diff options
author | Bence Romsics <bence.romsics@gmail.com> | 2022-08-29 16:03:44 +0200 |
---|---|---|
committer | Bence Romsics <bence.romsics@gmail.com> | 2022-08-30 14:19:49 +0200 |
commit | 6c35b366e3c8c6d7f47471b93f5315582301c5ef (patch) | |
tree | 1f0a18c5d3199e0b0d6e0c6bdb6ec2b7f40826c6 | |
parent | 051aca8e8a488efc51817463dab8e4daafbbbf59 (diff) | |
download | keystone-6c35b366e3c8c6d7f47471b93f5315582301c5ef.tar.gz |
Fix host:port handling
When we check the EC2 signature without the port part of the host value
received, we should properly split host:port. Keep in mind the splitting
should work for values like [fc00::]:123 too.
Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6
Closes-Bug: #1988168
-rw-r--r-- | keystone/api/ec2tokens.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py index 12096db9e..d21673a03 100644 --- a/keystone/api/ec2tokens.py +++ b/keystone/api/ec2tokens.py @@ -12,6 +12,8 @@ # This file handles all flask-restful resources for /v3/ec2tokens +import urllib.parse + import flask import http.client from keystoneclient.contrib.ec2 import utils as ec2_utils @@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase): # NOTE(vish): Some client libraries don't use the port when # signing requests, so try again without the port. elif ':' in credentials['host']: - hostname, _port = credentials.split(':') - credentials['host'] = hostname + parsed = urllib.parse.urlsplit('//' + credentials['host']) + credentials['host'] = parsed.hostname # NOTE(davechen): we need to reinitialize 'signer' to avoid # contaminated status of signature, this is similar with # other programming language libraries, JAVA for example. |