Fix host:port handling

When we check the EC2 signature without the port part of the host value
received, we should properly split host:port. Keep in mind the splitting
should work for values like [fc00::]:123 too.

Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6
Closes-Bug: #1988168

1 files changed, 4 insertions, 2 deletions

diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py
index 12096db9e..d21673a03 100644
--- a/keystone/api/ec2tokens.py
+++ b/keystone/api/ec2tokens.py
@@ -12,6 +12,8 @@
 
 # This file handles all flask-restful resources for /v3/ec2tokens
 
+import urllib.parse
+
 import flask
 import http.client
 from keystoneclient.contrib.ec2 import utils as ec2_utils
@@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase):
             # NOTE(vish): Some client libraries don't use the port when
             # signing requests, so try again without the port.
             elif ':' in credentials['host']:
-                hostname, _port = credentials.split(':')
-                credentials['host'] = hostname
+                parsed = urllib.parse.urlsplit('//' + credentials['host'])
+                credentials['host'] = parsed.hostname
                 # NOTE(davechen): we need to reinitialize 'signer' to avoid
                 # contaminated status of signature, this is similar with
                 # other programming language libraries, JAVA for example.