Allow configure auth_token http connect timeout.

- Fixes bug 939613. Change-Id: Ic8cfc36e02212eeb987e509893369c0a47d9209a
2013-02-14 14:43:54 +01:00
parent 1ba04810e9
commit 878695ce06
3 changed files with 11 additions and 3 deletions
--- a/doc/source/middlewarearchitecture.rst
+++ b/doc/source/middlewarearchitecture.rst
@@ -184,6 +184,8 @@ Configuration Options
 * ``delay_auth_decision``: (optional, default `0`) (off). If on, the middleware
  will not reject invalid auth requests, but will delegate that decision to
  downstream WSGI components.
+* ``http_connect_timeout``: (optional, default `python default` allow increase
+  the timeout when validating token by http).
 * ``auth_port``: (optional, default `35357`) the port used to validate tokens
 * ``auth_protocol``: (optional, default `https`)
 * ``auth_uri``: (optional, defaults to `auth_protocol`://`auth_host`:`auth_port`)
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -161,6 +161,7 @@ opts = [
    cfg.StrOpt('auth_protocol', default='https'),
    cfg.StrOpt('auth_uri', default=None),
    cfg.BoolOpt('delay_auth_decision', default=False),
+    cfg.BoolOpt('http_connect_timeout', default=None),
    cfg.StrOpt('admin_token', secret=True),
    cfg.StrOpt('admin_user'),
    cfg.StrOpt('admin_password', secret=True),
@@ -287,6 +288,9 @@ class AuthProtocol(object):
        self._token_revocation_list_fetched_time = None
        cache_timeout = datetime.timedelta(seconds=0)
        self.token_revocation_list_cache_timeout = cache_timeout
+        http_connect_timeout_cfg = self._conf_get('http_connect_timeout')
+        self.http_connect_timeout = (http_connect_timeout_cfg and
+                                     int(http_connect_timeout_cfg))

    def _assert_valid_memcache_protection_config(self):
        if self._memcache_security_strategy:
@@ -439,12 +443,14 @@ class AuthProtocol(object):

    def _get_http_connection(self):
        if self.auth_protocol == 'http':
-            return self.http_client_class(self.auth_host, self.auth_port)
+            return self.http_client_class(self.auth_host, self.auth_port,
+                                          timeout=self.http_connect_timeout)
        else:
            return self.http_client_class(self.auth_host,
                                          self.auth_port,
                                          self.key_file,
-                                          self.cert_file)
+                                          self.cert_file,
+                                          timeout=self.http_connect_timeout)

    def _http_request(self, method, path):
        """HTTP request helper used to make unspecified content type requests.
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -289,7 +289,7 @@ class FakeHTTPConnection(object):

    last_requested_url = ''

-    def __init__(self, *args):
+    def __init__(self, *args, **kwargs):
        self.send_valid_revocation_list = True

    def request(self, method, path, **kwargs):