#1172 make timeout of authentication configurable
Merged 3 years ago by mikem. Opened 3 years ago by julian8628.
julian8628/koji issue/1171  into  master

file modified
+6
@@ -39,3 +39,9 @@ 

  

  ;enabled plugins for CLI, runroot and save_failed_tree are available

  ;plugins =

+ 

+ ;timeout of XMLRPC requests by seconds, default: 60 * 60 * 12 = 43200

+ ;timeout = 43200

+ 

+ ;timeout of GSSAPI/SSL authentication by seconds, default: 60

+ ;auth_timeout = 60

file modified
+16 -7
@@ -268,6 +268,10 @@ 

  # default task priority

  PRIO_DEFAULT = 20

  

+ # default timeouts

+ DEFAULT_REQUEST_TIMEOUT = 60 * 60 * 12

+ DEFAULT_AUTH_TIMEOUT = 60

+ 

  ## BEGIN kojikamid dup

  

  #Exceptions
@@ -1647,7 +1651,8 @@ 

          'offline_retry' : None,

          'offline_retry_interval' : None,

          'keepalive' : True,

-         'timeout' : None,

+         'timeout' : DEFAULT_REQUEST_TIMEOUT,

+         'auth_timeout' : DEFAULT_AUTH_TIMEOUT,

          'use_fast_upload': False,

          'upload_blocksize': 1048576,

          'poll_interval': 6,
@@ -1719,7 +1724,8 @@ 

                                  'debug', 'debug_xmlrpc', 'krb_canon_host'):

                          result[name] = config.getboolean(profile_name, name)

                      elif name in ('max_retries', 'retry_interval',

-                                   'offline_retry_interval', 'poll_interval', 'timeout',

+                                   'offline_retry_interval', 'poll_interval',

+                                   'timeout', 'auth_timeout',

                                    'upload_blocksize', 'pyver'):

                          try:

                              result[name] = int(value)
@@ -2037,6 +2043,7 @@ 

          'anon_retry',

          'keepalive',

          'timeout',

+         'auth_timeout',

          'use_fast_upload',

          'upload_blocksize',

          'krb_rdns',
@@ -2074,7 +2081,7 @@ 

          self.logger = logging.getLogger('koji')

          self.rsession = None

          self.new_session()

-         self.opts.setdefault('timeout',  60 * 60 * 12)

+         self.opts.setdefault('timeout', DEFAULT_REQUEST_TIMEOUT)

  

  

      def new_session(self):
@@ -2233,13 +2240,14 @@ 

          # Force a new session

          self.new_session()

  

-         # 60 second timeout during login

          sinfo = None

          old_env = {}

          old_opts = self.opts

          self.opts = old_opts.copy()

          try:

-             self.opts['timeout'] = 60

+             # temporary timeout value during login

+             self.opts['timeout'] = self.opts.get('auth_timeout',

+                                                  DEFAULT_AUTH_TIMEOUT)

              kwargs = {}

              if keytab:

                  old_env['KRB5_CLIENT_KTNAME'] = os.environ.get('KRB5_CLIENT_KTNAME')
@@ -2301,10 +2309,11 @@ 

          # Force a new session

          self.new_session()

  

-         # 60 second timeout during login

          old_opts = self.opts

          self.opts = old_opts.copy()

-         self.opts['timeout'] = 60

+         # temporary timeout value during login

+         self.opts['timeout'] = self.opts.get('auth_timeout',

+                                              DEFAULT_AUTH_TIMEOUT)

          self.opts['cert'] = cert

          self.opts['serverca'] = serverca

          try:

fixes: #1171

default value is not extracted out here.

An explicit auth_timeout = 0 ought to mean no timeout for auth, but this expression will give 60 in that case:

self.opts['timeout'] = self.opts.get('auth_timeout') or 60

Instead, I think we should apply the default using the option to get, e.g.

self.opts['timeout'] = self.opts.get('auth_timeout', 60)

We also need to update the comment above that mentions "60 seconds". Perhaps just change it to say "temporary timeout value during login"

Actually, we probably want to change the default value in get_config as well.

It's probably worth keeping the default in the session code also, for scripts that don't use read_config().

1 new commit added

  • set default value for timeout and auth_timeout in read_config
3 years ago

Commit a05478e fixes this pull-request

Pull-Request has been merged by mikem

3 years ago