feat(grpc): add configurable maximum size limit for received gRPC messages

app/controlplane/internal/conf/controlplane/config/v1/conf.proto

@@ -174,6 +174,9 @@ message Server {
     string addr = 2 [(buf.validate.field).string.min_len = 1];
     google.protobuf.Duration timeout = 3;
     TLS tls_config = 4;
+    // Maximum size in bytes of received gRPC messages.
+    // Defaults to 4MB (4194304) if not set. Use this to allow larger attestations.
+    int32 max_recv_msg_size = 5;
   }
 
   HTTP http = 1;

app/controlplane/internal/server/grpc.go

@@ -48,6 +48,7 @@ import (
 	"github.com/go-kratos/kratos/v2/transport/grpc"
 	protovalidateMiddleware "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/protovalidate"
 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
+	grpcLib "google.golang.org/grpc"
 )
 
 type Opts struct {
@@ -89,14 +90,14 @@ type Opts struct {
 	GroupSvc            *service.GroupService
 	ProjectSvc          *service.ProjectService
 	// Utils
-	Logger          log.Logger
-	ServerConfig    *conf.Server
-	AuthConfig      *conf.Auth
+	Logger              log.Logger
+	ServerConfig        *conf.Server
+	AuthConfig          *conf.Auth
 	FederatedConfig     *conf.FederatedAuthentication
 	OperationAuthConfig *conf.OperationAuthorizationProvider
 	BootstrapConfig     *conf.Bootstrap
-	Credentials     credentials.ReaderWriter
-	Validator       protovalidate.Validator
+	Credentials         credentials.ReaderWriter
+	Validator           protovalidate.Validator
 }
 
 var (
@@ -146,6 +147,10 @@ func NewGRPCServer(opts *Opts) (*grpc.Server, error) {
 		}
 	}
 
+	if v := opts.ServerConfig.Grpc.GetMaxRecvMsgSize(); v > 0 {
+		serverOpts = append(serverOpts, grpc.Options(grpcLib.MaxRecvMsgSize(int(v))))
+	}
+
 	srv := grpc.NewServer(serverOpts...)
 	v1.RegisterWorkflowServiceServer(srv, opts.WorkflowSvc)
 	v1.RegisterStatusServiceServer(srv, service.NewStatusService(opts.AuthSvc.AuthURLs.Login, Version, opts.CASClientUseCase, opts.BootstrapConfig))

deployment/chainloop/Chart.yaml

@@ -7,7 +7,7 @@ description: Chainloop is an open source software supply chain control plane, a
 
 type: application
 # Bump the patch (not minor, not major) version on each change in the Chart Source code
-version: 1.370.0
+version: 1.370.1
 # Do not update appVersion, this is handled automatically by the release process
 appVersion: v1.93.3
 

deployment/chainloop/templates/controlplane/configmap.yaml

@@ -31,6 +31,9 @@ data:
       grpc:
         addr: "0.0.0.0:{{ .Values.controlplane.containerPorts.grpc }}"
         timeout: 10s
+        {{- if .Values.controlplane.grpcMaxRecvMsgSize }}
+        max_recv_msg_size: {{ .Values.controlplane.grpcMaxRecvMsgSize }}
+        {{- end }}
         {{- if include "controlplane.tls-secret-name" .  }}
         tls_config:
           certificate: /data/server-certs/tls.crt

deployment/chainloop/values.yaml

@@ -141,6 +141,9 @@ controlplane:
     tag: "v1.93.3"
 
 
+  ## @param controlplane.grpcMaxRecvMsgSize Maximum size in bytes of received gRPC messages. Increase to allow larger attestations. Defaults to the gRPC standard 4MB (4194304) if not set.
+  grpcMaxRecvMsgSize: ""
+
   ## @param controlplane.containerPorts.http controlplane HTTP container port
   ## @param controlplane.containerPorts.grpc controlplane gRPC container port
   ## @param controlplane.containerPorts.metrics controlplane prometheus metrics container port