From 8131bb66ac5ae6f2e68bef81e7ef35417089fb3f Mon Sep 17 00:00:00 2001 From: Prashant Yadav Date: Wed, 4 Mar 2026 12:32:39 -0800 Subject: [PATCH 1/4] Introduce new Vault limitsfor all ocr3.1 config fields --- pkg/settings/cresettings/README.md | 11 +++++++++++ pkg/settings/cresettings/defaults.json | 13 ++++++++++++- pkg/settings/cresettings/defaults.toml | 13 ++++++++++++- pkg/settings/cresettings/settings.go | 26 +++++++++++++++++++++++++- 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/pkg/settings/cresettings/README.md b/pkg/settings/cresettings/README.md index b1d248d83..1f032952e 100644 --- a/pkg/settings/cresettings/README.md +++ b/pkg/settings/cresettings/README.md @@ -174,6 +174,17 @@ flowchart VaultIdentifierNamespaceSizeLimit{{VaultIdentifierNamespaceSizeLimit}}:::bound VaultPluginBatchSizeLimit{{VaultPluginBatchSizeLimit}}:::bound VaultRequestBatchSizeLimit{{VaultRequestBatchSizeLimit}}:::bound + VaultLimitsMaxQueryLength{{VaultLimitsMaxQueryLength}}:::bound + VaultLimitsMaxObservationLength{{VaultLimitsMaxObservationLength}}:::bound + VaultLimitsMaxReportsPlusPrecursorLength{{VaultLimitsMaxReportsPlusPrecursorLength}}:::bound + VaultLimitsMaxReportLength{{VaultLimitsMaxReportLength}}:::bound + VaultLimitsMaxReportCount{{VaultLimitsMaxReportCount}}:::bound + VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength{{VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength}}:::bound + VaultLimitsMaxKeyValueModifiedKeys{{VaultLimitsMaxKeyValueModifiedKeys}}:::bound + VaultLimitsMaxBlobPayloadLength{{VaultLimitsMaxBlobPayloadLength}}:::bound + VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes{{VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes}}:::bound + VaultLimitsMaxPerOracleUnexpiredBlobCount{{VaultLimitsMaxPerOracleUnexpiredBlobCount}}:::bound + VaultEnableDeterministicPendingQueue[/VaultEnableDeterministicPendingQueue\]:::gate PerOwner.VaultSecretsLimit{{PerOwner.VaultSecretsLimit}}:::bound end diff --git a/pkg/settings/cresettings/defaults.json b/pkg/settings/cresettings/defaults.json index 222e02391..87570314a 100644 --- a/pkg/settings/cresettings/defaults.json +++ b/pkg/settings/cresettings/defaults.json @@ -7,8 +7,19 @@ "VaultIdentifierKeySizeLimit": "64b", "VaultIdentifierOwnerSizeLimit": "64b", "VaultIdentifierNamespaceSizeLimit": "64b", - "VaultPluginBatchSizeLimit": "20", + "VaultPluginBatchSizeLimit": "10", "VaultRequestBatchSizeLimit": "10", + "VaultLimitsMaxQueryLength": "102400", + "VaultLimitsMaxObservationLength": "500000000", + "VaultLimitsMaxReportsPlusPrecursorLength": "500000000", + "VaultLimitsMaxReportLength": "500000000", + "VaultLimitsMaxReportCount": "10", + "VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength": "1468006", + "VaultLimitsMaxKeyValueModifiedKeys": "300", + "VaultLimitsMaxBlobPayloadLength": "25600", + "VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes": "31457280", + "VaultLimitsMaxPerOracleUnexpiredBlobCount": "1000", + "VaultEnableDeterministicPendingQueue": "true", "PerOrg": { "ZeroBalancePruningTimeout": "24h0m0s" }, diff --git a/pkg/settings/cresettings/defaults.toml b/pkg/settings/cresettings/defaults.toml index f9992c745..4d228db00 100644 --- a/pkg/settings/cresettings/defaults.toml +++ b/pkg/settings/cresettings/defaults.toml @@ -6,8 +6,19 @@ VaultCiphertextSizeLimit = '2kb' VaultIdentifierKeySizeLimit = '64b' VaultIdentifierOwnerSizeLimit = '64b' VaultIdentifierNamespaceSizeLimit = '64b' -VaultPluginBatchSizeLimit = '20' +VaultPluginBatchSizeLimit = '10' VaultRequestBatchSizeLimit = '10' +VaultLimitsMaxQueryLength = '102400' +VaultLimitsMaxObservationLength = '500000000' +VaultLimitsMaxReportsPlusPrecursorLength = '500000000' +VaultLimitsMaxReportLength = '500000000' +VaultLimitsMaxReportCount = '10' +VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength = '1468006' +VaultLimitsMaxKeyValueModifiedKeys = '300' +VaultLimitsMaxBlobPayloadLength = '25600' +VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes = '31457280' +VaultLimitsMaxPerOracleUnexpiredBlobCount = '1000' +VaultEnableDeterministicPendingQueue = 'true' [PerOrg] ZeroBalancePruningTimeout = '24h0m0s' diff --git a/pkg/settings/cresettings/settings.go b/pkg/settings/cresettings/settings.go index 74134b520..0f68b3595 100644 --- a/pkg/settings/cresettings/settings.go +++ b/pkg/settings/cresettings/settings.go @@ -65,9 +65,21 @@ var Default = Schema{ VaultIdentifierKeySizeLimit: Size(64 * config.Byte), VaultIdentifierOwnerSizeLimit: Size(64 * config.Byte), VaultIdentifierNamespaceSizeLimit: Size(64 * config.Byte), - VaultPluginBatchSizeLimit: Int(20), + VaultPluginBatchSizeLimit: Int(10), VaultRequestBatchSizeLimit: Int(10), + VaultLimitsMaxQueryLength: Int(102400), + VaultLimitsMaxObservationLength: Int(500000000), + VaultLimitsMaxReportsPlusPrecursorLength: Int(500000000), + VaultLimitsMaxReportLength: Int(500000000), + VaultLimitsMaxReportCount: Int(10), + VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength: Int(1468006), + VaultLimitsMaxKeyValueModifiedKeys: Int(300), + VaultLimitsMaxBlobPayloadLength: Int(25600), + VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes: Int(31457280), + VaultLimitsMaxPerOracleUnexpiredBlobCount: Int(1000), + VaultEnableDeterministicPendingQueue: Bool(true), + PerOrg: Orgs{ ZeroBalancePruningTimeout: Duration(24 * time.Hour), }, @@ -178,6 +190,18 @@ type Schema struct { VaultPluginBatchSizeLimit Setting[int] `unit:"{request}"` VaultRequestBatchSizeLimit Setting[int] `unit:"{request}"` + VaultLimitsMaxQueryLength Setting[int] + VaultLimitsMaxObservationLength Setting[int] + VaultLimitsMaxReportsPlusPrecursorLength Setting[int] + VaultLimitsMaxReportLength Setting[int] + VaultLimitsMaxReportCount Setting[int] + VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength Setting[int] + VaultLimitsMaxKeyValueModifiedKeys Setting[int] + VaultLimitsMaxBlobPayloadLength Setting[int] + VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes Setting[int] + VaultLimitsMaxPerOracleUnexpiredBlobCount Setting[int] + VaultEnableDeterministicPendingQueue Setting[bool] + PerOrg Orgs `scope:"org"` PerOwner Owners `scope:"owner"` PerWorkflow Workflows `scope:"workflow"` From 0eb0965cfee923cba4d7d17130e5db2a37ea3a47 Mon Sep 17 00:00:00 2001 From: Prashant Yadav Date: Wed, 4 Mar 2026 12:36:31 -0800 Subject: [PATCH 2/4] delete VaultEnableDeterministicPendingQueue --- pkg/settings/cresettings/README.md | 1 - pkg/settings/cresettings/defaults.json | 1 - pkg/settings/cresettings/defaults.toml | 1 - pkg/settings/cresettings/settings.go | 2 -- 4 files changed, 5 deletions(-) diff --git a/pkg/settings/cresettings/README.md b/pkg/settings/cresettings/README.md index 1f032952e..f7940c047 100644 --- a/pkg/settings/cresettings/README.md +++ b/pkg/settings/cresettings/README.md @@ -184,7 +184,6 @@ flowchart VaultLimitsMaxBlobPayloadLength{{VaultLimitsMaxBlobPayloadLength}}:::bound VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes{{VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes}}:::bound VaultLimitsMaxPerOracleUnexpiredBlobCount{{VaultLimitsMaxPerOracleUnexpiredBlobCount}}:::bound - VaultEnableDeterministicPendingQueue[/VaultEnableDeterministicPendingQueue\]:::gate PerOwner.VaultSecretsLimit{{PerOwner.VaultSecretsLimit}}:::bound end diff --git