2 files changed, 17 insertions, 4 deletions

diff --git a/keystonemiddleware/ec2_token.py b/keystonemiddleware/ec2_token.py
index faa5968..3e00646 100644
--- a/keystonemiddleware/ec2_token.py
+++ b/keystonemiddleware/ec2_token.py
@@ -44,6 +44,8 @@ keystone_ec2_opts = [
                     'CAs.'),
     cfg.BoolOpt('insecure', default=False,
                 help='Disable SSL certificate verification.'),
+    cfg.IntOpt('timeout', default=60,
+               help='Timeout to obtain token.'),
 ]
 
 CONF = cfg.CONF
@@ -172,9 +174,10 @@ class EC2Token(object):
         elif CONF.keystone_ec2_token.certfile:
             cert = CONF.keystone_ec2_token.certfile
 
-        response = requests.request('POST', CONF.keystone_ec2_token.url,
-                                    data=creds_json, headers=headers,
-                                    verify=verify, cert=cert)
+        response = requests.post(CONF.keystone_ec2_token.url,
+                                 data=creds_json, headers=headers,
+                                 verify=verify, cert=cert,
+                                 timeout=CONF.keystone_ec2_token.timeout)
 
         # NOTE(vish): We could save a call to keystone by
         #             having keystone return token, tenant,
diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py
index d8d8e78..ad27aff 100644
--- a/keystonemiddleware/s3_token.py
+++ b/keystonemiddleware/s3_token.py
@@ -33,12 +33,21 @@ This WSGI component:
 
 import webob
 
+from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
 from oslo_utils import strutils
 import requests
 import six
 
+s3_opts = [
+    cfg.IntOpt('timeout', default=60,
+               help='Timeout to obtain token.'),
+]
+
+CONF = cfg.CONF
+CONF.register_opts(s3_opts, group='s3_token')
+
 PROTOCOL_NAME = 'S3 Token Authentication'
 
 
@@ -113,7 +122,8 @@ class S3Token(object):
         try:
             response = requests.post('%s/v2.0/s3tokens' % self._request_uri,
                                      headers=headers, data=creds_json,
-                                     verify=self._verify)
+                                     verify=self._verify,
+                                     timeout=CONF.s3_token.timeout)
         except requests.exceptions.RequestException as e:
             self._logger.info('HTTP connection exception: %s', e)
             resp = self._deny_request('InvalidURI')