diff options
author | Bence Romsics <bence.romsics@gmail.com> | 2022-08-29 16:03:44 +0200 |
---|---|---|
committer | Bence Romsics <bence.romsics@gmail.com> | 2022-09-09 15:40:43 +0200 |
commit | 8d883f011c586f0e79c56f0f70f9455997d70012 (patch) | |
tree | bdf6c6ded9e9933a546e33495a144d0deaa683ce | |
parent | 8287b20064055fc0af4b9fb08ad6e3ae990bd33a (diff) | |
download | keystone-8d883f011c586f0e79c56f0f70f9455997d70012.tar.gz |
Fix host:port handling
When we check the EC2 signature without the port part of the host value
received, we should properly split host:port. Keep in mind the splitting
should work for values like [fc00::]:123 too.
Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6
Closes-Bug: #1988168
(cherry picked from commit 6c35b366e3c8c6d7f47471b93f5315582301c5ef)
(cherry picked from commit d39790ac4e9dc25af09cdddc6217e36bacbc2bb1)
(cherry picked from commit 0bb9cdee71805af1a7cb0a7db110b336eae5da1e)
(cherry picked from commit aa50b963cce20a76db0c4834b3716d3658c784af)
(cherry picked from commit fe837d87c949f6a2347cf79d81b66214f0a449b3)
(cherry picked from commit 1ab860a08e527ca9e0c82a49fbf004d415fec991)
-rw-r--r-- | keystone/api/ec2tokens.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py index d10b429b9..60007f93f 100644 --- a/keystone/api/ec2tokens.py +++ b/keystone/api/ec2tokens.py @@ -12,6 +12,8 @@ # This file handles all flask-restful resources for /v3/ec2tokens +from six.moves.urllib import parse as urllib_parse + import flask from keystoneclient.contrib.ec2 import utils as ec2_utils from oslo_serialization import jsonutils @@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase): # NOTE(vish): Some client libraries don't use the port when # signing requests, so try again without the port. elif ':' in credentials['host']: - hostname, _port = credentials.split(':') - credentials['host'] = hostname + parsed = urllib_parse.urlsplit('//' + credentials['host']) + credentials['host'] = parsed.hostname # NOTE(davechen): we need to reinitialize 'signer' to avoid # contaminated status of signature, this is similar with # other programming language libraries, JAVA for example. |