Bug 993416 - Fix AWS version 4 signature management
Fix AWS version 4 signature management
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-keystoneclient (Show other bugs)
Unspecified Unspecified
high Severity high
: z3
: 3.0
Assigned To: Jakub Ruzicka
Jeremy Agee
: ZStream
Depends On:
Blocks: 1021641
  Show dependency treegraph
Reported: 2013-08-05 17:29 EDT by Jakub Ruzicka
Modified: 2016-04-27 00:34 EDT (History)
16 users (show)

See Also:
Fixed In Version: python-keystoneclient-0.2.3-6.el6ost
Doc Type: Bug Fix
Doc Text:
A Python library called python-boto is used to access OpenStack through the EC2 compatibility API. A bugfix to python-boto 2.9.3 caused backward incompatibility. As a result signature verification would fail with python-boto versions from 2.9.3 on. A fix which takes into account the version allows python-keystoneclient to work correctly with both pre and post 2.9.3 python-boto versions.
Story Points: ---
Clone Of: 984752
Last Closed: 2013-11-18 10:13:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 38784 None None None Never

  None (edit)
Description Jakub Ruzicka 2013-08-05 17:29:06 EDT
+++ This bug was initially created as a clone of Bug #984752 +++

Description of problem:
I'm looking to update python-boto in EPEL 6 to a reasonably current version, but the version of python-keystoneclient there is coded against a bug in boto's signature version 4 code that was fixed in version 2.9.3.  Upstream recently committed a patch [1] for this; would you mind adding that to EPEL's python-keystoneclient package so we can add that to the update [2]?

Can you think of any other openstack components that this change might also affect?

Version-Release number of selected component (if applicable):

[1] https://github.com/openstack/python-keystoneclient/commit/4f53f935a40ad0c90c02a02a56c18825a3d14bdb
[2] https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10719

--- Additional comment from Jakub Ruzicka on 2013-07-25 11:30:09 EDT ---

If I'm not mistaken, version 4 signature support was added by [1] which isn't present in 0.2.0.

However, RDO keystoneclient will be affected. After a discussion, Steven Hardy will propose a transitional hack to allow usage of both boto versions. So if possible, please wait with the update until this patch is accepted/rejected. 

I'll post more information here on how's it proceeding.

[1] https://github.com/openstack/python-keystoneclient/commit/5c37d85944d9eed73ec6dd6254842108386bcc4f

--- Additional comment from Jakub Ruzicka on 2013-07-26 07:42:46 EDT ---

Patch proposed, waiting for reviews.

--- Additional comment from Fedora Update System on 2013-08-05 13:49:15 EDT ---

python-keystoneclient-0.2.3-7.fc19 has been submitted as an update for Fedora 19.

--- Additional comment from Jakub Ruzicka on 2013-08-05 13:56:57 EDT ---

Folsom in EPEL 6 isn't affected.

I backported Steven's transitional patch everywhere else (grizzly, havana @ Fedora and RDO) to prevent future problems.
Comment 9 errata-xmlrpc 2013-11-18 10:13:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.