a/pkg/settings/cresettings/defaults.json b/pkg/settings/cresettings/defaults.json index 87570314a..97ac561d4 100644 --- a/pkg/settings/cresettings/defaults.json +++ b/pkg/settings/cresettings/defaults.json @@ -19,7 +19,6 @@ "VaultLimitsMaxBlobPayloadLength": "25600", "VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes": "31457280", "VaultLimitsMaxPerOracleUnexpiredBlobCount": "1000", - "VaultEnableDeterministicPendingQueue": "true", "PerOrg": { "ZeroBalancePruningTimeout": "24h0m0s" }, diff --git a/pkg/settings/cresettings/defaults.toml b/pkg/settings/cresettings/defaults.toml index 4d228db00..1e4010292 100644 --- a/pkg/settings/cresettings/defaults.toml +++ b/pkg/settings/cresettings/defaults.toml @@ -18,7 +18,6 @@ VaultLimitsMaxKeyValueModifiedKeys = '300' VaultLimitsMaxBlobPayloadLength = '25600' VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes = '31457280' VaultLimitsMaxPerOracleUnexpiredBlobCount = '1000' -VaultEnableDeterministicPendingQueue = 'true' [PerOrg] ZeroBalancePruningTimeout = '24h0m0s' diff --git a/pkg/settings/cresettings/settings.go b/pkg/settings/cresettings/settings.go index 0f68b3595..7153bcd88 100644 --- a/pkg/settings/cresettings/settings.go +++ b/pkg/settings/cresettings/settings.go @@ -78,7 +78,6 @@ var Default = Schema{ VaultLimitsMaxBlobPayloadLength: Int(25600), VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes: Int(31457280), VaultLimitsMaxPerOracleUnexpiredBlobCount: Int(1000), - VaultEnableDeterministicPendingQueue: Bool(true), PerOrg: Orgs{ ZeroBalancePruningTimeout: Duration(24 * time.Hour), @@ -200,7 +199,6 @@ type Schema struct { VaultLimitsMaxBlobPayloadLength Setting[int] VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes Setting[int] VaultLimitsMaxPerOracleUnexpiredBlobCount Setting[int] - VaultEnableDeterministicPendingQueue Setting[bool] PerOrg Orgs `scope:"org"` PerOwner Owners `scope:"owner"` From edb06e317d173604aeab2f9d40000d5b0b237d99 Mon Sep 17 00:00:00 2001 From: Prashant Yadav Date: Wed, 4 Mar 2026 14:09:38 -0800 Subject: [PATCH 3/4] Commentas --- pkg/settings/cresettings/settings.go | 47 ++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/pkg/settings/cresettings/settings.go b/pkg/settings/cresettings/settings.go index 7153bcd88..8d458cd7d 100644 --- a/pkg/settings/cresettings/settings.go +++ b/pkg/settings/cresettings/settings.go @@ -68,15 +68,44 @@ var Default = Schema{ VaultPluginBatchSizeLimit: Int(10), VaultRequestBatchSizeLimit: Int(10), - VaultLimitsMaxQueryLength: Int(102400), - VaultLimitsMaxObservationLength: Int(500000000), - VaultLimitsMaxReportsPlusPrecursorLength: Int(500000000), - VaultLimitsMaxReportLength: Int(500000000), - VaultLimitsMaxReportCount: Int(10), - VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength: Int(1468006), - VaultLimitsMaxKeyValueModifiedKeys: Int(300), - VaultLimitsMaxBlobPayloadLength: Int(25600), - VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes: Int(31457280), + VaultLimitsMaxQueryLength: Int(102400), + // Back of the envelope calculation: + // - An item can contain 2KB of ciphertext, 192 bytes of metadata (key, owner, namespace), + // a UUID (16 bytes) plus some overhead = ~2.5KB per item + // There can be 10 such items in a request, and 20 per batch, so 2.5KB * 10 * 20 = 500KB + // However as a buffer, multiplying by 10, to get ~5mb, for all 3 fields below. + VaultLimitsMaxObservationLength: Int(500000000), + VaultLimitsMaxReportsPlusPrecursorLength: Int(500000000), + VaultLimitsMaxReportLength: Int(500000000), + VaultLimitsMaxReportCount: Int(10), + // assumption for largest item: + // create request with the maximum ciphertext length: + // - 192 bytes (sum