Comment 21 for bug 461156

Test case A:
A1 euca-run-instances -k $MYKEY --user-data "FOO" $EMI -t c1.medium
A2 ssh -i $MYKEYPRIV ubuntu@$IP 'wget -q http://169.254.169.254/latest/user-data -O -'; echo
Expected results: A2 should return "FOO"

Test case B:
B1 euca-run-instances -k $MYKEY --user-data " << FOO >" $EMI -t c1.medium
B2 ssh -i $MYKEYPRIV ubuntu@$IP 'wget -q http://169.254.169.254/latest/user-data -O -'; echo
Expected results: B2 should return " << FOO >"

With unpatched euca2ools and unpatched eucalyptus:
Test A fails with A2 returning "Rk9P" instead of "FOO"
Test B fails with B2 returning "IDw8IEZPTyA-" instead of " << FOO >"

With patched euca2ools (from smoser PPA) and unpatched eucalyptus:
Test A : PASS
Test B fails with B1 returning "403 Forbidden"

Note that python-boto does encode UserData using base64.b64encode (not urlsafe_b64encode as suggested in comment 13). The 403 Forbidden issue probably comes from URL decoding hitting special characters in HmacV2Handler.java, since they are no longer "protected" by double base64 encoding. Usage of canonicalString.replaceAll("\\+","%20") in there seems particularly relevant, since " << FOO >" translates to "IDw8IEZPTyA+"