From 5d6745e8e6b7bac34ff943dbffda8aa6316ffb24 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Thu, 21 Feb 2013 17:12:53 +0000
Subject: [PATCH] heat api : don't store whole request in ec2Credentials
 context

The ec2token middleware currently dumps the whole request into the
request context when using AWS Auth, when all we really want are
the credentials (accesskey/signature)

fixes bug 1072917

Change-Id: I8fb0d4d7ada29d7d19c702a7da1251384166c246
---
 heat/api/aws/ec2token.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/heat/api/aws/ec2token.py b/heat/api/aws/ec2token.py
index 9088311ef8..83b06b17d8 100644
--- a/heat/api/aws/ec2token.py
+++ b/heat/api/aws/ec2token.py
@@ -123,7 +123,9 @@ class EC2Token(wsgi.Middleware):
                 raise exception.HeatAccessDeniedError()
 
         # Authenticated!
-        req.headers['X-Auth-EC2-Creds'] = creds_json
+        ec2_creds = {'ec2Credentials': {'access': access,
+                                        'signature': signature}}
+        req.headers['X-Auth-EC2-Creds'] = json.dumps(ec2_creds)
         req.headers['X-Auth-Token'] = token_id
         req.headers['X-Auth-URL'] = self.conf['auth_uri']
         req.headers['X-Auth-EC2_URL'] = self.conf['keystone_ec2_uri']