While keystone is signing a request that looks like this:
POST
/v1/
Action=PutMetricData&MetricData.member.1.MetricName=Heartbeat&MetricData.member.1.Unit=Counter&MetricData.member.1.Value=1&Namespace=system%2Flinux&Version=2010-08-01
host:192.168.200.1:8003
x-amz-date:20140923T030939Z
It looks as if boto and keystone are generating different canonical requests for signing. Boto is signing a request that looks like this:
POST
/v1/
host: 192.168. 200.1:8003 date:20140923T0 30939Z
x-amz-
host;x-amz-date 6cf40991aa7e77f c63d5e91743ef47 4f8d876560f612c 0e9028
7998222ff8540
While keystone is signing a request that looks like this:
POST PutMetricData& MetricData. member. 1.MetricName= Heartbeat& MetricData. member. 1.Unit= Counter& MetricData. member. 1.Value= 1&Namespace= system% 2Flinux& Version= 2010-08- 01 192.168. 200.1:8003 date:20140923T0 30939Z
/v1/
Action=
host:
x-amz-
host;x-amz-date 6cf40991aa7e77f c63d5e91743ef47 4f8d876560f612c 0e9028
7998222ff8540
That is, keystone includes the Action header in the data to be signed,
while boto does not.