From 6c35b366e3c8c6d7f47471b93f5315582301c5ef Mon Sep 17 00:00:00 2001 From: Bence Romsics Date: Mon, 29 Aug 2022 16:03:44 +0200 Subject: [PATCH] Fix host:port handling When we check the EC2 signature without the port part of the host value received, we should properly split host:port. Keep in mind the splitting should work for values like [fc00::]:123 too. Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6 Closes-Bug: #1988168 --- keystone/api/ec2tokens.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py index 12096db9e1..d21673a031 100644 --- a/keystone/api/ec2tokens.py +++ b/keystone/api/ec2tokens.py @@ -12,6 +12,8 @@ # This file handles all flask-restful resources for /v3/ec2tokens +import urllib.parse + import flask import http.client from keystoneclient.contrib.ec2 import utils as ec2_utils @@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase): # NOTE(vish): Some client libraries don't use the port when # signing requests, so try again without the port. elif ':' in credentials['host']: - hostname, _port = credentials.split(':') - credentials['host'] = hostname + parsed = urllib.parse.urlsplit('//' + credentials['host']) + credentials['host'] = parsed.hostname # NOTE(davechen): we need to reinitialize 'signer' to avoid # contaminated status of signature, this is similar with # other programming language libraries, JAVA for example.