Limit the size of then payload for creating robot accounts

endpoints/api/robot.py

@@ -2,7 +2,7 @@
 
 from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource,
                            require_user_admin, require_scope, path_param, parse_args,
-                           truthy_bool, query_param, validate_json_request)
+                           truthy_bool, query_param, validate_json_request, max_json_size)
 from endpoints.api.robot_models_pre_oci import pre_oci_model as model
 from endpoints.exception import Unauthorized
 from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission
@@ -28,6 +28,8 @@ CREATE_ROBOT_SCHEMA = {
   },
 }
 
+ROBOT_MAX_SIZE = 1024 * 1024 # 1 KB.
+
 
 def robots_list(prefix, include_permissions=False):
   robots = model.list_entity_robot_permission_teams(prefix, include_permissions=include_permissions)
@@ -69,6 +71,7 @@ class UserRobot(ApiResource):
 
   @require_user_admin
   @nickname('createUserRobot')
+  @max_json_size(ROBOT_MAX_SIZE)
   @validate_json_request('CreateRobot', optional=True)
   def put(self, robot_shortname):
     """ Create a new user robot with the specified name. """
@@ -138,6 +141,7 @@ class OrgRobot(ApiResource):
 
   @require_scope(scopes.ORG_ADMIN)
   @nickname('createOrgRobot')
+  @max_json_size(ROBOT_MAX_SIZE)
   @validate_json_request('CreateRobot', optional=True)
   def put(self, orgname, robot_shortname):
     """ Create a new robot in the organization. """