openstack/deb-python-keystoneclient
Code Issues Proposed changes

Allow configure auth_token http connect timeout.

Browse Source 
- Fixes bug 939613.

Change-Id: Ic8cfc36e02212eeb987e509893369c0a47d9209a
This commit is contained in:
Chmouel Boudjnah
2013-02-14 14:43:54 +01:00
parent 1ba04810e9
commit 878695ce06
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/middlewarearchitecture.rst
View File

@@ -184,6 +184,8 @@ Configuration Options
* ``delay_auth_decision``: (optional, default `0`) (off). If on, the middleware * ``delay_auth_decision``: (optional, default `0`) (off). If on, the middleware
will not reject invalid auth requests, but will delegate that decision to will not reject invalid auth requests, but will delegate that decision to
downstream WSGI components. downstream WSGI components.
* ``http_connect_timeout``: (optional, default `python default` allow increase
the timeout when validating token by http).
* ``auth_port``: (optional, default `35357`) the port used to validate tokens * ``auth_port``: (optional, default `35357`) the port used to validate tokens
* ``auth_protocol``: (optional, default `https`) * ``auth_protocol``: (optional, default `https`)
* ``auth_uri``: (optional, defaults to `auth_protocol`://`auth_host`:`auth_port`) * ``auth_uri``: (optional, defaults to `auth_protocol`://`auth_host`:`auth_port`)

10
keystoneclient/middleware/auth_token.py
View File

@@ -161,6 +161,7 @@ opts = [
cfg.StrOpt('auth_protocol', default='https'), cfg.StrOpt('auth_protocol', default='https'),
cfg.StrOpt('auth_uri', default=None), cfg.StrOpt('auth_uri', default=None),
cfg.BoolOpt('delay_auth_decision', default=False), cfg.BoolOpt('delay_auth_decision', default=False),
cfg.BoolOpt('http_connect_timeout', default=None),
cfg.StrOpt('admin_token', secret=True), cfg.StrOpt('admin_token', secret=True),
cfg.StrOpt('admin_user'), cfg.StrOpt('admin_user'),
cfg.StrOpt('admin_password', secret=True), cfg.StrOpt('admin_password', secret=True),
@@ -287,6 +288,9 @@ class AuthProtocol(object):
self._token_revocation_list_fetched_time = None self._token_revocation_list_fetched_time = None
cache_timeout = datetime.timedelta(seconds=0) cache_timeout = datetime.timedelta(seconds=0)
self.token_revocation_list_cache_timeout = cache_timeout self.token_revocation_list_cache_timeout = cache_timeout
http_connect_timeout_cfg = self._conf_get('http_connect_timeout')
self.http_connect_timeout = (http_connect_timeout_cfg and
int(http_connect_timeout_cfg))
def _assert_valid_memcache_protection_config(self): def _assert_valid_memcache_protection_config(self):
if self._memcache_security_strategy: if self._memcache_security_strategy:
@@ -439,12 +443,14 @@ class AuthProtocol(object):
def _get_http_connection(self): def _get_http_connection(self):
if self.auth_protocol == 'http': if self.auth_protocol == 'http':
return self.http_client_class(self.auth_host, self.auth_port) return self.http_client_class(self.auth_host, self.auth_port,
timeout=self.http_connect_timeout)
else: else:
return self.http_client_class(self.auth_host, return self.http_client_class(self.auth_host,
self.auth_port, self.auth_port,
self.key_file, self.key_file,
self.cert_file) self.cert_file,
timeout=self.http_connect_timeout)
def _http_request(self, method, path): def _http_request(self, method, path):
"""HTTP request helper used to make unspecified content type requests. """HTTP request helper used to make unspecified content type requests.

2
tests/test_auth_token_middleware.py
View File

@@ -289,7 +289,7 @@ class FakeHTTPConnection(object):
last_requested_url = '' last_requested_url = ''
def __init__(self, *args): def __init__(self, *args, **kwargs):
self.send_valid_revocation_list = True self.send_valid_revocation_list = True
def request(self, method, path, **kwargs): def request(self, method, path, **kwargs):