launchpad-buildd

Merge ~cjwatson/launchpad-buildd:revoke-proxy-token-timeout into launchpad-buildd:master

Proposed by Colin Watson on 2022-06-22

Status:	Merged
Approved by:	Colin Watson on 2022-06-28
Approved revision:	2cf20c8af5ace95141c9bc393274daa3d769f57e
Merge reported by:	Otto Co-Pilot
Merged at revision:	not available
Proposed branch:	~cjwatson/launchpad-buildd:revoke-proxy-token-timeout
Merge into:	launchpad-buildd:master
Diff against target:	59 lines (+10/-3) 4 files modified debian/changelog (+3/-0) lpbuildd/proxy.py (+1/-1) lpbuildd/tests/test_charm.py (+3/-1) lpbuildd/tests/test_snap.py (+3/-1)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jürgen Gmach		2022-06-22	Approve on 2022-06-23
Review via email: mp+425211@code.launchpad.net

Commit message

Add a timeout when revoking proxy tokens

Description of the change

We should have a timeout when making external requests so that builders don't get tied up indefinitely if the external service in question doesn't respond for whatever reason. The builder proxy applies a maximum lifetime to tokens, so the worst case of failing to revoke a token is that it ends up being valid for a little longer than necessary.

Revision history for this message

Jürgen Gmach (jugmac00) wrote on 2022-06-23:

Indeed. All network requests should have a timeout.

Having a look at the docstring of `urlopen`, the timeout is set by default to `socket._GLOBAL_DEFAULT_TIMEOUT`.

I tried to find out more about that global timeout, but it looks like this is just a placeholder, ie `object()`. The docstring also is not really helpful. By chance, did you encounter this and do you know where this default value is set and if there is even a number?

review: Approve

Revision history for this message

Colin Watson (cjwatson) wrote on 2022-06-23:

As far as I can tell, the purpose of `_GLOBAL_DEFAULT_TIMEOUT` is just to be a sentinel object so that the `socket` module can distinguish `timeout=None` from not passing the keyword argument at all. If you don't pass the `timeout` argument at all, then you get whatever `socket.getdefaulttimeout` returns, which applications can change using `socket.setdefaulttimeout`. If you pass `timeout=None`, then you get a blocking socket with no timeout even if `socket.setdefaulttimeout` had previously been called.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Colin Watson

1	diff --git a/debian/changelog b/debian/changelog
2	index fbd0d9a..4256c57 100644
3	--- a/debian/changelog
4	+++ b/debian/changelog
5	@@ -4,6 +4,9 @@ launchpad-buildd (216) UNRELEASED; urgency=medium
6	* Allow specifying target architecture for snaps via
7	SNAPCRAFT_BUILD_TO environment variable
8
9	+ [ Colin Watson ]
10	+ * Add a timeout when revoking proxy tokens.
11	+
12	-- Andrey Fedoseev <andrey.fedoseev@canonical.com> Mon, 27 Jun 2022 12:32:05 +0500
13
14	launchpad-buildd (215) focal; urgency=medium
15	diff --git a/lpbuildd/proxy.py b/lpbuildd/proxy.py
16	index 7aadbfa..9c56780 100644
17	--- a/lpbuildd/proxy.py
18	+++ b/lpbuildd/proxy.py
19	@@ -249,7 +249,7 @@ class BuildManagerProxyMixin:
20	req = Request(self.revocation_endpoint, None, headers)
21	req.get_method = lambda: "DELETE"
22	try:
23	- urlopen(req)
24	+ urlopen(req, timeout=15)
25	except (HTTPError, URLError) as e:
26	self._builder.log(
27	f"Unable to revoke token for {url.username}: {e}")
28	diff --git a/lpbuildd/tests/test_charm.py b/lpbuildd/tests/test_charm.py
29	index 72b4e0c..4ef2281 100644
30	--- a/lpbuildd/tests/test_charm.py
31	+++ b/lpbuildd/tests/test_charm.py
32	@@ -207,8 +207,10 @@ class TestCharmBuildManagerIteration(TestCase):
33	self.buildmanager.proxy_url = "http://username:password@proxy_url"
34	self.buildmanager.revokeProxyToken()
35	self.assertEqual(1, urlopen_mock.call_count)
36	- request = urlopen_mock.call_args[0][0]
37	+ args, kwargs = urlopen_mock.call_args
38	+ request = args[0]
39	self.assertEqual(
40	{'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ="},
41	request.headers)
42	self.assertEqual('http://revoke_endpoint', request.get_full_url())
43	+ self.assertEqual({"timeout": 15}, kwargs)
44	diff --git a/lpbuildd/tests/test_snap.py b/lpbuildd/tests/test_snap.py
45	index c2bce38..7791584 100644
46	--- a/lpbuildd/tests/test_snap.py
47	+++ b/lpbuildd/tests/test_snap.py
48	@@ -536,8 +536,10 @@ class TestSnapBuildManagerIteration(TestCase):
49	self.buildmanager.proxy_url = "http://username:password@proxy_url"
50	self.buildmanager.revokeProxyToken()
51	self.assertEqual(1, urlopen_mock.call_count)
52	- request = urlopen_mock.call_args[0][0]
53	+ args, kwargs = urlopen_mock.call_args
54	+ request = args[0]
55	self.assertEqual(
56	{'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ="},
57	request.headers)
58	self.assertEqual('http://revoke_endpoint', request.get_full_url())
59	+ self.assertEqual({"timeout": 15}, kwargs)