Comment 3 for bug 1372710

It looks as if boto and keystone are generating different canonical requests for signing. Boto is signing a request that looks like this:

  POST
  /v1/

  host:192.168.200.1:8003
  x-amz-date:20140923T030939Z

  host;x-amz-date
  7998222ff85406cf40991aa7e77fc63d5e91743ef474f8d876560f612c0e9028

While keystone is signing a request that looks like this:

  POST
  /v1/
  Action=PutMetricData&MetricData.member.1.MetricName=Heartbeat&MetricData.member.1.Unit=Counter&MetricData.member.1.Value=1&Namespace=system%2Flinux&Version=2010-08-01
  host:192.168.200.1:8003
  x-amz-date:20140923T030939Z

  host;x-amz-date
  7998222ff85406cf40991aa7e77fc63d5e91743ef474f8d876560f612c0e9028

That is, keystone includes the Action header in the data to be signed,
while boto does not.