Fix host:port handling

When we check the EC2 signature without the port part of the host value received, we should properly split host:port. Keep in mind the splitting should work for values like [fc00::]:123 too. Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6 Closes-Bug: #1988168 (cherry picked from commit 6c35b366e3) (cherry picked from commit d39790ac4e) (cherry picked from commit 0bb9cdee71) (cherry picked from commit aa50b963cc) (cherry picked from commit fe837d87c9)
2022-08-29 16:03:44 +02:00 · 2022-08-29 16:03:44 +02:00 · 1ab860a08e
parent 5de9cfcc2e
commit 1ab860a08e
1 changed files with 4 additions and 2 deletions
--- a/keystone/api/ec2tokens.py
+++ b/keystone/api/ec2tokens.py
@ -12,6 +12,8 @@

 # This file handles all flask-restful resources for /v3/ec2tokens

+import urllib.parse
+
 import flask
 import http.client
 from keystoneclient.contrib.ec2 import utils as ec2_utils
@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase):
            # NOTE(vish): Some client libraries don't use the port when
            # signing requests, so try again without the port.
            elif ':' in credentials['host']:
-                hostname, _port = credentials.split(':')
-                credentials['host'] = hostname
+                parsed = urllib.parse.urlsplit('//' + credentials['host'])
+                credentials['host'] = parsed.hostname
                # NOTE(davechen): we need to reinitialize 'signer' to avoid
                # contaminated status of signature, this is similar with
                # other programming language libraries, JAVA for example.