diff --git a/keystoneclient/contrib/ec2/utils.py b/keystoneclient/contrib/ec2/utils.py index 3b722f23c..899b95a05 100644 --- a/keystoneclient/contrib/ec2/utils.py +++ b/keystoneclient/contrib/ec2/utils.py @@ -232,12 +232,19 @@ class Ec2Signer(object): header_list.append('%s:%s' % (h, headers_lower[h])) return '\n'.join(header_list) + '\n' + def canonical_query_str(verb, params): + # POST requests pass parameters in through the request body + canonical_qs = '' + if verb.upper() != 'POST': + canonical_qs = self._canonical_qs(params) + return canonical_qs + # Create canonical request: # http://docs.aws.amazon.com/general/latest/gr/ # sigv4-create-canonical-request.html # Get parameters and headers in expected string format cr = "\n".join((verb.upper(), path, - self._canonical_qs(params), + canonical_query_str(verb, params), canonical_header_str(), auth_param('SignedHeaders'), body_hash)) diff --git a/keystoneclient/tests/test_ec2utils.py b/keystoneclient/tests/test_ec2utils.py index ff4aee356..71fc176b5 100644 --- a/keystoneclient/tests/test_ec2utils.py +++ b/keystoneclient/tests/test_ec2utils.py @@ -130,7 +130,17 @@ class Ec2SignerTest(testtools.TestCase): # examples specify no query string, but the final POST example # does, apparently incorrectly since an empty parameter list # aligns all steps and the final signature with the examples - params = {} + params = {'Action': 'CreateUser', + 'UserName': 'NewUser', + 'Version': '2010-05-08', + 'X-Amz-Algorithm': 'AWS4-HMAC-SHA256', + 'X-Amz-Credential': 'AKIAEXAMPLE/20140611/' + 'us-east-1/iam/aws4_request', + 'X-Amz-Date': '20140611T231318Z', + 'X-Amz-Expires': '30', + 'X-Amz-SignedHeaders': 'host', + 'X-Amz-Signature': 'ced6826de92d2bdeed8f846f0bf508e8' + '559e98e4b0199114b84c54174deb456c'} credentials = {'host': 'iam.amazonaws.com', 'verb': 'POST', 'path': '/',