python-keystoneclient

ec2 signature bad handling of POST requests

Bug #1851510 reported by Shoham Peller
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-keystoneclient
Expired
Undecided
Unassigned

Bug Description

This code, still in master today:
https://github.com/openstack/python-keystoneclient/commit/cf5e45dd5b1ae9b98698a05e7d39989b6bfd4747#diff-efe134bf0a771abd57383128a2128fdaR239

This code ignores query params when signing ec2 requests. The commit message says that boto works the same way, which used to be true:
https://github.com/boto/boto/blob/98f6bcd1cdac5275dc959d128f1ad530c05f19b9/boto/auth.py#L396

But is not true for the past few years, with new versions of boto3.

This causes false-negative when using some AWS operations.
For example, using s3's delete-objects actions doesn't work with boto3 and keystone.

To reproduce:
config = Config(retries={'max_attempts': 0}, signature_version='s3v4')
boto = boto3.client('s3', aws_access_key_id='XXX', aws_secret_access_key='YYY', config=config)
boto.delete_objects(Bucket='asdf', Delete={'Objects': [{'Key': 'asdf'}], 'Quiet': False})

Revision history for this message
Colleen Murphy (krinkle) wrote :

Your example code is for boto3, can you provide an example of the keystoneclient code you're using and the error you're seeing?

Changed in python-keystoneclient:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for python-keystoneclient because there has been no activity for 60 days.]

Changed in python-keystoneclient:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.