when deploying heat-cfn over httpd ec2 authorization fails

Bug #1641589 reported by Juan Antonio Osorio Robles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Undecided
Juan Antonio Osorio Robles

Bug Description

This is because heat generated the signature from Webob's Request object's param value, which will get both the query params and the post values, while we only want the params to be used for this purpose[1].

Now, for some reason, when deplying over httpd, the POST body is taken as the values, so it gets passed to the signature generation and thus ends up failing the verification:

http://paste.openstack.org/show/589107/

[1] https://github.com/openstack/heat/blob/master/heat/api/aws/ec2token.py#L190

Changed in heat:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Thomas Herve (therve)
Changed in heat:
milestone: none → ocata-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on heat (master)

Change abandoned by Juan Antonio Osorio Robles (<email address hidden>) on branch: master
Review: https://review.openstack.org/397137

Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

seems to be an os-refresh-config issue https://review.openstack.org/#/c/397195/

affects: heat → tripleo
Changed in tripleo:
milestone: ocata-2 → none
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-image-elements (master)

Reviewed: https://review.openstack.org/397195
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=8688c2878a20af1e4a0b2ac3692f17be98d755c6
Submitter: Jenkins
Branch: master

commit 8688c2878a20af1e4a0b2ac3692f17be98d755c6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Nov 14 15:43:24 2016 +0200

    Set correct content-type for o-r-c curl calls

    They contained json data, so they need application/json as the
    content types. Else, some wsgi implementations will interpret the
    contents in an undesired way, such as apache's mod_wsgi setting the
    whole POST body as a POST parameter with no value.

    Change-Id: Id988e8d286761550da4849c0695f5f5a37116a11
    Closes-Bug: #1641589

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-image-elements 6.0.0.0b1

This issue was fixed in the openstack/tripleo-image-elements 6.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to instack-undercloud (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/441151

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-image-elements (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/441152

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/441151
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=f122ea14b8d9c91ad69248c948fa56d1e2889f67
Submitter: Jenkins
Branch: master

commit f122ea14b8d9c91ad69248c948fa56d1e2889f67
Author: Steven Hardy <email address hidden>
Date: Fri Mar 3 14:32:33 2017 +0000

    Revert "Deploy heat APIs over httpd"

    This has broken upgrades so revert while we figure out the problems.

    Related-Bug: #1641589
    This reverts commit 882103ecee146ccbbc420669dbc69400ae7dcb53.

    Change-Id: I7d14a62c2cf18505be9f0a8c47849621c8377e1e

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-image-elements (stable/newton)

Reviewed: https://review.openstack.org/441152
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=3ecf4779585af7c4c63d841f66a8159ddfa1d645
Submitter: Jenkins
Branch: stable/newton

commit 3ecf4779585af7c4c63d841f66a8159ddfa1d645
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Mon Nov 14 15:43:24 2016 +0200

    Set correct content-type for o-r-c curl calls

    They contained json data, so they need application/json as the
    content types. Else, some wsgi implementations will interpret the
    contents in an undesired way, such as apache's mod_wsgi setting the
    whole POST body as a POST parameter with no value.

    Change-Id: Id988e8d286761550da4849c0695f5f5a37116a11
    Closes-Bug: #1641589
    (cherry picked from commit 8688c2878a20af1e4a0b2ac3692f17be98d755c6)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-image-elements 5.3.0

This issue was fixed in the openstack/tripleo-image-elements 5.3.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.