Add timeout configuration for aiohttp ClientSession using CONTROL_PLANE_TIMEOUT (permitio#286)

danyi1212 · web-flow · commit bdfc70d58cdd · 2025-09-15T17:34:01.000+03:00
diff --git a/horizon/opal_relay_api.py b/horizon/opal_relay_api.py
@@ -5,6 +5,7 @@
 from urllib.parse import urljoin
 from uuid import UUID
 
+import aiohttp
 from aiohttp import ClientSession
 from fastapi import status
 from fastapi.encoders import jsonable_encoder
@@ -134,7 +135,9 @@ async def relay_session(self) -> ClientSession:
                     ) from e
             self._relay_token = obj.token
             self._relay_session = ClientSession(
-                headers={"Authorization": f"Bearer {self._relay_token}"}, trust_env=True
+                headers={"Authorization": f"Bearer {self._relay_token}"},
+                trust_env=True,
+                timeout=aiohttp.ClientTimeout(total=sidecar_config.CONTROL_PLANE_TIMEOUT),
             )
         return self._relay_session
 
diff --git a/horizon/proxy/api.py b/horizon/proxy/api.py
@@ -172,6 +172,7 @@ async def proxy_request_to_cloud_service(
     path: str,
     cloud_service_url: str,
     additional_headers: dict[str, str],
+    timeout: int = sidecar_config.CONTROL_PLANE_TIMEOUT,
 ) -> Response:
     auth_header = request.headers.get("Authorization")
     if auth_header is None:
@@ -200,9 +201,7 @@ async def proxy_request_to_cloud_service(
 
     logger.info(f"Proxying request: {request.method} {path}")
 
-    async with aiohttp.ClientSession(
-        trust_env=True,
-    ) as session:
+    async with aiohttp.ClientSession(trust_env=True, timeout=aiohttp.ClientTimeout(total=timeout)) as session:
         if request.method == HTTP_GET:
             async with session.get(path, headers=headers, params=params) as backend_response:
                 return await proxy_response(backend_response)
