Merge "fix message signatures for nested dicts"

ceilometer/meter.py

@@ -38,11 +38,22 @@ METER_OPTS = [
 cfg.CONF.register_opts(METER_OPTS)
 
 
+def recursive_keypairs(d):
+    """Generator that produces sequence of keypairs for nested dictionaries.
+    """
+    for name, value in sorted(d.iteritems()):
+        if isinstance(value, dict):
+            for subname, subvalue in recursive_keypairs(value):
+                yield ('%s:%s' % (name, subname), subvalue)
+        else:
+            yield name, value
+
+
 def compute_signature(message):
     """Return the signature for a message dictionary.
     """
     digest_maker = hmac.new(cfg.CONF.metering_secret, '', hashlib.sha256)
-    for name, value in sorted(message.iteritems()):
+    for name, value in recursive_keypairs(message):
         if name == 'message_signature':
             # Skip any existing signature value, which would not have
             # been part of the original message.

tests/test_meter.py

@@ -79,6 +79,32 @@ def test_verify_signature_incorrect():
     assert not meter.verify_signature(data)
 
 
+def test_recursive_keypairs():
+    data = {'a': 'A',
+            'b': 'B',
+            'nested': {'a': 'A',
+                       'b': 'B',
+                       },
+            }
+    pairs = list(meter.recursive_keypairs(data))
+    assert pairs == [('a', 'A'),
+                     ('b', 'B'),
+                     ('nested:a', 'A'),
+                     ('nested:b', 'B'),
+                     ]
+
+
+def test_verify_signature_nested():
+    data = {'a': 'A',
+            'b': 'B',
+            'nested': {'a': 'A',
+                       'b': 'B',
+                       },
+            }
+    data['message_signature'] = meter.compute_signature(data)
+    assert meter.verify_signature(data)
+
+
 TEST_COUNTER = counter.Counter(source='src',
                                name='name',
                                type='typ',