From c105af573ede8670e421fb69b50614e869303d35 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Tue, 26 Mar 2013 09:44:10 +0000 Subject: [PATCH] heat : remove fallback ec2signer implementation Now keystoneclient 0.2.3 has been released, we can remove the temporary internal ec2signer implementation Change-Id: I9f050b8771400384615f1ae7f3da76da501e5197 --- heat/common/ec2signer.py | 105 ------------------------ heat/engine/resources/wait_condition.py | 12 +-- tools/pip-requires | 2 +- 3 files changed, 3 insertions(+), 116 deletions(-) delete mode 100644 heat/common/ec2signer.py diff --git a/heat/common/ec2signer.py b/heat/common/ec2signer.py deleted file mode 100644 index 8da5404f..00000000 --- a/heat/common/ec2signer.py +++ /dev/null @@ -1,105 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 OpenStack LLC -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# Copyright 2011 - 2012 Justin Santa Barbara -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import base64 -import hashlib -import hmac -import urllib - -# FIXME : This should be imported from keystoneclient, so this can be removed -# when we no longer require an internal fallback implementation -# see : https://review.openstack.org/#/c/16964/ -# https://blueprints.launchpad.net/keystone/+spec/ec2signer-to-keystoneclient - - -class Ec2Signer(object): - """ - Utility class which adds allows a request to be signed with an AWS style - signature, which can then be used for authentication via the keystone ec2 - authentication extension - """ - - def __init__(self, secret_key): - secret_key = secret_key.encode() - self.hmac = hmac.new(secret_key, digestmod=hashlib.sha1) - if hashlib.sha256: - self.hmac_256 = hmac.new(secret_key, digestmod=hashlib.sha256) - - def generate(self, credentials): - """Generate auth string according to what SignatureVersion is given.""" - if credentials['params']['SignatureVersion'] == '0': - return self._calc_signature_0(credentials['params']) - if credentials['params']['SignatureVersion'] == '1': - return self._calc_signature_1(credentials['params']) - if credentials['params']['SignatureVersion'] == '2': - return self._calc_signature_2(credentials['params'], - credentials['verb'], - credentials['host'], - credentials['path']) - raise Exception('Unknown Signature Version: %s' % - credentials['params']['SignatureVersion']) - - @staticmethod - def _get_utf8_value(value): - """Get the UTF8-encoded version of a value.""" - if not isinstance(value, str) and not isinstance(value, unicode): - value = str(value) - if isinstance(value, unicode): - return value.encode('utf-8') - else: - return value - - def _calc_signature_0(self, params): - """Generate AWS signature version 0 string.""" - s = params['Action'] + params['Timestamp'] - self.hmac.update(s) - return base64.b64encode(self.hmac.digest()) - - def _calc_signature_1(self, params): - """Generate AWS signature version 1 string.""" - keys = params.keys() - keys.sort(cmp=lambda x, y: cmp(x.lower(), y.lower())) - for key in keys: - self.hmac.update(key) - val = self._get_utf8_value(params[key]) - self.hmac.update(val) - return base64.b64encode(self.hmac.digest()) - - def _calc_signature_2(self, params, verb, server_string, path): - """Generate AWS signature version 2 string.""" - string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path) - if self.hmac_256: - current_hmac = self.hmac_256 - params['SignatureMethod'] = 'HmacSHA256' - else: - current_hmac = self.hmac - params['SignatureMethod'] = 'HmacSHA1' - keys = params.keys() - keys.sort() - pairs = [] - for key in keys: - val = self._get_utf8_value(params[key]) - val = urllib.quote(val, safe='-_~') - pairs.append(urllib.quote(key, safe='') + '=' + val) - qs = '&'.join(pairs) - string_to_sign += qs - current_hmac.update(string_to_sign) - b64 = base64.b64encode(current_hmac.digest()) - return b64 diff --git a/heat/engine/resources/wait_condition.py b/heat/engine/resources/wait_condition.py index b4fed810..87fdd28e 100644 --- a/heat/engine/resources/wait_condition.py +++ b/heat/engine/resources/wait_condition.py @@ -20,22 +20,14 @@ import json import eventlet from oslo.config import cfg +from keystoneclient.contrib.ec2.utils import Ec2Signer + from heat.common import exception from heat.common import identifier from heat.engine import resource from heat.openstack.common import log as logging -# FIXME : we should remove the common.ec2signer fallback implementation -# when the versions of keystoneclient we support all have the Ec2Signer -# utility class -# Ref https://review.openstack.org/#/c/16964/ -# https://blueprints.launchpad.net/keystone/+spec/ec2signer-to-keystoneclient -try: - from keystoneclient.contrib.ec2.utils import Ec2Signer -except ImportError: - from heat.common.ec2signer import Ec2Signer - logger = logging.getLogger(__name__) diff --git a/tools/pip-requires b/tools/pip-requires index d1065497..08de99e6 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -24,7 +24,7 @@ PasteDeploy==1.5.0 routes==1.12.3 SQLAlchemy>=0.7.8,<0.7.99 WebOb==1.2.3 -python-keystoneclient +python-keystoneclient>=0.2.3 python-memcached python-swiftclient python-quantumclient>=2.2.0,<3.0.0 -- 2.45.2