From defd1d05440e81b06e51803d1f846400ae458cf3 Mon Sep 17 00:00:00 2001
From: Paul Morie <pmorie@redhat.com>
Date: Wed, 20 Jan 2016 23:14:37 -0500
Subject: [PATCH] Add size limit for ConfigMap

---
 pkg/api/validation/validation.go      | 8 +++++++-
 pkg/api/validation/validation_test.go | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go
index 356ce433c48..4594a7cffda 100644
--- a/pkg/api/validation/validation.go
+++ b/pkg/api/validation/validation.go
@@ -1999,10 +1999,16 @@ func ValidateConfigMap(cfg *api.ConfigMap) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateObjectMeta(&cfg.ObjectMeta, true, ValidateConfigMapName, field.NewPath("metadata"))...)
 
-	for key := range cfg.Data {
+	totalSize := 0
+
+	for key, value := range cfg.Data {
 		if !IsSecretKey(key) {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("data").Key(key), key, fmt.Sprintf("must have at most %d characters and match regex %s", validation.DNS1123SubdomainMaxLength, SecretKeyFmt)))
 		}
+		totalSize += len(value)
+	}
+	if totalSize > api.MaxSecretSize {
+		allErrs = append(allErrs, field.TooLong(field.NewPath("data"), "", api.MaxSecretSize))
 	}
 
 	return allErrs
diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go
index 58a529753b6..2566fa369a4 100644
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@@ -4480,6 +4480,7 @@ func TestValidateConfigMap(t *testing.T) {
 		dotKey           = newConfigMap("validname", "validns", map[string]string{".": "value"})
 		doubleDotKey     = newConfigMap("validname", "validns", map[string]string{"..": "value"})
 		overMaxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 254): "value"})
+		overMaxSize      = newConfigMap("validname", "validns", map[string]string{"key": strings.Repeat("a", api.MaxSecretSize+1)})
 	)
 
 	tests := map[string]struct {
@@ -4497,6 +4498,7 @@ func TestValidateConfigMap(t *testing.T) {
 		"dot key":             {dotKey, false},
 		"double dot key":      {doubleDotKey, false},
 		"over max key length": {overMaxKeyLength, false},
+		"over max size":       {overMaxSize, false},
 	}
 
 	for name, tc := range tests {