Remove timeouts from TP requests #1261
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes the timeouts used in both trusted-publishing requests: the
GET
requesting an OIDC token, and thePOST
requesting the actual API token.I have noticed that when a single identity is registered as the trusted publisher for many packages (200+), twine can occasionally* timeout. I have therefore had to start performing the token exchange myself again, as we had to do before v6.10.
I suspect this is because the API token is a macaroon, and the server must therefore identify all the packages that have registered that same identity as a "trusted publisher", and then store them in the macaroon. I assume this is computationally expensive, so, with many packages (and/or if the server is busy with many other requests), the current hardcoded timeouts become insufficient.
Now, the better solution here would be to allow users to pass a custom timeout:
twine upload --timeout 30
. However, I've noticed that none of the other requests performed bytwine
have timeouts:twine/twine/repository.py
Lines 102 to 107 in 9175334
twine/twine/repository.py
Lines 151 to 156 in 9175334
twine/twine/repository.py
Line 215 in 9175334
I have therefore chosen to simply remove the timeouts to be consistent with the rest of the codebase. This is largely because I'm not familiar enough with twine's codebase to make the larger changes necessary to make a potential
--timeout
argument apply everywhere (as users would expect).If preferred and if someone can point me in the right direction(s), I'll be happy to set a user-defined global timeout everywhere instead.
* I haven't kept track of how often it happens... it's just common enough to be annoying... maybe 10% of the time?