That function is called with:
signer = ec2_utils.Ec2Signer(creds_ref['secret'])
signature = signer.generate(credentials)
Looks like it's using the v4 version of signature generation, which means all these params need to be the same on both ends:
credentials['params'],
credentials['verb'],
credentials['host'],
credentials['path'],
credentials['headers'],
credentials['body_hash']
Maybe apache could be eating up a header? IIRC mod_wsgi eats up the Authorization header by default, but I think I changed devstack to allow for that now. Maybe hostnames are being used instead of ip?
Matt, how does nova generate it's signature?
Seems like in keystone it's all done here: https:/ /github. com/openstack/ python- keystoneclient/ blob/master/ keystoneclient/ contrib/ ec2/utils. py#L75- L99
That function is called with: Ec2Signer( creds_ref[ 'secret' ]) generate( credentials)
signer = ec2_utils.
signature = signer.
Looks like it's using the v4 version of signature generation, which means all these params need to be the same on both ends: 'params' ], 'verb'] , 'host'] , 'path'] , 'headers' ], 'body_hash' ]
credentials[
credentials[
credentials[
credentials[
credentials[
credentials[
Which I've added below for completeness,
{ 4d2bda6502c2c69 278dc9ee90a117f bc0def065c1f7e1 724c05' , yGroup' ,
u'GroupName' : u'securty_ group-- 505956668' ,
u'GroupDescrip tion': u'securty_ group-- 505956668securi tygroupdescript ion'
u'Content- Length' : u'150',
u'Accept- Encoding' : u'identity',
u'User- Agent': u'Boto/ 2.35.1Python/ 2.7.6Linux/ 3.13.0- 44-generic' ,
u'X-Amz- Date': u'20150115T2200 27Z',
u'Content- Type': u'application/ x-www-form- urlencoded; charset= UTF-8',
u'Authorizatio n': u'AWS4- HMAC-SHA256Cred ential= 3da5e55bb523471 9862d308c72b7c5 e2/20150115/ 0/127/aws4_ request,
SignedHeaders= host;x- amz-date,
Signature= 1c314a588a431c9 2d83b00ca745019 5c461857fb78018 147065e43089af1 0788'
u'body_hash': u'915db51f333ae
u'host': u'127.0.0.1: 8773',
u'verb': u'POST',
u'params': {
u'Action': u'CreateSecurit
u'Version': u'2014-10-01',
},
u'path': u'/services/Cloud/'
u'headers': {
u'Host': u'127.0.0.1: 8773',
},
}
Maybe apache could be eating up a header? IIRC mod_wsgi eats up the Authorization header by default, but I think I changed devstack to allow for that now. Maybe hostnames are being used instead of ip?