← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1259584] [NEW] ec2 signature validation fails with v3 credentials

 

Public bug reported:

If you create an ec2 keypair via the v3/credentials API:

https://github.com/openstack/identity-api/blob/master/openstack-
identity-api/v3/src/markdown/identity-api-v3.md#credentials-
v3credentials

Then you get a 500 when trying to validate a signed request (signed
using the keypair) via the ec2tokens extension:

2013-12-10 14:52:30.060 722 ERROR keystone.common.wsgi [-] 'unicode' object has no attribute 'get'
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi Traceback (most recent call last):
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 238, in __call__
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     result = method(context, **params)
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 96, in authenticate
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     creds_ref = self._get_credentials(credentials['access'])
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 229, in _get_credentials
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     return self._convert_v3_to_ec2_credential(creds)
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 215, in _convert_v3_to_ec2_credential
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     'access': blob.get('access'),
2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi AttributeError: 'unicode' object has no attribute 'get'


It looks like a mismatch between the way the data blob is stored via v3/credentials and creating the keypair direct via the ec2tokens

** Affects: keystone
     Importance: Undecided
     Assignee: Steven Hardy (shardy)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Steven Hardy (shardy)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1259584

Title:
  ec2 signature validation fails with v3 credentials

Status in OpenStack Identity (Keystone):
  New

Bug description:
  If you create an ec2 keypair via the v3/credentials API:

  https://github.com/openstack/identity-api/blob/master/openstack-
  identity-api/v3/src/markdown/identity-api-v3.md#credentials-
  v3credentials

  Then you get a 500 when trying to validate a signed request (signed
  using the keypair) via the ec2tokens extension:

  2013-12-10 14:52:30.060 722 ERROR keystone.common.wsgi [-] 'unicode' object has no attribute 'get'
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi Traceback (most recent call last):
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 238, in __call__
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     result = method(context, **params)
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 96, in authenticate
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     creds_ref = self._get_credentials(credentials['access'])
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 229, in _get_credentials
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     return self._convert_v3_to_ec2_credential(creds)
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 215, in _convert_v3_to_ec2_credential
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi     'access': blob.get('access'),
  2013-12-10 14:52:30.060 722 TRACE keystone.common.wsgi AttributeError: 'unicode' object has no attribute 'get'

  
  It looks like a mismatch between the way the data blob is stored via v3/credentials and creating the keypair direct via the ec2tokens

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1259584/+subscriptions


Follow ups

References