chore: reduce default max payload size in webhooks to 50MB

Signed-off-by: pashakostohrys <pavel@codefresh.io>
pasha-codefresh · Dec 9, 2024 · 97b43bc · 97b43bc
1 parent 316607b
commit 97b43bc
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 4 deletions.
diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go
@@ -117,7 +117,6 @@ func (h *WebhookHandler) startWorkerPool(webhookParallelism int) {
 		}()
 	}
 }
-
 func (h *WebhookHandler) HandleEvent(payload interface{}) {
 	gitGenInfo := getGitGeneratorInfo(payload)
 	prGenInfo := getPRGeneratorInfo(payload)

diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml
@@ -432,7 +432,7 @@ data:
                 name: some-cluster
                 server: https://some-cluster
   # The maximum size of the payload that can be sent to the webhook server.
-  webhook.maxPayloadSizeMB: "1024"
+  webhook.maxPayloadSizeMB: "50"
 
   # application.sync.impersonation.enabled enables application sync to use a custom service account, via impersonation. This allows decoupling sync from control-plane service account.
   application.sync.impersonation.enabled: "false"
diff --git a/docs/operator-manual/webhook.md b/docs/operator-manual/webhook.md
@@ -19,7 +19,7 @@ URL configured in the Git provider should use the `/api/webhook` endpoint of you
 (e.g. `https://argocd.example.com/api/webhook`). If you wish to use a shared secret, input an
 arbitrary value in the secret. This value will be used when configuring the webhook in the next step.
 
-To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 1GB.
+To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 50MB.
 
 ## Github
 

diff --git a/util/webhook/webhook_test.go b/util/webhook/webhook_test.go
@@ -60,7 +60,7 @@ type reactorDef struct {
 }
 
 func NewMockHandler(reactor *reactorDef, applicationNamespaces []string, objects ...runtime.Object) *ArgoCDWebhookHandler {
-	defaultMaxPayloadSize := int64(1) * 1024 * 1024 * 1024
+	defaultMaxPayloadSize := int64(50) * 1024 * 1024
 	return NewMockHandlerWithPayloadLimit(reactor, applicationNamespaces, defaultMaxPayloadSize, objects...)
 }
-Original file line number
+Diff line change
@@ Expand Up @@
     		}()
     	}
     }
     func (h *WebhookHandler) HandleEvent(payload interface{}) {
     	gitGenInfo := getGitGeneratorInfo(payload)
     	prGenInfo := getPRGeneratorInfo(payload)
@@ Expand Down @@