vault: Add timeout option
The existing logic assumes that requests may raise timeout exception but timeout exception is never raised unless timeout is explicitly set in each request method calls. This introduces the timeout option and use it in request method calls so that timeout is actually set and handled by the logics. Also the keystoneauth session options loaded in the vault driver is not actually used. This change also removes it. Change-Id: I8c354937c2c39a63f50c150b3e858826b6a78fe0
This commit is contained in:
parent
d578cbcce9
commit
2af34f28f8
@ -26,7 +26,6 @@ import os
|
||||
import time
|
||||
import uuid
|
||||
|
||||
from keystoneauth1 import loading
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import timeutils
|
||||
@ -74,6 +73,9 @@ _vault_opts = [
|
||||
help=_("Vault Namespace to use for all requests to Vault. "
|
||||
"Vault Namespaces feature is available only in "
|
||||
"Vault Enterprise")),
|
||||
cfg.FloatOpt('timeout',
|
||||
default=60,
|
||||
help=_('Timeout (in seconds) in each request to Vault')),
|
||||
]
|
||||
|
||||
_VAULT_OPT_GROUP = 'vault'
|
||||
@ -95,7 +97,6 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
def __init__(self, configuration):
|
||||
self._conf = configuration
|
||||
self._conf.register_opts(_vault_opts, group=_VAULT_OPT_GROUP)
|
||||
loading.register_session_conf_options(self._conf, _VAULT_OPT_GROUP)
|
||||
self._session = requests.Session()
|
||||
self._root_token_id = self._conf.vault.root_token_id
|
||||
self._approle_role_id = self._conf.vault.approle_role_id
|
||||
@ -108,6 +109,7 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
self._kv_version = self._conf.vault.kv_version
|
||||
self._vault_url = self._conf.vault.vault_url
|
||||
self._namespace = self._conf.vault.namespace
|
||||
self._timeout = self._conf.vault.timeout
|
||||
if self._vault_url.startswith("https://"):
|
||||
self._verify_server = self._conf.vault.ssl_ca_crt_file or True
|
||||
else:
|
||||
@ -166,7 +168,8 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
resp = self._session.post(url=approle_login_url,
|
||||
json=params,
|
||||
headers=headers,
|
||||
verify=self._verify_server)
|
||||
verify=self._verify_server,
|
||||
timeout=self._timeout)
|
||||
except requests.exceptions.Timeout as ex:
|
||||
raise exception.KeyManagerError(str(ex))
|
||||
except requests.exceptions.ConnectionError as ex:
|
||||
@ -193,11 +196,11 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
return {}
|
||||
|
||||
def _do_http_request(self, method, resource, json=None):
|
||||
verify = self._verify_server
|
||||
headers = self._build_auth_headers()
|
||||
|
||||
try:
|
||||
resp = method(resource, headers=headers, json=json, verify=verify)
|
||||
resp = method(resource, headers=headers, json=json,
|
||||
verify=self._verfy_server, timeout=self._timeout)
|
||||
except requests.exceptions.Timeout as ex:
|
||||
raise exception.KeyManagerError(str(ex))
|
||||
except requests.exceptions.ConnectionError as ex:
|
||||
|
5
releasenotes/notes/vault-timeout-5eebb432e0943f74.yaml
Normal file
5
releasenotes/notes/vault-timeout-5eebb432e0943f74.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new ``[vault] timeout`` option has been added. This determines timeout
|
||||
in each HTTP request to Vault server. It defaults to 60 seconds.
|
Loading…
x
Reference in New Issue
Block a user