There should be a way to limit workflow executions
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mistral |
Confirmed
|
High
|
Renat Akhmerov | ||
Bug Description
It is possible to overload the messaging queues, engines and executors, using the following techniques:
- workflow task loops
tasks:
looped_task:
on-success:
- looped_tasks
- with-items with an unexpected list length
tasks:
looped_task:
with-items: some_item in <% $.some_
action: std.echo
# the faster the action to execute, the higher the chances to block the system
- high number of concurrent executions
tasks:
looped_task:
concurrency: 10000
with-items: some_item in <% $.some_
action: std.echo
# the faster the action to execute, the higher the chances to block the system
To prevent this, we must be able to set limits (or to change them if they exists but are hard-coded) to the following items for Mistral globally (not only for a particular workflow):
- task recursion limit (maximum action/workflow executions per task maybe?)
- maximum item list size
- maximum concurrency
| summary: |
- Mistral backend DoS through tasks + There should be a way to limit workflow executions |
| Changed in mistral: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| milestone: | none → stein-1 |
| Changed in mistral: | |
| milestone: | stein-1 → stein-2 |
| Changed in mistral: | |
| milestone: | stein-2 → stein-3 |
| Changed in mistral: | |
| milestone: | stein-3 → train-1 |
| Changed in mistral: | |
| milestone: | train-1 → ussuri-1 |
| Changed in mistral: | |
| milestone: | ussuri-1 → ussuri-2 |
| Changed in mistral: | |
| assignee: | nobody → Renat Akhmerov (rakhmerov) |
| Changed in mistral: | |
| milestone: | ussuri-2 → ussuri-3 |
| Changed in mistral: | |
| milestone: | ussuri-3 → victoria-1 |
| Changed in mistral: | |
| milestone: | victoria-1 → wallaby-1 |
