Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 993416

Summary: Fix AWS version 4 signature management
Product: Red Hat OpenStack Reporter: Jakub Ruzicka <jruzicka>
Component: python-keystoneclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED ERRATA QA Contact: Jeremy Agee <jagee>
Severity: high Docs Contact:
Priority: high    
Version: 3.0CC: apevec, apevec, ayoung, bperkins, breeler, gholms, hateya, Jan.van.Eldik, jose.castro.leon, jruzicka, kbanerje, markmc, pbrady, sclewis, shardy, yeylon
Target Milestone: z3Keywords: ZStream
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-keystoneclient-0.2.3-6.el6ost Doc Type: Bug Fix
Doc Text:
A Python library called python-boto is used to access OpenStack through the EC2 compatibility API. A bugfix to python-boto 2.9.3 caused backward incompatibility. As a result signature verification would fail with python-boto versions from 2.9.3 on. A fix which takes into account the version allows python-keystoneclient to work correctly with both pre and post 2.9.3 python-boto versions.
 Story Points: ---
Clone Of: 984752 Environment:
Last Closed: 2013-11-18 15:13:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1021641    

Description Jakub Ruzicka 2013-08-05 21:29:06 UTC 
+++ This bug was initially created as a clone of Bug #984752 +++

Description of problem:
I'm looking to update python-boto in EPEL 6 to a reasonably current version, but the version of python-keystoneclient there is coded against a bug in boto's signature version 4 code that was fixed in version 2.9.3.  Upstream recently committed a patch [1] for this; would you mind adding that to EPEL's python-keystoneclient package so we can add that to the update [2]?

Can you think of any other openstack components that this change might also affect?


Version-Release number of selected component (if applicable):
python-keystoneclient-0.2.0-2.el6


[1] https://github.com/openstack/python-keystoneclient/commit/4f53f935a40ad0c90c02a02a56c18825a3d14bdb
[2] https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10719

--- Additional comment from Jakub Ruzicka on 2013-07-25 11:30:09 EDT ---

If I'm not mistaken, version 4 signature support was added by [1] which isn't present in 0.2.0.

However, RDO keystoneclient will be affected. After a discussion, Steven Hardy will propose a transitional hack to allow usage of both boto versions. So if possible, please wait with the update until this patch is accepted/rejected. 

I'll post more information here on how's it proceeding.

[1] https://github.com/openstack/python-keystoneclient/commit/5c37d85944d9eed73ec6dd6254842108386bcc4f

--- Additional comment from Jakub Ruzicka on 2013-07-26 07:42:46 EDT ---

Patch proposed, waiting for reviews.

--- Additional comment from Fedora Update System on 2013-08-05 13:49:15 EDT ---

python-keystoneclient-0.2.3-7.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/python-keystoneclient-0.2.3-7.fc19

--- Additional comment from Jakub Ruzicka on 2013-08-05 13:56:57 EDT ---

Folsom in EPEL 6 isn't affected.

I backported Steven's transitional patch everywhere else (grizzly, havana @ Fedora and RDO) to prevent future problems.
Comment 9 errata-xmlrpc 2013-11-18 15:13:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1510.html