993416 – Fix AWS version 4 signature management

Bug 993416 - Fix AWS version 4 signature management

Summary: Fix AWS version 4 signature management

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-keystoneclient
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z3
Target Release:	3.0
Assignee:	Jakub Ruzicka
QA Contact:	Jeremy Agee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1021641
TreeView+	depends on / blocked

Reported:	2013-08-05 21:29 UTC by Jakub Ruzicka
Modified:	2016-04-27 04:34 UTC (History)
CC List:	16 users (show)
Fixed In Version:	python-keystoneclient-0.2.3-6.el6ost
Doc Type:	Bug Fix
Doc Text:	A Python library called python-boto is used to access OpenStack through the EC2 compatibility API. A bugfix to python-boto 2.9.3 caused backward incompatibility. As a result signature verification would fail with python-boto versions from 2.9.3 on. A fix which takes into account the version allows python-keystoneclient to work correctly with both pre and post 2.9.3 python-boto versions.
Clone Of:	984752
Environment:
Last Closed:	2013-11-18 15:13:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	38784	0	None	None	None	Never
Red Hat Product Errata	RHBA-2013:1510	0	normal	SHIPPED_LIVE	Red Hat OpenStack 3.0 bug fix and enhancement advisory	2013-11-18 20:11:18 UTC

Description Jakub Ruzicka 2013-08-05 21:29:06 UTC

+++ This bug was initially created as a clone of Bug #984752 +++

Description of problem:
I'm looking to update python-boto in EPEL 6 to a reasonably current version, but the version of python-keystoneclient there is coded against a bug in boto's signature version 4 code that was fixed in version 2.9.3.  Upstream recently committed a patch [1] for this; would you mind adding that to EPEL's python-keystoneclient package so we can add that to the update [2]?

Can you think of any other openstack components that this change might also affect?


Version-Release number of selected component (if applicable):
python-keystoneclient-0.2.0-2.el6


[1] https://github.com/openstack/python-keystoneclient/commit/4f53f935a40ad0c90c02a02a56c18825a3d14bdb
[2] https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10719

--- Additional comment from Jakub Ruzicka on 2013-07-25 11:30:09 EDT ---

If I'm not mistaken, version 4 signature support was added by [1] which isn't present in 0.2.0.

However, RDO keystoneclient will be affected. After a discussion, Steven Hardy will propose a transitional hack to allow usage of both boto versions. So if possible, please wait with the update until this patch is accepted/rejected. 

I'll post more information here on how's it proceeding.

[1] https://github.com/openstack/python-keystoneclient/commit/5c37d85944d9eed73ec6dd6254842108386bcc4f

--- Additional comment from Jakub Ruzicka on 2013-07-26 07:42:46 EDT ---

Patch proposed, waiting for reviews.

--- Additional comment from Fedora Update System on 2013-08-05 13:49:15 EDT ---

python-keystoneclient-0.2.3-7.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/python-keystoneclient-0.2.3-7.fc19

--- Additional comment from Jakub Ruzicka on 2013-08-05 13:56:57 EDT ---

Folsom in EPEL 6 isn't affected.

I backported Steven's transitional patch everywhere else (grizzly, havana @ Fedora and RDO) to prevent future problems.

Comment 9 errata-xmlrpc 2013-11-18 15:13:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1510.html

Note You need to log in before you can comment on or make changes to this bug.