From fd770422bbcef063859e2b26a686b381c833186f Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Thu, 22 Sep 2016 18:25:02 -0400
Subject: [PATCH] Add configurable timeout and debug flags to Keystone users

Fixes #1855
---
 data/users/__init__.py |  3 ++-
 data/users/keystone.py | 13 ++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/data/users/__init__.py b/data/users/__init__.py
index ce7852e8e..0cebb1cae 100644
--- a/data/users/__init__.py
+++ b/data/users/__init__.py
@@ -59,11 +59,12 @@ def get_users_handler(config, config_provider, override_config_dir):
 
   if authentication_type == 'Keystone':
     auth_url = config.get('KEYSTONE_AUTH_URL')
+    timeout = config.get('KEYSTONE_AUTH_TIMEOUT')
     keystone_admin_username = config.get('KEYSTONE_ADMIN_USERNAME')
     keystone_admin_password = config.get('KEYSTONE_ADMIN_PASSWORD')
     keystone_admin_tenant = config.get('KEYSTONE_ADMIN_TENANT')
     return KeystoneUsers(auth_url, keystone_admin_username, keystone_admin_password,
-                         keystone_admin_tenant)
+                         keystone_admin_tenant, timeout)
 
   raise RuntimeError('Unknown authentication type: %s' % authentication_type)
 
diff --git a/data/users/keystone.py b/data/users/keystone.py
index a7feb9a4f..4c9a191f7 100644
--- a/data/users/keystone.py
+++ b/data/users/keystone.py
@@ -1,4 +1,5 @@
 import logging
+import os
 
 from keystoneclient.v2_0 import client as kclient
 from keystoneclient.exceptions import AuthorizationFailure as KeystoneAuthorizationFailure
@@ -7,19 +8,24 @@ from data.users.federated import FederatedUsers, VerifiedCredentials
 
 logger = logging.getLogger(__name__)
 
+DEFAULT_TIMEOUT = 10 # seconds
+
 class KeystoneUsers(FederatedUsers):
   """ Delegates authentication to OpenStack Keystone. """
-  def __init__(self, auth_url, admin_username, admin_password, admin_tenant):
+  def __init__(self, auth_url, admin_username, admin_password, admin_tenant, timeout=None):
     super(KeystoneUsers, self).__init__('keystone')
     self.auth_url = auth_url
     self.admin_username = admin_username
     self.admin_password = admin_password
     self.admin_tenant = admin_tenant
+    self.timeout = timeout or DEFAULT_TIMEOUT
+    self.debug = os.environ.get('USERS_DEBUG') == '1'
 
   def verify_credentials(self, username_or_email, password):
     try:
       keystone_client = kclient.Client(username=username_or_email, password=password,
-                                       auth_url=self.auth_url)
+                                       auth_url=self.auth_url, timeout=self.timeout,
+                                       debug=self.debug)
       user_id = keystone_client.user_id
     except KeystoneAuthorizationFailure as kaf:
       logger.exception('Keystone auth failure for user: %s', username_or_email)
@@ -30,7 +36,8 @@ class KeystoneUsers(FederatedUsers):
 
     try:
       admin_client = kclient.Client(username=self.admin_username, password=self.admin_password,
-                                    tenant_name=self.admin_tenant, auth_url=self.auth_url)
+                                    tenant_name=self.admin_tenant, auth_url=self.auth_url,
+                                    timeout=self.timeout, debug=self.debug)
       user = admin_client.users.get(user_id)
     except KeystoneUnauthorized as kut:
       logger.exception('Keystone unauthorized admin')