of MaxIdentifierKeyLengthBytes + MaxIdentifierOwnerLengthBytes + MaxIdentifierNamespaceLengthBytes) + // - 2048 bytes (MaxCiphertextLengthBytes) + // = ~2240 bytes for an item + // There are 10 items per request (separate vault setting), 10 request per batch (BatchSize) + // i.e. ~224 KB per batch + // For a batch we will write: + // - a secret + metadata record per item + // - the secrets are 224 KB total + // - the metadata is a list of secret identifiers, + // there are a maximum of 100 secrets per owner (MaxSecretsPerOwner) + // i.e. 192 bytes * 100 = ~19.2 KB + // - the pending queue + // - 10 requests in the pending queue, each request is ~22.4Kb = ~22.4 KB + // - an index record = 8bytes + // - total = ~224 KB + ~19.2 KB + ~224 KB + 8 bytes = ~467.2 KB + // Setting to 1.4MB to allow for some buffer. + VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength: Int(1468006), + // 10 batch size * 10 items per batch * 2 records modified per item (secret + metadata record) + // plus 10 batchsize items in the pending queue + 1 index record + // = 211 total. + // plus some buffer. + VaultLimitsMaxKeyValueModifiedKeys: Int(300), + // Assuming a request is max 25KB, we add a bit of buffer to allow some room. + VaultLimitsMaxBlobPayloadLength: Int(25600), + // Per docs, this should allow some additional buffer to allow for reaping time. + VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes: Int(31457280), // 30 mb VaultLimitsMaxPerOracleUnexpiredBlobCount: Int(1000), PerOrg: Orgs{ From 89d45416b641b7290ef77be8fdf36396a912f908 Mon Sep 17 00:00:00 2001 From: Prashant Yadav Date: Mon, 9 Mar 2026 12:01:23 -0700 Subject: [PATCH 4/4] respond to comments --- pkg/settings/cresettings/README.md | 20 ++++++------ pkg/settings/cresettings/defaults.json | 20 ++++++------ pkg/settings/cresettings/defaults.toml | 20 ++++++------ pkg/settings/cresettings/settings.go | 42 +++++++++++++------------- 4 files changed, 51 insertions(+), 51 deletions(-) diff --git a/pkg/settings/cresettings/README.md b/pkg/settings/cresettings/README.md index f7940c047..fc6476cb9 100644 --- a/pkg/settings/cresettings/README.md +++ b/pkg/settings/cresettings/README.md @@ -174,16 +174,16 @@ flowchart VaultIdentifierNamespaceSizeLimit{{VaultIdentifierNamespaceSizeLimit}}:::bound VaultPluginBatchSizeLimit{{VaultPluginBatchSizeLimit}}:::bound VaultRequestBatchSizeLimit{{VaultRequestBatchSizeLimit}}:::bound - VaultLimitsMaxQueryLength{{VaultLimitsMaxQueryLength}}:::bound - VaultLimitsMaxObservationLength{{VaultLimitsMaxObservationLength}}:::bound - VaultLimitsMaxReportsPlusPrecursorLength{{VaultLimitsMaxReportsPlusPrecursorLength}}:::bound - VaultLimitsMaxReportLength{{VaultLimitsMaxReportLength}}:::bound - VaultLimitsMaxReportCount{{VaultLimitsMaxReportCount}}:::bound - VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength{{VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength}}:::bound - VaultLimitsMaxKeyValueModifiedKeys{{VaultLimitsMaxKeyValueModifiedKeys}}:::bound - VaultLimitsMaxBlobPayloadLength{{VaultLimitsMaxBlobPayloadLength}}:::bound - VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes{{VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes}}:::bound - VaultLimitsMaxPerOracleUnexpiredBlobCount{{VaultLimitsMaxPerOracleUnexpiredBlobCount}}:::bound + VaultMaxQuerySizeLimit{{VaultMaxQuerySizeLimit}}:::bound + VaultMaxObservationSizeLimit{{VaultMaxObservationSizeLimit}}:::bound + VaultMaxReportsPlusPrecursorSizeLimit{{VaultMaxReportsPlusPrecursorSizeLimit}}:::bound + VaultMaxReportSizeLimit{{VaultMaxReportSizeLimit}}:::bound + VaultMaxReportCount{{VaultMaxReportCount}}:::bound + VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit{{VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit}}:::bound + VaultMaxKeyValueModifiedKeys{{VaultMaxKeyValueModifiedKeys}}:::bound + VaultMaxBlobPayloadSizeLimit{{VaultMaxBlobPayloadSizeLimit}}:::bound + VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit{{VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit}}:::bound + VaultMaxPerOracleUnexpiredBlobCount{{VaultMaxPerOracleUnexpiredBlobCount}}:::bound PerOwner.VaultSecretsLimit{{PerOwner.VaultSecretsLimit}}:::bound end diff --git a/pkg/settings/cresettings/defaults.json b/pkg/settings/cresettings/defaults.json index 97ac561d4..0bb98bddb 100644 --- a/pkg/settings/cresettings/defaults.json +++ b/pkg/settings/cresettings/defaults.json @@ -9,16 +9,16 @@ "VaultIdentifierNamespaceSizeLimit": "64b", "VaultPluginBatchSizeLimit": "10", "VaultRequestBatchSizeLimit": "10", - "VaultLimitsMaxQueryLength": "102400", - "VaultLimitsMaxObservationLength": "500000000", - "VaultLimitsMaxReportsPlusPrecursorLength": "500000000", - "VaultLimitsMaxReportLength": "500000000", - "VaultLimitsMaxReportCount": "10", - "VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength": "1468006", - "VaultLimitsMaxKeyValueModifiedKeys": "300", - "VaultLimitsMaxBlobPayloadLength": "25600", - "VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes": "31457280", - "VaultLimitsMaxPerOracleUnexpiredBlobCount": "1000", + "VaultMaxQuerySizeLimit": "102.4kb", + "VaultMaxObservationSizeLimit": "2mb", + "VaultMaxReportsPlusPrecursorSizeLimit": "2mb", + "VaultMaxReportSizeLimit": "2mb", + "VaultMaxReportCount": "10", + "VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit": "1.468006mb", + "VaultMaxKeyValueModifiedKeys": "300", + "VaultMaxBlobPayloadSizeLimit": "25.6kb", + "VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit": "31.45728mb", + "VaultMaxPerOracleUnexpiredBlobCount": "1000", "PerOrg": { "ZeroBalancePruningTimeout": "24h0m0s" }, diff --git a/pkg/settings/cresettings/defaults.toml b/pkg/settings/cresettings/defaults.toml index 1e4010292..a7b752f62 100644 --- a/pkg/settings/cresettings/defaults.toml +++ b/pkg/settings/cresettings/defaults.toml @@ -8,16 +8,16 @@ VaultIdentifierOwnerSizeLimit = '64b' VaultIdentifierNamespaceSizeLimit = '64b' VaultPluginBatchSizeLimit = '10' VaultRequestBatchSizeLimit = '10' -VaultLimitsMaxQueryLength = '102400' -VaultLimitsMaxObservationLength = '500000000' -VaultLimitsMaxReportsPlusPrecursorLength = '500000000' -VaultLimitsMaxReportLength = '500000000' -VaultLimitsMaxReportCount = '10' -VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength = '1468006' -VaultLimitsMaxKeyValueModifiedKeys = '300' -VaultLimitsMaxBlobPayloadLength = '25600' -VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes = '31457280' -VaultLimitsMaxPerOracleUnexpiredBlobCount = '1000' +VaultMaxQuerySizeLimit = '102.4kb' +VaultMaxObservationSizeLimit = '2mb' +VaultMaxReportsPlusPrecursorSizeLimit = '2mb' +VaultMaxReportSizeLimit = '2mb' +VaultMaxReportCount = '10' +VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit = '1.468006mb' +VaultMaxKeyValueModifiedKeys = '300' +VaultMaxBlobPayloadSizeLimit = '25.6kb' +VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit = '31.45728mb' +VaultMaxPerOracleUnexpiredBlobCount = '1000' [PerOrg] ZeroBalancePruningTimeout = '24h0m0s' diff --git a/pkg/settings/cresettings/settings.go b/pkg/settings/cresettings/settings.go index 8d458cd7d..97e1a1329 100644 --- a/pkg/settings/cresettings/settings.go +++ b/pkg/settings/cresettings/settings.go @@ -68,16 +68,16 @@ var Default = Schema{ VaultPluginBatchSizeLimit: Int(10), VaultRequestBatchSizeLimit: