Add column in application_settings for max terraform state size
What does this MR do and why?
Currently, the Terraform State data sent to the POST /projects/:project_id/terraform/state/:name
API has no size limits. A malicious actor can spam the API with very big files, which can cause a denial of service and an increase to storage cost.
We want to introduce a limit to the file/data accepted by the API. We also want to make this configurable in the application settings so self-managed instances can set their own limits. This means a change in 2 places, the API endpoint itself and in the Admin Area -> Settings -> Preferences section of a GitLab instance.
This MR introduces a new column to the application_settings
table that will hold the "max size" value of an uploaded Terraform state. It is submitted as its own MR ahead of the API and UI changes so that the changes can be done in parallel on top of this MR.
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/352951
Screenshots or screen recordings
Migration run locally:
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.