Add size limit for ConfigMap

2025-07-24 04:06:03 +00:00 · 2016-01-20 23:14:37 -05:00 · 2016-01-20 23:14:37 -05:00 · defd1d0544
commit defd1d0544
parent 298028dc8b
2 changed files with 9 additions and 1 deletions
--- a/pkg/api/validation/validation.go
+++ b/pkg/api/validation/validation.go
@ -1999,10 +1999,16 @@ func ValidateConfigMap(cfg *api.ConfigMap) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateObjectMeta(&cfg.ObjectMeta, true, ValidateConfigMapName, field.NewPath("metadata"))...)

-	for key := range cfg.Data {
+	totalSize := 0
+
+	for key, value := range cfg.Data {
 		if !IsSecretKey(key) {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("data").Key(key), key, fmt.Sprintf("must have at most %d characters and match regex %s", validation.DNS1123SubdomainMaxLength, SecretKeyFmt)))
 		}
+		totalSize += len(value)
+	}
+	if totalSize > api.MaxSecretSize {
+		allErrs = append(allErrs, field.TooLong(field.NewPath("data"), "", api.MaxSecretSize))
 	}

 	return allErrs
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@ -4480,6 +4480,7 @@ func TestValidateConfigMap(t *testing.T) {
 		dotKey           = newConfigMap("validname", "validns", map[string]string{".": "value"})
 		doubleDotKey     = newConfigMap("validname", "validns", map[string]string{"..": "value"})
 		overMaxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 254): "value"})
+		overMaxSize      = newConfigMap("validname", "validns", map[string]string{"key": strings.Repeat("a", api.MaxSecretSize+1)})
 	)

 	tests := map[string]struct {
@ -4497,6 +4498,7 @@ func TestValidateConfigMap(t *testing.T) {
 		"dot key":             {dotKey, false},
 		"double dot key":      {doubleDotKey, false},
 		"over max key length": {overMaxKeyLength, false},
+		"over max size":       {overMaxSize, false},
 	}

 	for name, tc := range tests {