Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ca]: Add a 5-second timeout to an external CA signing request #2064

Merged
merged 1 commit into from
Mar 29, 2017
Merged

[ca]: Add a 5-second timeout to an external CA signing request #2064

merged 1 commit into from
Mar 29, 2017

Conversation

cyli
Copy link
Contributor

@cyli cyli commented Mar 28, 2017

@codecov
Copy link

codecov bot commented Mar 28, 2017
edited
Loading

Codecov Report

Merging #2064 into master will decrease coverage by 0.11%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2064      +/-   ##
==========================================
- Coverage   54.26%   54.15%   -0.12%     
==========================================
  Files         111      111              
  Lines       19351    19326      -25     
==========================================
- Hits        10501    10466      -35     
- Misses       7582     7584       +2     
- Partials     1268     1276       +8

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d4d2e26...7498dcc. Read the comment docs.

@aaronlehmann
Copy link
Collaborator

cc @binman-docker

aaronlehmann
aaronlehmann reviewed Mar 28, 2017
View reviewed changes
ca/external.go Outdated
@@ -154,7 +155,8 @@ func (eca *ExternalCA) CrossSignRootCA(ctx context.Context, rca RootCA) ([]byte,
}

func makeExternalSignRequest(ctx context.Context, client *http.Client, url string, csrJSON []byte) (cert []byte, err error) {
resp, err := ctxhttp.Post(ctx, client, url, "application/json", bytes.NewReader(csrJSON))
requestCtx, _ := context.WithTimeout(ctx, 5*time.Second)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Call the cancel function after the context is no longer needed. That will ensure resources get freed, instead of possibly having them tied up for 5 seconds.

@aaronlehmann
Copy link
Collaborator

Thanks. Have you tested this?

@aaronlehmann aaronlehmann added this to the 17.04.0 milestone Mar 28, 2017
@cyli cyli force-pushed the timeout-remote-sign-request branch 2 times, most recently from 1da8ad8 to d15a5b3 Compare March 28, 2017 22:02
@cyli
Copy link
Contributor Author

cyli commented Mar 28, 2017

@aaronlehmann Previously I only tested manually, but I've added a test that an individual call to an external server is timed out.

aaronlehmann
aaronlehmann reviewed Mar 28, 2017
View reviewed changes
ca/external.go Outdated
func makeExternalSignRequest(ctx context.Context, client *http.Client, url string, csrJSON []byte) (cert []byte, err error) {
resp, err := ctxhttp.Post(ctx, client, url, "application/json", bytes.NewReader(csrJSON))
func makeExternalSignRequest(ctx context.Context, client *http.Client, url string, csrJSON []byte, timeout time.Duration) (cert []byte, err error) {
requestCtx, cancel := context.WithTimeout(ctx, timeout)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to move the context creation outside makeExternalSignRequest. Passing in a timeout is a bit redundant with passing in a context.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, thanks

@aaronlehmann
Copy link
Collaborator

Thanks for the test!

@cyli cyli force-pushed the timeout-remote-sign-request branch from d15a5b3 to 5bc6637 Compare March 28, 2017 22:19
@aaronlehmann
Copy link
Collaborator

LGTM

@aaronlehmann
Copy link
Collaborator

ping @diogomonica please review

This was referenced Mar 29, 2017
Merged
Merged
@cyli
Add a 5-second timeout to an external CA signing request
7498dcc 
Signed-off-by: cyli <ying.li@docker.com>
@cyli cyli force-pushed the timeout-remote-sign-request branch from 5bc6637 to 7498dcc Compare March 29, 2017 16:49
@diogomonica diogomonica merged commit 1a8e593 into moby:master Mar 29, 2017
@cyli cyli deleted the timeout-remote-sign-request branch March 29, 2017 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronlehmann aaronlehmann aaronlehmann left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
17.04.0
Development

Successfully merging this pull request may close these issues.
3 participants
@cyli @aaronlehmann @diogomonica