From 9d3806bceb5097793f2d7ccf60427c4a2756372a Mon Sep 17 00:00:00 2001
From: Yu-Ju Hong <yjhong@google.com>
Date: Tue, 1 Mar 2016 13:47:03 -0800
Subject: [PATCH] Set timeout for accessing credential provider's URL

This changes sets the timeout and also adds the retry mechanism.
---
 pkg/credentialprovider/config.go       | 19 +++++++++++++++++++
 pkg/credentialprovider/gcp/metadata.go |  6 +++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/pkg/credentialprovider/config.go b/pkg/credentialprovider/config.go
index f03bd26c318..43011afbd98 100644
--- a/pkg/credentialprovider/config.go
+++ b/pkg/credentialprovider/config.go
@@ -26,8 +26,10 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/util/wait"
 )
 
 // DockerConfigJson represents ~/.docker/config.json file info
@@ -48,6 +50,10 @@ type DockerConfigEntry struct {
 	Email    string
 }
 
+const (
+	readURLTimeout = time.Second * 20
+)
+
 var (
 	preferredPathLock sync.Mutex
 	preferredPath     = ""
@@ -138,6 +144,19 @@ func (he *HttpError) Error() string {
 }
 
 func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error) {
+	retryInterval := time.Second
+	wait.PollImmediate(retryInterval, readURLTimeout, func() (bool, error) {
+		body, err = readUrl(url, client, header)
+		if err != nil {
+			glog.V(4).Infof("Error reading %q: %v", url, err)
+			return false, nil
+		}
+		return true, nil
+	})
+	return body, err
+}
+
+func readUrl(url string, client *http.Client, header *http.Header) (body []byte, err error) {
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
diff --git a/pkg/credentialprovider/gcp/metadata.go b/pkg/credentialprovider/gcp/metadata.go
index 8ab929315f1..0d4c06d5522 100644
--- a/pkg/credentialprovider/gcp/metadata.go
+++ b/pkg/credentialprovider/gcp/metadata.go
@@ -77,7 +77,7 @@ func init() {
 	credentialprovider.RegisterCredentialProvider("google-dockercfg",
 		&credentialprovider.CachingDockerConfigProvider{
 			Provider: &dockerConfigKeyProvider{
-				metadataProvider{Client: http.DefaultClient},
+				metadataProvider{Client: &http.Client{Timeout: 10 * time.Second}},
 			},
 			Lifetime: 60 * time.Second,
 		})
@@ -85,7 +85,7 @@ func init() {
 	credentialprovider.RegisterCredentialProvider("google-dockercfg-url",
 		&credentialprovider.CachingDockerConfigProvider{
 			Provider: &dockerConfigUrlKeyProvider{
-				metadataProvider{Client: http.DefaultClient},
+				metadataProvider{Client: &http.Client{Timeout: 10 * time.Second}},
 			},
 			Lifetime: 60 * time.Second,
 		})
@@ -94,7 +94,7 @@ func init() {
 		// Never cache this.  The access token is already
 		// cached by the metadata service.
 		&containerRegistryProvider{
-			metadataProvider{Client: http.DefaultClient},
+			metadataProvider{Client: &http.Client{Timeout: 10 * time.Second}},
 		})
 }