File 0001-Normalize-endpoint-path-in-oauth-client.patch of Package openstack-tempest

From 8b9980b4970dfc85cc63b5de1f4be064caeca176 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <>
Date: Tue, 12 Feb 2019 15:43:59 +0100
Subject: [PATCH] Normalize endpoint path in oauth client

oauthlib uses the request URI as input for generating an oauth
signature and matching it against the incoming oauth_signature request
attribute. tempest also uses the URI to generate this signature, which
means the URIs must match exactly.

If the keystone catalog contains an endpoint with a trailing slash, such
as, then the URI that tempest uses for
the signature generation will be The incoming
request URI that oauthlib sees will not have the duplicate slash and so
the resulting signature will differ, and the auth request will be
rejected due to mismatching HMAC-SHA1 signatures.

This patch corrects the issue for deployments that use a trailing slash
in their keystone catalogs (which is valid) by normalizing the path
before generating the signature.

Change-Id: Ie827b1af7b23c6d6eaf2c2894cc2629d0e252108
 tempest/lib/services/identity/v3/ | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tempest/lib/services/identity/v3/ b/tempest/lib/services/identity/v3/
index b1d298b8f..94da0438b 100644
--- a/tempest/lib/services/identity/v3/
+++ b/tempest/lib/services/identity/v3/
@@ -74,6 +74,7 @@ class OAUTHTokenClient(rest_client.RestClient):
         scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
         scheme = scheme.lower()
         netloc = netloc.lower()
+        path = path.replace('//', '/')
         normalized_uri = urlparse.urlunparse((scheme, netloc, path,
                                               params, '', ''))

openSUSE Build Service is sponsored by