Expose max request and secret size config options.

Upstream Barbican has bumped up its default for the configuration keys max_allowed_request_size_in_bytes and max_allowed_secret_in_bytes to 25kB and 20kB respectively (c59f2a6b). This change adopts those values to be used in all the supported releases and exposes them via juju config. Closes-Bug: #1946018 Change-Id: I3dcb30f5de6367de2aa5c26bb59a79893fb8e578
2021-10-04 15:41:25 -03:00 · 2021-10-04 15:41:25 -03:00 · 0740a468ef
commit 0740a468ef
parent 3ac1472fe6
2 changed files with 12 additions and 0 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -34,3 +34,13 @@ options:
    default: 32
    type: int
    description: The length for generating an HMAC
+  max-allowed-secret-size:
+    default: 20000
+    type: int
+    description: |
+      Maximum allowed secret size in bytes.
+  max-allowed-request-size:
+    default: 25000
+    type: int
+    description: |
+      Maximum allowed http request size against the barbican-api.
--- a/src/templates/rocky/barbican.conf
+++ b/src/templates/rocky/barbican.conf
@ -4,6 +4,8 @@ bind_host = {{ options.service_listen_info.barbican_worker.ip }}
 bind_port = {{ options.service_listen_info.barbican_worker.port }}
 host_href = {{ options.external_endpoints.barbican_worker.url }}
 db_auto_create = False
+max_allowed_secret_in_bytes = {{ options.max_allowed_secret_size }}
+max_allowed_request_size_in_bytes = {{ options.max_allowed_request_size }}

 {% include "parts/section-transport-url" %}