Skip to content

fix(artifact-cas): return ResourceExhausted for oversized uploads#2788

Merged
matiasinsaurralde merged 1 commit intochainloop-dev:mainfrom
matiasinsaurralde:fix/artifact-cas-oversize-resource-exhausted
Feb 26, 2026
Merged

fix(artifact-cas): return ResourceExhausted for oversized uploads#2788
matiasinsaurralde merged 1 commit intochainloop-dev:mainfrom
matiasinsaurralde:fix/artifact-cas-oversize-resource-exhausted

Conversation

@matiasinsaurralde
Copy link
Contributor

For #2582

This PR improves artifact upload error semantics in artifact-cas when a file exceeds the configured maximum size.

It introduces a typed domain error for upload size overflow in pkg/blobmanager and updates the bytestream write path to detect that condition explicitly. Instead of masking it as a generic internal server error, the service now returns a client-visible gRPC ResourceExhausted status.

The bytestream test suite was updated to validate the new overflow classification and the expected status code for max-size rejection.

Also replaced backend with storageBackend in bytestream.go to avoid name shadowing (backend: blobmanager package utilities and types, storageBackend: runtime backend implementation)/

Note: I've observed that we use ResourceExhausted to signal request retries in attestation_push.go and other places but this doesn't affect pkg/casclient/uploader.go (and artifact uploads from CLI) in particular.

Before this change:

% chainloop artifact upload --file random-20mb.bin 
WRN API contacted in insecure mode
WRN API contacted in insecure mode
INF uploading random-20mb.bin - sha256:922af4fb71fc691abd17a5f91d4bbeb663ea8ea66e6de2e7e4eb1c6511c08b26
 ... done! [13.63MB in 13ms; 1.05GB/s]
ERR server error

After this change:

% chainloop artifact upload --file random-20mb.bin
WRN API contacted in insecure mode
WRN API contacted in insecure mode
INF uploading random-20mb.bin - sha256:922af4fb71fc691abd17a5f91d4bbeb663ea8ea66e6de2e7e4eb1c6511c08b26
 ... done! [13.63MB in 11ms; 1.20GB/s]
ERR max size of upload exceeded: want=11534336, max=10485760

Some points:

  1. Do we want to send these errors to Sentry (e.g. use LogAndMaskErr)?
  2. I've added want/max to the error so we inform the user about the limit and expected size. Is this ok?
  3. We can tackle CLI changes in another PR and avoid showing "done!" in these cases. Also propose a friendlier message if we implement the above.

@matiasinsaurralde matiasinsaurralde force-pushed the fix/artifact-cas-oversize-resource-exhausted branch from 120aab2 to 140a032 Compare February 26, 2026 00:57
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

Copy link
Member

@jiparis jiparis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks!

Signed-off-by: Matías Insaurralde <matias@chainloop.dev>
@matiasinsaurralde matiasinsaurralde force-pushed the fix/artifact-cas-oversize-resource-exhausted branch from 140a032 to ac304d4 Compare February 26, 2026 12:42
@matiasinsaurralde matiasinsaurralde merged commit 3821334 into chainloop-dev:main Feb 26, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants