diff options
| author | Yukinori Sagara <sagara177@gmail.com> | 2014-08-25 10:53:30 +0900 |
|---|---|---|
| committer | Yukinori Sagara <sagara177@gmail.com> | 2014-09-01 08:06:07 +0900 |
| commit | cf5e45dd5b1ae9b98698a05e7d39989b6bfd4747 (patch) | |
| tree | 30debcbe795d4583887beb18bd6349861ec17e8e | |
| parent | 1643f7da32b1f729f12d042565d8c67f10f91b8c (diff) | |
| download | python-keystoneclient-cf5e45dd5b1ae9b98698a05e7d39989b6bfd4747.tar.gz | |
fix EC2 Signature Version 4 calculation, in the case of POST
When calculating the AWS Signature Version 4, in the case of POST,
We need to set the CanonicalQueryString to an empty string. this
follows the implementation of the AWS and boto clients.
Change-Id: Iad4e392119067e246c7b77009da3fef48d251382
Closes-Bug: 1360892
| -rw-r--r-- | keystoneclient/contrib/ec2/utils.py | 9 | ||||
| -rw-r--r-- | keystoneclient/tests/test_ec2utils.py | 12 |
2 files changed, 19 insertions, 2 deletions
diff --git a/keystoneclient/contrib/ec2/utils.py b/keystoneclient/contrib/ec2/utils.py index 3b722f2..899b95a 100644 --- a/keystoneclient/contrib/ec2/utils.py +++ b/keystoneclient/contrib/ec2/utils.py @@ -232,12 +232,19 @@ class Ec2Signer(object): header_list.append('%s:%s' % (h, headers_lower[h])) return '\n'.join(header_list) + '\n' + def canonical_query_str(verb, params): + # POST requests pass parameters in through the request body + canonical_qs = '' + if verb.upper() != 'POST': + canonical_qs = self._canonical_qs(params) + return canonical_qs + # Create canonical request: # http://docs.aws.amazon.com/general/latest/gr/ # sigv4-create-canonical-request.html # Get parameters and headers in expected string format cr = "\n".join((verb.upper(), path, - self._canonical_qs(params), + canonical_query_str(verb, params), canonical_header_str(), auth_param('SignedHeaders'), body_hash)) diff --git a/keystoneclient/tests/test_ec2utils.py b/keystoneclient/tests/test_ec2utils.py index ff4aee3..71fc176 100644 --- a/keystoneclient/tests/test_ec2utils.py +++ b/keystoneclient/tests/test_ec2utils.py @@ -130,7 +130,17 @@ class Ec2SignerTest(testtools.TestCase): # examples specify no query string, but the final POST example # does, apparently incorrectly since an empty parameter list # aligns all steps and the final signature with the examples - params = {} + params = {'Action': 'CreateUser', + 'UserName': 'NewUser', + 'Version': '2010-05-08', + 'X-Amz-Algorithm': 'AWS4-HMAC-SHA256', + 'X-Amz-Credential': 'AKIAEXAMPLE/20140611/' + 'us-east-1/iam/aws4_request', + 'X-Amz-Date': '20140611T231318Z', + 'X-Amz-Expires': '30', + 'X-Amz-SignedHeaders': 'host', + 'X-Amz-Signature': 'ced6826de92d2bdeed8f846f0bf508e8' + '559e98e4b0199114b84c54174deb456c'} credentials = {'host': 'iam.amazonaws.com', 'verb': 'POST', 'path': '/', |