The OpenStack API was using the 'secret' as the 'access key'. There is an 'access key' and there is a 'secret key'. Access key ~= username. Secret key ~= password. This fix is necessary for the OpenStack Python API bindings to log in.

3 files changed, 11 insertions, 7 deletions

diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 473071738..0b6ef8fc5 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -121,8 +121,8 @@ class AuthMiddleware(wsgi.Middleware):
         req - webob.Request object
         """
         ctxt = context.get_admin_context()
-        user = self.auth.get_user_from_access_key(key)
-        if user and user.name == username:
+        user = self.auth.get_user_from_access_key(username)
+        if user and user.secret == key:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
                 time.time())).hexdigest()
             token_dict = {}
diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py
index fb282f1c9..e0b7b8029 100644
--- a/nova/tests/api/openstack/fakes.py
+++ b/nova/tests/api/openstack/fakes.py
@@ -221,7 +221,8 @@ class FakeAuthDatabase(object):
 class FakeAuthManager(object):
     auth_data = {}
 
-    def add_user(self, key, user):
+    def add_user(self, user):
+        key = user.id
         FakeAuthManager.auth_data[key] = user
 
     def get_user(self, uid):
@@ -234,7 +235,10 @@ class FakeAuthManager(object):
         return None
 
     def get_user_from_access_key(self, key):
-        return FakeAuthManager.auth_data.get(key, None)
+        for k, v in FakeAuthManager.auth_data.iteritems():
+            if v.access == key:
+                return v
+        return None
 
 
 class FakeRateLimiter(object):
diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py
index 0dd65d321..eab78b50c 100644
--- a/nova/tests/api/openstack/test_auth.py
+++ b/nova/tests/api/openstack/test_auth.py
@@ -48,7 +48,7 @@ class Test(unittest.TestCase):
 
     def test_authorize_user(self):
         f = fakes.FakeAuthManager()
-        f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None))
+        f.add_user(nova.auth.manager.User(1, 'herp', 'herp', 'derp', None))
 
         req = webob.Request.blank('/v1.0/')
         req.headers['X-Auth-User'] = 'herp'
@@ -62,7 +62,7 @@ class Test(unittest.TestCase):
 
     def test_authorize_token(self):
         f = fakes.FakeAuthManager()
-        f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None))
+        f.add_user(nova.auth.manager.User(1, 'herp', 'herp', 'derp', None))
 
         req = webob.Request.blank('/v1.0/', {'HTTP_HOST': 'foo'})
         req.headers['X-Auth-User'] = 'herp'
@@ -144,7 +144,7 @@ class TestLimiter(unittest.TestCase):
 
     def test_authorize_token(self):
         f = fakes.FakeAuthManager()
-        f.add_user('derp', nova.auth.manager.User(1, 'herp', None, None, None))
+        f.add_user(nova.auth.manager.User(1, 'herp', 'herp', 'derp', None))
 
         req = webob.Request.blank('/v1.0/')
         req.headers['X-Auth-User'] = 'herp'