Description
Short description
The upload_size_limit_bytes is used by the decision log plugin to limit the message body size when uploading events to a service. The size depends on how many events are compressed in the gzip'd chunk. The decision log plugin uses an adaptive uncompressed limit based on the upload_size_limit_bytes that exponentially grows to make an educated guess what the uncompressed limit could be. Unfortunately this mean it is possible for the user to enter a limit that would overflow the int64. In Go this would be a silent failure because overflows don't panic.
There is also no minimum boundary so the user could configure the value to be negative, a less likely problem because that could be argued as user error. Although nice to be safe 😄
Steps To Reproduce
Unfortunately I am not sure how to reproduce this with the latest version of OPA without sending a crazy large events. Which could be an argument against fixing this at all. I ran into the problem when working on fixing another issue in the chunk encoder where the adaptive limit was being updated more frequently, so it is reproducible with a unit test: https://gist.github.com/sspaink/fc1b8b83c29881d2e581715b98a25317
Using -1 for the upload limit would just lead to a bunch of event rejections being logged, which isn't as big of a deal because at least that is a noisy mistake:
{"level":"error","msg":"Log encoding failed: upload chunk size (400) exceeds upload_size_limit_bytes (-1).","plugin":"decision_logs","time":"2025-05-09T17:00:09-05:00"}
Expected behavior
There is a upper and lower limit.