970308 – Heat CFN API should support v4 signature format

Bug 970308 - Heat CFN API should support v4 signature format

Summary: Heat CFN API should support v4 signature format

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-heat
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Upstream M3
Target Release:	4.0
Assignee:	Steven Hardy
QA Contact:	Kevin Whitney
Docs Contact:
URL:
Whiteboard:
Depends On:	968246 970134
Blocks:	1000540
TreeView+	depends on / blocked

Reported:	2013-06-03 22:07 UTC by Steven Hardy
Modified:	2016-04-26 19:51 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-heat-2013.2-0.8.b3.el6ost
Doc Type:	Bug Fix
Doc Text:	Due to differences in signature formats, connections from recent versions of python-boto based clients were unable to connect to the cloudformation-compatible API. The updated python-boto client library used the AWS v4 signature by default, which was not supported by the Orchestration API. With this update, Orchestration now supports the AWS v4 signature format, and python-boto based clients can authenticate to the cloudformation-compatible API.
Clone Of:
Clones:	1000540 (view as bug list)
Environment:
Last Closed:	2013-12-20 00:04:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1122472	None	None	None	Never
OpenStack gerrit	31568	None	None	None	Never
Red Hat Product Errata	RHEA-2013:1859	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory	2013-12-21 00:01:48 UTC

Description Steven Hardy 2013-06-03 22:07:19 UTC

Description of problem:

- We require boto, primarily for our in-instance tools (heat-cfntools) without which several of our core features don't work.
- Recent (>=2.6.0) boto versions move to AWS v4 signatures by default, with no way to specify the previous (v2) signature format.  This means that grizzly/RHOS Heat won't work with any distro with a newer than 2.5.x boto version (which means F18, F19, and crucially soon RHEL ref bz #968247 won't work, also recent versions of Ubuntu won't work etc etc)

The plan is to propose this as a backport to the upstream Heat stable/grizzly branch, but we've been waiting on a python-keystoneclient release containing the fix discussed in this bz.  This happened a couple of days ago (0.2.4 contains this patch), ref bz #970134

Backport proposed:

https://review.openstack.org/#/c/31568/

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. Install python-boto >= 2.6.0
2. Note that heat-cfntools, heat-watch and heat-cfn don't work

Actual results:
Heat doesn't work with distros containing boto >= 2.6.0

Expected results:
Heat should work with as many distros as possible (particularly important as this affects compatibility with guest images)

Additional info:

Comment 5 Ami Jeain 2013-10-27 13:36:21 UTC

a agreed by Perry, Heat and Ceilometer will be tested upstream by Tempest

Comment 9 errata-xmlrpc 2013-12-20 00:04:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.