Comment 10 for bug 1410622

Matt, how does nova generate it's signature?

Seems like in keystone it's all done here: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/contrib/ec2/utils.py#L75-L99

That function is called with:
  signer = ec2_utils.Ec2Signer(creds_ref['secret'])
  signature = signer.generate(credentials)

Looks like it's using the v4 version of signature generation, which means all these params need to be the same on both ends:
  credentials['params'],
  credentials['verb'],
  credentials['host'],
  credentials['path'],
  credentials['headers'],
  credentials['body_hash']

Which I've added below for completeness,

{
    u'body_hash': u'915db51f333ae4d2bda6502c2c69278dc9ee90a117fbc0def065c1f7e1724c05',
    u'host': u'127.0.0.1: 8773',
    u'verb': u'POST',
    u'params': {
        u'Action': u'CreateSecurityGroup',
        u'GroupName': u'securty_group--505956668',
        u'Version': u'2014-10-01',
        u'GroupDescription': u'securty_group--505956668securitygroupdescription'
    },
    u'path': u'/services/Cloud/'
    u'headers': {
        u'Content-Length': u'150',
        u'Accept-Encoding': u'identity',
        u'User-Agent': u'Boto/2.35.1Python/2.7.6Linux/3.13.0-44-generic',
        u'Host': u'127.0.0.1: 8773',
        u'X-Amz-Date': u'20150115T220027Z',
        u'Content-Type': u'application/x-www-form-urlencoded;charset=UTF-8',
        u'Authorization': u'AWS4-HMAC-SHA256Credential=3da5e55bb5234719862d308c72b7c5e2/20150115/0/127/aws4_request,
        SignedHeaders=host;x-amz-date,
        Signature=1c314a588a431c92d83b00ca7450195c461857fb78018147065e43089af10788'
    },
}

Maybe apache could be eating up a header? IIRC mod_wsgi eats up the Authorization header by default, but I think I changed devstack to allow for that now. Maybe hostnames are being used instead of ip?