Add support for limiting dependency processing
To protect Zuul servers from accidental DoS attacks in case someone, say, uploads a 1k change tree to gerrit, add an option to limit the dependency processing in the Gerrit driver and in Zuul itself (since those are the two places where we recursively process deps). Change-Id: I568bd80bbc75284a8e63c2e414c5ac940fc1429a
This commit is contained in:
James E. Blair
10
releasenotes/notes/max-dependencies-7e50194dbe23aaaf.yaml
Normal file
10
releasenotes/notes/max-dependencies-7e50194dbe23aaaf.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Two new settings are available to protect Zuul from resource
|
||||
exhaustion from processing too many dependencies among changes.
|
||||
The Gerrit driver supports setting :attr:`<gerrit
|
||||
connection>.max_dependencies` to limit internal dependency
|
||||
processing during event processing, and a new tenant setting of
|
||||
:attr:`tenant.max-dependencies` is available to limit tenant
|
||||
processing while enqueing changes in pipelines.
|
||||
Reference in New Issue
Block a user