Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service clients should timeout HTTP requests if no response is received #2014

Closed
tsandall opened this issue Jan 17, 2020 · 0 comments · Fixed by #2638
Closed

Service clients should timeout HTTP requests if no response is received #2014

tsandall opened this issue Jan 17, 2020 · 0 comments · Fixed by #2638
Assignees
@ashutosh-narkar
Labels
bug help wanted
Projects
Open Policy Agent

Comments

@tsandall
Copy link
Member

tsandall commented Jan 17, 2020
edited

Steps to reproduce

This problem can reproduced simply with nc. For example:

$ nc -l localhost 8000
GET /foo HTTP/1.1

In a separate terminal start opa and point it at the server:

$ opa run -s --set services.test.url=http://localhost:8000 --set bundles.test.resource=foo
{"addrs":[":8181"],"insecure_addr":"","level":"info","msg":"Initializing server.","time":"2020-01-17T17:17:10-05:00"}
{"level":"info","msg":"Starting bundle downloader.","name":"test","plugin":"bundle","time":"2020-01-17T17:17:10-05:00"}

netcat will print the request but not send any response. OPA will continue waiting indefinitely because there is no timeout set on the HTTP request.

Solution

This page does a good job of explaining how the various client timeouts can be set. OPA should be updated to set the Client.Do timeout (which I think means cancelling the context). Note, we do not want to set default timeouts on reading the full response since that'll cause problems for users with large bundles. It should be safe to assume that OPA starts receiving HTTP headers on the order of seconds (e.g., 10 seconds is probably a safe default.)

Initially, users should be able to configure the timeout on the service object. For example:

services:
   test:
     url: https://example.com/v1
     response_header_timeout_seconds: 10
@tsandall tsandall added this to To do in Open Policy Agent via automation Jan 17, 2020
@tsandall tsandall added the bug label Aug 17, 2020
@tsandall tsandall moved this from TODO (Things That Should Be Done) to Planned (Things We Are Going To Do) in Open Policy Agent Aug 17, 2020
@ashutosh-narkar ashutosh-narkar mentioned this issue Aug 18, 2020
Merged
Open Policy Agent automation moved this from Planned (Things We Are Going To Do) to Done Aug 19, 2020
@tsandall tsandall mentioned this issue Aug 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashutosh-narkar ashutosh-narkar

Labels
bug help wanted
Projects
Open Policy Agent
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add response header timeout and update discovery bundle status ashutosh-narkar/opa
2 participants
@tsandall @ashutosh-narkar