From 8b35ac89fcf0cee413da33a5e728af7c0a3169d2 Mon Sep 17 00:00:00 2001
From: Jake McDermott <yo@jakemcdermott.me>
Date: Wed, 27 Mar 2019 11:03:22 -0400
Subject: [PATCH] add timeouts to plugin backends

---
 awx/main/credential_plugins/aim.py        | 7 ++++++-
 awx/main/credential_plugins/conjur.py     | 2 +-
 awx/main/credential_plugins/hashivault.py | 8 +++++---
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/awx/main/credential_plugins/aim.py b/awx/main/credential_plugins/aim.py
index 05d367246d..97c2c4e1a0 100644
--- a/awx/main/credential_plugins/aim.py
+++ b/awx/main/credential_plugins/aim.py
@@ -107,7 +107,12 @@ def aim_backend(**kwargs):
     elif client_cert:
         cert = create_temporary_fifo(client_cert.encode())
 
-    res = requests.get(request_url + request_qs, cert=cert, verify=verify)
+    res = requests.get(
+        request_url + request_qs,
+        timeout=30,
+        cert=cert,
+        verify=verify,
+    )
     res.raise_for_status()
     return res.json()['Content']
 
diff --git a/awx/main/credential_plugins/conjur.py b/awx/main/credential_plugins/conjur.py
index 048170843f..e7bcf9c859 100644
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -108,7 +108,7 @@ def conjur_backend(**kwargs):
     if version:
         path = '?'.join([path, version])
 
-    resp = requests.get(path, **lookup_kwargs)
+    resp = requests.get(path, timeout=30, **lookup_kwargs)
     resp.raise_for_status()
     return resp.text
 
diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py
index 2f058d9dad..fefa46cbae 100644
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -94,13 +94,14 @@ def kv_backend(**kwargs):
         # https://www.vaultproject.io/api/secret/kv/kv-v2.html#read-secret-version
         response = sess.get(
             '/'.join([url, mount_point, 'data'] + path).rstrip('/'),
-            params=params
+            params=params,
+            timeout=30
         )
         response.raise_for_status()
         json = response.json()['data']
     else:
         # https://www.vaultproject.io/api/secret/kv/kv-v1.html#read-secret
-        response = sess.get('/'.join([url, secret_path]).rstrip('/'))
+        response = sess.get('/'.join([url, secret_path]).rstrip('/'), timeout=30)
         response.raise_for_status()
         json = response.json()
 
@@ -130,7 +131,8 @@ def ssh_backend(**kwargs):
     # https://www.vaultproject.io/api/secret/ssh/index.html#sign-ssh-key
     resp = sess.post(
         '/'.join([url, secret_path, 'sign', role]).rstrip('/'),
-        json=json
+        json=json,
+        timeout=30
     )
     resp.raise_for_status()
     return resp.json()['data']['signed_key']