle
Merge branch 'master' into ADA-DAPR-23-7
5a7d88a
berndverst
berndverst reviewed Aug 4, 2023
View reviewed changes
metadata/utils.go Outdated Show resolved Hide resolved
ItalyPaleAle and others added 4 commits August 4, 2023 16:32
@ItalyPaleAle
Address review feedback
ac4b2dd 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle
resource -> resourcequantity
9333e25 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle @berndverst
Naming is hard
7c69611 
Co-authored-by: Bernd Verst <github@bernd.dev>
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@ItalyPaleAle
Merge branch 'master' of https://github.com/dapr/components-contrib i…
4909ae4 
…nto ADA-DAPR-23-7
berndverst
berndverst previously approved these changes Aug 11, 2023
View reviewed changes
@ItalyPaleAle ItalyPaleAle merged commit da50003 into dapr:master Aug 15, 2023
86 checks passed
@ItalyPaleAle ItalyPaleAle deleted the ADA-DAPR-23-7 branch August 15, 2023 04:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berndverst berndverst berndverst left review comments

Assignees
No one assigned
Labels
breaking-change
Projects
None yet
Milestone
v1.12
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ItalyPaleAle @berndverst