Int(10), - VaultLimitsMaxQueryLength: Int(102400), + VaultMaxQuerySizeLimit: Size(102400 * config.Byte), // Back of the envelope calculation: // - An item can contain 2KB of ciphertext, 192 bytes of metadata (key, owner, namespace), // a UUID (16 bytes) plus some overhead = ~2.5KB per item // There can be 10 such items in a request, and 20 per batch, so 2.5KB * 10 * 20 = 500KB - // However as a buffer, multiplying by 10, to get ~5mb, for all 3 fields below. - VaultLimitsMaxObservationLength: Int(500000000), - VaultLimitsMaxReportsPlusPrecursorLength: Int(500000000), - VaultLimitsMaxReportLength: Int(500000000), - VaultLimitsMaxReportCount: Int(10), + // However as a buffer, setting the next 3 fields to 2 mb. + VaultMaxObservationSizeLimit: Size(2 * config.MByte), + VaultMaxReportsPlusPrecursorSizeLimit: Size(2 * config.MByte), + VaultMaxReportSizeLimit: Size(2 * config.MByte), + VaultMaxReportCount: Int(10), // assumption for largest item: // create request with the maximum ciphertext length: // - 192 bytes (sum of MaxIdentifierKeyLengthBytes + MaxIdentifierOwnerLengthBytes + MaxIdentifierNamespaceLengthBytes) @@ -96,17 +96,17 @@ var Default = Schema{ // - an index record = 8bytes // - total = ~224 KB + ~19.2 KB + ~224 KB + 8 bytes = ~467.2 KB // Setting to 1.4MB to allow for some buffer. - VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength: Int(1468006), + VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit: Size(1468006 * config.Byte), // 10 batch size * 10 items per batch * 2 records modified per item (secret + metadata record) // plus 10 batchsize items in the pending queue + 1 index record // = 211 total. // plus some buffer. - VaultLimitsMaxKeyValueModifiedKeys: Int(300), + VaultMaxKeyValueModifiedKeys: Int(300), // Assuming a request is max 25KB, we add a bit of buffer to allow some room. - VaultLimitsMaxBlobPayloadLength: Int(25600), + VaultMaxBlobPayloadSizeLimit: Size(25600 * config.Byte), // Per docs, this should allow some additional buffer to allow for reaping time. - VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes: Int(31457280), // 30 mb - VaultLimitsMaxPerOracleUnexpiredBlobCount: Int(1000), + VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit: Size(31457280 * config.Byte), + VaultMaxPerOracleUnexpiredBlobCount: Int(1000), PerOrg: Orgs{ ZeroBalancePruningTimeout: Duration(24 * time.Hour), @@ -218,16 +218,16 @@ type Schema struct { VaultPluginBatchSizeLimit Setting[int] `unit:"{request}"` VaultRequestBatchSizeLimit Setting[int] `unit:"{request}"` - VaultLimitsMaxQueryLength Setting[int] - VaultLimitsMaxObservationLength Setting[int] - VaultLimitsMaxReportsPlusPrecursorLength Setting[int] - VaultLimitsMaxReportLength Setting[int] - VaultLimitsMaxReportCount Setting[int] - VaultLimitsMaxKeyValueModifiedKeysPlusValuesLength Setting[int] - VaultLimitsMaxKeyValueModifiedKeys Setting[int] - VaultLimitsMaxBlobPayloadLength Setting[int] - VaultLimitsMaxPerOracleUnexpiredBlobCumulativePayloadBytes Setting[int] - VaultLimitsMaxPerOracleUnexpiredBlobCount Setting[int] + VaultMaxQuerySizeLimit Setting[config.Size] + VaultMaxObservationSizeLimit Setting[config.Size] + VaultMaxReportsPlusPrecursorSizeLimit Setting[config.Size] + VaultMaxReportSizeLimit Setting[config.Size] + VaultMaxReportCount Setting[int] + VaultMaxKeyValueModifiedKeysPlusValuesSizeLimit Setting[config.Size] + VaultMaxKeyValueModifiedKeys Setting[int] + VaultMaxBlobPayloadSizeLimit Setting[config.Size] + VaultMaxPerOracleUnexpiredBlobCumulativePayloadSizeLimit Setting[config.Size] + VaultMaxPerOracleUnexpiredBlobCount Setting[int] PerOrg Orgs `scope:"org"` PerOwner Owners `scope:"owner"`