Cf network policies results in 414 error

[MerricdeLauney]

Please fill out the issue checklist below and provide ALL the requested information.

• I reviewed open and closed github issues that may be related to my problem.
• I tried updating to the latest version of the CF CLI to see if it fixed my problem.
• I attempted to run the command with CF_TRACE=1 to help debug the issue.
• I am reporting a bug that others will be able to reproduce.

Describe the bug and the command you saw an issue with
We ran into a an error while running cf network-policies on a space with a large number of apps (~600) and networking policies (~1400). This seems to occur because the cli does not bound the length of a query string when filtering list endpoints. In particular, for cf network-policies, theres a request to /v3/apps?guids=... here.

Due to the large number of apps involved, this results in a query string longer than 8192 bytes which exceeds the maximum bytes allowed in a header by nginx.

One possible solution would be to split any request larger than 8192 bytes into multiple requests.

What happened
Running cf network-policies results in the following error:

RESPONSE: [xxxx]
HTTP/1.1 414 Request URI Too Long
Content-Length: 170
Content-Type: text/html
Date: xxxx
Server: nginx
X-Vcap-Request-Id: 6ac23722-999c-4cac-60bc-57e40aec8d10
<html>
<head><title>414 Request-URI Too Large</title></head>
<body>
<center><h1>414 Request-URI Too Large</h1></center>
<hr><center>nginx</center>
</body>
</html>

Expected behavior
cf network-policies should not error and return all the network policies.

Exact Steps To Reproduce

1. Make several hundred apps
2. Add c2c network policies between the apps using cf add-network-policy. All of these policies need to have their source app be in a given space
3. List all the c2c networking policies using cf network-policies while targeting the given space

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175134868

The labels on this github issue will be updated when the story is started.

[heyjcollins]

Hey @MerricdeLauney - thanks very much for reporting this issue.
Just a heads up that we've got a fix in the current dev edge cli binary (cf version 7.1.0+1f695102e.2020-11-04) in case you'd like to test it out yourself.

It's worth noting that the initial fix, which the team validated against a local bosh-lite env before delivery, failed with a 413 error (a different error) when I validated it against a full foundation running on GCP.

Reducing the batch size resolves the issue.
This fix will be published in the next v7 release - v7.2.0

For visibility/discoverability, I wanted to include the unexpected 413 error I encountered while validating the original fix here:

  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 413 (Request Entity Too Large)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  </style>
  <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
  <p><b>413.</b> <ins>That’s an error.</ins>
  <p>Your client issued a request that was too large.
 <script>
  (function() { /*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
var c=function(a,d,b){a=a+"=deleted; path="+d;null!=b&&(a+="; domain="+b);document.cookie=a+"; expires=Thu, 01 Jan 1970 00:00:00 GMT"};var g=function(a){var d=e,b=location.hostname;c(d,a,null);c(d,a,b);for(var f=0;;){f=b.indexOf(".",f+1);if(0>f)break;c(d,a,b.substring(f+1))}};var h;if(4E3<unescape(encodeURI(document.cookie)).length){for(var k=document.cookie.split(";"),l=[],m=0;m<k.length;m++){var n=k[m].match(/^\s*([^=]+)/);n&&l.push(n[1])}for(var p=0;p<l.length;p++){var e=l[p];g("/");for(var q=location.pathname,r=0;;){r=q.indexOf("/",r+1);if(0>r)break;var t=q.substring(0,r);g(t);g(t+"/")}"/"!=q.charAt(q.length-1)&&(g(q),g(q+"/"))}h=!0}else h=!1;
h&&setTimeout(function(){if(history.replaceState){var a=location.href;history.replaceState(null,"","/");location.replace(a)}},1E3); })();

</script>
 <ins>That’s all we know.</ins>

FAILED

[reidmit]

We recently released v7.2.0, which should contain a fix for this issue. Thanks for your help!