From cf5e45dd5b1ae9b98698a05e7d39989b6bfd4747 Mon Sep 17 00:00:00 2001
From: Yukinori Sagara <sagara177@gmail.com>
Date: Mon, 25 Aug 2014 10:53:30 +0900
Subject: [PATCH] fix EC2 Signature Version 4 calculation, in the case of POST

When calculating the AWS Signature Version 4, in the case of POST,
We need to set the CanonicalQueryString to an empty string. this
follows the implementation of the AWS and boto clients.

Change-Id: Iad4e392119067e246c7b77009da3fef48d251382
Closes-Bug: 1360892
---
 keystoneclient/contrib/ec2/utils.py   |  9 ++++++++-
 keystoneclient/tests/test_ec2utils.py | 12 +++++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/keystoneclient/contrib/ec2/utils.py b/keystoneclient/contrib/ec2/utils.py
index 3b722f23c..899b95a05 100644
--- a/keystoneclient/contrib/ec2/utils.py
+++ b/keystoneclient/contrib/ec2/utils.py
@@ -232,12 +232,19 @@ class Ec2Signer(object):
                 header_list.append('%s:%s' % (h, headers_lower[h]))
             return '\n'.join(header_list) + '\n'
 
+        def canonical_query_str(verb, params):
+            # POST requests pass parameters in through the request body
+            canonical_qs = ''
+            if verb.upper() != 'POST':
+                canonical_qs = self._canonical_qs(params)
+            return canonical_qs
+
         # Create canonical request:
         # http://docs.aws.amazon.com/general/latest/gr/
         # sigv4-create-canonical-request.html
         # Get parameters and headers in expected string format
         cr = "\n".join((verb.upper(), path,
-                        self._canonical_qs(params),
+                        canonical_query_str(verb, params),
                         canonical_header_str(),
                         auth_param('SignedHeaders'),
                         body_hash))
diff --git a/keystoneclient/tests/test_ec2utils.py b/keystoneclient/tests/test_ec2utils.py
index ff4aee356..71fc176b5 100644
--- a/keystoneclient/tests/test_ec2utils.py
+++ b/keystoneclient/tests/test_ec2utils.py
@@ -130,7 +130,17 @@ class Ec2SignerTest(testtools.TestCase):
         # examples specify no query string, but the final POST example
         # does, apparently incorrectly since an empty parameter list
         # aligns all steps and the final signature with the examples
-        params = {}
+        params = {'Action': 'CreateUser',
+                  'UserName': 'NewUser',
+                  'Version': '2010-05-08',
+                  'X-Amz-Algorithm': 'AWS4-HMAC-SHA256',
+                  'X-Amz-Credential': 'AKIAEXAMPLE/20140611/'
+                                      'us-east-1/iam/aws4_request',
+                  'X-Amz-Date': '20140611T231318Z',
+                  'X-Amz-Expires': '30',
+                  'X-Amz-SignedHeaders': 'host',
+                  'X-Amz-Signature': 'ced6826de92d2bdeed8f846f0bf508e8'
+                                     '559e98e4b0199114b84c54174deb456c'}
         credentials = {'host': 'iam.amazonaws.com',
                        'verb': 'POST',
                        'path': '/',